Intellectual Property Expert Witness:
Network Engineer Gets 4 Years in Prison for Damaging his Employer’s Computer Systems

Intellectual Property Expert / Digital Forensics Articles

By Scott Greene

 

United States Attorney Booth Goodwin, announced recently that a former network engineer at Charleston, West Virginia based EnerVest Operating, LLC (“EnerVest”), was sentenced to four years in federal prison for intentionally causing significant damage to his employer’s computer system. The culprit: Ricky Joe Mitchell, 35, of Charleston, West Virginia. Mitchell admitted that in June 2012, before he was fired from EnerVest, he remotely accessed EnerVest’s computer system and reset the company’s network servers back to factory settings. In doing so, he eliminated access to the company’s data and applications for its eastern United States operations. EnerVest manages oil and gas exploration and production operations for its parent company, EnerVest Ltd.—a major national oil and gas holding company.

PolicyImage

Mitchell Knew he was Going to be Fired

What is interesting about this case is Mitchell did so after he became aware he was going to be fired, but before he was actually terminated. Mitchell told a federal judge he shut down his former company's computer network and phone system the same night he found out he was going to be fired. Mitchell, who worked for EnerVest from August 2009 through June 26, 2012 - the date the computer system was damaged, intended to prevent company employees from logging on to computers, accessing the Internet, or checking e-mails for one day after he sent the command.

In addition to resetting the servers, Mitchell entered the offices after business hours, disconnected critical pieces of computer-networking equipment, and disabled the equipment’s cooling system. The disabled EnerVest was unable to conduct business, a situation which lasted approximately 30 days. The company spent hundreds of thousands of dollars attempting to recover historical data from its network servers. However, some of its data was lost forever, data the company thought had been backed up by Mitchell. He had sent a command to disable the data replication process, which is designed to transmit backup data to the company's Houston location.

U.S. Attorney's Office

“Imagine having your company’s computer network knocked out for a month,” said U.S. Attorney Goodwin. “In this day and age, that kind of attack is devastating. And this defendant didn’t just hurt EnerVest. He hurt his former co-workers, he hurt EnerVest’s customers, and, ultimately, he hurt consumers. The only good news here is that he didn’t get away with it.”

Mitchell had a History of Vandalism

This type of vandalism is not new to Mitchell. When he was 17, he went by the nickname "RickDogg" online and was accused of attempting to plant "108 computer viruses from floppy diskettes to disk space allocated and assigned to another student on the Capital High School computer system." He was suspended and later forced to transfer schools.

The Criminal Investigation

The United States Secret Service conducted the investigation. Prosecution was handled by U.S. Attorney Goodwin and Assistant U.S. Attorney Thomas C. Ryan. The case was prosecuted under the U.S. Attorney’s Business Protection Initiative, which fights fraud and other crimes against West Virginia businesses. Mitchell received a four-year prison sentence and was ordered to pay $428,000 in restitution to EnerVest, plus a $100,000 fine.

Evidence Solutions' Recommendations: Steps to take when an employee leaves

Evidence Solutions believes organizations should have a check list to follow when terminating an employee. Terminate employees quickly, follow the written list of procedures to keep them from doing harm. We have seen companies advertise a position for their IT manager in the local paper and have heard from the manager who is about to be replaced “I saw my job in the paper this morning”. This is just a bad idea. If you're going to fire someone, keep the information to a ‘need to know’ group and then fire quickly - making sure all physical and remote access to data and facilities is cut before or during the termination meeting.

Organizations should also consider having an outside company review the backup systems in use. Ensure that your organization’s data can be recovered when the organization needs it most: in the event of a disaster.

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Digital Evidence Questions: 866-795-7166 or  This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles & Pages:

 

Howdy, I'm a Hacker! | Computer Forensics Expert Witness

Social Engineering Expert: YOU are the Hacker’s Greatest Tool

How critical is timing in an investigation? 

 

Like Evidence Solutions - Electronic Evidence on Facebook

Follow Evidence Solutions - Digital Evidence Division on LinkedIn

Circle Evidence Solutions - Digital Evidence Division on Google+

Google+ Author

Google+ Publisher