The Terry Childs Saga

Laid-off IT workers, Terry Childs, and unexpected consequences

In a time of corporate strife, keep a close eye on potential new threats

We're moving into the seventh month of the Terry Childs case, and the world seems like quite a different place. Way back in July, our economy wasn't yet in the toilet (though it was rapidly heading there), Bush was president, Manny Ramirez had a contract. Things have changed.

Now, companies are going through spasms of layoffs, generally across all business units. This means IT too.

[ For the full rundown on the Terry Childs case, see the InfoWorld special report ]

In many cases, these layoffs will be front-line folks, desktop support, and the like. Generally these are IT workers that have only a slightly higher level of access than normal users and don't pose much of a security issue when they move on. However, there are sure to be some layoffs that hit higher on the IT food chain, which should make IT admins and directors worry, even just a little bit.

The problem is obvious: A disgruntled ex-employee decides to exact revenge by sabotaging the systems he may still have access to. Centralized authentication will obviously help here, but an infrastructure of any size will have one or two loose ends that might not even be known to the remaining IT staff.

If I put on my black hat, I can think of dozens of ways an ex-employee could wreak havoc on a network without the threat of discovery. The simplistic method would be to change passwords, erase configurations, format drives, or any such significant action. However, those would be discovered quickly and are more likely to leave a trail. There are far more insidious ways to disrupt normal operations, such as surreptitiously modifying a query in a critical application that overwrites existing unique IDs on insert rather than incrementing or changes a few characters in random fields whenever a page is requested -- that kind of thing.

I don't want to continue to speculate on the potential ways that a complex infrastructure could be damaged in this way, since the point has been made, and there's no need to add fuel to that particular fire. Suffice it to say that the dangers are real, and depending on the mental state of the ex-employee, damage could be severe.

Of course, this is only tangentially related to Terry Childs. I'm sure that those unfamiliar with the details of the case will see similarities, however.

Regardless, it's time to batten down the hatches in every possible way in the form of spending reductions, as well as increased usable life of desktops, servers, and network gear. Also, it's absolutely time to run authentication and access audits that will decrease the likelihood of sabotage.

As far as Terry Childs goes, the wheels of justice turn slowly. He's still in prison, and the case is on hold pending the results from a demurrer filed by his lawyer claiming that the charges are "vague" and don't specify exactly what Childs may or may not have done. From what I can tell, entries from this blog have been entered into the record, but I'm not sure exactly what posts or their significance.

Childs has not yet entered a plea.

Join the discussion
Be the first to comment on this article. Our Commenting Policies