San Francisco hunts for mystery device on city network

With costs related to a rogue network administrator's hijacking of the city's network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network. The device, referred to as a "terminal server" in court documents, appears to be a router that was installed to provide remote access to the city's Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven't been able to log in to the device, however, because they do not have the username and password. In fact, the city's Department of Telecommunications and Information Services (DTIS) isn't even certain where the device is located, court filings state.

The router was discovered on Aug. 28. When investigators attempted to log in to the device, they were greeted with what appears to be a router login prompt and a warning message saying "This system is the personal property of Terry S. Childs," according to a screenshot of the prompt filed by the prosecution.

View: The full story @ InfoWorld

Report a problem with article
Previous Story

Asustek to take on HTC in touch-screen smartphone segment

Next Story

E-Mail Addiction: Five Signs You Need Help

38 Comments

Commenting is disabled on this article.

Disgruntled? He was making $126,000/year ....with that sweet sweet state pension and other perks of a government job.

I thought most firewalls etc had the ability ot block out a specific IP/MAC id from accerssing the network, so couldn't they just do that ?

I say DoS the router offline. Chances are he's not using some rock solid industrial router, its gotta be vulnerable to that kind of thing.

This stunt has cost him any chance of having a job with any security clearance.

What about the people that work for the governments, anti-piracy firms and anti-virus firms because they're extremely good hackers?

Here we go again. No one commenting actually reads the whole article or related information to find out what the real story is. Everything I see points to an under-appreciated public servant who was pushed too far and decided to teach his bosses a lesson. I think it is freakin' great. However, his bosses are wussies. You could easily classify this as an attack on national security and use the Patriot Act to take him to Guantanamo and torture the info out of him. Geeks are not know for high pain thresholds, you know. :P

Oh and ... that must be one beeyotch of a password. Can you say "rainbow table?"

Also, bond is $5M (clearly printed in the story.)

Disgruntled or not, he has no right to place a device on a network that is not technically his. This is sabotage, willful sabotage. A lot of us feel under appreciated at their jobs. I know I do. In my position, I can stop an entire production facility if I wanted to. I won't do it because I know ethically it would be wrong. If he was as good as he is supposed to be, he could have found work in the private sector. This stunt has cost him any chance of having a job with any security clearance.

(starless.bible.black said @ #13.1)
maybe I missed sth? how would you do that without knowing the location of the device or without login/pw? Maybe they should hire you? ;)

The router was discovered on Aug. 28. When investigators attempted to log in to the device, they were greeted with what appears to be a router login prompt and a warning message saying "This system is the personal property of Terry S. Childs," according to a screenshot of the prompt filed by the prosecution.

I assumed they know the location..!

"the city's Department of Telecommunications and Information Services (DTIS) isn't even certain where the device is located, court filings state"

So no they dont know where is physically located. They "discovered" it on the network.

Lesson probably learned in the case of the now confused bosses....Have a backup plan - NEVER rely on one guy to have the master key (passsword in this case), to the goods.

I find it slightly amusing that they didn't have a failsafe.

(Ironman2003 said @ #11)
Lesson probably learned in the case of the now confused bosses....Have a backup plan - NEVER rely on one guy to have the master key (passsword in this case), to the goods.

I find it slightly amusing that they didn't have a failsafe.


This is the government we are talking about. You honestly believe they would think of stuff like that?

stupid discruntled IT Admins should be shot for there incompetence or put in jail for like 50 years as mr childs is.if he was unhppy with his job he should have quit and found another job. very simple to do.

The problem here is he IS/WAS competent. Apparently he was the only competent person over there, since he alone was trusted the whole network ...

So instead of blaming this guy for everything, how about placing some blame where its due, ie. his superiors, for allowing this whole situation to even develop.

This should not be a big deal. Get the MAC address of the "device" and shun it from the network. When you find it, you find it. At least then it's not a huge security concern.

True, it should be easy enough to simply lock it out of the network, but it might be more complicated than that. eg: What if he rigged something in the SF system to react if this "device" goes offline?

Anyway, I'd be surprised if this is the only "device" this guy set up to do who knows what with the network. This guy's going to cost SF taxpayers a lot of $$ by the time it's all resolved.

