Reverse-hacker wins $4.3 million in suit against Sandia
Shawn Carpenter dismissed after discovering a Chinese gang accessing the lab’s computer; decision to share data with the FBI and Army upset superiors; verdict seen as a victory for whistleblowers
What with Los Alamos under continued fire for security lapses at that sensitive national labaoratory, it is disconcerting to hear that Sandia is not only suffering similar problems — it seems more concerned about whisteleblowers than with the criminals trying to access its senstive files. In a recent case involving a Chinese cyber espionage group nicknamed Titan rain, which has carried out numerous attacks against US government, military and commercial interest, the gang managed to penetratate Sandia’s computers and get a hold of numerous military documents and information regarding Lockheed Martin schematics. Yet the person who received the worst punishment — dismissal — was Shawn Carpenter, the employee who first detected the breach.
After detecting an intrusion into Sandia’s network, Carpenter reverse-hacked his way into the group’s servers — an independent decision that led eventually to his firing. There he found information not just from Sandia but from other military, government, and commercial sources. After his supervisors inexplicably refused to act on the information, Carpenter handed his data and techniques over to the FBI and relevant sections of Army counterintelligence unit. When his supervisors discovered this supposed betryal, they terminated him for using his position to share confidential information he had obtained while working for Sandia. Like any warmblooded American would, Carpenter sued Sandia for wrongful termination. A jury earlier this month awarded Carpenter $4.3 million. The case, said attorney Philip Davis sends an “unambiguous message that national security comes first.”
-read more in Jaikumar Vijayan’s Computer World report