Feeds

Employee fired for probing bad guys awarded $4.7m

Termination was 'malicious, willful, reckless, wanton'

3 Big data security analytics techniques

A jury has awarded a former security analyst for Sandia National Laboratories $4.7m after he was fired for conducting his own investigation into computer attacks and taking his findings to authorities of a separate agency.

The judgment was more than twice the amount sought by Shawn Carpenter, who was dismissed by Sandia in January, 2005, according to FCW.com and other news outlets. The jury said the termination was "malicious, willful, reckless, wanton, fraudulent or in bad faith."

Carpenter initiated his investigation after detecting attacks on Sandia's network that originated from China, Romania, Italy and other countries and have come to be known as Titan Rain. After learning that similar attacks had been unleashed on Army bases and US contractors, Carpenter asked his superiors for permission to reverse-engineer the hacks so he could track down the perpetrators. His request was denied.

But Carpenter investigated them anyway, partly at the request of the FBI. When Sandia officials caught wind of the unsanctioned probe, Carpenter was fired.

A spokesman told us Sandia officials are disappointed and are considering whether to appeal. But he declined our request to discuss, even in the most general terms, their policies relating to the investigation of attacks that target their networks.

The episode underscores the morass confronting those trying to secure some of the world's most sensitive networks. Limited resources and bureaucratic rivalries have long been a challenge in reining in organized crime and espionage, and the growing wave of ever more sophisticated computer-generated rackets is making matters worse.

Notwithstanding some high-profile convictions against botnet ringleaders and other cybercrooks, much of the enforcement these days comes from self-appointed take-down groups such as PIRT (Phishing Incident Reporting and Termination), manned by individuals who donate their time and resources to help eliminate online menaces.

Philip Davis, an attorney who represented Carpenter, told PCWorld the verdict was a "vindication of his decision to do the right thing and turn over the information he obtained to the proper federal authorities in the interests of national security". ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.