Slashdot Mirror
Reverse Hacker Awarded $4.3 Million
jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."
What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia.
Of course, the judgement against Sandia will get passed on to the US Government in a "cost plus" contract...
tasks(723) drafts(105) languages(484) examples(29106)
....the fact that a corporation was holding its own interests over that of its founding nation?
I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."
I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.
Granted, I'm a teacher by trade, and I don't have that same mindset... but even as a human being, I'm going to tend to the security of the nation that keeps carbombs off my streets before I tend to the profits of fat-cat, tax-dodging boss.
Patriotism isn't an archaic concept; it's a survivalist one.
The ability to communicate well does not directly correspond to the ability to communicate intelligently.
Does he un-hack things? Every search result for this term only points to the same story appearing on every meme site.
Because if he's an offensive hacker -- e.g. one of "ours" to attack the enemy -- that doesn't make it "reverse" hacking.
Their contracts with the government allow them to pass court awarded punitive damages to the government? On TV doctor dramas, punitive damages are awarded if there is evidence of gross negligence. For what possible reason would the government enter such an agreement?
change. End a few careers and people will get the message.
let me give you my gut level response about what you've missed in a corporate level mindset. (bugs, bugs, they're crawling all over me now)
any end scenario that equates with annihalation/extinction of the company is not worth considering or planning for.
on a scale of 1-10, (1 being some hourly wage earner is caught taking 40$ from the till) a 5-8 embarrasement bad pr episode (security leak, court judgement, contracts broken) is a whole lot worse for the company than a 10 extinction, because at 100% corporation extinction/cessation of manufacturing, there is no one left to point fingers (other than history) in the internal squabbles.... a mid level manager would rather the company declare banktrupcy than one of his subs become a series of internal memos cc'd to legal...
every day http://en.wikipedia.org/wiki/Special:Random
It sounds like a delightful place to work, where other employees are afraid to talk to this guy now because they think their phones are wiretapped, and they would rather hide their problems than fix them. Just as well they never wanted to interview me.
You are reading a copy of my copyrighted post.
Sandia is government owned/contractor operated facility. The contractor is Lockheed-Martin. The relationship between defense contractors and the government is an odd one that goes back a long way in our history. Eisenhower (33rd President) bemoaned it and coined the term "military industrial complex".
You can think of it as a "closed economy" rather than a "market economy". The defense contractors operate on very low profit margins in exchange for a guarantee of income. It's not quite that simple but not far from the actuality.
"If all the American people want is security, let them live in prisons." Eisenhower
My uncle was an anayzer, you insensitive clod!
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
http://www.computerworld.com/action/article.do?co
That's nothing. If anyone even thinks about my IP in their browser, I hack into their mind with my leet ESP skillz and take thier mind out. Then I find out where the live, and go there and kick their puppy if they have one. Then, if they ever think about my IP address again I just kill them with my arsenal of atomic warheads I bought from Saddam over TCP.
Actually no, we didn't. Obeying the law is not a requirement for any corporation as the "fines" levied from breaking any laws is simply the cost of doing business. If the profit gained by an action outweighs the consequences of legal action, then any legal punishment in the form of fines is the cost of doing business and "good for the shareholders".
Bingo. I don't know why people get their panties in so much of a bunch over what corporations do. They're almost always utterly predictable. The only times when they aren't predictable, is when they're dominated by a particular personality, and then they tend to take on the irrationalisms (for better or worse) of the controlling person.
But most major corporations, run by boards of directors and their appointees, will do whatever is profitable based on the information and best-guess assessments that they have available. They will do this without regard to Law or really to Ethics, except insofar as those feed into the risk/benefit decisions.
I have no doubt that if the enforcement of laws against organ harvesting was lax enough, to the point where a person could expect to get away with it, corporations would probably get into that business, too. It's a straightforward calculation: what is the risk of getting caught, times the consequences of getting caught, and is that greater or less than the chances of succeeding, times the possible payout. If the latter exceeds the former, and it's greater than the opportunity cost, then the corporation does it. (And if they don't, someone else will. There's no such thing as universal ethics; you can always find somebody who'll "go there" regardless of how repugnant the opportunity for profit might be.)
You can look at an illegal act in the same way that an insurance company might approach a significant new risk: what are the odds of the insured-against action happening, and what would we have to pay out if that happened, so what should we charge in premiums? Except in the acting-illegally case, the "premiums" are what you'd need to expect you'd be able to get out of doing the illegal act, in order to make it, on average, worth doing.
So when you see a corporation dumping toxic waste, don't bother being surprised. Somebody, somewhere, did a calculation (either literally or figuratively), and decided that the potential gain of the dumping, even when the risk of getting caught was factored into it, was profitable.
As corporations get bigger and bigger, this is only going to become more apparent. If a major multinational corporation breaks some laws, it's probably not going to end the company. In the future, it could get to a point where they're so much bigger than governments, that no amount of illegal action would ever be 'fatal,' and thus they would follow the risk/benefit calculations even more closely, because they'd be able to more easily afford getting caught every once in a while (in the same way that a larger insurance company can sometimes offer lower premiums, because they're bigger and can absorb more risk).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Comment removed based on user account deletion
So someone finds out that another government has stollen actual secrets from the US, reports it, gets fired, then wins a lawsuit and this is obscure news. But an advertising company puts up some signs in Boston and it is all over the news. Let's see, stolen government secrets vs. publicity stunt gone bad. Damn that mainstream media and their liberal bias!
http://www.popularculturegaming.com -- my blog about the culture of videogame players
However, if my job was to get disinformation out to people, I would call it secret, pay millions for security, but let it get stolen anyway.
