Forgot your password?
typodupeerror
Security Government Politics

Reverse Hacker Awarded $4.3 Million 171

Posted by Zonk
from the now-i-want-to-be-a-reverse-hacker dept.
jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."
This discussion has been archived. No new comments can be posted.

Reverse Hacker Awarded $4.3 Million

Comments Filter:
  • Gray and pointless. (Score:5, Interesting)

    by Short Circuit (52384) * <mikemol@gmail.com> on Tuesday February 27, 2007 @10:51AM (#18166648) Homepage Journal
    What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia.

    Of course, the judgement against Sandia will get passed on to the US Government in a "cost plus" contract...
    • by tha_mink (518151) on Tuesday February 27, 2007 @11:00AM (#18166748)

      What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia.
      Yeah, and how is that "Reverse Hacking"? Isn't that just "hacking"? (ok cracking or whatever) It's like when people say that someone is a "reverse racist". You're either racist or you're not. I didn't think that kind of thing works in a direction.
      • by ArsenneLupin (766289) on Tuesday February 27, 2007 @11:18AM (#18166958)

        It's like when people say that someone is a "reverse racist".
        The word you're looking for is "affirmative actor"...
      • Re: (Score:1, Insightful)

        by crush (19364)
        Do we have any confidence that this cracker or his associates in the FBI and Army are not part of some retarded counter-intelligence plot to manufacture tension between the US and China? I realise that this sounds like conspiracy nut ranting, but given the complete lack of information available to any member of the public all we have are unsupportable conspiracy theories with partial information leaked to us by spooks. I have no confidence that the jury was privy to the sort of sensitive intelligence whi
        • Re: (Score:2, Interesting)

          by crush (19364)
          Added to which, it seems that Mr.Carpenter and his wife are beneficiaries of the "new security regime" with him landing a plum post with the neocon's new "Dept of Homeland Security" and his wife now a White House fellow working as a special assistant to top-ranking government officials.

          Take note too of the special attention paid to the fact that Bruce Held [Sandia's chief of counterintelligence]. was a CIA officer, and remember that the CIA and all the associated apparatus of oldboys are under attack from

          • Re: (Score:1, Flamebait)

            by operagost (62405)
            Is there a Slashdot setting to mod all posts containing the word "neocon" to -6?
        • by Mysticalfruit (533341) on Tuesday February 27, 2007 @12:24PM (#18167810) Journal
          Well, let's go on the premise that this was an honest situation and not some nutty cooked up idea to lead the american people into another foolish military adventure.

          This is what we know.
          1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
          2. He informed his employer that sensitive data was being stolen.
          3. His employers did nothing because they're incompetent nitwits.
          4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
          5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.

          Now beyond that, the whole lawsuit thing is frivilous. If I were this guy I would have walked into my congressmans office and started the conversation with, "Wanna hear how a goverment agency that gets billions of dollars of taxpayers money is letting its secrets get stolen?" I would then sit back and let the shit storm begin.

          As for the dishonest deeds, I think it started with the people who were breaking into american computer systems and stealing the data.

          Though I've always asked this question: If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet???? Setup a secure isolated network and call it a deal!
          • by Nykon (304003) on Tuesday February 27, 2007 @12:55PM (#18168218) Homepage
            "If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet????"

            Umm hellllo. How do you expect the scientists to check their myspace?? ;-)
            • by elmedico27 (931070) on Tuesday February 27, 2007 @02:15PM (#18169300)
              dear Myspace,

              Mood: pissed

              i know that like no one reads this, but i just have to write. my bosses are total fucking newbs! Its like i'm in Office Space or something. so, yeah, today i totally busted some chinamen for stealing classified secrets and my bosses are all like "wuteva, we don't care" and i'm like "well u should" and they like "but we dont" so i took it to the FBI and their like "holy shitballs!!!!!1" and now i don't have a job.

              fukerz

              p.s. i just got 4.3 million dollars!!!! w00t!~!!!!!
            • by Knetzar (698216)
              Laptops next to the "work machines"
          • Re: (Score:3, Insightful)

            by crush (19364)

            Well, if you go with the premise that you have enough information to determine that there's nothing shady going on then it's a foregone conclusion. But you don't have that information, and I don't have that information. All we have are selective leaks from "security sources" about the case. On his own admission Carpenter performed the followining unethical behaviors:

            • Disobeyed orders from his superiors
            • Cracked other people's machin
          • by Usagi_yo (648836)
            However, if my job was to get disinformation out to people, I would call it secret, pay millions for security, but let it get stolen anyway.

