Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Hacker Awarded $4.3 Million

Posted by Zonk on from the now-i-want-to-be-a-reverse-hacker dept.

jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."

14 of 171 comments (clear)

  1. Gray and pointless. by Short+Circuit · · Score: 5, Interesting

    What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia.

    Of course, the judgement against Sandia will get passed on to the US Government in a "cost plus" contract...

    --
    tasks(723) drafts(105) languages(484) examples(29106)
    1. Re:Gray and pointless. by tha_mink · · Score: 5, Insightful

      What he did was arguably in a gray area...on his own time, he used "hacker techniques" (not my preferred wording, sorry. Read the article.) to track down stolen data on foreign sites. That he turned his results over to the FBI is good, even if it screwed over Sandia. Yeah, and how is that "Reverse Hacking"? Isn't that just "hacking"? (ok cracking or whatever) It's like when people say that someone is a "reverse racist". You're either racist or you're not. I didn't think that kind of thing works in a direction.
      --
      You'll have that sometimes...
    2. Re:Gray and pointless. by ArsenneLupin · · Score: 5, Funny

      It's like when people say that someone is a "reverse racist". The word you're looking for is "affirmative actor"...
    3. Re:Gray and pointless. by Mysticalfruit · · Score: 5, Insightful

      Well, let's go on the premise that this was an honest situation and not some nutty cooked up idea to lead the american people into another foolish military adventure.

      This is what we know.
      1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
      2. He informed his employer that sensitive data was being stolen.
      3. His employers did nothing because they're incompetent nitwits.
      4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
      5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.

      Now beyond that, the whole lawsuit thing is frivilous. If I were this guy I would have walked into my congressmans office and started the conversation with, "Wanna hear how a goverment agency that gets billions of dollars of taxpayers money is letting its secrets get stolen?" I would then sit back and let the shit storm begin.

      As for the dishonest deeds, I think it started with the people who were breaking into american computer systems and stealing the data.

      Though I've always asked this question: If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet???? Setup a secure isolated network and call it a deal!

      --
      Yes Francis, the world has gone crazy.
    4. Re:Gray and pointless. by Nykon · · Score: 5, Funny

      "If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet????"

      Umm hellllo. How do you expect the scientists to check their myspace?? ;-)

      --
      "It's better to be a pirate then join the Navy"
  2. Am I The Only One Alarmed By.... by Fried-Psitalon · · Score: 5, Interesting

    ....the fact that a corporation was holding its own interests over that of its founding nation?

    I mean, hey, great - I'm really glad this guy got the compensation very much due him. What worries me more is that the article didn't read "Corporation ignores serious national security concerns because there was no obvious profit."

    I always wonder... do businesses really think they're immune to the affairs of their "mother country?" I'm quite sure any corporation that sees most of its factories razed would find their bottom line hit pretty hard.

    Granted, I'm a teacher by trade, and I don't have that same mindset... but even as a human being, I'm going to tend to the security of the nation that keeps carbombs off my streets before I tend to the profits of fat-cat, tax-dodging boss.

    Patriotism isn't an archaic concept; it's a survivalist one.

    --
    The ability to communicate well does not directly correspond to the ability to communicate intelligently.
    1. Re:Am I The Only One Alarmed By.... by Short+Circuit · · Score: 5, Interesting

      (Note: My brother's a submariner in the US Navy.)

      It's nothing new. When the US Navy put the contract to develop a new screw(propellor) for US submarines, the specifications made it virtually silent. One company went so far as to build the machine to build the screw, but ended up not getting the contract. Rather than write the whole thing off, they sold the machine to the Chinese.

      Long story short, Chinese subs are now just about as quiet as American subs.

      --
      tasks(723) drafts(105) languages(484) examples(29106)
    2. Re:Am I The Only One Alarmed By.... by hey! · · Score: 5, Insightful

      I always wonder... do businesses really think they're immune to the affairs of their "mother country?"


      Of course they do. Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."

      For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with. We should not expect patriotic, or even moral behavior from them. Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with. A committed person can get more from his coworkers and superiors, they are individuals after all and most of the time they usually have at least a common sense of decency that can be appealed to. But turn your back and you're right back to the bottom line.

      This is especially insidious because people judge themselves, not against principles, but by how they compare to others. When other people are going along with something, there is a strong presumption that it must be OK. People will rationalize what they do to make it seem right, before they change what they do to conform to their own ideas of right, until eventually they lose sight of the difference between right and wrong. That's why good people end up doing bad things.

      So we should not be shocked or suprised by this. This is the reason we have laws, and legal relief for unjust actions taken by corporations in their selfish financial interests. To force basic moral and civic responsiblity on organizations which are by design simple profit generating machines.

      It's not shocking that corporations behave amorally. Nor is it punitive to reign them in when they use the special privileges they have been granted abusively. It's just realistic.
      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    3. Re:Am I The Only One Alarmed By.... by MightyYar · · Score: 5, Funny

      Someone really should try to implement his ideas on a country-wide scale.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    4. Re:Am I The Only One Alarmed By.... by mblase · · Score: 5, Funny

      "A capitalist will sell you the rope you will hang him with if he can make profit on it." - Lenin

      "I'm sorry, but the knot you're tying in that noose is copyrighted and patented by my corporation, and in any event the end user license specifically forbids using it to hang their employees or those of organizations doing business with them. I have a cease-and-desist order right here, and I'm afraid I'll need to ask for the names, addresses, phone numbers, and social security numbers of all your executioners past and present to ensure they're not in violation of our intellectual property."

