Tuesday, July 29, 2008

What's the level of security risk from government's internal IT staff?

Over the last week a rogue IT employee in the San Francisco Department of Technology Information Services has held the city to ransom - locking down many of the city's services by refusing to disclose an administration password.

The employee, Terry Childs, helped create the city's FiberWAN network , used for controlling the city's emails, law enforcement records, payroll, and personal records. It controls 60 percent of the city's municipal data.

Using his access as administrator, Childs stopped other authorized network users from accessing parts of the network and gave himself access to parts from which he should have been restricted.

To compound this, the city apparently did not keep adequate system backups, and so cannot restore the system from an earlier state.

Fixing the situation is likely to take several weeks and cost in the order of $500,000, including hardware and system changes.

Childs was taken to court by the city, with a US$5 million bail set - that's five times as much as is usual for a murder in California.

Why did Childs lock down San Francisco? Network World reports in IT administrator pleads not guilty to network tampering that,

He became erratic and then hostile with colleagues after a recent security
audit uncovered his activity on the network, according to a source familiar with
the situation.

An article in Wired, San Francisco Admin Charged With Hijacking City's Network, discusses how Childs could have brought down the entire San Francisco city's network if he'd wanted to.

Fortunately for San Francisco, as reported in eFluxMedia, Childs finally turned over the password to San Francisco's Mayor on 24 July - claiming that only the Mayor was trustworthy enough to have the password.

Do you know how much power your department's IT team has?

No comments:

Post a Comment