San Francisco prosecutors put the
computer security of the city authority at risk by making
public nearly 150 usernames and passwords.
The San Francisco
District Attorney's Office filed the usernames and passwords as
a court exhibit while arguing against a reduction in the $5m bail
in the case of
Terry Childs, who is accused of
holding the city's network hostage by refusing to give up
administrative networking passwords.
The details were discovered on Childs's computer, said the court
filing, and posed an "imminent threat" to the city's computer
network. Childs could have used the names and passwords to
"impersonate any of the legitimate users in the city by using their
password to gain access to the system".
The passwords are used by officials accessing the network from
home computers or laptops while they are outside of city offices.
The passwords are for many city departments including the police
department and the mayor's office.
The passwords are thought to be "phase one" passwords, each of
which is combined with a second password to access the network.
The DA's office said that "the court files have been amended
accordingly."
Childs had blocked the computer system of the city of San
Francisco to everyone but himself. He has been charged with
computer tampering.
For nine days after his arrest on July 12, Childs refused to
hand over the administrative passwords. An engineer in the city's
Department of
Telecommunications and Information Services, Childs had been
engaged in a months-long dispute with management.
He gave the passwords to the mayor last Monday after a secret
jailhouse meeting. His lawyer argued that because of departmental
incompetence, the mayor was the only person qualified to be handed
the keys to the network.