Insider locks out San Francisco WAN

From SCMagazine

Network administrators in San Francisco could not access the city’s new wide area network (WAN) because a disgruntled engineer refused to divulge his exclusive credentials.

San Francisco officials said they are trying to crack his credentials and hope to regain access to the systems where emails, payroll files, law enforcement documents and arrest records are stored, the report said.

The systems affected continue to work, though with only limited or no access.

“They are probably OK until some minor problem arises, such as a hard disk filling up or a tape backup failing,” Jeff Nielsen, senior product manager at identity management provider Symark Software, told on Tuesday. “Such problems are normally handled by system administrators easily, but if they’re locked out, they’ve got big problems.”

There’s some more on this story here

Childs was part of the team that built FiberWAN (wide area network) , the backbone of the city’s computer network, said Ron Vinson, chief administrative officer for the Technology Department. The system stores about 60 percent of all city government data.

By the time Childs was done with his alleged criminal deeds, he had created a password that gave him exclusive access that data, prosecutors said.

When police asked him to divulge the password, Childs first gave a bogus code and then refused to provide the correct one even under the threat of arrest, authorities said.

Childs’ bosses ordered him to leave work July 9 for alleged insubordination, but they continue to pay his $127,735-a-year salary. Vinson insisted that was standard procedure, even for a city employee accused of four felonies.

I’ve made plenty of comment before on this blog with regards to risks relating to malicious and disgruntled employees. Here is another lesson learnt the hard way for the case-book.