Chinese Cyber Spies and the idiocy of Bureaucracy

I read my way through an interesting article today that was both encouraging and dissapointing at the same time. It boils down to this, an information security guy working for “Sandia National Laboratories” finds evidence that some group of hackers is really trying thier best to access Sandias resources, and those of other Federal organizations as well. For those that don’r know what Sandia really is it’s described in the Sandia FAQ’s as “Sandia is a government-owned/contractor operated (GOCO) facility. Lockheed Martin manages Sandia for the U.S. Department of Energy’s National Nuclear Security Administration”, you know, just simple stuff like guarding Americas Nuclear Weapons programs.

This guy, Shawn Carpenter, gets a lead on the activity and pursues the evidence trail, and after much hard work finds the source of the activity. The following excerpt describes the severity of the hack.

“The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter’s eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn’t until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat. Methodical and voracious, these hackers wanted all the files they could find, and they were getting them by penetrating secure computer networks at the country’s most sensitive military bases, defense contractors and aerospace companies.”

Now, knowing what he knows, he goes to his immediate supervisors and is told to stand down, he then goes to the FBI and is encouraged to continue “under cover”. After making much headway into the case his activites are found out and he is terminated from Sandia Labs.

“They fired him and stripped him of his Q clearance, the Department of Energy equivalent of top-secret clearance. Carpenter’s after-hours sleuthing, they said, was an inappropriate use of confidential information he had gathered at his day job. Under U.S. law, it is illegal for Americans to hack into foreign computers.”

Now, true, it is illegal but only if you get caught by someone who gives a shit, in the interests of National Security lets continue shall we? Hell the Feds do it all the time and they dont get fired. So, our hero tracks the activity back to China and a network that is showing hostile activity 24 x 7. He bugs the edge router with a trojan/logger and mines them for all the data he can, a sample of this is below:

“Carpenter copied a huge collection of files that had been stolen from Redstone Arsenal, home to the Army Aviation and Missile Command. The attackers had grabbed specs for the aviation-mission-planning system for Army helicopters, as well as Falconview 3.2, the flight-planning software used by the Army and Air Force.”

For work like this he loses his job and security clearance from Sandia (although he does get hired by a contracting firm and susequently gets his clearance back) he should be rewarded and transferred to a section of the Fed that can best use his talents…. the NSA comes to mind.

Carpenter had this to say about his situation:
“Carpenter says he has honored the FBI’s request to stop following the attackers. But he can’t get Titan Rain out of his mind. Although he was recently hired as a network-security analyst for another federal contractor and his security clearance has been restored, “I’m not sleeping well,” he says. “I know the Titan Rain group is out there working, now more than ever.”

The entire article is six pages long but well worth the few minutes it will take to read, go ye and read the whole gory thing and do some googling on some of the info contained in the article and you should come away more informed for your efforts.


3 Responses to “Chinese Cyber Spies and the idiocy of Bureaucracy”

  1. nukesquirrel Says:

    Carpenter certainly seems a bit naive, but that’s no excuse for how he was treated by Sandia. It doesn’t really come as a suprise to me, however. I recently fled another Department of Energy Laboratory, Los Alamos, after working there for over 19 years. These national research laboratories were once bastions of science, where the research was the top priority. Over the past five years or so, however, the emphasis has greatly shifted to “how much money can you bring in?” The decline of the quality of management has been happening for much longer than the past five years. Nepotism and favoritism is rampant, with cronies hiring other cronies that toe their lines. Management wants other managers that will simply agree with everything they say. If you express your professional opinion openly too many times, no matter what the substance of your arguments, you will soon find yourself transferred — sometimes right out of a job. The blowhards running the show these days want taxpayer and private sector money — at any cost. If it means falsifying test results and deceiving the customers, so be it. As long as you keep rolling in funding, you’re good to go. Oppenheimer would be devastated if he could see what these labs have become. It is inevitable that most of the larger laboratories (Sandia, LANL, Livermore) will be folded into one to cut costs. The dead weight at the top needs to be thrown overboard, and real patriots with scientific vision and most importantly — integrity — need to take the helm. The Carpenter case is another outrageous example of how screwed up our priorities are.

  2. I agree that he seemed a bit naive, that sort of work requires alot of precautions, “covering your ass” is one that goes without saying.

    That is some interesting insight into the managment problems at the assorted “Labs”. It sounds just like the problem at most big businesses, albiet worse because of the added bureauracracy and politics… I could only imagine that resistance to the “intelligence agencies reform” that is going on under the Dept. of Homeland Security.

    Thanks for stopping by and taking the time to comment btw.


  3. wiresnsparks Says:

    Hey Blackflag!

    Here’s a great conclusion to the Carpenter cyberspy story (and the idiocy of Sandia bureacracy)that was apparently very expensive for Sandia National Laboratories. Also see reporting from TIME, Computerworld, The Register, and Network World. Looks like heads will be rolling at this place.

    TIME – A Security Analyst Wins Big in Court –,8599,1589735,00.html

    Computerworld – Reverse Hacker Wins $4.3 Million in Suit Against Sandia National Laboratories –,8599,1589735,00.html

    The Register – Employee Fired for Probing Bad Guys Wins $4.7 Million –

    Network World – High Expectations and Hacking –

    From the February 14, 2007, Albuquerque Journal, front page:


    Wednesday, February 14, 2007
    Sandia Hacker Gets $4 Million
    By Scott Sandlin
    Copyright © 2007 Albuquerque Journal; Journal Staff Writer
    A jury delivered a strong— and expensive— message to Sandia National Laboratories on Tuesday, awarding more than $4 million to a cybersecurity analyst who was fired after going “over the fence” to the FBI with information about national security breaches.
    The 13-person state district court jury determined that Sandia’s handling of Shawn Carpenter’s termination was “malicious, willful, reckless, wanton, fraudulent or in bad faith.”
    “If they (Sandia) have an interest in protecting us, they certainly didn’t show it with the way they handled Shawn,” said juror Ed Dzienis, a television editor.
    The verdict was a “clear and unambiguous” message to Sandia and other contractors “that the national security, and not the interest of the corporation, is and must always be their primary concern,” Carpenter attorney Phil Davis said.
    Jurors awarded Carpenter $387,537 in lost wages, benefits and damages for emotional distress resulting from his January 2005 firing by Sandia Corp., which operates the lab.
    But the jury’s big message was in the punitive damages.
    Jurors, after hearing a week of testimony before Judge Linda Vanzi, more than doubled the $2 million requested by Carpenter attorneys Thad Guyer, Stephani Ayers and Davis.
    Carpenter, whose job involved finding breaches in Sandia’s computer networks, followed the trail of computer hackers around the globe in the latter half of 2004. His “backhacking” discovered stolen documents about troop movements, body armor and more, but he testified that his bosses told him to concern himself only with Sandia.
    After agonizing discussions with his wife, then a Sandia researcher and later a White House fellow, he instead reached out almost immediately to the Army Research Laboratory. He eventually was passed to the FBI and shared his findings with that agency during a series of meetings, some of which he recorded.
    Although Carpenter had told line supervisors he was working with an unspecified outside agency, Sandia fully learned of his work when the FBI talked to Sandia counterintelligence. Less than three months later, Sandia officials fired him after meetings in which no minutes were taken and no record made until after the fact.
    Jury forewoman Alex Scott said jurors were upset by the lack of documentation of that process and by the “reckless behavior on the part of Sandia to not have adequate policies in place for employees about hacking, and the cavalier attitude about national security and global security.”
    Jurors were not unanimous, however. The civil jury required 10 of 13 to vote on a question before moving to the next one. Juror Elizabeth Bornholdt, a retired home economist, said she did not believe Carpenter had done all he could to secure authorization for backhacking before going outside Sandia with the information. She said the case wasn’t as “cut and dried” as some jurors saw it.
    She voted against liability for Sandia, but even she said the corporation had been “lax” about following up when Carpenter told his supervisors that he was working with an outside agency. And she said top management “didn’t seem to know what was going on.”
    Juror David Miertschin, an architect, said he found “egregious” the comments made by Sandia counterintelligence chief Bruce Held during a meeting to decide Carpenter’s fate.
    Held told Carpenter that if he’d been working for him and had done such unauthorized work, he would have been “decapitated, or at least would have left the room bloody.” Held said the comment was a relic of his earlier CIA career and he was reprimanded for it, but Miertschin said he was disturbed by how Held and subsequent witnesses minimized the comments.
    The special verdict form submitted to the jury does not disclose the numerical breakdown of the vote.
    Carpenter cried as the verdict was read.
    Jurors later hugged Carpenter as he joined his lawyers in the jury room.
    Sandia released a statement saying an appeal is under consideration.
    “We are disappointed with the verdict but still maintain that when employees step beyond clear boundaries in a national security setting, there should be consequences,” Sandia spokesman Michael Padilla said.
    Carpenter, now working with a top-secret clearance for a State Department contractor in the Washington, D.C., area, said he felt a powerful sense of exoneration. But even before the verdict, he said he would be happy to have had his day in court.
    “The point for us all along was this is bad for the country to have contractors like Sandia Corp. behaving this way— with impunity,” said his wife, Jennifer Jacobs, a nuclear engineer and West Point graduate who testified in the trial.
    “And if other citizens don’t do this, it’s the beginning of the end for our country. That’s what we kept coming back to: This is what we have to do, because it’s what we expect of others.”
    More on this story from the Journal’s archive:
    Jurors Get Sandia Hacker Case Feb. 13, 2007
    Testimony Ends in Sandia Suit Feb. 10, 2007
    Sandia Boss Details Firing Feb. 9, 2007
    FBI Wanted ‘Backhacking’ Employee Feb. 8, 2007
    Man Describes ‘Backhacking’ Feb. 7, 2007
    Analyst Sues Over Firing Feb. 6, 2007
    Battle Against Hackers Costs Employee Job Sept. 15, 2005
    All content copyright © and Albuquerque Journal and may not be republished without permission. Requests for permission to republish, or to copy and distribute must be obtained at the the Albuquerque Publishing Co. Library, 505-823-3492.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: