San Francisco Network Hijacking Case Takes Embarassing New Twist

After making intense efforts to re-secure the city's computer network after a disgruntled employee took control of the system, San Francisco officials have made a big mistake by putting around 150 passwords into the public record.

The blunder comes as part of an ongoing criminal action against Terry Childs, a system administrator who, apparently infuriated by the work practices of his colleagues, put a series of passwords on the entire system to stop anyone else getting access. He then refused to hand over the details even under threat of imprisonment; after being placed on remand with bail set at $5 million, he eventually handed back control of the network in a secret meeting with the city's mayor.

Childs remains in prison on the charges. While he didn't directly damage any data, the restrictions he put in place meant that staff were unable to make any changes to the network, which handles 60% of the city government's data, including the email system and website. (Source: betanews.com)

Had the network crashed or suffered a power outage, staff would have been unable to repair it and would instead have had to rebuild the network from scratch, which could have taken up to eight months. Childs is also accused of putting in a booby-trap by which any attempt to restore access would have wiped out the network's configuration settings.

Just as officials began breathing easy again, the district attorney's office presented 150 of the network's user names and passwords found on Childs' computer as an exhibit in the court case. While there's no doubt that the information will help the case, the problem is that such exhibits are a matter of public record, meaning anyone can ask to see them.

It's not a worst-case-scenario, as the passwords concerned are for city workers connecting from remote machines such as laptops and home computers. They need to be combined with a separate system password to get access to the network. However, the publication of the details does certainly make hackers' work a step easier. (Source: wired.com)