Also, the prosecution continues to blur the terminology. They continue to use the term "modem" indiscriminately, including a reference to a "VPN modem" in one section that appears to be a reference to a VPN concentrator. They then claim that this VPN "modem" provided sufficient remote access capabilities to allow admins to work on the network remotely, completely ignoring the fact that if the network is down, the only way to get into the routers and switches is by dialing into the attached modems, since the VPN connection would not be functional. VPN and non-PPP router dial-in access are two completely different things, and serve two completely different purposes. Emergency remote dial-in is the main purpose of the AUX port on Cisco routers and switches, after all.
Technically speaking, this document is simply chock-full of technical errors. Whether or not these originated from the DA's office or the consulting companies that have cost the city $1 million, I don't know, but there's definitely a breakdown somewhere. To have this level of misinformation repeatedly presented to the courts is either terribly embarrassing or terribly misleading or both.
There are also statements in the filing that point out that the network devices were only accessible from certain places within the network. They claim this as another example of malfeasance on the part of Childs, saying "Thus, even possessing the passwords were [sic] not enough to regain control of the network, but one had to know where to go to communicate with the network's core devices." Using ACLs to protect against intrusion is standard operating procedure. This is what access-classes on VTYs are for. They then claim that this was a "single point of failure," yet in the next paragraph, they claim that four or five other locations had the same access.
The prosecution also calls attention to two 32GB flash drives that are apparently missing. They found packaging for these flash drives in his home, and claim that Childs was seen using the flash drives within the DTIS offices in the days prior to his arrest. To date, Childs has not produced these drives or offered any information as to their contents or whereabouts. The prosecution claims that Childs had FTP access to one or more servers and they believe that he downloaded data from the city's network onto those drives. If Childs had FTP access, then there are logs of his actions. If he filled up two 32GB flash drives with data from the city network via FTP, then those logs will be large and will show exactly what he downloaded. No mention of these logs appears in the filing.