This example of the “insider threat” scenario that is worrying many in the information security business has led to Terry Childs being held jail although he is not thought to be trying to extort the city out of money.
According to prosecutors, Childs locked out all other administrators from the city's computer system after they started asking questions about a run-in he had with his agency's head of security.
In the San Francisco Chronicle, Mayor Gavin Newsom described Childs as a formerly well-liked employee who "got a bit maniacal." He told reporters Thursday, “"There's nothing to be alarmed about, save the inability to get into the system and tweak the system," he said. "Nothing dramatic has changed in terms of our ability to govern the city."
Childs was part of the team that built FiberWAN (wide area network) , the backbone of the city's computer network, said Ron Vinson, chief administrative officer for the Technology Department. The system stores about 60 percent of all city government data.
By the time Childs was done with his alleged criminal deeds, he had created a password that gave him exclusive access to that data, prosecutors said.
When police asked him to divulge the password, Childs first gave a bogus code and then refused to provide the correct one even under the threat of arrest, authorities said.
His lawyers have criticized the amount of bail but prosecutors and city officials speculated feared that Childs may have enabled a third party to gain access to the computer system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents. However, they have found no evidence of such a device in searches of his home and car.
Security vendors are nowadays providing more security technology that clamps down on employees in general, such as data loss prevention, which prevents end users from stealing an employer's intellectual property, said Charlotte Dunlap a senior analyst with Enterprise Strategy Group.
“But that still might not have helped in this situation, which causes one to wonder, who’s watching the gatekeepers?”
Bryan Watson, owner of NetTracers, who has had to extricate businesses from similar situations said this incident highlights the need for organization to require independent oversight and reviews of systems activity on a regular and continuous basis.
“Unfortunately, when a hot-shot network or systems admin is finally found and hired, complete control is often handed over, with little to no oversight.
“If that admin goes bi-polar or has a stroke, an entire organization may pay dearly for not having proper processes and oversight in place. IT departments should ultimately be treated like accounting departments, with audits and well thought out checks and balances to ensure that neither individual malice, mistakes nor medical issues will shut down the organization.