Reverse Hacker Awarded $4.3 Million

jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."

Gray and pointless.

[Short Circuit]

What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia.

Of course, the judgement against Sandia will get passed on to the US Government in a "cost plus" contract...

Am I The Only One Alarmed By....

[Fried-Psitalon]

....the fact that a corporation was holding its own interests over that of its founding nation?

I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."

I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.

Granted, I'm a teacher by trade, and I don't have that same mindset... but even as a human being, I'm going to tend to the security of the nation that keeps carbombs off my streets before I tend to the profits of fat-cat, tax-dodging boss.

Patriotism isn't an archaic concept; it's a survivalist one.

What Is A "Reverse Hacker"?

[ergo98]

Does he un-hack things? Every search result for this term only points to the same story appearing on every meme site.

Because if he's an offensive hacker -- e.g. one of "ours" to attack the enemy -- that doesn't make it "reverse" hacking.

Ridiculous contract

[defile]

After Carpenter's termination, the investigations into the Titan Rain group appear to have gone nowhere, said Winkler, a former National Security Agency analyst. He added that while the Carpenter award is welcome, it would ultimately be paid with taxpayer money.

"This whole thing is costing them nothing," Winkler said. "Whatever legal fees they are running up is just being passed back to the U.S. government," he said.

Their contracts with the government allow them to pass court awarded punitive damages to the government? On TV doctor dramas, punitive damages are awarded if there is evidence of gross negligence. For what possible reason would the government enter such an agreement?

Re:Am I The Only One Alarmed By....

[PhxBlue]

I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.

I'm sure at least some businesses don't recognize a "mother country." How would you constrain Sony, for example, which has factories all over Asia and North America? Or cruise lines, which do most of their business in the United States but are registered in the Cayman Islands for tax shelter purposes?

problems for a corporation-mindset

[way2trivial]

let me give you my gut level response about what you've missed in a corporate level mindset. (bugs, bugs, they're crawling all over me now)

any end scenario that equates with annihalation/extinction of the company is not worth considering or planning for.

on a scale of 1-10, (1 being some hourly wage earner is caught taking 40$ from the till) a 5-8 embarrasement bad pr episode (security leak, court judgement, contracts broken) is a whole lot worse for the company than a 10 extinction, because at 100% corporation extinction/cessation of manufacturing, there is no one left to point fingers (other than history) in the internal squabbles.... a mid level manager would rather the company declare banktrupcy than one of his subs become a series of internal memos cc'd to legal...

Re:Am I The Only One Alarmed By....

[Short Circuit]

(Note: My brother's a submariner in the US Navy.)

It's nothing new. When the US Navy put the contract to develop a new screw(propellor) for US submarines, the specifications made it virtually silent. One company went so far as to build the machine to build the screw, but ended up not getting the contract. Rather than write the whole thing off, they sold the machine to the Chinese.

Long story short, Chinese subs are now just about as quiet as American subs.

Lockheed Martin, Big Brother Inc.?

[paladinwannabe2]

It sounds like a delightful place to work, where other employees are afraid to talk to this guy now because they think their phones are wiretapped, and they would rather hide their problems than fix them. Just as well they never wanted to interview me.

Re:Am I The Only One Alarmed By....

[ArsenneLupin]

they sold the machine to the Chinese.

"A capitalist will sell you the rope you will hang him with if he can make profit on it." - Lenin

Re:Gray and pointless.

[EngMedic]

Gray and pointless? Tell that to Cliff Stoll. http://en.wikipedia.org/wiki/Cliff_Stoll [wikipedia.org]

Re:Gray and pointless.

[crush]

Added to which, it seems that Mr.Carpenter and his wife are beneficiaries of the "new security regime" with him landing a plum post with the neocon's new "Dept of Homeland Security" and his wife now a White House fellow working as a special assistant to top-ranking government officials.

Take note too of the special attention paid to the fact that Bruce Held [Sandia's chief of counterintelligence]. was a CIA officer, and remember that the CIA and all the associated apparatus of oldboys are under attack from the neocons because they wouldn't suppport the Bush administration's contention that Iraq had WMDs.

I smell a big stinky rat that just popped out of the sewer with this story. I can't help remembering the Wen Ho Lee [wikipedia.org] story which waved the flag of patriotism to persecute a "foreigner" and think that if the USA is worried about foreigners stealing information then they should look to the Israelis [counterpunch.org]

At best this is an unclear story, at worst it's a move by the neocons to ratchet up tension against China. Probably it's a way at having a go at some non-neocon security establishment likely loyal to the Democrats.

Most amazing quote from the article

[yppiz]

This was his "exit interview" at Sandia, and I am guessing a big reason for the award:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9011832&pageNumber =3 [computerworld.com]

What happened then?

During my last meeting with Sandia management, a semicircle of management was positioned in chairs around me and Bruce Held [Sandia's chief of counterintelligence]. Mr. Held arrived about five minutes late to the meeting and positioned his chair inches directly in front of mine. Mr. Held is a retired CIA officer, who evidently ran paramilitary operations in Africa, according to his deposition testimony.

At one point, Mr. Held yelled, "You're lucky you have such understanding management... if you worked for me, I would decapitate you! There would at least be blood all over the office!" During the entire meeting, the other managers just sat there and watched.

  At the conclusion of the meeting, Mr. Held said, "Your wife works here, doesn't she? I might need to talk to her." [Editor's note: In court testimony, Held admitted using the word "decapitated" and that he wouldn't contest using the word "blood" although he didn't recall saying it. He also apologized for using those terms.]

Indeed, my wife did work there -- in Sandia's International Programs section, working on nuclear counter-proliferation, port and border security issues. In the context of that meeting, it was a chilling comment. Shortly after the meeting, which management described at trial as "a fact-finding session with Mr. Carpenter," my director showed up at my office, escorted me to the gate and stripped me of my badge. That was the last time I was ever at Sandia. [Carpenter's wife resigned and is now a White House fellow working as a special assistant to top-ranking government officials.

Article in Time

[measured_flo]

I remember there was quite a large article in Time magazine about Carpenter, two years ago. http://www.time.com/time/printout/0,8816,1098961,0 0.html [time.com] Burn Karma, Burn

Red Herrings anybody?

[Usagi_yo]

However, if my job was to get disinformation out to people, I would call it secret, pay millions for security, but let it get stolen anyway.

Ya just gotta be paranoid to survive in this world.

Re:Gray and pointless.

[paeanblack]

1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
2. He informed his employer that sensitive data was being stolen.
3. His employers did nothing because they're incompetent nitwits.
4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.

Imagine Joe Security Guard does the following:

1. Finds an intrusion within his patrol
2. Informs his employers that valuable ojbects were being stolen
3. His employers did nothing because (insert speculation)
4. He breaks into the theives houses to track down the stolen property.

Did Joe overstep his authority? Did he know whether the leak was intentional, possibly to track where these goods were ending up?