Reverse Hacker Awarded $4.3 Million 171
jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."
Gray and pointless. (Score:5, Interesting)
Of course, the judgement against Sandia will get passed on to the US Government in a "cost plus" contract...
Re:Gray and pointless. (Score:5, Insightful)
Re:Gray and pointless. (Score:5, Funny)
Re: (Score:1, Insightful)
Re: (Score:2, Interesting)
Take note too of the special attention paid to the fact that Bruce Held [Sandia's chief of counterintelligence]. was a CIA officer, and remember that the CIA and all the associated apparatus of oldboys are under attack from
Re: (Score:1, Flamebait)
Re:Gray and pointless. (Score:5, Insightful)
This is what we know.
1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
2. He informed his employer that sensitive data was being stolen.
3. His employers did nothing because they're incompetent nitwits.
4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.
Now beyond that, the whole lawsuit thing is frivilous. If I were this guy I would have walked into my congressmans office and started the conversation with, "Wanna hear how a goverment agency that gets billions of dollars of taxpayers money is letting its secrets get stolen?" I would then sit back and let the shit storm begin.
As for the dishonest deeds, I think it started with the people who were breaking into american computer systems and stealing the data.
Though I've always asked this question: If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet???? Setup a secure isolated network and call it a deal!
Re:Gray and pointless. (Score:5, Funny)
Umm hellllo. How do you expect the scientists to check their myspace??
Comment removed (Score:5, Funny)
parent is +6 funny (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Well, if you go with the premise that you have enough information to determine that there's nothing shady going on then it's a foregone conclusion. But you don't have that information, and I don't have that information. All we have are selective leaks from "security sources" about the case. On his own admission Carpenter performed the followining unethical behaviors:
Red Herrings anybody? (Score:3, Interesting)
Ya just gotta be paranoid to survive in this world.
Re: (Score:3, Interesting)
2. He informed his employer that sensitive data was being stolen.
3. His employers did nothing because they're incompetent nitwits.
4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.
Imagine Joe Sec
Re: (Score:2)
Ok, I'm joking. I'm not really racist, and can't stand people who are, and especially when they are righteous about it. =D
Re: (Score:2, Funny)
Re: (Score:3, Interesting)
Re: (Score:1)
Re: (Score:2, Informative)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Am I The Only One Alarmed By.... (Score:5, Interesting)
I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."
I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.
Granted, I'm a teacher by trade, and I don't have that same mindset... but even as a human being, I'm going to tend to the security of the nation that keeps carbombs off my streets before I tend to the profits of fat-cat, tax-dodging boss.
Patriotism isn't an archaic concept; it's a survivalist one.
Re:Am I The Only One Alarmed By.... (Score:5, Interesting)
I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.
I'm sure at least some businesses don't recognize a "mother country." How would you constrain Sony, for example, which has factories all over Asia and North America? Or cruise lines, which do most of their business in the United States but are registered in the Cayman Islands for tax shelter purposes?
Re: (Score:2)
Cruise lines are great examples because their ship's registries are pretty much always outside the US - it's cheaper and it doesn't give the US military etc the right to board your ship in international waters (sure, they can do it anyway, but they're probably less likely.)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
problems for a corporation-mindset (Score:4, Interesting)
any end scenario that equates with annihalation/extinction of the company is not worth considering or planning for.
on a scale of 1-10, (1 being some hourly wage earner is caught taking 40$ from the till) a 5-8 embarrasement bad pr episode (security leak, court judgement, contracts broken) is a whole lot worse for the company than a 10 extinction, because at 100% corporation extinction/cessation of manufacturing, there is no one left to point fingers (other than history) in the internal squabbles.... a mid level manager would rather the company declare banktrupcy than one of his subs become a series of internal memos cc'd to legal...
Re: (Score:1)
I wouldn't be at all surprised if that assumption became embedded in the executive mindset.
(IANA CPA, but that's the next direction I want to go...)
ok.. (Score:2)
You can't consider enemy invader warplanes bombing your factories out of existence, even if through your companies actions, or inaction.