            Ya just gotta be paranoid to survive in this world.

          • Re: (Score:3, Interesting)

            by paeanblack (191171)
            1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
            2. He informed his employer that sensitive data was being stolen.
            3. His employers did nothing because they're incompetent nitwits.
            4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
            5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.


            Imagine Joe Sec
      • You're either racist or you're not. I didn't think that kind of thing works in a direction.
        Oh of course you can directionalize your racism. You can be racist towards mexicans, but not whites. See, it's directional.

        ...

        Ok, I'm joking. I'm not really racist, and can't stand people who are, and especially when they are righteous about it. =D

    • Re: (Score:3, Interesting)

      by EngMedic (604629)
      Gray and pointless? Tell that to Cliff Stoll. http://en.wikipedia.org/wiki/Cliff_Stoll [wikipedia.org]
      • I read that book years ago. Cliff Stoll's investigation led to the capture and trial of German spies. Once this guy turned his data over to the FBI, the investigation went nowhere.
        • Re: (Score:2, Informative)

          by EngMedic (604629)

          I read that book years ago. Cliff Stoll's investigation led to the capture and trial of German spies. Once this guy turned his data over to the FBI, the investigation went nowhere.
          Yeah. So did Cliff's. He had to keep beating them into doing something about it for months on end. I suspect this guy would've done the same if his bosses hadn't fired him.
          • One other thing...Cliff worked largely by observing. Piping tty data to a printer isn't what I would call "hacking".
          • by crush (19364)
            IIRC Clifford Stoll maintained contact with his managers about what he was doing. He was not forbidden to continue a particular line of enquiry. That seems very different from this case.
    • That certainly gives motivation to people who love being security analysts for their own satisfaction. Bureaucracy might not always be allow you the wings to do things you have a potential towards. IS Review [wordpress.com]
  • by Fried-Psitalon (929587) on Tuesday February 27, 2007 @10:55AM (#18166702)
    ....the fact that a corporation was holding its own interests over that of its founding nation?

    I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."

    I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.

    Granted, I'm a teacher by trade, and I don't have that same mindset... but even as a human being, I'm going to tend to the security of the nation that keeps carbombs off my streets before I tend to the profits of fat-cat, tax-dodging boss.

    Patriotism isn't an archaic concept; it's a survivalist one.
    • by PhxBlue (562201) on Tuesday February 27, 2007 @10:59AM (#18166738) Homepage Journal

      I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.

      I'm sure at least some businesses don't recognize a "mother country." How would you constrain Sony, for example, which has factories all over Asia and North America? Or cruise lines, which do most of their business in the United States but are registered in the Cayman Islands for tax shelter purposes?

      • by drinkypoo (153816)

        Or cruise lines, which do most of their business in the United States but are registered in the Cayman Islands for tax shelter purposes?

        Cruise lines are great examples because their ship's registries are pretty much always outside the US - it's cheaper and it doesn't give the US military etc the right to board your ship in international waters (sure, they can do it anyway, but they're probably less likely.)

        • by arivanov (12034)
          Nothing to do with that. They do not care about boarding. Now being requisitioned and having to carry troops into the war zone is another story. Can't blame them actually. Cunard has had at least one liner sunk in the last 60 years with the loss of 6000+ lives and a countless number of near misses after being requisitioned by HMG in every major (and many minor) conflict since WW1.
    • by way2trivial (601132) on Tuesday February 27, 2007 @11:03AM (#18166794) Homepage Journal
      let me give you my gut level response about what you've missed in a corporate level mindset. (bugs, bugs, they're crawling all over me now)

      any end scenario that equates with annihalation/extinction of the company is not worth considering or planning for.

      on a scale of 1-10, (1 being some hourly wage earner is caught taking 40$ from the till) a 5-8 embarrasement bad pr episode (security leak, court judgement, contracts broken) is a whole lot worse for the company than a 10 extinction, because at 100% corporation extinction/cessation of manufacturing, there is no one left to point fingers (other than history) in the internal squabbles.... a mid level manager would rather the company declare banktrupcy than one of his subs become a series of internal memos cc'd to legal...
      • Actually, GAAP, the core rules by which American public business accounting must operate, specifies that one treat a corporation as a "Going concern," meaning that one must assume the corporation will continue to be in business indefinitely.

