In another San Francisco Chronicle article today, there are some quotes and summarizations from this morning's bail hearing:
A judge refused today to lower the $5 million bail for a San Francisco computer engineer accused of hijacking the city's network, after prosecutors said he had rigged the system to melt down during routine maintenance.Prosecutor Conrad del Rosario said Childs had arranged the system so that key programs were held in temporary memory files that would evaporate when the network was shut down during routine maintenance or any unexpected power failure.
[ Follow the Terry Childs saga with InfoWorld special report: Terry Childs: Admin gone rogue. ]
The city had scheduled a shutdown for regular maintenance last Saturday, but experts caught the problem in time and transferred data to permanent files, del Rosario said.
"He had a malicious intent to destroy the entire network," the prosecutor said.
I think I know now why his bail wasn't reduced, but it doesn't really have much basis in reality, and again, I have to question the city's take on events.
Last Friday, I ran a story that described how Childs had refrained from saving configurations to flash in remote-site routers, ostensibly for security reasons. This isn't something that I would consider to be appropriate, but from what I can tell, Childs was quite paranoid about network security, and thought differently. My source detailed having this discussion with Childs, and the eventual outcome was that Childs agreed that disabling password recovery on those routers would suffice, and would prevent problems if power was lost. This is exactly what the city claims to be "malicious intent to destroy the entire network". Frankly, a CCIE-level engineer has a million far more insidious ways to "destroy the entire network" than simply not saving configurations to flash.
Again, I'm not in San Francisco, I haven't seen this network with my own eyes, but this still seems to be blown way, way out of proportion.
And as far as the city "shutting down the network for regular maintenance" last Saturday, I can guarantee that no network administrator worthy of the title would dream of powering off a network device that is working perfectly, but to which they cannot log into. Further, unless that administrator was going to be physically replacing the router or switch or adding hardware to the router or switch, there would be no reason to power off the routers during "routine" maintenance. And if that were the case, there's no way that they would be able to complete that maintenance without being able to log into the device.
And perhaps most curious, if "experts caught the problem in time and transferred data to permanent files", then they had to have administrative access to those devices, or current copies of the configurations of those devices. But that can't be possible given the other statements made by the prosecution -- last Saturday, they didn't have the passwords, and they've publicly stated that they don't have the configurations.
It just doesn't make any sense. They can't have it both ways.
