In San Francisco an IT administrator was arrested after locking the system to other administrators and refuses to give up the password.

The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code.

The system in question is a multi-million dollar computer system for San Francisco that handles sensitive data such as city payroll files, jail bookings, law enforcement documents, and official e-mail for San Francisco.

While the network is currently functioning, administrators have little to no access to the system.

There are those out there that would argue with me, (since we have before) but many would agree that this is a Computer Security and Business Continuity issue.

Computer Security 101, no one person should be able to access the system the way Terry Childs did and lock out other administrators to the degree that he has done.

I am not going to take a deep dive into computer security here now but I urge all IT security departments to review policies. Especially concerning the sharing of passwords, review permissions policies, and look at the scenario, can any one person in my IT department deny global access or lock up my system? Go here for more on Computer Security. Childs created a password that granted him exclusive access to the system.

Though no reason for the malicious insider attack to the system has yet been established it has been reported that mister Terry Childs was cited recently for poor performance.

Even though the system is up and running he could have just as easily brought down part of, if not the entire network and it is being estimated that the cost to repair the damage will be several million dollars.

In this day and age insider threat is very real, and your business continuity plan, and security policies should account for such possibilities of the rouge IT administrator.

For more on this story please see the sources below.

Source 1
Source 2