        I wouldn't be at all surprised if that assumption became embedded in the executive mindset.

        (IANA CPA, but that's the next direction I want to go...)
        • so it's codified..



          You can't consider enemy invader warplanes bombing your factories out of existence, even if through your companies actions, or inaction.

    • by Short Circuit (52384) * <mikemol@gmail.com> on Tuesday February 27, 2007 @11:04AM (#18166800) Homepage Journal
      (Note: My brother's a submariner in the US Navy.)

      It's nothing new. When the US Navy put the contract to develop a new screw(propellor) for US submarines, the specifications made it virtually silent. One company went so far as to build the machine to build the screw, but ended up not getting the contract. Rather than write the whole thing off, they sold the machine to the Chinese.

      Long story short, Chinese subs are now just about as quiet as American subs.
      • by ArsenneLupin (766289) on Tuesday February 27, 2007 @11:23AM (#18167026)

        they sold the machine to the Chinese.
        "A capitalist will sell you the rope you will hang him with if he can make profit on it." - Lenin
        • by MightyYar (622222) on Tuesday February 27, 2007 @11:42AM (#18167288)
          Someone really should try to implement his ideas on a country-wide scale.
        • by mblase (200735) on Tuesday February 27, 2007 @12:40PM (#18168012)
          "A capitalist will sell you the rope you will hang him with if he can make profit on it." - Lenin

          "I'm sorry, but the knot you're tying in that noose is copyrighted and patented by my corporation, and in any event the end user license specifically forbids using it to hang their employees or those of organizations doing business with them. I have a cease-and-desist order right here, and I'm afraid I'll need to ask for the names, addresses, phone numbers, and social security numbers of all your executioners past and present to ensure they're not in violation of our intellectual property."
        • Re: (Score:3, Informative)

          by tootlemonde (579170)

          A capitalist will sell you the rope...

          Lenin never said it. See the discussion at Google answers [google.com].

          It's puzzling why this quote is so widely circulated by non-Communists who presumably would not normally give anything else Lenin said any special credence. The quote also is obviously not true in any general sense because the capitalist countries won the Cold War and capitalism has thus far not been metaphorially hanged by anyone.

          So, the quote is a fabrication, the alleged source in any case has no credibil

      • Was the propeller actually DESIGNED by the Navy, and then the contract to build it put out to bid? Or was it the case that the Navy just had an idea, made up the specifications, and asked contractors to see what they could come up with?
      • by musterion (305824)
        Just remember this when you buy Toshiba goods, as they were the ones (http://www.vanderbilt.edu/VIPPS/VIPPSUSJ/publicat ions/Toshiba%20Machine%20working%20paper.doc) and in this paper the tools were sold to the Soviets.
      • Re: (Score:3, Informative)

        by dave562 (969951)
        On a semi related tangent, a client of mine has the designs to build an engine that is capable of running on FIVE DIFFERENT types of fuel. The American automakers have plans for a similar engine but they are not planning on putting it into production until 2025. My client is going to start producing the engine in China next year.

        For a lot of companies, China gives them the ability to be profitable. A lot of America is locked down either politically or economically. By politically I mean that unless you

      • You've got that story all screwed up.

        It wasn't China. The companies involved were Toshiba Machine Company (Japan) and Kongsberg Vaapenfabrikk (Norway). This violated agreements on export controls which both nations were signatories to. This wasn't discovered until 1987, even though the covert sale happened over the period of 1981-1984.

        Toshiba was barred from selling anything to any Warsaw Pact nation for a year. Two of its executives were charged and convicted, which basically ended their careers. The
      • Yes, and most countries that care about such things would call that "treason" and simply line the bastards up in front of a firing squad and get rid the problem. Personally, I think the heads of such traitors should left on pikes on the Whitehouse lawn as a warning to others.

        Anyway, it sounds like you're referring to the incident with a Toshiba Corporation subsidiary, Toshiba Machine: the U.S. government licensed specialized milling technology to that company, who promptly turned around and sold it to th
      • by lordmage (124376)
        Without being crazy about this but..

