A city locked out of its own data network
Officials in San Francisco charge that one of their own employees gave himself exclusive access to key switches on the city’s computer network.
Subscribe Today to the Monitor
It sounds like a plot from Hollywood: A team of techies is busily trying to crack passwords to get access to parts of San Francisco’s computer network. They are doing so at the direction of city officials, who have discovered that they are locked out of parts of their new multimillion-dollar system.
But for the City by the Bay, it’s a story line they didn’t see coming.
Local officials charge that one of their own employees, a network administrator named Terry Childs, gave himself exclusive access to key switches on the network. After they discovered the problem, Mr. Childs was interrogated by the police, but unlike the disgruntled programmers in the movie “Office Space,” he apparently hasn’t been fazed by the threat of prison. Authorities say he first gave police bogus passwords and now sits in jail refusing to divulge his abracadabras.
Childs pleaded not guilty last Thursday to four felony counts of computer network tampering. His lawyer declared it all a big misunderstanding and called the $5 million bail inappropriate. But San Francisco officials aren’t sure what Childs has done behind password locks, and they worry he might have created back channels into city data.
So-called “malicious insiders” are surprisingly common, and they tend to be more harmful – and difficult to thwart – than outside hackers, say experts. Despite the threat, one recent study found that organizations are growing more lax in guarding against them.
“Most of the security solutions [deployed] are outward facing, focusing on the moat and the turrets, not determining if the threat can come from inside” the castle walls, says Tom Kellermann, a computer security expert formerly with the World Bank Treasury and now with Core Security Technologies in Boston.
Roughly a quarter of computer system attacks are inside jobs, according to the past two years of the E-Crime Watch Survey from CSO Magazine and the US Secret Service. Their most recent report in 2007 found steep drops over the previous year in the percentage of organizations taking common protective measures:
•Background checks on employees and contractors dropped from 73 to 57 percent.
•Employee monitoring went from 59 to 42 percent.
•Employee security training plummeted from 68 to 38 percent.
The report defines an insider as a current or former employee, services provider, or contractor. Outside technology vendors and partners who are given insider access constitute a fast-growing source of attacks, according to a new four-year study conducted by Verizon.