A former San Francisco Department of Technology employee on trial for allegedly locking the city out of its own computer network in 2008 testified today that he was following the department’s written policies on protecting security.
Terry Childs, 45, of Pittsburg, said today “there were a lot of reasons” for not giving up the passwords to the FiberWAN network–which he helped create as the lead engineer on the project–to his superiors or police.
Among them, he said, was that “Something really bad could have happened to the network.”
Childs said that during a July 9, 2008, meeting with department officials and a police inspector, none of them said, “Hey Terry, we need access to the system.”
Instead, he maintained, they simply repeatedly asked him for his username and password.
Childs said written guidelines developed by the state, the city and the computer industry all say, “You do not ever give up your username and password.”
He said he remembered telling one of his superiors at the meeting that he was not qualified to have the password.
“According to the rules of access that I know of, there had been nothing to say that he could have access,” Childs said.
Prosecutors have charged Childs with one felony count of computer tampering. He is being held on $5 million bail.
Childs was put on administrative leave at the end of the July 9 meeting and jailed a few days later. He only agreed to give up his username and password to Mayor Gavin Newsom on July 21, after Newsom visited him in jail. Meanwhile, city officials worried that Childs, who at times had a difficult relationship with others in the department, could have booby-trapped the network to bring it down.
Childs said today that the decision to give the passwords to Newsom was made by both him and his attorney at the time. He insisted that he did not want the network to be harmed.
“This really blew up in the press, and I didn’t have no way to really provide another means of access for the city,” Childs said. “But I still wanted to provide a means of access so it was documented that I provided it,” he said.
“As a team we decided it was the best idea to provide it to the mayor,” Childs said.
Newsom testified earlier in the trial that he “had grave concern that the system was being put in peril,” and concluded during his meeting with Childs that Childs did not trust anyone in the department.
However, the initial password Childs gave Newsom didn’t work, and it wasn’t until hours later that Childs’ attorney provided two installments of configuration instructions that, together with the password, finally enabled city technology managers to get back into the system.
No city services were actually harmed during the lockout, but prosecutors say the alleged tampering cost the city $1.75 million in efforts to regain control of the network and conduct vulnerability testing.
Childs is scheduled to return to the stand Monday. The trial began in December.
If convicted of the charge of computer tampering with an enhancement that the resulting financial loss exceeded $200,000, Childs could face a maximum five-year sentence. He would receive credit, however, for time already served plus possible additional credit for good conduct while in jail.