        This happens all the time. The issue is that the company must obtain US Export licenses for that technology before being able to sell it to China.

        The company used B&P or R&D funds to setup a machine and failed to win a contract. They found a buyer, got permission from the US to sell, and sold away.

        There is nothing anti-USA or Anti-American here. The Government let this happen.

    • by hey! (33014) on Tuesday February 27, 2007 @11:20AM (#18166978) Homepage Journal

      I always wonder... do businesses really think they're immune to the affairs of their "mother country?"


      Of course they do. Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."

      For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with. We should not expect patriotic, or even moral behavior from them. Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with. A committed person can get more from his coworkers and superiors, they are individuals after all and most of the time they usually have at least a common sense of decency that can be appealed to. But turn your back and you're right back to the bottom line.

      This is especially insidious because people judge themselves, not against principles, but by how they compare to others. When other people are going along with something, there is a strong presumption that it must be OK. People will rationalize what they do to make it seem right, before they change what they do to conform to their own ideas of right, until eventually they lose sight of the difference between right and wrong. That's why good people end up doing bad things.

      So we should not be shocked or suprised by this. This is the reason we have laws, and legal relief for unjust actions taken by corporations in their selfish financial interests. To force basic moral and civic responsiblity on organizations which are by design simple profit generating machines.

      It's not shocking that corporations behave amorally. Nor is it punitive to reign them in when they use the special privileges they have been granted abusively. It's just realistic.
      • by TCaptain (115352) <slashdot.20.tcaptain@spa m g o urmet.com> on Tuesday February 27, 2007 @12:08PM (#18167632)
        For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with.

        Actually no, we didn't. Obeying the law is not a requirement for any corporation as the "fines" levied from breaking any laws is simply the cost of doing business. If the profit gained by an action outweighs the consequences of legal action, then any legal punishment in the form of fines is the cost of doing business and "good for the shareholders".
        • by Kadin2048 (468275) <[slashdot.kadin] [at] [xoxy.net]> on Tuesday February 27, 2007 @01:42PM (#18168858) Homepage Journal
          Actually no, we didn't. Obeying the law is not a requirement for any corporation as the "fines" levied from breaking any laws is simply the cost of doing business. If the profit gained by an action outweighs the consequences of legal action, then any legal punishment in the form of fines is the cost of doing business and "good for the shareholders".

          Bingo. I don't know why people get their panties in so much of a bunch over what corporations do. They're almost always utterly predictable. The only times when they aren't predictable, is when they're dominated by a particular personality, and then they tend to take on the irrationalisms (for better or worse) of the controlling person.

          But most major corporations, run by boards of directors and their appointees, will do whatever is profitable based on the information and best-guess assessments that they have available. They will do this without regard to Law or really to Ethics, except insofar as those feed into the risk/benefit decisions.

          I have no doubt that if the enforcement of laws against organ harvesting was lax enough, to the point where a person could expect to get away with it, corporations would probably get into that business, too. It's a straightforward calculation: what is the risk of getting caught, times the consequences of getting caught, and is that greater or less than the chances of succeeding, times the possible payout. If the latter exceeds the former, and it's greater than the opportunity cost, then the corporation does it. (And if they don't, someone else will. There's no such thing as universal ethics; you can always find somebody who'll "go there" regardless of how repugnant the opportunity for profit might be.)

          You can look at an illegal act in the same way that an insurance company might approach a significant new risk: what are the odds of the insured-against action happening, and what would we have to pay out if that happened, so what should we charge in premiums? Except in the acting-illegally case, the "premiums" are what you'd need to expect you'd be able to get out of doing the illegal act, in order to make it, on average, worth doing.

          So when you see a corporation dumping toxic waste, don't bother being surprised. Somebody, somewhere, did a calculation (either literally or figuratively), and decided that the potential gain of the dumping, even when the risk of getting caught was factored into it, was profitable.

          As corporations get bigger and bigger, this is only going to become more apparent. If a major multinational corporation breaks some laws, it's probably not going to end the company. In the future, it could get to a point where they're so much bigger than governments, that no amount of illegal action would ever be 'fatal,' and thus they would follow the risk/benefit calculations even more closely, because they'd be able to more easily afford getting caught every once in a while (in the same way that a larger insurance company can sometimes offer lower premiums, because they're bigger and can absorb more risk).
          • You're ignoring one very important point.