  3. Re:What Is A "Reverse Hacker"? by SighKoPath · · Score: 5, Insightful

    Maybe a better term would be "Counter-hacker?" I don't know, really... from the article, it sounds like he hacked their hackers.

  4. Most amazing quote from the article by yppiz · · Score: 5, Interesting
    This was his "exit interview" at Sandia, and I am guessing a big reason for the award:

    http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9011832&pageNumber =3

    What happened then?

    During my last meeting with Sandia management, a semicircle of management was positioned in chairs around me and Bruce Held [Sandia's chief of counterintelligence]. Mr. Held arrived about five minutes late to the meeting and positioned his chair inches directly in front of mine. Mr. Held is a retired CIA officer, who evidently ran paramilitary operations in Africa, according to his deposition testimony.

    At one point, Mr. Held yelled, "You're lucky you have such understanding management... if you worked for me, I would decapitate you! There would at least be blood all over the office!" During the entire meeting, the other managers just sat there and watched.

      At the conclusion of the meeting, Mr. Held said, "Your wife works here, doesn't she? I might need to talk to her." [Editor's note: In court testimony, Held admitted using the word "decapitated" and that he wouldn't contest using the word "blood" although he didn't recall saying it. He also apologized for using those terms.]

    Indeed, my wife did work there -- in Sandia's International Programs section, working on nuclear counter-proliferation, port and border security issues. In the context of that meeting, it was a chilling comment. Shortly after the meeting, which management described at trial as "a fact-finding session with Mr. Carpenter," my director showed up at my office, escorted me to the gate and stripped me of my badge. That was the last time I was ever at Sandia. [Carpenter's wife resigned and is now a White House fellow working as a special assistant to top-ranking government officials.

  5. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  6. Senator Grassley Letters regarding Sandia Failures by bitgusher · · Score: 5, Informative

    It seems that the Carpenter debacle is only the latest of a string of management failures at the facility. A big of Googling turned up a cache of PDFs posted to a Los Alamos related web site (LANL, The Real Story). The site is no longer maintained, but available. The letters are PDFs of actual correspondence from Senator Grassley to the Secretary of Energy, the Department of Energy Inspector General, and other high-ranking officials regarding security problems and retaliation issues at Sandia. Sandia has a separate Corporate Investigations division, and in 2003 and 2004 they turned up some interesting items in their investigations. From the correspondence, however, it seems that Sandia management wasn't too pleased when they got the bad news from the investigators, who were simply trying to do their jobs.

    The investigators were threatened, transferred to rodent-infested trailers, and were written up. According to two of the letters, Senator Grassley's office saved their jobs by intervening on their behalf, issuing several strong warnings to Sandia about retaliating against whistleblowers.

    Here's some highlights: After investigating an incident in Sandia's SCIF (Sensitive Compartmented Information Facility) that involved alleged sexual liaisons between highly cleared staff members, the Sandia Vice President in charge at the time -- David Nokes -- ordered a subordinate to destroy a hard drive that was assigned as evidence to the investigation. The subordinate complied by "smashing the hard drive with a sledge hammer." The SCIF employee in question was also found to have been hacking into Sandia Intranet computers. It became impossible to find out exactly what the employee was doing after the drive was destroyed. The drive was presumably destroyed because the VP wanted to "avoid embarrassment" to the organization.

    After being "forced" to resign, C. Paul Robinson and Mr. Nokes publicly sparred in the press. While this public display was going on, Dr. Robinson was quietly reinstating Mr. Nokes' security clearances and hiring him back as a "security consultant". Now that seems odd, given the circumstances of his departure. It was only until an unknown Sandia employee anonymously faxed Mr. Nokes' clearance reinstatement paperwork to Senator Grassley's office did the good Senator become aware of what was going on.

    After the smoke cleared from Sandia executive management's "sham internal review" of what happened (the Senator's words, not mine), Sandia quietly handed out huge bonuses to the employees that toed the company line -- including the hard drive smasher (who was in charge of security at the SCIF). None of this became public until they were posted on the LANL site by -- you guessed it -- an anonymous person. The Albuquerque Journal ran a story about the huge bonuses and pay raises awarded to every employee that was disciplined in the matter in the fall of 2006. While disciplined publicly, they all received huge cash awards ($20,000 non-base award to the drive smasher) and unheard of pay raises. That seems like sort of a red flag to me, especially since the American tax payer is doling out the cash for this nonsense.

    BTW, Sandia Corporation is a subsidiary of Lockheed Martin Corporation. It was set up as an at-will employer, so staff can be fired for any reason and at any time. A Government Accountability Office (GAO) report on the Department of Energy reimbursement of contractor litigation expenses can be found here: http://www.gao.gov/new.items/d04148r.pdf

    The GAO found that almost all claims are summarily reimbursed by the DOE, even in cases of malfeasance, fraudulent conduct, etc ($330 million between 1998 and 2003). DOE contractors only picked up a paltry $12 million of the tab.

    There's all kinds of goodies in the PDFs, so I won't ruin the suspense for those of you that are interested.

    The Sandia National Laboratories / Senator Grassley docume