Re:Am I The Only One Alarmed By.... (Score:5, Interesting)
It's nothing new. When the US Navy put the contract to develop a new screw(propellor) for US submarines, the specifications made it virtually silent. One company went so far as to build the machine to build the screw, but ended up not getting the contract. Rather than write the whole thing off, they sold the machine to the Chinese.
Long story short, Chinese subs are now just about as quiet as American subs.
Re:Am I The Only One Alarmed By.... (Score:5, Interesting)
Re:Am I The Only One Alarmed By.... (Score:5, Funny)
Re:Am I The Only One Alarmed By.... (Score:5, Funny)
"I'm sorry, but the knot you're tying in that noose is copyrighted and patented by my corporation, and in any event the end user license specifically forbids using it to hang their employees or those of organizations doing business with them. I have a cease-and-desist order right here, and I'm afraid I'll need to ask for the names, addresses, phone numbers, and social security numbers of all your executioners past and present to ensure they're not in violation of our intellectual property."
Re: (Score:3, Informative)
A capitalist will sell you the rope...
Lenin never said it. See the discussion at Google answers [google.com].
It's puzzling why this quote is so widely circulated by non-Communists who presumably would not normally give anything else Lenin said any special credence. The quote also is obviously not true in any general sense because the capitalist countries won the Cold War and capitalism has thus far not been metaphorially hanged by anyone.
So, the quote is a fabrication, the alleged source in any case has no credibil
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Informative)
For a lot of companies, China gives them the ability to be profitable. A lot of America is locked down either politically or economically. By politically I mean that unless you
Re: (Score:2)
I'm not sure how much I can share at this point. But if you send an email to darmstrong562 dot gmail at com, I'll figure out what I can share and let you know since you're interested.
Re: (Score:2)
It wasn't China. The companies involved were Toshiba Machine Company (Japan) and Kongsberg Vaapenfabrikk (Norway). This violated agreements on export controls which both nations were signatories to. This wasn't discovered until 1987, even though the covert sale happened over the period of 1981-1984.
Toshiba was barred from selling anything to any Warsaw Pact nation for a year. Two of its executives were charged and convicted, which basically ended their careers. The
Re: (Score:2)
Anyway, it sounds like you're referring to the incident with a Toshiba Corporation subsidiary, Toshiba Machine: the U.S. government licensed specialized milling technology to that company, who promptly turned around and sold it to th
Re: (Score:2)
This happens all the time. The issue is that the company must obtain US Export licenses for that technology before being able to sell it to China.
The company used B&P or R&D funds to setup a machine and failed to win a contract. They found a buyer, got permission from the US to sell, and sold away.
There is nothing anti-USA or Anti-American here. The Government let this happen.
Re: (Score:1)
Re: (Score:2)
I'm confused. Are you being ironic? i.e. are you really agreeing with gp post? Because what he said is more or less accurate. At least the part you quoted is. I'll admit I don't have
Re: (Score:2)
Re:Am I The Only One Alarmed By.... (Score:5, Insightful)
Of course they do. Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."
For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with. We should not expect patriotic, or even moral behavior from them. Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with. A committed person can get more from his coworkers and superiors, they are individuals after all and most of the time they usually have at least a common sense of decency that can be appealed to. But turn your back and you're right back to the bottom line.
This is especially insidious because people judge themselves, not against principles, but by how they compare to others. When other people are going along with something, there is a strong presumption that it must be OK. People will rationalize what they do to make it seem right, before they change what they do to conform to their own ideas of right, until eventually they lose sight of the difference between right and wrong. That's why good people end up doing bad things.
So we should not be shocked or suprised by this. This is the reason we have laws, and legal relief for unjust actions taken by corporations in their selfish financial interests. To force basic moral and civic responsiblity on organizations which are by design simple profit generating machines.
It's not shocking that corporations behave amorally. Nor is it punitive to reign them in when they use the special privileges they have been granted abusively. It's just realistic.
Re:Am I The Only One Alarmed By.... (Score:4, Insightful)
Actually no, we didn't. Obeying the law is not a requirement for any corporation as the "fines" levied from breaking any laws is simply the cost of doing business. If the profit gained by an action outweighs the consequences of legal action, then any legal punishment in the form of fines is the cost of doing business and "good for the shareholders".