            I have no doubt that if the enforcement of laws against organ harvesting was lax enough, to the point where a person could expect to get away with it, corporations would probably get into that business, too. It's a straightforward calculation: what is the risk of getting caught, times the consequences of getting caught, and is that greater or less than the chances of succeeding, times the possible payout. If the latter exceeds the former, and it's greater than the op

            • I wasn't implying that it's all doom and gloom, what my point was, generally, was that if you don't like what corporations are doing, don't rail at the corporations, just change the profit structure to make the undesirable activity less profitable.

              If you don't like people dumping toxic waste, make it riskier to do so (through increased enforcement), and make the loss greater in the event that you are caught (stiffer penalties). That's going to directly affect the economic decision to dump or not dump.

              Rather than arguing about morality or ethics, I think it's more useful to just assume that all large organizations are going to be run by sociopaths, and build the laws to cope with it. If every once in a while, it turns out that one of them isn't, then all the better.
      • textbook sociological assessment there. bravo
      • by abb3w (696381)

        For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with.

        And to punish them if they don't pursue such behavior; look up Dodge v. Ford Motor Company [wikipedia.org]. Carrot and stick.

      • by statusbar (314703)

        Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."

        Another interesting point is that during the war, U.S. planes bombed G.M. Factories in Germany. After the war, G.M

      • Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with.

        We see this in all walks of life. From business to politics (where it is all but mandated that you act this way), to private and personal lives. A business is not a sentient entity. it is comprised of people, and it is the people that do these things. By blaming "the company" or companies, you provide an easy escape goat for the behavior. By accepting and perpetuating this scapeg
      • by svunt (916464)
        The mistake a lot of people make is expecting morality from something that isn't a human. Corporations, businesses in general aren't people, and therefore aren't moral. They don't get to vote (although they can buy votes from those that do), they aren't allowed to consume alcohol when they turn 21, and they can't be plaintiffs in paternity suits. A business doesn't care about morals, and most businesses these days don't have a single person able to rule completely, whose morals will be publicly tied to the
    • by Ihlosi (895663)
      ....the fact that a corporation was holding its own interests over that of its founding nation?

      Corporations are founded and owned by people, who first and foremost expect the corporation to make money.

      "Corporation ignores serious national security concerns because there was no obvious profit."

      Corporations will do anything they can get away with to pursue the goal specified above.

      I always wonder... do businesses really think they're immune to the affairs of their "mother country?"

      War or even just insecuri

    • by kabocox (199019)
      I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."

      I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.


      Um, I'm all for nationalism, but there is a part of me that bel
      • but there is a part of me that believes a global multinational corporate controlled world would be better for most people. Why should the US get special treatment from companies? What if the companies started funding their own mercs and fought back? There has been fiction on that subject. It's good thing for our national governments that our corporations don't have merc wars against each other or some governments would be in deep trouble.

        I'm afraid I can't agree with what you say about being better for most people. If the corporations had absolutely no checks or balances and were allowed to run free and do whatever they wanted, then the top 2% would continue to get richer and the rest of the world would get steamrolled to make it happen. I realize this is already happening, but what if there was literally nothing to keep these companies in check?

    • by CmdrGravy (645153)
      National security concerns are not a part of the market, and never should be.

      If there was a need for corporations to pass on information which may be useful to national organisations then the market would provide one, clearly it's not profitable to do so because as Government entities the national security agencies are far too inefficient and bueraucratic and unable to adjust properly to the marketplace, indeed the government may even have interfered to the extent whereby the government bodies aren't even a
    • by kalirion (728907)
      The writers for 24 may not know much about technology, but seems they have human nature pegged.
    • by soliptic (665417)

      the security of the nation that keeps carbombs off my streets ...

      Patriotism isn't an archaic concept; it's a survivalist one.

      This is a nitpick, and it's off topic, so I'll keep it brief, but I believe you are wrong. You're right with your point about security, but I would argue this is a function of the state, not of the nation. As such it cannot be a convincing justification for "patriotism", as I understand it.

