Being in IT today sucks. If you don't look good carrying a clipboard and your nose doesn't fit your boss' rear end like a lego piece your screwed!

Everyone knows we, as Americans, do not negotiate with terrorists. Taking hostages, whether human or animal or passwords, will not be tolerated and these thugs need to be taught a lesson. Instead, the Mayor of SF should have called a raid on Entebbe style attack to get those passwords to a new, safe, undisclosed location.

This was a sad moment for our industry and a smear on professional ethics - I am sorry to say, leave him in jail and fine him triple ALL costs to undo this terrorist act. He is no better than those cretin "geniuses" that take joy in creating viruses - if he is allowed to touch a computer or anything more complex than a dial phone, it should be only after a twenty year sentence at Gitmo for his act of domestic terrorism - waterbord'm, DOJ said it's not torture . . .

Put Childs in jail. Power down the network, and buy new hardware. The admins could see the configs, so reproducing would be tedious but not difficult.

Millions for defense and not one damned cent for tribute.

I agree with IT Manger X; Terrorism is terrorism!
Where was Homeland Security? This employee held a US City hostage...not any different than a threat to destroy power plants, water systems, etc.

The mayor may have negotiated the release of the passwords, but at what price? What criminal charges are forthcoming? Isn't the employee at least going to be reassigned and disciplined?

This clearly shows a vulnerability with how the city manages risk by placing so much of its IT infrastructure under the control of a single individual. There was nothing in place to keep him from changing the key passwords and nothing in place to override these changes by other authorized account holders.

When you have key employees, you need to make sure your business is protected from abuse by them or by poor policy decisions. If this employee was killed in a traffic accident, the passwords would still be gone and no way to get them back. Problems like this often arise when budgets are cut without regard to impacts to good business practices.

Disregarding good business practices opens the door for abuse.

All it takes is an excuse for someone to cross the threshold.

I agree, there should be no negotiating with terrarists... but then again, these terrarists were HOME GROWN. They were empowered by those they were protecting, enabling them to be in a position of power before performing sufficient background checks, to determine if they had "terrarist hearts" to begin with.

And while an Entebbe style raid sounds cool, maybe (given the venue of terrarism) a "Midnight Express" style interrogation would have been more apropos =)

Torture anyone -- is that what you are proposing? No wonder you don't give your real name !!! Oh, my mistake, you must be a Republican .....

Having another admin with full access might not have helped. This guy was probably smart enough to delete and/or change *ALL* the administrative accounts on that gear. Heck, that is probably how they discovered there was a problem - some other admin could not get their access. I am also a bit surprised that Cisco couldn't break in more quickly. If one is willing to lose the configuration, it shouldn't be that hard to "wipe" the box -- or so the folks at our local Technical College who teach Cisco administration tell me.

It's amazing how someone always has to make threads like this political.

I'd be surprised if Cisco could break in very easily. They use strong security algorithms for a reason - and if there were ways for Cisco to get the info quickly, then there would be a way for others to do the same. That's not very good security.

Yes, you could get all new equipment (or at least wipe and install the current equipment), but again, at what price? If the other admin accounts have been changed, you will have thousands of man-hours of work to recreate the network, but you will won't be able to get it back to just like it was.

You will always need an administrator with full access to the systems, and that person needs to be able to drop accounts and change passwords, even of other administrators. So you will always have this exposure.

My only surprise is that it hasn't happened before to a major company. Or if it has happened, it hasn't been publicized.

The ONLY way to prevent such behavior in the future is to throw him in jail and lose the key. No negotiating. Or, if you are going to negotiate, tell him you'll only ask him to be jailed for 20 years instead of 50.

All users were able to access their data and applications. Childs did not remove or restrict those accesses.

What he did do was restrict the administrative configuation accesses to the routers to prevent hacking.

And it is becoming more clear by the day that rather than Childs being a disgruntled worker trying to blackmail the city; he was in fact a whistleblower about gravely insecure I.T. practices that placed city government at a major liablity risk as well as a grave risk to citizen's identities and government funds.

There is no other reason for Childs to have refused to work with his supervisors and instead go right to the top with the Mayor.

Jerry, it's amazing how anyone can't see the politics.

Dr. Zinj has been the first to provide balance to this thread. I don't claim to know enough about the details to pass judgment on Childs. But it seems that he didn't destroy anything, and there is far more smoke than fire here. The damage from costs might also be attributed to how this incident was handled by management.

If part of Childs' responsibility as an IT professional and a citizen was to assure the security of the public network (against, say terrorists), and if he was unable to do so due to incompetence or negligence at higher levels of management, then it was also his responsibility to take his concerns to the top, which is precisely what he did. Final judgment is not for us to make. Certainly, it seems his motivation was not venal.

Doing the right thing is not simply a matter of taking orders from the chain of command. Even soldiers are supposed to know this. It's a matter of using one's own judgment and taking action courageously. Childs might very well have done a public service for which he will pay with his career.

And I note that the prosecutors exposed confidential data in their zeal to stomp on Childs. The American Way.

There is always more to the story than we are "led" to believe. Until all the facts are in I'm not going to pass judgment. Sure, what was done was ethically wrong but there is also the possibility that this was perpetuated by some other unethical act. So you see, people are motivated by a huge number of reasons. I would not be surprised if the "mayor" had a little talk about some unmentionables with the cretin and found out the truth - which we may never know. Maybe the guy was trying to blow the whistle om some wrong doing and was squelched by the NSA or Homeland security or ?? and this "hostage" situation was what he thought the only option. Stranger things have happened. I am also surprised that Cisco doesn't have a method of restoring that hostage equipment. There may have been a motivation not to let that secrete out also.