VCU - Technology Services
San Francisco's rogue network admin
The lead network engineer for the city of San Francisco was arrested a week ago and charged with 4 counts of computer tampering. He is being held on $5 million bail for refusing to hand over the administrative password to the WAN, FiberWAN, which carried more than 60% of the city government traffic. Yes, $5 million. As of today he still hasn't handed it over. The password is needed to make changes to the configuration of network equipment like routers and switches.
This is a fascinating story. He's being accused of all sorts of behavior - facilitating remote network access so confidential data could be destroyed, covertly reading coworkers emails, and taking pictures of the female head of security during a password audit. However it seems that there's a lot more to this story.
There are some key lessons.
1. Ensure that at least 2 people have access to all administrative passwords.
2. Backup all system configuration files on a regular basis to storage media with restricted access.
3. Ensure that at least 2 people can perform every business function.
4. Document all systems and processes.
5. Establish a written information security policy.
About This Entry
Need Help?
If you need immediate assistance, please contact the Help Desk at (804) 828-2227 or submit a ticket online. You can also submit feedback through our Feedback form above or leave a comment on specific blog entries.
Don't Get Phished
Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. Learn more about phishing »