The analyst, Shawn Carpenter, 36, filed suit last week in New Mexico for defamation and wrongful termination. He is speaking up now as a whistleblower, he says, because he believes his story demonstrates the need for reforms that would enable the U.S. to respond more effectively and forcefully against cyberthreats.
The FBI has acknowledged working with him: evidence collected by TIME shows that FBI agents repeatedly assured him he was providing important information to them. Less clear is whether he was sleuthing with the tacit consent of the government or operating as a rogue hacker. At the same time, the bureau was also investigating his actions before ultimately deciding not to prosecute him, writes TIMEs Nathan Thornburgh in The Invasion of the Chinese Cyberspies (and the Man Who Tried to Stop Them). Thornburgh reveals how the Titan Rain attacks were uncovered, and how they are now under investigation by the Pentagon, the FBI and the Department of Homeland Security.
TIME has obtained documents showing that since 2003, the hackers have compromised secure networks from the Redstone Arsenal military base in Huntsville, Alabama (home to the U.S. Army Aviation and Missile Command) to NASA and the World Bank. A Defense Department alert obtained by TIME points to the possibility that Titan Rain could be a point patrol for more serious assaults that could shut down or even take over a number of U.S. military networks.
Nicknamed Spiderman by his military intelligence handlers, Carpenter spent months working at his secret, volunteer job from 2 a.m. to dawn in his ranch house overlooking Albuquerque, New Mexico. On a mission he believed the U.S. government supported, writes Thornburgh, Carpenter was secretly recording every move the snoopers made, passing the information to the Army and later to the FBI.
Among other findings, Carpenter found that all the information-gathering attacks he had seen emanated from just three Chinese routers in the southern province of Guangdong that acted as the first connection point from a local network to the Internet. It was a stunning breakthrough, writes Thornburgh. Tracking Titan Rain hits back to the routers convinced Carpenter that the attacks originated in China and nowhere else.
A federal law-enforcement source tells TIME the FBI is aggressively pursuing the possibility that the government of China is behind the attacks and that China has not been cooperating with U.S. investigations into Titan Rain. Chinas State Council Information Office, speaking for Premier Wen Jiabaos government, told TIME the charges about cyberspying and Titan Rain are totally groundless, irresponsible and unworthy of refute.
The cyberespionage ring federal investigators have code-named Titan Rain first caught Carpenters eye nearly a year earlier when he helped investigate a break-in at Lockheed Martin in 2003. A similar attack hit Sandia several months later. Most hackers, if they actually get into a government network, get all excited and start making mistakes, Carpenter tells TIME. Not these guys. They never hit a wrong key.
After making his first discoveries about Titan Rain in March 2004, Carpenter began taking the information to unofficial contacts in Army intelligence, TIME reports. Federal rules prohibit military intelligence officers from working with U.S. civilians. By October, the Army passed Carpenter to the FBI. Carpenter says he was a confidential informant for the next five months. When his employers at Sandia found out, he was fired and stripped of his Q clearance. Carpenters after hours sleuthing, they said, was an inappropriate use of confidential information he gathered at his day job. Under U.S. law, it is illegal for Americans to hack into foreign computers.
Sandia responded to TIME with a statement: Sandia does its work in the national interest lawfully. When people step beyond clear boundaries in a national security setting, there are consequences.
Carpenter has recently been hired as a network-security analyst for another federal contractor and his security clearance has been restored. He tells TIME, Im not sleeping well. I know the Titan Rain group is out there working, now more than ever.
###
For Full Story Click Below:
TIME contact: Diana_Pearson@timeinc.com, 212-522-0833