- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
Network World - A recent Forrester Research report found that as far as CEOs are concerned, IT groups perform up to expectations (hooray!), but those expectations are low (boo). In other words, CEOs think about IT the way Congress thinks about the proposed surge of troops to Iraq: They're willing to vote against it, but the vote will be nonbinding.
Yep, low expectations are part and parcel of what people expect of complex situations and large organizations. Consider the case of Shawn Carpenter: He expected that his employer, Sandia National Labs, as well as the Army and the FBI, would care about national security enough to do something about a major hacking attack. His expectations were way too high.
In 2004 Carpenter discovered that Chinese hackers had been mounting a series of attacks on major American networks. These attacks had been in progress since at least 2003, and the U.S. government (in the guise of the Army and the FBI, as far as I can tell) even had a name for them: Titan Rain.
Carpenter found out that Sandia Labs was under attack, so he took the story to Sandia's security wonks. Popular opinion has it that the Sandia security people wanted to avoid "embarrassment" and wanted him to drop it.
Carpenter didn't drop it. He somehow got tied in with U.S. Army counterintelligence, which, in turn, hooked him up with the FBI. Eventually, the FBI got cold feet and also requested that Carpenter desist.
You may wonder why the FBI would get chicken-hearted. The reason was Carpenter was hacking to find the hackers and in the process doing things that are illegal, such as cracking routers and installing spyware.
It was at this point that Sandia found out what Carpenter was doing (again, how they found out isn't clear) and not only fired him, but also had his security clearance canceled. The word on the street (I love that phrase, but actually it was Time Magazine) is that the head of Sandia's security wanted him "punished for disobeying his demands not to inform outside law enforcement agencies."
Carpenter took Sandia to court in 2006 and last week prevailed, with the jury finding Sandia guilty of firing Carpenter "in violation of public policy." Better yet for Carpenter, they awarded him $4.7 million in damages! Of course, Sandia will appeal, but at least Carpenter has been vindicated. He also got his security clearance back and is working for another government department.
Various commentators have characterized Carpenter as "pig-headed" and "stubborn," and certainly he was committed to finding the hackers in a way that wasn't self-preserving. On the other hand, he sincerely believed that what he was doing was in the national interest, and we should applaud him for that.
Now, what of his illegal hacking? Obviously the FBI must have been encouraging him for the obvious reason that he could get results quickly and they couldn't. As I understand it, if the FBI wants to attempt such activities, it has to fill out forms in triplicate, after which they are lost, found, lost again, buried in soft peat for three months and recycled as fire lighters.