It's just a risk market. (Score:5, Insightful)
Bingo. I don't know why people get their panties in so much of a bunch over what corporations do. They're almost always utterly predictable. The only times when they aren't predictable, is when they're dominated by a particular personality, and then they tend to take on the irrationalisms (for better or worse) of the controlling person.
But most major corporations, run by boards of directors and their appointees, will do whatever is profitable based on the information and best-guess assessments that they have available. They will do this without regard to Law or really to Ethics, except insofar as those feed into the risk/benefit decisions.
I have no doubt that if the enforcement of laws against organ harvesting was lax enough, to the point where a person could expect to get away with it, corporations would probably get into that business, too. It's a straightforward calculation: what is the risk of getting caught, times the consequences of getting caught, and is that greater or less than the chances of succeeding, times the possible payout. If the latter exceeds the former, and it's greater than the opportunity cost, then the corporation does it. (And if they don't, someone else will. There's no such thing as universal ethics; you can always find somebody who'll "go there" regardless of how repugnant the opportunity for profit might be.)
You can look at an illegal act in the same way that an insurance company might approach a significant new risk: what are the odds of the insured-against action happening, and what would we have to pay out if that happened, so what should we charge in premiums? Except in the acting-illegally case, the "premiums" are what you'd need to expect you'd be able to get out of doing the illegal act, in order to make it, on average, worth doing.
So when you see a corporation dumping toxic waste, don't bother being surprised. Somebody, somewhere, did a calculation (either literally or figuratively), and decided that the potential gain of the dumping, even when the risk of getting caught was factored into it, was profitable.
As corporations get bigger and bigger, this is only going to become more apparent. If a major multinational corporation breaks some laws, it's probably not going to end the company. In the future, it could get to a point where they're so much bigger than governments, that no amount of illegal action would ever be 'fatal,' and thus they would follow the risk/benefit calculations even more closely, because they'd be able to more easily afford getting caught every once in a while (in the same way that a larger insurance company can sometimes offer lower premiums, because they're bigger and can absorb more risk).
It's NOT as bad as that - you forgot about... (Score:2)
Re:It's NOT as bad as that - you forgot about... (Score:5, Insightful)
If you don't like people dumping toxic waste, make it riskier to do so (through increased enforcement), and make the loss greater in the event that you are caught (stiffer penalties). That's going to directly affect the economic decision to dump or not dump.
Rather than arguing about morality or ethics, I think it's more useful to just assume that all large organizations are going to be run by sociopaths, and build the laws to cope with it. If every once in a while, it turns out that one of them isn't, then all the better.
Re: (Score:1)
Re: (Score:2)
For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with.
And to punish them if they don't pursue such behavior; look up Dodge v. Ford Motor Company [wikipedia.org]. Carrot and stick.
Re: (Score:2)
Another interesting point is that during the war, U.S. planes bombed G.M. Factories in Germany. After the war, G.M
Not just business (Score:2)
We see this in all walks of life. From business to politics (where it is all but mandated that you act this way), to private and personal lives. A business is not a sentient entity. it is comprised of people, and it is the people that do these things. By blaming "the company" or companies, you provide an easy escape goat for the behavior. By accepting and perpetuating this scapeg
Re: (Score:2)
Re: (Score:2)
Corporations are founded and owned by people, who first and foremost expect the corporation to make money.
"Corporation ignores serious national security concerns because there was no obvious profit."
Corporations will do anything they can get away with to pursue the goal specified above.
I always wonder... do businesses really think they're immune to the affairs of their "mother country?"
War or even just insecuri
Re: (Score:2)
I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.
Um, I'm all for nationalism, but there is a part of me that bel
Re: (Score:2)
but there is a part of me that believes a global multinational corporate controlled world would be better for most people. Why should the US get special treatment from companies? What if the companies started funding their own mercs and fought back? There has been fiction on that subject. It's good thing for our national governments that our corporations don't have merc wars against each other or some governments would be in deep trouble.
I'm afraid I can't agree with what you say about being better for most people. If the corporations had absolutely no checks or balances and were allowed to run free and do whatever they wanted, then the top 2% would continue to get richer and the rest of the world would get steamrolled to make it happen. I realize this is already happening, but what if there was literally nothing to keep these companies in check?
