[ISN] Six months later, Sandia back-hacker still waits for his $4.7M

From: InfoSec News (alerts@private)
Date: Thu Aug 23 2007 - 00:34:13 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032239

By Jaikumar Vijayan
August 22, 2007 
Computerworld

Six months after being awarded more than $4.7 million in damages and 
other costs stemming from a wrongful termination suit against Sandia 
National Laboratories, Shawn Carpenter, a former security analyst at the 
organization, has yet to collect a dime.

In the meantime, a 15% per year postjudgment interest fee added to the 
jury award has added more than $300,000 to the original amount since the 
February verdict.

"The way Sandia's current management and oversight contract is set up 
with the Department of Energy, they basically have an unlimited bucket 
of taxpayer money to fund their legal endeavors," Carpenter said. "The 
case will likely drag on for years."

A spokesman from Sandia did not immediately respond to a request for 
updates on the case. But in the past, the laboratory has said that while 
it respects the jury process, it intends to pursue its right to appeal 
the verdict all the way to the New Mexico Supreme Court, if need be. The 
lab has defended its right to able to discipline employees who violate 
its policies.

Carpenter, a onetime network intrusion-detection analyst at Sandia, was 
fired in January 2005 for sharing information related to an internal 
network compromise with the FBI and the U.S. Army. Sandia alleged that 
Carpenter had inappropriately shared confidential information he had 
gathered in his role as a security analyst for the laboratory.

Carpenter defended his actions by saying he had done so only in the 
interest of national security. He claimed that the intrusions he was 
investigating appeared to have been perpetrated by a Chinese hacking 
group called Titan Rain that had been linked to several serious 
incidents at various U.S. government agencies. Carpenter also claimed 
that he had tried unsuccessfully to get the information to the other 
agencies through proper channels at Sandia before deciding to share the 
information on his own with the other agencies.

After being fired by Sandia, Carpenter filed a lawsuit against the 
agency for wrongful termination.

In February, a New Mexico jury awarded Carpenter more than $4.3 million 
in punitive damages and more than $400,000 in other damages. A few weeks 
later, the New Mexico district court district presiding over the case 
added the 15% per year in postjudgment interest to the original award 
while Sandia's appeal worked its way through the courts. According to 
Carpenter, Sandia has hired three new attorneys in addition to the two 
previously handling the case to tackle the posttrial appeals process.

The costs involved in litigation for contracts such as Sandia have 
typically been reimbursed by the U.S. Department of Energy, Carpenter 
noted. He pointed to a 2003 report from the U.S. Government 
Accountability Office (GAO) that showed that the DOE reimbursed 
contractors for $330.5 million in litigation costs associated with 1,895 
cases from fiscal 1998 through March 2003. The amount included $249.4 
million for litigation costs and $81.1 million for judgments and 
settlements.

The GAO report noted that during the same period, the contractors 
themselves only spent only about $12 million of their own money. Rules 
regarding reimbursement of legal expenses to DOE contractors have been 
tightened. But they don't apply in his case, because it was filed before 
the new rules went into effect, Carpenter said.

"I'd like to see people take some responsibility for their actions, but 
that probably isn't going to happen," he said.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Thu Aug 23 2007 - 00:45:51 PDT