      (IMHO, it is no coincidence that the distinction between "nation" and "state" is fre

    • by KKlaus (1012919)
      Its called an externality, meaning that they suffer a very disproportionately small amount for the good they reap. It's what polution is, it's what turning the news into entertainment is, etc, etc. So no, they could care less. Oh ye commons, thy death is so tragic.
  • by ergo98 (9391) on Tuesday February 27, 2007 @10:56AM (#18166714) Homepage Journal
    Does he un-hack things? Every search result for this term only points to the same story appearing on every meme site.

    Because if he's an offensive hacker -- e.g. one of "ours" to attack the enemy -- that doesn't make it "reverse" hacking.
  • Ridiculous contract (Score:5, Interesting)

    by defile (1059) on Tuesday February 27, 2007 @10:59AM (#18166736) Homepage Journal

    After Carpenter's termination, the investigations into the Titan Rain group appear to have gone nowhere, said Winkler, a former National Security Agency analyst. He added that while the Carpenter award is welcome, it would ultimately be paid with taxpayer money.

    "This whole thing is costing them nothing," Winkler said. "Whatever legal fees they are running up is just being passed back to the U.S. government," he said.

    Their contracts with the government allow them to pass court awarded punitive damages to the government? On TV doctor dramas, punitive damages are awarded if there is evidence of gross negligence. For what possible reason would the government enter such an agreement?

    • by egomaniac (105476)
      Just means that they are a government contractor, and will manage to pass the bill on to the government by padding their contracts. A quarter million here, half a million there, and who will even notice? The taxpayers? Ha!
      • It's not so easy to pad. Especially for such a public penalty. No defense contractor in today's world would risk losing billions in potential contracts if such padding was discovered. Over 4.3 Million?
    • Not justifying, just 'splaining..

      hypothetical.. a condo assocation decides to take snow removal from the outside company (which charges a whole lot, and comes out even when it's 1/8th of an inch, and the temp is expected to melt that off in 2 hours) to the management company, who will perform the action as needed... the management company has increased liability if someone falls on the snow-blowed sidewalk, and says the snow-blowing was insufficient/caused the accident.

      the management company befor
    • by dragons_flight (515217) on Tuesday February 27, 2007 @12:47PM (#18168088) Homepage
      Sandia National Labs [sandia.gov] is a government owned research facility, operated by independent contractors. The government decides how much money to provide the facility. The contracted management corporation decides how to spend it, though if they fail to meet government expectations then the government can decide to rebid the contract.

      So a judgment against the facility would come out of government funds originally intended to support research. The government can then either increase funding to cover the judgment, accept a reduction in research, and/or fire the management.

      As to why use such contracts? Part of the idea is to create a profit motive by allowing the managing corporation to keep a profit if they can fulfill the government's expecations for less than the originally bid price. So a judgment like this would potentially eat into their ability to profit in that way. The other argument for such contracts is to reduce bureaucracy and political pressure at research institutions.
      • by Myopic (18616)
        How much you wanna bet the government renews their contract?
  • change. End a few careers and people will get the message.
  • by paladinwannabe2 (889776) on Tuesday February 27, 2007 @11:09AM (#18166868)
    It sounds like a delightful place to work, where other employees are afraid to talk to this guy now because they think their phones are wiretapped, and they would rather hide their problems than fix them. Just as well they never wanted to interview me.
  • by Tzinger (550448) on Tuesday February 27, 2007 @11:16AM (#18166948) Homepage
    Sandia is government owned/contractor operated facility. The contractor is Lockheed-Martin. The relationship between defense contractors and the government is an odd one that goes back a long way in our history. Eisenhower (33rd President) bemoaned it and coined the term "military industrial complex".

    You can think of it as a "closed economy" rather than a "market economy". The defense contractors operate on very low profit margins in exchange for a guarantee of income. It's not quite that simple but not far from the actuality.
    • by ebvwfbw (864834)
      Eisenhower (33rd President) bemoaned it and coined the term "military industrial complex".

      These three words are so often misrepresented it isn't funny. He didn't bemoan it, he encouraged it. He was for a strong defense. He was also for peace. What he said in the proper context is here - http://en.wikipedia.org/wiki/Military-industrial_c omplex [wikipedia.org] copied here :

      A vital element in keeping the peace is our military establishment. Our arms must be mighty, ready for instant action, so that no potential aggress

    • by lelitsch (31136)
      "The defense contractors operate on very low profit margins in exchange for a guarantee of income. It's not quite that simple but not far from the actuality."

