Monday, August 11, 2008

San Francisco's city systems and records compromised by one dishonest employee


Now, local governments are finding that they have to take background checks on people they hire for network administration seriously. In San Francisco, an administrator (Terry Childs, 43) compromised the city’s systems (for police, payrolls, courts) and would only give the password from jail after several days. It was unclear what his motive could have been, other than to “prove something.” He had turned the whole municipal computer system into a “private network.”

Trustworthiness of employees who run such systems is becoming a critical issue. Background checks need to be run across state lines, with formal procedures (not just Internet “reputation”). The particular employee had a prison record.

The story is on p A3 of the Washington Post, is by Ashley Surdin, and is titled “San Francisco Case Shows Vulnerability of Data Networks: arrest spurs other cities to boost security”, link here.

But The San Francisco Chronicle has a curious story by Jaxon Van Derbeken, “S.F. computer tech had turned life around,” from July 27, 2008, here.

It’s not clear with the City can do to monitor or protect the credit records of its employees and even city residents who have any interaction with the City (almost everyone).

No comments: