Q&A: Reverse hacker describes ordeal
You claimed you never were given an opportunity to get the information you uncovered to the proper authorities at the other organizations. Why was that? I attempted several times to find a Sandia channel to get the information to the organizations that were impacted. At the first meeting with my supervisor and the Sandia information security manager, [the supervisor] stated "we don't care about any of this. We only care about Sandia computers."
After I insisted that there must be a way to throw the information "over the fence" to Sandia's counterintelligence organization or other federal and military authorities, he said that I was forbidden from doing this, and that it "wasn't my job." A Sandia counterintelligence manager and my immediate supervisor recanted pages of their previously sworn deposition testimony and conceded that a meeting that they allegedly had with me to provide me with a channel to get the information to the proper authorities never happened.
Why do you think Sandia acted the way it did? This was the first time that my activities uncovered evidence that entities outside Sandia were compromised, and data was being stolen. They were not willing to contact the proper authorities because outside law enforcement would certainly inquire about how the data was obtained -- bringing unwelcome scrutiny upon Sandia. It was a case of putting the interests of the corporation over those of the country.
What happened then? During my last meeting with Sandia management, a semicircle of management was positioned in chairs around me and Bruce Held [Sandia's chief of counterintelligence]. Mr. Held arrived about five minutes late to the meeting and positioned his chair inches directly in front of mine. Mr. Held is a retired CIA officer, who evidently ran paramilitary operations in Africa, according to his deposition testimony.
At one point, Mr. Held yelled, "You're lucky you have such understanding management& if you worked for me, I would decapitate you! There would at least be blood all over the office!" During the entire meeting, the other managers just sat there and watched. At the conclusion of the meeting, Mr. Held said, "Your wife works here, doesn't she? I might need to talk to her." [Editor's note: In court testimony, Held admitted using the word "decapitated" and that he wouldn't contest using the word "blood" although he didn't recall saying it. He also apologized for using those terms.]
Indeed, my wife did work there -- in Sandia's International Programs section, working on nuclear counter-proliferation, port and border security issues. In the context of that meeting, it was a chilling comment. Shortly after the meeting, which management described at trial as "a fact-finding session with Mr. Carpenter," my director showed up at my office, escorted me to the gate and stripped me of my badge. That was the last time I was ever at Sandia. [Carpenter's wife resigned and is now a White House fellow working as a special assistant to top-ranking government officials.]
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!