Right out of a Michael Crichton Novel
...circa 1985 or so. This looks like a good set-up for a tehcno- thriller, doesn't it?
S.F. officials locked out of computer network
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.
Granted, to make an effective thriller out of this, you would need for the computer system in question to be vital to national defense. Being down, it would open us up to attack by terrorists or the Soviets (1985, remember.) Or maybe it would just be a system controlling a dam -- with humans completely locked out of control -- with a devastating flood likely if the authorities can't regain control. Or, come to think of it, maybe it would be a security system protecting people from dinosaurs.
In any case, the warning inherent in this kind of story would be that technology allows some individuals to disproportionately empower themselves, with potentially devastating results if the individuals in question are criminal or sociopath types. This is undoubtedly true. But while an effective theme for a techno-thriller, I don't think it's the right lesson to take away from a real-life incident such as this one.
I would prefer we learn something like this:
Technology can allow some individuals to disproportionately empower themselves if it isn't managed correctly. So whatever we do, let's make sure that no one individual is ever holding all the marbles.
Granted, this approach will require those sourcing and managing technology projects to understand, if not the technologies themselves, at least the risks involved. No doubt it's a lot easier just to hand the keys to the kingdom over to the first geek who comes along who persuades you that he or she can solve all your problems, but the ease of that decision comes at the cost of entrusting that individual with an awful lot of power.
So instead of wringing our hands and saying, "Oh my, technology makes bad people too powerful," how about if we hitch up or trousers and say, "Oh my, technology requires good people to be smarter?"
Just a thought.
(Hat-tip: GeekPress.)
Comments
Expecting people to be smarter is a highly iffy proposition.
Posted by: Crafty Hunter | July 16, 2008 11:58 AM
There is something about this story that doesn't make sense. The guy is making a good living why would he do something like this. Admittedly not all people are rational but computer people are usually at least logical.
Posted by: starhawk | July 16, 2008 12:20 PM
During the Cold War, deep down in the missile silos, two keys were required for a launch. Those key input triggers where separated so that one man could not by himself launch a missile. Maybe it would be time to think about this with computer security - more than person to setup passwords, etc.
Posted by: dittybopper | July 16, 2008 01:11 PM
Just one quibble: wringing hands. Not "ringing hands."
[Thanks. Fixed.]
Posted by: BlogDog | July 16, 2008 01:50 PM
Either all the other employees there are idiots or they are using some sort of years-old legacy system. There are always physical mechanisms for recovering and resetting the base administrator password if you have personal physical access to the machine in question (which is why they are kept in locked rooms).
Of course, if the guy is clever he might have put in all kinds of damaging triggers, but....
Posted by: luagha | July 16, 2008 02:02 PM
In general, "you need to be smarter" seems to be the theme of our times. You can't just throw all your money into a single savings account and expect everything to be OK forever. You can't just say "give me a loan" and assume that the first thing you get is the best thing for you. You can't just click on every link in front of your face and assume that nothing bad will happen.
Posted by: DensityDuck | July 16, 2008 02:06 PM
Sounds like the sysadmin just changed the "root" password and wouldn't give that supreme authority over the system to person or persons not trained or experienced enough to know when to leave well enough alone.
Postulating a new boss, who perhaps wants to bring in a "friend" of his who recently read a book on System Administration for Simpletons, one can understand why a professional admin would try to defend his users, and in fact, his company, from the horror that can be inflicted by a run-amok novice admin with a mandate to malfease.
n.b. NOT saying that such is the case here. Just that there ARE moral reasons for withholding information.
Posted by: homebru | July 16, 2008 02:26 PM
Crafty Hunter:
I think what's needed here is not necessarily individual intelligence (although that would be helpful), but institutional intelligence - having checks and balances that keep tragedy from striking even when we have less than brilliant (or even honest) people in one position or another.
Posted by: Stephen Gordon | July 16, 2008 03:45 PM
From "The Abolition of Man" by C.S. Lewis:
For the power of Man to make himself what he pleases means, as we have seen, the power of some men to make other men what they please. In all ages, no doubt, nurture and instruction have, in some sense, attempted to exercise this power. But the situation to which we must look forward will be novel in two respects. In the first place, the power will be enormously increased. Hitherto the plans of educationalists have achieved very little of what they attempted and indeed, when we read them — how Plato would have every infant ‘a bastard nursed in a bureau’, and Elyot would have the boy see no men before the age of seven and, after that, no women, and how Locke wants children to have leaky shoes and no turn for poetry — we may well thank the beneficent obstinacy of real mothers, real nurses, and (above all) real children for preserving the human race in such sanity as it still possesses. But the man-moulders of the new age will be armed with the powers of an omnicompetent state and an irresistible scientific technique: we shall get at last a race of conditioners who really can cut out all posterity in what shape they please. ...
I am not thinking here solely, perhaps not even chiefly, of those who are our public enemies at the moment [1944]. The process which, if not checked, will abolish Man goes on apace among Communists and Democrats no less than Fascists. The methods may (at first) differ in brutality. But many a mild-eyed scientist in pince-nez, many a popular dramatist, many an amateur philosopher in our midst, means in the long run just the same as the Nazi rules of Germany. Traditional values are to be ‘debunked’ and mankind to be cut out into some fresh shape at the will (which must, by hypothesis, be an arbitrary will) of some few lucky people in one lucky generation which has learned how to do it. The belief that we can invent ‘ideologies’ at pleasure, and the consequent treatment of mankind as mere hyle [Greek: matter, clay], specimens, preparations, begins to affect our very language. Once we killed bad men; now we liquidate unsocial elements. Virtue has become integration, and diligence dynamism, and boys likely to be worthy of a commission are ‘potential officer material’. Most wonderful of all, the virtues of thrift and temperance, and even of ordinary intelligences, are sales-resistance.
Posted by: Jim C. | July 16, 2008 06:45 PM