Re: (Score:2)
If there was a need for corporations to pass on information which may be useful to national organisations then the market would provide one, clearly it's not profitable to do so because as Government entities the national security agencies are far too inefficient and bueraucratic and unable to adjust properly to the marketplace, indeed the government may even have interfered to the extent whereby the government bodies aren't even a
Re: (Score:2)
Re: (Score:2)
This is a nitpick, and it's off topic, so I'll keep it brief, but I believe you are wrong. You're right with your point about security, but I would argue this is a function of the state, not of the nation. As such it cannot be a convincing justification for "patriotism", as I understand it.
(IMHO, it is no coincidence that the distinction between "nation" and "state" is fre
No (Score:2)
only if you assume your conclusions... (Score:2)
How do you "prove" an assertion about what "ought" to happen?
Take the statement:
You can only prove that if you start with a system of mor
What Is A "Reverse Hacker"? (Score:3, Interesting)
Because if he's an offensive hacker -- e.g. one of "ours" to attack the enemy -- that doesn't make it "reverse" hacking.
Re: (Score:1)
Re:What Is A "Reverse Hacker"? (Score:5, Insightful)
Re: (Score:1, Informative)
Re: (Score:1)
*ALERT* LAME JOKE WARNING *ALERT*
ok, I'll stop here
Re: (Score:2)
Ridiculous contract (Score:5, Interesting)
Their contracts with the government allow them to pass court awarded punitive damages to the government? On TV doctor dramas, punitive damages are awarded if there is evidence of gross negligence. For what possible reason would the government enter such an agreement?
Re: (Score:2)
Re: (Score:1)
it's the only way to get the job done? (Score:2)
hypothetical.. a condo assocation decides to take snow removal from the outside company (which charges a whole lot, and comes out even when it's 1/8th of an inch, and the temp is expected to melt that off in 2 hours) to the management company, who will perform the action as needed... the management company has increased liability if someone falls on the snow-blowed sidewalk, and says the snow-blowing was insufficient/caused the accident.
the management company befor
Re:Ridiculous contract (Score:5, Informative)
So a judgment against the facility would come out of government funds originally intended to support research. The government can then either increase funding to cover the judgment, accept a reduction in research, and/or fire the management.
As to why use such contracts? Part of the idea is to create a profit motive by allowing the managing corporation to keep a profit if they can fulfill the government's expecations for less than the originally bid price. So a judgment like this would potentially eat into their ability to profit in that way. The other argument for such contracts is to reduce bureaucracy and political pressure at research institutions.
Re: (Score:2)
Re: (Score:2)
If the governement pays the fine nothing will (Score:2)
Lockheed Martin, Big Brother Inc.? (Score:3, Interesting)
Sandia is the government (Score:4, Informative)
You can think of it as a "closed economy" rather than a "market economy". The defense contractors operate on very low profit margins in exchange for a guarantee of income. It's not quite that simple but not far from the actuality.
Re: (Score:1)
These three words are so often misrepresented it isn't funny. He didn't bemoan it, he encouraged it. He was for a strong defense. He was also for peace. What he said in the proper context is here - http://en.wikipedia.org/wiki/Military-industrial_c omplex [wikipedia.org] copied here :
A vital element in keeping the peace is our military establishment. Our arms must be mighty, ready for instant action, so that no potential aggress
Re: (Score:2)
How do they make a $729 million annual profit off "low profit margins"? This must be some really great Kool-Aid that you're drinking. If you are unfamiliar with how to milk cost plus contracts [wikipedia.org], there are thousands of people at LM, Boeing, Bechtel, General Dynamics and GE's Electric Boat Company who can show you.
Disclaimer: I used to sell to all of them
Re: (Score:2)
Basically, it's just that 3% on a few billion a year is a lot better than 10% on a few million. They're not starving.
And not all government contracts are cost-plus. Most agencies won't le
Re: (Score:2)
The end result is odd stuff like US troops envying the rifles used by the relatively impoverished Australian army (who use Austrian rifles - not Australian ones) and US troops buying their own gear at camping stores.
