Feeds

Employee fired for probing bad guys awarded $4.7m

Termination was 'malicious, willful, reckless, wanton'

Security for virtualized datacentres

A jury has awarded a former security analyst for Sandia National Laboratories $4.7m after he was fired for conducting his own investigation into computer attacks and taking his findings to authorities of a separate agency.

The judgment was more than twice the amount sought by Shawn Carpenter, who was dismissed by Sandia in January, 2005, according to FCW.com and other news outlets. The jury said the termination was "malicious, willful, reckless, wanton, fraudulent or in bad faith."

Carpenter initiated his investigation after detecting attacks on Sandia's network that originated from China, Romania, Italy and other countries and have come to be known as Titan Rain. After learning that similar attacks had been unleashed on Army bases and US contractors, Carpenter asked his superiors for permission to reverse-engineer the hacks so he could track down the perpetrators. His request was denied.

But Carpenter investigated them anyway, partly at the request of the FBI. When Sandia officials caught wind of the unsanctioned probe, Carpenter was fired.

A spokesman told us Sandia officials are disappointed and are considering whether to appeal. But he declined our request to discuss, even in the most general terms, their policies relating to the investigation of attacks that target their networks.

The episode underscores the morass confronting those trying to secure some of the world's most sensitive networks. Limited resources and bureaucratic rivalries have long been a challenge in reining in organized crime and espionage, and the growing wave of ever more sophisticated computer-generated rackets is making matters worse.

Notwithstanding some high-profile convictions against botnet ringleaders and other cybercrooks, much of the enforcement these days comes from self-appointed take-down groups such as PIRT (Phishing Incident Reporting and Termination), manned by individuals who donate their time and resources to help eliminate online menaces.

Philip Davis, an attorney who represented Carpenter, told PCWorld the verdict was a "vindication of his decision to do the right thing and turn over the information he obtained to the proper federal authorities in the interests of national security". ®

Security for virtualized datacentres

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.