This is a fairly insane situation. According to the San Francisco Chronicle, a disgruntled city systems 
engineer apparently gave himself exclusive root access to systems in the city’s computer network. Apparently, this was some sort of an “insurance policy” against disciplinary action or termination for poor performance. It appears as though his poor performance was related to personal motivation not inherent skills, as he was smart enough to engineer a monitoring system to track what others were saying about him.
Insider threats have always been an issue. Generally insiders try to evade system controls, but given how reluctant corporations are to report and prosecute computer crime, what is to prevent more mafia-style shakedowns by narcissistic systems administrators and Dr Strangeloves of the IT department? Maybe we should think about renaming the “superuser” account so prevalent in many systems to the “systemwideaccessbutdontletitgotoyourhead” user.
2 Responses to “From San Francisco: When Civil Servants Attack!”
-
Keith Says:
July 15th, 2008 at 8:37 pmYou are exactly right - System/network admins are inherently dangerous. Unfortunately, there is nothing you can do about it except perform good background checks and prey. Bottom line, you have to have system admins with super user access in order for you network to continue functioning. If one of those system admins becomes disgruntled they can hurt you and you really can’t stop that from happening. As system admins, they must have system/root level privileges, meaning they can go anywhere and do anything. Unfortunately, at some point, you just have to trust *somebody*. That is a hard thing for a security guy to say/do… but it is still true.
-
Jim Reavis Says:
July 17th, 2008 at 11:38 amHe still isn’t talking. Has anyone suggested Guantanamo yet?