      How do they make a $729 million annual profit off "low profit margins"? This must be some really great Kool-Aid that you're drinking. If you are unfamiliar with how to milk cost plus contracts [wikipedia.org], there are thousands of people at LM, Boeing, Bechtel, General Dynamics and GE's Electric Boat Company who can show you.

      Disclaimer: I used to sell to all of them
      • by Kadin2048 (468275)
        For the dollar value of the contracts they're working on, their profit margins are generally lower, overall, than similar outfits in the private-sector world. (That is, if you could really find an equivalent private sector company.) But they do a lot of work, and they basically know that the work's always going to be there.

        Basically, it's just that 3% on a few billion a year is a lot better than 10% on a few million. They're not starving.

        And not all government contracts are cost-plus. Most agencies won't le
    • by dbIII (701233)

      The relationship between defense contractors and the government is an odd one that goes back a long way in our history

      The end result is odd stuff like US troops envying the rifles used by the relatively impoverished Australian army (who use Austrian rifles - not Australian ones) and US troops buying their own gear at camping stores.

  • Well.. He should start up his own company or maybe the CIA or FBI has a decent paying job for him. Screw Sandia Labs.
  • Can someone please 'splain this to me.... "This whole thing is costing them nothing," Winkler said. "Whatever legal fees they are running up is just being passed back to the U.S. government," he said. Why?! The company got pwnd....The company lost Secret info....The company does something silly to try and cover their @ss, and now we pay for it? ....Whhhhhhhhhhhy?
  • Reverse hacker? As in rekcah? Sounds like a good tag!
  • I personally consider this guy a Patriot for the USA. He should be awarded a medal for his efforts and offered a government job with the CIA or National Cyber Security Division of the Department of Homeland Security.
  • by yppiz (574466) * on Tuesday February 27, 2007 @12:24PM (#18167830) Homepage
    This was his "exit interview" at Sandia, and I am guessing a big reason for the award:

    http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9011832&pageNumber =3 [computerworld.com]

    What happened then?

    During my last meeting with Sandia management, a semicircle of management was positioned in chairs around me and Bruce Held [Sandia's chief of counterintelligence]. Mr. Held arrived about five minutes late to the meeting and positioned his chair inches directly in front of mine. Mr. Held is a retired CIA officer, who evidently ran paramilitary operations in Africa, according to his deposition testimony.

    At one point, Mr. Held yelled, "You're lucky you have such understanding management... if you worked for me, I would decapitate you! There would at least be blood all over the office!" During the entire meeting, the other managers just sat there and watched.

      At the conclusion of the meeting, Mr. Held said, "Your wife works here, doesn't she? I might need to talk to her." [Editor's note: In court testimony, Held admitted using the word "decapitated" and that he wouldn't contest using the word "blood" although he didn't recall saying it. He also apologized for using those terms.]

    Indeed, my wife did work there -- in Sandia's International Programs section, working on nuclear counter-proliferation, port and border security issues. In the context of that meeting, it was a chilling comment. Shortly after the meeting, which management described at trial as "a fact-finding session with Mr. Carpenter," my director showed up at my office, escorted me to the gate and stripped me of my badge. That was the last time I was ever at Sandia. [Carpenter's wife resigned and is now a White House fellow working as a special assistant to top-ranking government officials.

  • by bigbigbison (104532) on Tuesday February 27, 2007 @02:19PM (#18169328) Homepage
    So someone finds out that another government has stollen actual secrets from the US, reports it, gets fired, then wins a lawsuit and this is obscure news. But an advertising company puts up some signs in Boston and it is all over the news. Let's see, stolen government secrets vs. publicity stunt gone bad. Damn that mainstream media and their liberal bias!
  • In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information -- Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.

    To me, it looks like it was only putting the interests of a corporation against the interests of another corporation. But the guy was smart and choose the bigger one.

