Interview with Sandia Whistleblower
Interesting interview with Shawn Carpenter, the Sandia National Labs whistleblower who just won a $4.3 million lawsuit for wrongful termination.
What prompted you to conduct that independent investigation into the Sandia intrusion in the first place? As a network intrusion detection analyst, I regularly used similar “back-hacking” techniques in the past to recover stolen Sandia password files and retrieve evidence to assist in system and network compromise investigations.
We were able to better defend our networks as a direct result of the intelligence we gained. I authored in-depth analyses of these intrusions that were sent for reporting and educational purposes to the Department of Energy’s (DOE) Computer Incident Advisory Capability (CIAC), investigators at the DOE Inspector General (IG), Sandia Counterintelligence, DOE Cyber Counterintelligence, Sandia IT management and my entire department. Even to a novice, it was obvious after reading the analyses how intelligence was gleaned on the adversaries.
For example, phrases substantially similar to this were used in my reports: “I used their credentials to access the systems in Brazil and China, identify their hacking tool caches, and [pulling] down all of their tools, e-mails and other information to aid in their identification.” Numerous exhibits of these activities were presented at trial for the jurors. In a meeting with them after the verdict was rendered, even the less cyber-savvy folks understood what the e-mails represented.
What were you hoping to achieve through this investigation? My objective started out with a purpose similar to the other investigations I engaged in while at Sandia. The difference in this instance was that the rabbit hole went much deeper than I imagined.
In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked “Lockheed Martin Proprietary Information Export Controlled” that were associated with the Mars Reconnaissance Orbiter. Ironically, Sandia Corp., the private company that manages Sandia National Laboratories, is a subsidiary of Lockheed Martin Corp. It was this discovery that prompted my meeting with [supervisors] and when I was told that “it was not my concern.” Later, I turned it over to the U.S. Army and the FBI and helped investigate how it was taken and where the path led.