I've finally received some information from the city's court filing opposing the reduction in bail for Terry Childs. It's a frankly disturbing account of events and scenarios.
First, according to the city, Childs did configure some number of routers and switches with 'no service password-recovery', which would prevent anyone from recovering the passwords on those devices without losing the IOS image and configuration. In addition, he also removed the startup configuration from some number of devices, leaving them operational via the running config, but that would be lost during a power outage or reboot. If this is true, and this was done on the core network gear, then Childs was definitely up to no good -- nobody does that.
Much ado has been made of modems (some of it by me, today), but the court document only discusses a few modems in his work area. It does reference "1100 different devices, routers, switches, modems, etc scattered throughout the city's offices". This is far, far more likely than 1,100 modems, but is still an enormous number of devices that the city apparently doesn't know about, or lost track of. It's incredible to me that any infrastructure of any size could have 1,100 unknown "routers, switches, modems, etc" that only one employee knows about or has access to.
[ Follow the Terry Childs saga with InfoWorld special report: Terry Childs: Admin gone rogue. ]
This document also outlines various methods that Childs could have used to gain access to the FiberWAN, including "wireless access devices to different departments". These are not actually detailed, but are alluded to as being found as references found during forensic analysis.
It's odd the way this document uses common terminology. They describe "access points" throughout the document, but I don't believe they mean wireless access points, rather, individual ports or subnets on the network. My prior speculation that this was the secondary information provided to Mayor Newsom on Monday appears to be correct -- they had to connect to the network from a specific subnet or IP address.
There are also references to a terabyte of information stored on various encrypted storage devices. The city has not been able to gain access to this information, however. I'm assuming that the total size of these devices is one terabyte, not that there's a terabyte of actual information there.