Update: IT administrator pleads not guilty to network tampering

Terry Childs is accused of setting up an unauthorized access system and holding much of the city of San Francisco's computer network hostage

A  disgruntled network administrator pleaded not guilty Thursday to charges of computer tampering for allegedly setting up an unauthorized access system and holding much of the city of San Francisco's computer network hostage.

Terry Childs, 43, entered the plea before Judge Paul Alvarado in San Francisco Superior Court on Thursday morning. His next court appearance is a bail hearing set for July 23.

[ The Deep End blog: Is this situation really all it's cracked up to be? ]

Administrators have been struggling for the past few weeks to regain control of the city's Fibre WAN after Childs allegedly reset administrative passwords to its switches and routers, and refused to hand them over. He is also alleged to have planted unauthorized devices on the city's network.

As of Thursday, the city has still not recovered administrative control of its routers, but the WAN network is still operating normally, said Ron Vinson, chief administrative officer with the city's Department of Telecommunication Information Services (DTIS). He said it was hard to predict when the problem would be fixed and that it could take days or weeks to resolve the situation. "We feel very confident that we will have full access," he said.

This network, used to connect computers between buildings throughout the city, carries about 60 percent of the network traffic of San Francisco's city government. It has continued to function normally, but without administrative access the city can no longer make important security and configuration changes to the hardware.

Childs is a network administrator with the DTIS, which runs the city's critical IT operations, including the e-mail system, Web site, 311 call center, and telecommunications infrastructure.

He became erratic and then hostile with colleagues after a recent security audit uncovered his activity on the network, according to a source familiar with the situation.

Childs was somber and respectful in his brief court appearance Thursday, as he stood before the judge handcuffed from behind and clad in the orange sweatsuit worn by those housed at the San Francisco County Jail.

He had a supporter in the courtroom. Dana Hom, who until 2004 was a director at DTIS, told reporters at the courthouse that he is a "casual friend" of Childs, who, he says, should have been placed on administrative leave and investigated -- not arrested -- for the incident, which Hom blamed on "poor, poor management" within the department.

"I have seen what I thought was the worst, but this takes the cake," said Hom, who now runs a PC repair company in Windsor, California. "I'm here because I see a travesty of justice."

Hom described Childs as "very gentle" and "one of the most competent IT engineers ever."

Hom, who interviewed Childs before he was hired, said in a later telephone conversation with IDG News Service that as network administrator, Childs was entitled to have the passwords to the WAN's switches and routers. He was probably unable to notify management of any password changes because customized change-management software built to track this type of data "has been broken for years," Hom said.

Hom did not know why Childs is now refusing to divulge the passwords.

A source within DTIS, who spoke on condition of anonymity, painted a different picture of Childs. According to the source, just before his July 13 arrest, Childs intimidated the department's new chief of security, Jeana Pieralde, while she was conducting an audit of the network at San Francisco's datacenter. "He started to appear at a doorway and take a picture and walk away, clearly trying to intimidate her, watching her through the glass," the source said.

At one point he stood at the door and physically blocked her from exiting a room. "She went around the corner and locked herself into the office and called her boss," the source said. "At that point we knew he had something he was hiding."

Childs is being held on a $5 million bond, an unusually high amount for a computer tampering case. He faces seven years in prison if convicted on all counts.

Childs' former public defender, who stepped down Thursday because of an unspecified conflict of interest, said that the $5 million bail is excessive. The DA's office has sought $1 million bonds in murder cases, said Mark Jacobs, an attorney with the San Francisco Office of the Public Defender. "I think they are trying to send a statement about how serious they take it," he said of the Childs case.

The city is now working with Cisco Systems to repair the problem, but if it has to replace the routers and switches that have been tampered with, it could easily face a $250,000 bill for the incident.

San Francisco began rolling out the Fibre WAN about four years ago as a less-costly alternative to leased data lines. The city has spent more than $3 million on the project.

This story was updated on July 17, 2008

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies