Reverse Hacker Awarded $4.3 Million

jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."

Sandia is the government

[Tzinger]

Sandia is government owned/contractor operated facility. The contractor is Lockheed-Martin. The relationship between defense contractors and the government is an odd one that goes back a long way in our history. Eisenhower (33rd President) bemoaned it and coined the term "military industrial complex".

You can think of it as a "closed economy" rather than a "market economy". The defense contractors operate on very low profit margins in exchange for a guarantee of income. It's not quite that simple but not far from the actuality.

Re:What Is A "Reverse Hacker"?

[Obsidian Dagger]

Yes, "Counter Hacker" would be more approriate. The article at http://en.wikipedia.org/wiki/Shawn_Carpenter [wikipedia.org] provides some detail and it appears it traced the hackers and hacked the server they were coming from.

Re:Gray and pointless.

[EngMedic]

I read that book years ago. Cliff Stoll's investigation led to the capture and trial of German spies. Once this guy turned his data over to the FBI, the investigation went nowhere.

Yeah. So did Cliff's. He had to keep beating them into doing something about it for months on end. I suspect this guy would've done the same if his bosses hadn't fired him.

Re:Ridiculous contract

[dragons_flight]

Sandia National Labs [sandia.gov] is a government owned research facility, operated by independent contractors. The government decides how much money to provide the facility. The contracted management corporation decides how to spend it, though if they fail to meet government expectations then the government can decide to rebid the contract.

So a judgment against the facility would come out of government funds originally intended to support research. The government can then either increase funding to cover the judgment, accept a reduction in research, and/or fire the management.

As to why use such contracts? Part of the idea is to create a profit motive by allowing the managing corporation to keep a profit if they can fulfill the government's expecations for less than the originally bid price. So a judgment like this would potentially eat into their ability to profit in that way. The other argument for such contracts is to reduce bureaucracy and political pressure at research institutions.

Re:Am I The Only One Alarmed By....

[dave562]

On a semi related tangent, a client of mine has the designs to build an engine that is capable of running on FIVE DIFFERENT types of fuel. The American automakers have plans for a similar engine but they are not planning on putting it into production until 2025. My client is going to start producing the engine in China next year.

For a lot of companies, China gives them the ability to be profitable. A lot of America is locked down either politically or economically. By politically I mean that unless you are the favored contractor of the US Congress, you aren't going to get the contract to design anything. And by economically I mean, if you don't already have production facilities, it's cost prohibitive to get them.

Senator Grassley Letters regarding Sandia Failures

[bitgusher]

It seems that the Carpenter debacle is only the latest of a string of management failures at the facility. A big of Googling turned up a cache of PDFs posted to a Los Alamos related web site (LANL, The Real Story). The site is no longer maintained, but available. The letters are PDFs of actual correspondence from Senator Grassley to the Secretary of Energy, the Department of Energy Inspector General, and other high-ranking officials regarding security problems and retaliation issues at Sandia. Sandia has a separate Corporate Investigations division, and in 2003 and 2004 they turned up some interesting items in their investigations. From the correspondence, however, it seems that Sandia management wasn't too pleased when they got the bad news from the investigators, who were simply trying to do their jobs.

The investigators were threatened, transferred to rodent-infested trailers, and were written up. According to two of the letters, Senator Grassley's office saved their jobs by intervening on their behalf, issuing several strong warnings to Sandia about retaliating against whistleblowers.

Here's some highlights: After investigating an incident in Sandia's SCIF (Sensitive Compartmented Information Facility) that involved alleged sexual liaisons between highly cleared staff members, the Sandia Vice President in charge at the time -- David Nokes -- ordered a subordinate to destroy a hard drive that was assigned as evidence to the investigation. The subordinate complied by "smashing the hard drive with a sledge hammer." The SCIF employee in question was also found to have been hacking into Sandia Intranet computers. It became impossible to find out exactly what the employee was doing after the drive was destroyed. The drive was presumably destroyed because the VP wanted to "avoid embarrassment" to the organization.

After being "forced" to resign, C. Paul Robinson and Mr. Nokes publicly sparred in the press. While this public display was going on, Dr. Robinson was quietly reinstating Mr. Nokes' security clearances and hiring him back as a "security consultant". Now that seems odd, given the circumstances of his departure. It was only until an unknown Sandia employee anonymously faxed Mr. Nokes' clearance reinstatement paperwork to Senator Grassley's office did the good Senator become aware of what was going on.

After the smoke cleared from Sandia executive management's "sham internal review" of what happened (the Senator's words, not mine), Sandia quietly handed out huge bonuses to the employees that toed the company line -- including the hard drive smasher (who was in charge of security at the SCIF). None of this became public until they were posted on the LANL site by -- you guessed it -- an anonymous person. The Albuquerque Journal ran a story about the huge bonuses and pay raises awarded to every employee that was disciplined in the matter in the fall of 2006. While disciplined publicly, they all received huge cash awards ($20,000 non-base award to the drive smasher) and unheard of pay raises. That seems like sort of a red flag to me, especially since the American tax payer is doling out the cash for this nonsense.

BTW, Sandia Corporation is a subsidiary of Lockheed Martin Corporation. It was set up as an at-will employer, so staff can be fired for any reason and at any time. A Government Accountability Office (GAO) report on the Department of Energy reimbursement of contractor litigation expenses can be found here: http://www.gao.gov/new.items/d04148r.pdf [gao.gov]

The GAO found that almost all claims are summarily reimbursed by the DOE, even in cases of malfeasance, fraudulent conduct, etc ($330 million between 1998 and 2003). DOE contractors only picked up a paltry $12 million of the tab.

There's all kinds of goodies in the PDFs, so I won't ruin the suspense for those of you that are interested.

The Sandia National Laboratories / Senator Grassley docume

Re:Am I The Only One Alarmed By....

[tootlemonde]

A capitalist will sell you the rope...

Lenin never said it. See the discussion at Google answers [google.com].

It's puzzling why this quote is so widely circulated by non-Communists who presumably would not normally give anything else Lenin said any special credence. The quote also is obviously not true in any general sense because the capitalist countries won the Cold War and capitalism has thus far not been metaphorially hanged by anyone.

So, the quote is a fabrication, the alleged source in any case has no credibility and it is false on the face of it.

Can it be that one of capitalism's strengths is that it provokes some of its critics to use the weakest imaginable arguments against it?