San Francisco Network Lockout Could Have Been Avoided

Business Wire, July 17, 2008

NEWTON, Mass. -- Cyber-Ark, the privileged identity management specialists, says that the ongoing FiberWAN network lockout situation in San Francisco - where a network administrator has changed system passwords and is refusing to hand them over to administrators - could have been avoided if managers had operated a high-security approach to master passwords.

"This is yet another example of the power privileged identities, such as administrative passwords have and the havoc they can cause in the wrong hands," said Adam Bosnian, a vice president at Cyber-Ark. "Hackers, or rogue employees such as this case, are savvier on how to create the most damage with the least effort these days, and the use of admin passwords does just that. Unfortunately, the San Francisco department left themselves wide-open by not taking their privileged identity management seriously."

The San Francisco Chronicle reported Monday that Terry Childs, a discontent computer network administrator for the Department of Technology, tampered with the FiberWAN, which contains the San Francisco's sensitive data, and created an administrative password that provided him access to the network. Childs refuses to give the elusive password to authorities, even after his arrest.

The city is estimating that this issue will cost millions in repairs. Though the network is running, there is still no way for IT administrators to access it.

"It is critical to take a more proactive approach to secure company back doors," Bosnian adds, "Companies install complex systems for personal passwords and overlook the more numerous privileged passwords and identities that provide even more system access. These security breakdowns will continue to occur until these keys to the kingdom are securely centralized and managed."

The San Francisco crisis follows numerous scandals within the last year such as the TJX disaster where millions of users' data was compromised due to a breach involving administrative passwords.

About Cyber-Ark

Cyber-Ark[R] Software is the leading provider of Privileged Identity Management (PIM) solutions for securing privileged user accounts and highly-sensitive information across the enterprise. Long recognized as an industry innovator for its patented Vaulting Technology[R], Cyber-Ark's digital vault products include: The Enterprise Password Vault[TM] for the secure management of administrative, application and privileged user passwords; the Inter-Business Vault[R], a secure infrastructure for cross-enterprise data exchange of highly-sensitive information, and the Sensitive Document Vault[TM] for secure storage and management of highly-sensitive documents. Cyber-Ark's Vaulting platform has been tested by ICSA Labs, an independent division of Cybertrust and the security industry's central authority for research, intelligence, and certification testing of security products. Cyber-Ark's award-winning technology is deployed by more than 400 global customers, including 100 of the world's largest banks and financial institutions. Headquartered in Newton, MA, Cyber-Ark has offices and authorized partners in North America, Europe and Asia Pacific. For more information, visit www.cyber-ark.com