Friday, February 11, 2011

The curious case of Terry Childs - Network kidnapper

In 2008, a network administrator named Terry Childs took total control of his network and refused to share access. So whats the big deal? He was employed by the City of San Francisco and his network contained thousands of public records and important city government data, and lack of access to this network could cost the city millions of dollars. He was arrested, charged with 4 counts of computer tampering, and was held on 5 MILLION dollar bail before he finally agreed to hand over access to the network. A source close to the situation, as relayed by InfoWorlds Paul Venezia , said that 
Terry's area of responsibility was purely network. As far as I know (which admittedly is not very far), he did not work on servers, except maybe VoIP servers, AAA servers, and similar things directly related to the administration of the network. My suspicion is that you are right about how he was 'monitoring e-mail'; it was probably via a sniffer, IPS, or possibly a spam-filtering/antivirus appliance. But that's just conjecture on my part.”The routing configuration of the FiberWAN is extremely complex. Probably more so than it ought to be; I sometimes got the feeling that, in order to maintain more centralized control over the routing structure, [Childs] bent some of the rules of MPLS networks and caused problems for himself in terms of maintaining the routing."Because the system was so complex (and also because he didn't involve any of the other network engineers in his unit), Terry was the only person who fully understood the FiberWAN configuration. Therefore, to prevent inadvertent disruption of this admittedly critical network, he locked everyone else out. I know most of the networking equipment … does use centralized AAA, but I get the impression he may have configured the FiberWAN equipment for local authentication only.”
Mr Childs:

He goes on to say that : 

"This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry's coworkers, 'If your request has anything to do with the FiberWAN, it'll have to wait for Terry. He's the only one with access to those routers'). His managers knew it.
"Other network engineers for the other departments of the City knew it. And everyone more or less accepted it.
"No one wanted the thing to come crashing down because some other network admin put a static route in there and caused a black hole; on the other hand, some of us did ask ourselves, 'What if Terry gets hit by a truck?' If a configuration is known and accepted, is that 'tampering'?”
“He's very controlling of his networks -- especially the FiberWAN. In an MPLS setup, you have 'provider edge' (PE) routers and 'customer edge' (CE) routers. He controlled both PE and CE, even though our department was the customer; we were only allowed to connect our routers to his CE routers, so we had to extend our routing tables into his equipment and vice versa, rather than tunneling our routing through the MPLS system.” 

After reading this case, as strange as it sounds, I almost felt like I could relate with Mr. Childs. While by no means would I recommended taking it to the extremes he did, but when you build something such a network, or even building your own computer, it begins to take on almost a child-like relationship. I know it may sound odd, but when you work on something very hard, configure it perfectly, and know the inside and outs of it, it becomes more than just a Network or a computer. It is YOURS. I began building home LAN's and other networks when I was still in middle school, right when the technology was new. The setup, back then,  was much more complex than it is nowadays. The first one I attempted to setup took me 3 days of arduous configuration. I was editing GUI scripts,configuring every single setting, and setting up static IP's- then, assuming the setting were all correct ( which was rare, it was more trial by error then) setting up each individual computer to access the network properly. When something went wrong with my first network, I was always the one to come to. At first, the rest of my family members would try to fix it when it had a brief loss of connection, and this would frustrate me to no end, as silly as this sounds. It was my network, the culmination of a ton of hard work and time, and only I was able to do it right (according to me). 

After a while, I was the go-to guy around my neighborhood for LAN setup - and each one seemingly took on a life of its own for me. I knew the explicit details of each one, the right settings, etc etc. When something would go wrong, I could not focus on anything else until I got it fixed. I would get knocks on my door at 3am from a distraught sister trying to finish some homework, or my father up late submitting reports and such. I like to imagine this is how artists feel about their work.

Mr. Childs network was so complex, he took care of it like a baby and knew it like the back of his hand - thats why when people began tinkering around with it, he locked it up. There is a line, however, and no doubt he went way to far, but I think Networks Admins and Gurus all around the world will look at Mr. Childs case, and know the feeling.

Read more about the case here :,0


No comments:

Post a Comment