  • by bitgusher (1011967) on Tuesday February 27, 2007 @04:12PM (#18171278)
    It seems that the Carpenter debacle is only the latest of a string of management failures at the facility. A big of Googling turned up a cache of PDFs posted to a Los Alamos related web site (LANL, The Real Story). The site is no longer maintained, but available. The letters are PDFs of actual correspondence from Senator Grassley to the Secretary of Energy, the Department of Energy Inspector General, and other high-ranking officials regarding security problems and retaliation issues at Sandia. Sandia has a separate Corporate Investigations division, and in 2003 and 2004 they turned up some interesting items in their investigations. From the correspondence, however, it seems that Sandia management wasn't too pleased when they got the bad news from the investigators, who were simply trying to do their jobs.

    The investigators were threatened, transferred to rodent-infested trailers, and were written up. According to two of the letters, Senator Grassley's office saved their jobs by intervening on their behalf, issuing several strong warnings to Sandia about retaliating against whistleblowers.

    Here's some highlights: After investigating an incident in Sandia's SCIF (Sensitive Compartmented Information Facility) that involved alleged sexual liaisons between highly cleared staff members, the Sandia Vice President in charge at the time -- David Nokes -- ordered a subordinate to destroy a hard drive that was assigned as evidence to the investigation. The subordinate complied by "smashing the hard drive with a sledge hammer." The SCIF employee in question was also found to have been hacking into Sandia Intranet computers. It became impossible to find out exactly what the employee was doing after the drive was destroyed. The drive was presumably destroyed because the VP wanted to "avoid embarrassment" to the organization.

    After being "forced" to resign, C. Paul Robinson and Mr. Nokes publicly sparred in the press. While this public display was going on, Dr. Robinson was quietly reinstating Mr. Nokes' security clearances and hiring him back as a "security consultant". Now that seems odd, given the circumstances of his departure. It was only until an unknown Sandia employee anonymously faxed Mr. Nokes' clearance reinstatement paperwork to Senator Grassley's office did the good Senator become aware of what was going on.

    After the smoke cleared from Sandia executive management's "sham internal review" of what happened (the Senator's words, not mine), Sandia quietly handed out huge bonuses to the employees that toed the company line -- including the hard drive smasher (who was in charge of security at the SCIF). None of this became public until they were posted on the LANL site by -- you guessed it -- an anonymous person. The Albuquerque Journal ran a story about the huge bonuses and pay raises awarded to every employee that was disciplined in the matter in the fall of 2006. While disciplined publicly, they all received huge cash awards ($20,000 non-base award to the drive smasher) and unheard of pay raises. That seems like sort of a red flag to me, especially since the American tax payer is doling out the cash for this nonsense.

    BTW, Sandia Corporation is a subsidiary of Lockheed Martin Corporation. It was set up as an at-will employer, so staff can be fired for any reason and at any time. A Government Accountability Office (GAO) report on the Department of Energy reimbursement of contractor litigation expenses can be found here: http://www.gao.gov/new.items/d04148r.pdf [gao.gov]

    The GAO found that almost all claims are summarily reimbursed by the DOE, even in cases of malfeasance, fraudulent conduct, etc ($330 million between 1998 and 2003). DOE contractors only picked up a paltry $12 million of the tab.

    There's all kinds of goodies in the PDFs, so I won't ruin the suspense for those of you that are interested.

    The Sandia National Laboratories / Senator Grassley docume
  • by golodh (893453) on Tuesday February 27, 2007 @05:15PM (#18172330)
    Scandia Laboratories is a _National_ laboratory. It's supposed to deal intimately with matters that directly affect US security. Therefore any failure to make any information gained that shows that vital US interests at risk (such as penetration of defense contractors) immediately and unreservedly available to the FBI and Army Intelligence is absolutely inexcusable.

    There seems to be an opinion among Sandia Laboratories management that they can interpret "just focusing on our job" as meaning "we are entitled to ignore evidence of penetration of defense contractors and/or government systems and sit on it". In my opinion every last one of those managers should be fired. et ... why not close down Sandia Laboratories in its entirety to prevent this sort of mentality from spreading? If this is the way those clowns view their job of protection of US interests who needs them?

    And to top it all off ... they see fit to pile psychological pressurise on a loyal, responsable employee, and (the height of unprofessionalism) they try to blackmail him with his wife's job.

    Has everyone grasped that Sandia management _actively_ tried to prevent this employee from cooperating with the FBI and Army Intelligence because it might (from the article) "bring unwanted attention to Sandia"? Am I alone in thinking that such conduct belongs in Soviet Russia of 30 years ago and not the US today?

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...