Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Hacker Awarded $4.3 Million

Posted by Zonk on from the now-i-want-to-be-a-reverse-hacker dept.

jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."

4 of 171 comments (clear)

  1. Re:Gray and pointless. by tha_mink · · Score: 5, Insightful

    What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia. Yeah, and how is that "Reverse Hacking"? Isn't that just "hacking"? (ok cracking or whatever) It's like when people say that someone is a "reverse racist". You're either racist or you're not. I didn't think that kind of thing works in a direction.
    --
    You'll have that sometimes...
  2. Re:What Is A "Reverse Hacker"? by SighKoPath · · Score: 5, Insightful

    Maybe a better term would be "Counter-hacker?" I don't know, really... from the article, it sounds like he hacked their hackers.

  3. Re:Am I The Only One Alarmed By.... by hey! · · Score: 5, Insightful

    I always wonder... do businesses really think they're immune to the affairs of their "mother country?"


    Of course they do. Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."

    For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with. We should not expect patriotic, or even moral behavior from them. Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with. A committed person can get more from his coworkers and superiors, they are individuals after all and most of the time they usually have at least a common sense of decency that can be appealed to. But turn your back and you're right back to the bottom line.

    This is especially insidious because people judge themselves, not against principles, but by how they compare to others. When other people are going along with something, there is a strong presumption that it must be OK. People will rationalize what they do to make it seem right, before they change what they do to conform to their own ideas of right, until eventually they lose sight of the difference between right and wrong. That's why good people end up doing bad things.

    So we should not be shocked or suprised by this. This is the reason we have laws, and legal relief for unjust actions taken by corporations in their selfish financial interests. To force basic moral and civic responsiblity on organizations which are by design simple profit generating machines.

    It's not shocking that corporations behave amorally. Nor is it punitive to reign them in when they use the special privileges they have been granted abusively. It's just realistic.
    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Re:Gray and pointless. by Mysticalfruit · · Score: 5, Insightful

    Well, let's go on the premise that this was an honest situation and not some nutty cooked up idea to lead the american people into another foolish military adventure.

    This is what we know.
    1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
    2. He informed his employer that sensitive data was being stolen.
    3. His employers did nothing because they're incompetent nitwits.
    4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
    5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.

    Now beyond that, the whole lawsuit thing is frivilous. If I were this guy I would have walked into my congressmans office and started the conversation with, "Wanna hear how a goverment agency that gets billions of dollars of taxpayers money is letting its secrets get stolen?" I would then sit back and let the shit storm begin.

    As for the dishonest deeds, I think it started with the people who were breaking into american computer systems and stealing the data.

    Though I've always asked this question: If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet???? Setup a secure isolated network and call it a deal!

    --
    Yes Francis, the world has gone crazy.