Shawn Carpenter

Shawn Carpenter and Digital Vigilantism


Many things can describe Shawn Carpenter – an IT geek, employee, and a whistleblower. But, do the terms “digital vigilante” and “traitor” also fall in this descriptive bracket? Here is the course of a milestone event in Shawn’s career and the things he did which now have him featured on the list of whistleblowers all around the world.

The Trigger

The summer of 2003 was a rather peaceful one for Shawn Carpenter. Well, at least, as peaceful as it gets for a security analyst residing in New Mexico. He was thirty-five and was working with the cybersecurity team of Sandia National Laboratories in Albuquerque.

Sandia Lab is owned and operated as a subsidiary of Honeywell International. Sandia is also one of the three National Nuclear Security Administration Research and Development labs in the United States. The primary function of Sandia is to develop, engineer, and consequently test non-nuclear elements of nuclear weapons.

During Shawn’s tenure, Sandia Labs was managed by the defense contractor of Lockheed Martin. Chaos struck when it was reported to Shawn’s team that some of the computers at the Lockheed Martin office started crashing out of the blue. This put operations in emergency mode and Carpenter and his team got on the next flight to Orlando – where the Lockheed Martin office was located.

Made in China

What Carpenter’s team discovered at Lockheed Martin was not surprising. The computers were most definitely hacked by people associated with the Chinese government.

China is notorious for conducting acts of cyber espionage against the US defense for several years. These were not some independent dissent sects shooting out of China, but proper ones that were affiliated with the Chinese government.

The instances have not come to a standstill even after such heavy public call-outs of China. There have been incidents as recent as 2014 where five hackers from the People’s Liberation Army in China stole blueprints from electrical, energy, and steel companies in the United States.

Dennis Blair, an ex-director of the National Intelligence has publicly put out a statement in the Times that, “Chinese companies have stolen trade secrets from virtually every sector of the American economy.”

The Examination

After having a close look at the office’s network in Orlando, Carpenter and his team found out the presence of several “rootkits” (software that hackers used for digital disguise so that their intrusions go undetected), multiple files that were either compressed or encrypted which were just waiting to be looked at by unauthorized people, and malicious software that seemed to be “throwing off” a server to China.

This was a high-level hack and the utmost level of professionalism was expected from Carpenter when he had to come up with a solution, considering the gravity of the issue at hand. The man suggested to “hack backward” to get to know who the perpetrators were.

Hacking back essentially meant that the team would trace the servers and all the malware present on their computers and reverse engineer it to get into the thieves’ computer without their authorization.

However, to his disappointment, this tactic was shot down by his superiors at Sandia since ‘hacking back’ was actually against the federal law. According to the 1986 Congress Act, any sort of hacking “without authorization” is a crime and is strictly prohibited.

This tactic could also draw unwanted attention or have repercussions that would be much more volatile than the actual breach itself. Thus, succumbing to the seniors, the team just scrubbed clean the computers at Lockheed Martin and headed back home.


After the Sandia incident, Shawn became restless. He knew a sure shot way of tracking down perpetrators and thought that the law out of all things should not help them get away with this. He wanted to keep chasing them. He finally decided to go ahead.

Credits: The New Yorker

He built a mechanism which was essentially a trap for the hackers. He made the digital persona of a government employee who was mindlessly storing these confidential files on his computer. “Honeypots” is what these files were called. These are caches of documents that trick hackers into thinking that they’re inside a targeted system when actually, they are just inside a well-curated replica.

Carpenters honeypots had intelligence documents that were declassified but that wouldn’t be clear to the hacker immediately. He also created a made-up search history of this fictional employee he was impersonating. It was carefully made to look real.

As soon as the documents were uploaded, there were immediate hacker attacks. Carpenter tracked these attacks – an act to catch perpetrators but one that was also illegal.

“I had a fairly decent understanding of the law,” Carpenter said. “But I knew I had no intent for financial gain. And I was pissed that they were stealing all this shit and nobody could f****** do anything.”

This agenda of Shawn Carpenter lasted for longer than expected. He is now on record saying that the “rabbit hole went much deeper than I imagined”.

Whenever the hackers were active, i.e., working hours in China, Carpenter stayed awake too. He spent multiple sleepless nights and after ten months of grueling drama which was unknown to the world or his employers, he finally got the bait.

The hackers were tracked to South Korea which then led to the main base of Guangdong in China. These systems had millions of confidential files and hundreds of gigabytes of stolen documents.

The  Expose

Instead of going to his employers, Carpenter decided to approach the F.B.I. He knew that it was a rocky space to be in, but in a perilous situation, he would get some protection and someone to vouch for him if he were to go behind the bars.

An agent named David Raymond was given the case who was particularly startled by the incriminating information that was found. “You have caused quite a stir, in a good way”, said Raymond.

Shawn and his wife were anxious about how reliable the agent or the F.B.I. was but they ensured him time and again that he would not be prosecuted if he just cooperated with their investigation.

Soon after, while investigations were still underway, Sandia was made privy to the whole debacle, particularly, Bruce Held, Sandia’s counterintelligence head. He did not take it well. He was extremely frazzled by the fact that an employee committed a federal crime on the pretext of salvaging a matter that had been already dealt with.

In a meeting with Shawn, things got very volatile and Shawn was fired on the spot. Meanwhile, things also caught national attention. Shawn’s story and the expose were reported on the September 5th issue of Time magazine. His long kept secret was out.

The Trial

Shawn’s actions were well-intentioned and were at the bottom of it all, not done for any personal gain. It was head underwater now and he filed for a wrongful termination suit in 2005. His defense was that he just outed criminals to the due authorities and he shouldn’t be punished for it.

Finally, after a long drawn battle in a trial in 2007, Shawn was seen to fight a well-intended digital battle. The jury agreed with this and sided with him and awarded him USD 4.7 million in damages.

The story of Shawn Carpenter walks on the fine line of law and justice. A man compromised his name or reputation to bring justice to the company affected by the crime and suffered for it. While things did work out in the end, his story proves that history and the law don’t always favor the good side.

Image Credit: Global Foundry