$1 million salary
I'm off to be a sysadmin
Terry Childs, the ex-network admin accused of holding San Francisco's computer network to ransom, is suing the city for $3m. Childs, who has been in prison since July and is still awaiting trial, wants compensation for lost wages, damages and emotional distress caused by what he claims was his wrongful arrest and imprisonment …
I hope he wins. If my boss came to me with the "give me the master passwords to everything or you are fired" would mean to be that I was already up for termination, so my answer would be some variant of "sod off, they are in the secured location that you can't access, as per protocol, if you want the passwords, follow procedure to get them released, but you won't get them from me."
Here is the catch-22, if you don't comply it is direct insubordination which is usually a immediate termination offense, if you do give them up it is a violation of security policy, also an immediate termination offense. I believe he has taken the only path available and should win all he asks for and more. (since it is unlikely he will ever work in IT again.)
I thought he gave them over to the Mayor.
Did the people asking for the passwords have the authority to ask? If not then he did the right thing.
He would have to have been made aware of who had the authority to ask, and under what conditions. It seems his trust or understanding of who to trust started at the Mayor.
"As he's still awaiting trial, surely sueing for wrongful arrest and imprisonment is a little premature?"
Not at all. Lots of people wrongfully arrested are never even tried. It is a WRONGFUL arrest, see? The cops get away with it all the time, arrest and release as a form of intimidation or crowd control, but they try to have some kind of legitimate charge to cover their asses, like obstruction of the public highway.
You don't have to wait until you are found not guilty to seek legal remedy, and in fact being found not guilty would NOT by itself establish that the arrest was wrongful. In some cases, you might in fact be guilty and still get off because the arrest was unlawful. Illegal search and seizure, lack of a warrant, lack of probable cause, failure to give the right of silence warning, all of these and others can make a prosecution fail, and may even represent offences by the authorities.
I am not a lawyer and I have not charged you for my non-expert opinion.
No, suing for wrongful arrest can get a case disbarred before it's completed. It all depends on how much the courts drag their heels. If the man was wrongfully arrested they can't charge him with much since the entire case was made over false pretenses.
Mike makes a good point. The question is, does anyone outside of the city council (ie, those watching the news) know what their security policy is? Where I work, the root passwords for the servers are freely shared amongst coworkers (then again, every employee here is supposed to have root access...).
It does seem as though people are being a little hysterical, all around.
I looked this up the first time the story made the rounds, and the network equipment in question can be reset if one has physical access to the devices, which I would argue contradicts the "locked out" claim.
Resetting constellation of VPN routers to factory settings is likely to be non-ideal and costly in terms of man-hours to reconfigure, of course. But "locked out" is extreme. What would the City have done if the man had been struck and killed by a pizza truck instead?
Similarly, it's not a wise move from a resume-building perspective to refuse to turn over administrative passwords upon your dismissal. Sensitive passwords should have been in a secure location, anyway, for the superiors to recover in the event of the pizza truck scenario, above.
Bad sysadmin. Bad superiors. No saints here.
Most people just don't understand what a "secure network" is.
It's the one you "Can't Get Into".
This guy was doing his job that he was fired for, someone pulled "Rank" and demanded the passwords, he wouldn't give them, and this is where we're at now.
How can someone protect you if you act all crazy like that?
I find it plausible that he might have just happened to be the only one who knew critical passwords then his supervisor was treating him like crap and he just decided to not help them with their system.
Yeah it would have to be a real mess for just one person to have critical passwords but regrettably it would be far from unique. Also the system could have been a real mess. It probably was if he was in charge and they were letting him go for poor job performance.
I am really curious about this one. One or both of the parties were incredibly stupid.
This story is misleading,
The users were not 'locked out of the network', they were just locked out of making any possibly insecure changes to the network.
At all times while Childs was under arrest there were no security breaches, no drop-outs in traffic and no failures.
Now I'm sure The Register printed this story right the first time around, so perhaps you can look again at the original and correct the current copy.
Now while I don't approve of Rogue Sysadims going off the rails and acting in a clearly paranoid delusional way. You have to wonder what pushed this diligent worker to act so strangely (Making routers self wipe if powered off, not having backups to passwords only held in his own memory etc). We should ask ourselves what duty of care his employers had over him?
I guess that is the reason for the suite.
RIP for unbiased reporting: hence the memorial.
>> $1m for 7 months wages & benefits?
Well, I suppose he is 'employed' 24x7 - okay, say 23x7, they probably give him an hour a day in the yard. Okay, it still works out about $205/hour, but you have to bear in mind that he isn't getting any holiday and most of these hours are 'overtime'. Admittedly he is getting full room and board, so they could deduct that.
Interesting nobody picked up on the lawyers fees, his lawyer is probably working about 4-hours a day, 2 days a week, for seven months. Actually that only comes to about $2,000/hour so why would anyone bat an eye about that, it's quite reasonable for a laywer (and besides, he's probably billing for 30 hours/day, 9 days/week (plus the same for his assistants)).
Biting the hand that feeds IT © 1998–2020