Ya just gotta be paranoid to survive in this world.
I wasn't implying that it's all doom and gloom, what my point was, generally, was that if you don't like what corporations are doing, don't rail at the corporations, just change the profit structure to make the undesirable activity less profitable.
If you don't like people dumping toxic waste, make it riskier to do so (through increased enforcement), and make the loss greater in the event that you are caught (stiffer penalties). That's going to directly affect the economic decision to dump or not dump.
Rather than arguing about morality or ethics, I think it's more useful to just assume that all large organizations are going to be run by sociopaths, and build the laws to cope with it. If every once in a while, it turns out that one of them isn't, then all the better.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
It seems that the Carpenter debacle is only the latest of a string of management failures at the facility. A big of Googling turned up a cache of PDFs posted to a Los Alamos related web site (LANL, The Real Story). The site is no longer maintained, but available. The letters are PDFs of actual correspondence from Senator Grassley to the Secretary of Energy, the Department of Energy Inspector General, and other high-ranking officials regarding security problems and retaliation issues at Sandia. Sandia has a separate Corporate Investigations division, and in 2003 and 2004 they turned up some interesting items in their investigations. From the correspondence, however, it seems that Sandia management wasn't too pleased when they got the bad news from the investigators, who were simply trying to do their jobs.
The investigators were threatened, transferred to rodent-infested trailers, and were written up. According to two of the letters, Senator Grassley's office saved their jobs by intervening on their behalf, issuing several strong warnings to Sandia about retaliating against whistleblowers.
Here's some highlights: After investigating an incident in Sandia's SCIF (Sensitive Compartmented Information Facility) that involved alleged sexual liaisons between highly cleared staff members, the Sandia Vice President in charge at the time -- David Nokes -- ordered a subordinate to destroy a hard drive that was assigned as evidence to the investigation. The subordinate complied by "smashing the hard drive with a sledge hammer." The SCIF employee in question was also found to have been hacking into Sandia Intranet computers. It became impossible to find out exactly what the employee was doing after the drive was destroyed. The drive was presumably destroyed because the VP wanted to "avoid embarrassment" to the organization.
After being "forced" to resign, C. Paul Robinson and Mr. Nokes publicly sparred in the press. While this public display was going on, Dr. Robinson was quietly reinstating Mr. Nokes' security clearances and hiring him back as a "security consultant". Now that seems odd, given the circumstances of his departure. It was only until an unknown Sandia employee anonymously faxed Mr. Nokes' clearance reinstatement paperwork to Senator Grassley's office did the good Senator become aware of what was going on.
After the smoke cleared from Sandia executive management's "sham internal review" of what happened (the Senator's words, not mine), Sandia quietly handed out huge bonuses to the employees that toed the company line -- including the hard drive smasher (who was in charge of security at the SCIF). None of this became public until they were posted on the LANL site by -- you guessed it -- an anonymous person. The Albuquerque Journal ran a story about the huge bonuses and pay raises awarded to every employee that was disciplined in the matter in the fall of 2006. While disciplined publicly, they all received huge cash awards ($20,000 non-base award to the drive smasher) and unheard of pay raises. That seems like sort of a red flag to me, especially since the American tax payer is doling out the cash for this nonsense.
BTW, Sandia Corporation is a subsidiary of Lockheed Martin Corporation. It was set up as an at-will employer, so staff can be fired for any reason and at any time. A Government Accountability Office (GAO) report on the Department of Energy reimbursement of contractor litigation expenses can be found here: http://www.gao.gov/new.items/d04148r.pdf
The GAO found that almost all claims are summarily reimbursed by the DOE, even in cases of malfeasance, fraudulent conduct, etc ($330 million between 1998 and 2003). DOE contractors only picked up a paltry $12 million of the tab.
There's all kinds of goodies in the PDFs, so I won't ruin the suspense for those of you that are interested.
The Sandia National Laboratories / Senator Grassley docume
There seems to be an opinion among Sandia Laboratories management that they can interpret "just focusing on our job" as meaning "we are entitled to ignore evidence of penetration of defense contractors and/or government systems and sit on it". In my opinion every last one of those managers should be fired. et ... why not close down Sandia Laboratories in its entirety to prevent this sort of mentality from spreading? If this is the way those clowns view their job of protection of US interests who needs them?
And to top it all off ... they see fit to pile psychological pressurise on a loyal, responsable employee, and (the height of unprofessionalism) they try to blackmail him with his wife's job.
Has everyone grasped that Sandia management _actively_ tried to prevent this employee from cooperating with the FBI and Army Intelligence because it might (from the article) "bring unwanted attention to Sandia"? Am I alone in thinking that such conduct belongs in Soviet Russia of 30 years ago and not the US today?