You may also download this file. Running time: 00:15:45
Paul Venezia is a senior contributing editor with Infoworld. He's been covering the Terry Childs case since July. Terry Childs, who has been sitting in jail for approximately 7 months, is a network engineer for the city of San Francisco. What makes this case peculiar? Terry Childs never brought a single system down and is accused of running a series of modems and preventing the normal operation of a network.
For more of Paul Venezia's coverage, go to http://webblog.infoworld.com/venezia.
Paul Venezia: I'm Paul Venezia, senior contributing editor with Infoworld and Technologist.
Tim O'Brien: What sort of technology do you focus on?
PV: I'm that rarest of breed, I'm a generalist; I've built large, switched and routed network systems of networks for cities, hospitals and private corporations. I also am a lapsed RHCE and do a lot of work for Linux, Solaris coding and whatever happens to come my way.
TO: Your column about the Terry Childs case is interesting because it brings up a lot issues about how technology workers are perceived in the general media. What in this case attracted your initial attention?
PV: Initially, my editor sent me an email right after it happened with a link to the first story that I read which I believe was in the San Francisco Chronicle and asked what I thought and could I write a little bit about it. I read the reporting and none of it seemed to make sense from a technical perspective.
My investment in this case has nothing to do with Terry Childs, himself, I don't even know the man. I met him briefly for that interview that I posted, but before that, and that was only a week or two ago, before that I'd never met nor heard of him. However what I was reading from a technical perspective and being someone that works in high-end networking, a lot of what was being described by the District Attorney and those talking to the media did not make sense as it relates to normal network operation and procedures.
The more that came out, this was before he'd even given up the passwords and so forth, the stories I was reading and the information I was able to glean from, the court records, etc., was sending up red flags all over the place. They were claiming the now famous 1100 modems that they initially said Terry Childs may have planted around this city and a whole host of other things that just didn't jive.
There was something missing from the story and I wasn't sure what it was. As time has going on the statements I made earlier in the case back in July seemed to have been born out because a lot of the conjecture, charges, allegations I should say made against him seed to have disappeared. A lot is from the fact that there is not more technical evidence to support them.
As it moved forward I've just been going over the court records, public documents as I can. I'm 3,000 miles away; I live on the other side of the country. So whatever info is in public record that's what I've been looking at to try to figure out what has happened. That's been my only goal. If he did what they say he did, perhaps they have a legitimate complaint here.
If that's the case, he's going to be convicted in a court of law for criminal offenses, there had better be sound technical reasoning/evidence behind this and I have yet to see that.
TO: The thing that struck me in the news story, as it was being reported by CNN and other mainstream news outlets, I think they called him a terrorist within the first week. What is he being charged with?
PV: The allegations were all over at the place in the beginning, charged with sabotage, planned to take down the network and all of these other statements that were made to the press and so forth -- those have disappeared. The charges as they stand right now, there is one charge of basically a denial of service. They're charging him with a means of which to deny the service normal operation of a computer resource or network.
Its kind of a vague . . . relatively vague charge. As are most charges and technical charges like this, you can't get too specific because then it becomes useless. That's the main/first charge. There are 3 other charges each of which are tied to a modem that was found either in his work space or that he had control over.
The first is a modem, that he claims, and I believe its been backed up on this by others in the department, a modem hooked to a machine running goldmine that would send a message to his pager if any part of the network went down. That is a scenario that exists in one form or another, whether in analog modem, text, or gateway kind of thing. That exists in just about every network ever built.
The next modem they are charging him with operating and apparently for nefarious purposes was a DSL modem connected to an ISP that was used by the department to connect to the Internet to run external tests against the network tests, VPN connections, etc. Again something that is as common as crackers.
The third is yet another modem, another analog modem, he claims was used to connect to the San Francisco's Disaster Recovery Site, which I wrote about this week in my column. They have a disaster recovery site on the east coast that I believe this modem was used to communicate with that site assuming the data networks would be down, but the phone system may still be functioning. That is entirely the case, those 4 charges as of right now.
TO: Having an alternative means of getting into a system is pretty common. Are we getting to a world where if you're a system administrator, you have to call your lawyer first?
PV: Well I hope not. I would hope that most managers wouldn't be so short-sighted to not see the value in that. That's actually not what he's charged with. None of the modems listed that are listed on the complaint were actually used for remote access. I believe there were modems that were used for remote access that he had. Again, like any large network, if a network is down you need to get to an end point that is some number miles away, you use a modem to get into the router.
It may be a situation where you do have to think twice. If he is convicted of this, especially the denial of service thing, withholding passwords, etc., in this case denial of service is defined as the management of the network, not the network itself. In my mind, denial of service is a situation where somebody knowingly causes a resource to fail or go down, as in a denial against a website or something similar.
In this case, the network never went down, it was just the management side of things. As I wrote in that column, that could be stretched to encompass things like mis-configuration that locks people out of the management interface. That happens all the time, where human error, somebody fingers something and where people are locked out of a router, a switch or whatnot. Does that constitute denial of service or a mistake?
There seems to be a lot to worry about here. If he is convicted and the charges are in fact brought and succeed, its not just his case that I'm thinking of its more broad than that. It seems to me there is an awful lot of "he a witch! burn him!" kind of sentiment going on here because nobody from the city, none of the judges, nobody can be expected to understand this level of networking. Its not feasible, its not their job, its horrendously complex.