How do you get a MAC address of a device that nobody knows where it is hidden on a network the size of San Francisco?

(Odom said @ #8.2)
How do you get a MAC address of a device that nobody knows where it is hidden on a network the size of San Francisco?

Well they obviously have the IP address of the device if they are trying to log into it. So just look it up by IP in the ARP table. Then you will be able to trace it by MAC.

The device is probably routing some critical information stream through it that they can't afford to have go offline... even for a microsecond. Otherwise, they would have bypassed the device already and isolated it from the network. This "Childs" fellow is anything but a child; he knew just where to put this thing to ensure his scheme (whatever that is) can't be defeated so easily.

This system is the personal property of Terry S. Childs

Uhm... maybe, ask him the password? Or am I missing something here?

(rpsgc said @ #7)

Uhm... maybe, ask him the password? Or am I missing something here?

He refuses to give out the password. I believe his bail was set at One Million Dollars as well if I remember correctly. He should be like "if you lower the charges....I'll give you all the info you want" haha.

(Dane said @ #7.1)

He refuses to give out the password. I believe his bail was set at One Million Dollars as well if I remember correctly. He should be like "if you lower the charges....I'll give you all the info you want" haha.

Better yet, he should tell them to drop the charges completely, and in return he would tell them where the first access point is

(Dane said @ #7.1)

He refuses to give out the password. I believe his bail was set at One Million Dollars as well if I remember correctly. He should be like "if you lower the charges....I'll give you all the info you want" haha.

That would make it extortion and he would be on his way to an FBI office after the city was done with him then. ;)

Just waterboard him to get the info... That's ok now, isn't it?

(GreyWolfSC said @ #7.3)

That would make it extortion and he would be on his way to an FBI office after the city was done with him then. ;)

Just waterboard him to get the info... That's ok now, isn't it? :(


You have no idea how the legal system works, do you?
Once you're in custody and charged with an offense, any deal you offer to make to the prosecuting attorney (with some exceptions), even if it could otherwise be considered extortion, is just a statement during a negotiation towards a plea bargain. If I was the accused in this case and I offered to give up the alleged password in exchange for all charges being dropped and a waiver of all related civil action being agreed to by both parties, I would be well within my rights. Of course, the prosecutor would be a fool to accept such a plea arrangement, but I'd still be free to make the offer.

(GreyWolfSC said @ #7.3)

That would make it extortion and he would be on his way to an FBI office after the city was done with him then. ;)

Um...no.

fluke has a "switch trace route" function on some thier devices

but on a cisco go to the module 15 look up the mac see what port the mac is coming from and follow the segments down till you get to it...ok you might have to isolate a lan segment near the end but whooooo that is hard.....
Almost all other Smart switches have some sort of neighbor information or mac info on their routing engines...

Or you mean to tell me OMG they made a huge flat network with no vlans.... man they must be stupid... then again wasn't this the guy trying to prove to his bosses that they were stupid or something.... I think that was it

Sorry for the edits

lol.thats funny...says they cant track down the physical location.....not even with one of those $5000 lan testers/tracers??...sounds like its time to invest in one boys before you hit the $2 million mark..you dont need a username and password to trace it down

(CounterStrikeSourceAddict said @ #4)
lol.thats funny...says they cant track down the physical location.....not even with one of those $5000 lan testers/tracers??...sounds like its time to invest in one boys before you hit the $2 million mark..you dont need a username and password to trace it down
Wouldn't one of those devices simply tell you that the router is on the network? How could it tell you where it is physically located over a hundred square miles of area? Maybe they could use a Tricorder set to detect anomalous energy readings? :nuts:

There's no mystery man, only mysterious networked device :)

On a sidenote, perhaps they will now, after this whole circus, arrange their IT department a little better? Or at least have more and, more importantly, more capable personnel working there.

(lordpake said @ #1.1)
There's no mystery man, only mysterious networked device :)

On a sidenote, perhaps they will now, after this whole circus, arrange their IT department a little better? Or at least have more and, more importantly, more capable personnel working there.

Well, it appears that Mr. Childs was more than capable for the job - sadly, the main skill he was lacking was ethics.