Judge Teri Jackson sentenced Terry Childs to 4 years in prison last week. Childs took sole control of San Francisco’s city network for nearly two weeks claiming he was the only person certified for such access.  He eventually provided administrative access to the mayor who negotiated with Childs after his arrest.

Childs will next receive a hearing on financial penalties on August 13, which could require him to cover the city’s US $900,000 bill, spent on trying to regain control of its network.

The four year sentence for hacking is on the high end on the available five year sentencing range.

More details in CSO’s Security and Risk Blog.

Related Posts:

• San Francisco City Network Held Hostage by ‘Maniacal’ Network Engineer <July 18, 2008>
• Rogue Admin Returns Control of San Francisco Network <July 24, 2008>
• Terry Childs, ‘Maniacal’ City Network Engineer, Found Guilty of Hacking <April 28, 2010>

Back in July of 2008 we covered the story of Terry Childs, a network administrator for the City of San Francisco, who was imprisoned after taking sole control of the city’s network.  Though services were not interrupted, he locked out the rest of the city’s IT staff from the city’s network.

After the Mayor of San Francisco  secretly met with him in prison, Mr. Childs provided the new password, which allowed other city employees access after nearly two weeks of being closed out.

Information Week has details of the conviction and sentencing, which could range from release to a five-year prison sentence for computer crime.

Judge George O’Toole Jr has lifted the gag order preventing three MIT students from publicly discussing MTBA security flaws. As noted here, the MBTA made the student’s report public in their petition to gain the restraining order in question.

The MBTA, which had earlier denied that security flaws existed, had asked the judge to prevent the students from discussing their findings for five additional months. They also today said that the assessment by MIT students Alessandro Chiesa, R.J. Ryan, and Zack Anderson has persuaded them that the Charlie Card security system is flawed.

This of particular concern since the contract for Charlie Cards was awarded through a no-bid process to a former government employee. Janice Loux, a member of the MBTA’s board of director is on record as having lost confidence in MBTA General Manager, Dan Grabauskas.

The MBTA board is set to discuss an audit in light of security breaches, which included unlocked turnstile controls, unattended control rooms, and keys left in view which could be photographed and copied.

The Sanfrancisco Chronicle reports that after a secret visit by the mayor of San Francisco, the network administrator who locked the cities technology staff out of the network surrendered his password.
See earlier coverage of this story.

Terry Child’s defense attorney, Erin Crane, claimed that Mr. Childs was merely protecting the network from incompetent staff, and there was no clear policy who he was authorized to release the systems master password to in such a situation.

Continued

There has been commentary, criticism, and even worry about ICANN’s proposed laissez-faire policy to allow a broad range of top-level domains. Our friends at Circle ID try to calm the waters by reminding us that ICANN’s byzantine committee structure, and its tendency to avoid both conflict and even the clearest paths of action, can make its proceedings downright glacial.

Besides, ICANN has challenges beyond running the world’s domains. Lately, just running their own domain has been a challenge. Shortly after the announcement of the new gTLD’s, Turkish hackers seized control of ICANN’s website by … changing their domain record and redirecting ICANN’s traffic.

Continued

Who controls the software you use: you, or the software’s producer? That’s the question at the heart of a lawsuit by Blizzard, creator of World of Warcraft (WoW), against MDY Industries. Apparently, MDY has developed software called Glider that allows a WoW player to cheat by having their computer play for them in their stead. In other words, it enables players to gain experience points without playing or experience.

Continued

Credit card numbers were selling for as little as 40 cents each and access to bank accounts was going for $10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec, which you may download here.

As highlighted in our earlier article, Big Business Big Brother, data breaches now take place on a nearly daily basis. Last month, my grocery store leaked my credit card information; this month my ISP allowed access to another site’s domain record. While I’d rather be funny than alarmist, the falling price for stolen data suggests that access to your personal information is so easy, it’s becoming a commodity. That’s not funny.

However, also today, The New York Times reports that, nationally, burglary is down by 50% from 1980 figures. Isn’t breaking and entering simply the 20th-century analogue to identity theft? It seems criminals are opting for a less physically risky version of the same crime. What do you think?