Having been there and done it for many years, that's the way it is. And this lack of understanding, you go and ask somebody on the street what is a modem, you will get several different answers. Some people will tell you its their cable box that connects me to the Internet, or a dsl modem, or an analog modem. Even the definition of modem is a kind of amorphous to the general public.
When you talk about something as detailed as this, its very difficult to actually relate. If he's convicted on these charges, that to me or anybody that has a history in networking is just common. This is not by any stretch an uncommon scenario, then where does that leave the thousands of networks that have modems on them, that have dsl connectivity to ISP for external testing, etc., where does that leave you?
TO: Its entirely possible he did have some sort of malicious intent. I think we share the same reading of the case. This sounds more like the case of a very bad, very corporate boss manipulating the facts to make someone look worse than he actually was.
PV: I'll put it to you this way, if he worked for a private company and not a city/government, almost no chance that he'd be in jail right now. For one thing private company would not want the negative publicity. Also, their primary complaint was he wouldn't give up the passwords. There are several procedures to follow to get to those passwords.
Say you want to evict someone from rental property, you have to file a civil complaint, get the sheriff behind it, and then do what needs to be done. That would have been the same procedure here, as I understand it; however that was not done. He was just thrown into jail, primarily because he worked for the city, and the police department in the city are obviously connected. There are an awful lot of hoops that didn't have to be jumped through. He's been there for 7 months on that. It's also interesting to me the reason he's in jail . . . . .
TO: He's been in jail for 7 months?
PV: Yes, since July 12, I think.
TO: Anytime you see someone on CNN calling someone a terrorist, I'm a bit skeptical. It seems that word is thrown around with abandon for all the wrong reasons. The one thing that struck me in this case was the depiction of someone who is a geek in the general media. I've worked with a lot of people and I'm sure you have too who you would consider to be weird, strange, strong-willed, stubborn, etc. Sometimes a stubborn network engineer is exactly the kind of person you want to have as your network engineer job.
PV: Again, going back to what I said earlier about the lack of knowledge of this type of people. Computer geek is this kind of introverted, sullen, its depicted as your IT guy is upset because you can't figure something out, so he gets frustrated and tells you to move, I'll fix it. That's the public perception.
At this level of networking engineer, these are the kinds of guys that sit in the back room and work their magic and nobody ever knows really who they are. From the company at large, they're more or less the umpires of the company or in this case the city, you're either invisible or in trouble. That's the way the public thinks about it.
That's generally fine; most people in that position actually would prefer that versus anything else. If they're doing their job nobody knows. That's essentially what happened here. Think of it this way -- you've mentioned terrorists and so forth. In my mind if a CCIE really wanted to wreck havoc on a network he built and knew intimately, there are a thousand ways that could be done without either a) ever being traced or b) causing a significant amount of damage, none of which happened here.
So we have a situation where the network never went down, there were never any problems with the network's normal operation and yet he is still in jail. That does not fit the definition of a terrorist by any stretch of the imagination.
TO: What did you think about the recent news story at Fannie Mae. Somebody wrote scripts about "delete all the data." What are your thoughts on that story?
PV that's a whole different scenario. That is somebody writing scripts denying specific, and only purpose of destroying data that was not prescribed by the job is a saboteur. This has happened in the past. I can't recall the name of the company off hand, but there is a company that went out of business when one of their main system administrators wrote scripts that basically placed a logic bomb in the servers and deleted all their data on a Saturday night with no backup.
So, those kinds of things are greatly removed from this situation. We're not talking about any data or anything being broken, anything being deleted are damaged in any way. So I don't think there's really a relation between the two at all.
TO: Because there's a script there seems to be more evidence of intent there?
PV: Absolutely. You sit down and write a script that has its sole purpose is to run at a specific time and destroy data, that right there is a weapon -- much the same way a hammer could be used as a weapon if it is wielded the right way. In that case it was wielded as a weapon.
In the case of Terry Childs there was no intent, there was no damage caused. From everything I've seen there is no example that he ever intended to cause damage.
TO: Do you know off hand if there is anything or any group that people that do what Terry Childs does can support maybe donate to to make sure that people like him receive due process in the courts?
PV: I don't believe there is anything of that kind. This case is different from anything I've ever seen or heard of.
TO: How can people stay up to date on this particular case? Are you planning to do more coverage?
PV: the wheels of justice turn slowly. We're seven months in. I don't believe he's even pled yet. Other than that, all I'm doing is taking the news reports and the events of the hearings/trials and trying to make them a little more widely known. You get news stories that occasionally come around and they're little bits of case history and the next hearing date or something like that. But the mainstream media hasn't really gotten into this at all. Primarily because I don't think it would draw readers. Its not a case that really resonates with your average person. It resonates with me, it should resonate with anybody that is involved in network design and construction and so forth. But beyond that, I would think that if we were able to find somebody who knew who Terry Childs was, like a lay person, they would say "oh yeah, is that the guy that destroyed the city of San Francisco's network."
TO: "Is that the crazy terrorist?"
PV: Yeah, that's the spin out because that's easily digested regardless to the facts of the case.
TO: That would get hits. If you're listening to this and you want to learn more on this case read Paul's column at infoworld.com. He seems to write every week.
Thanks for talking to us Paul.
PV: Any time.
For more of Paul Venezia's coverage, go to http://webblog.infoworld.com/venezia.