He shoulsdstart his own consulting company. (Score:2)
Why does the government have to pay for this Cr@p? (Score:1)
Rekcah? (Score:1)
all is not lost (Score:2)
Most amazing quote from the article (Score:5, Interesting)
http://www.computerworld.com/action/article.do?co
Re:Most amazing quote from the article (Score:4, Funny)
Re: (Score:3, Insightful)
Was his wife's name Valerie Plame?
Same s**t, different authoritarian boss.
Let me get this straight... (Score:4, Funny)
Interests of who ? (Score:2)
To me, it looks like it was only putting the interests of a corporation against the interests of another corporation. But the guy was smart and choose the bigger one.
Senator Grassley Letters regarding Sandia Failures (Score:5, Informative)
The investigators were threatened, transferred to rodent-infested trailers, and were written up. According to two of the letters, Senator Grassley's office saved their jobs by intervening on their behalf, issuing several strong warnings to Sandia about retaliating against whistleblowers.
Here's some highlights: After investigating an incident in Sandia's SCIF (Sensitive Compartmented Information Facility) that involved alleged sexual liaisons between highly cleared staff members, the Sandia Vice President in charge at the time -- David Nokes -- ordered a subordinate to destroy a hard drive that was assigned as evidence to the investigation. The subordinate complied by "smashing the hard drive with a sledge hammer." The SCIF employee in question was also found to have been hacking into Sandia Intranet computers. It became impossible to find out exactly what the employee was doing after the drive was destroyed. The drive was presumably destroyed because the VP wanted to "avoid embarrassment" to the organization.
After being "forced" to resign, C. Paul Robinson and Mr. Nokes publicly sparred in the press. While this public display was going on, Dr. Robinson was quietly reinstating Mr. Nokes' security clearances and hiring him back as a "security consultant". Now that seems odd, given the circumstances of his departure. It was only until an unknown Sandia employee anonymously faxed Mr. Nokes' clearance reinstatement paperwork to Senator Grassley's office did the good Senator become aware of what was going on.
After the smoke cleared from Sandia executive management's "sham internal review" of what happened (the Senator's words, not mine), Sandia quietly handed out huge bonuses to the employees that toed the company line -- including the hard drive smasher (who was in charge of security at the SCIF). None of this became public until they were posted on the LANL site by -- you guessed it -- an anonymous person. The Albuquerque Journal ran a story about the huge bonuses and pay raises awarded to every employee that was disciplined in the matter in the fall of 2006. While disciplined publicly, they all received huge cash awards ($20,000 non-base award to the drive smasher) and unheard of pay raises. That seems like sort of a red flag to me, especially since the American tax payer is doling out the cash for this nonsense.
BTW, Sandia Corporation is a subsidiary of Lockheed Martin Corporation. It was set up as an at-will employer, so staff can be fired for any reason and at any time. A Government Accountability Office (GAO) report on the Department of Energy reimbursement of contractor litigation expenses can be found here: http://www.gao.gov/new.items/d04148r.pdf [gao.gov]
The GAO found that almost all claims are summarily reimbursed by the DOE, even in cases of malfeasance, fraudulent conduct, etc ($330 million between 1998 and 2003). DOE contractors only picked up a paltry $12 million of the tab.
There's all kinds of goodies in the PDFs, so I won't ruin the suspense for those of you that are interested.
The Sandia National Laboratories / Senator Grassley docume
Scandalous behaviour by Scandia officials (Score:3)
There seems to be an opinion among Sandia Laboratories management that they can interpret "just focusing on our job" as meaning "we are entitled to ignore evidence of penetration of defense contractors and/or government systems and sit on it". In my opinion every last one of those managers should be fired. et ... why not close down Sandia Laboratories in its entirety to prevent this sort of mentality from spreading? If this is the way those clowns view their job of protection of US interests who needs them?
And to top it all off ... they see fit to pile psychological pressurise on a loyal, responsable employee, and (the height of unprofessionalism) they try to blackmail him with his wife's job.
Has everyone grasped that Sandia management _actively_ tried to prevent this employee from cooperating with the FBI and Army Intelligence because it might (from the article) "bring unwanted attention to Sandia"? Am I alone in thinking that such conduct belongs in Soviet Russia of 30 years ago and not the US today?
Re: (Score:2)
Re: (Score:3, Funny)