Ride the Lightning

Network Engineer Sentenced to Four Years for Destroying Company Data

May 22, 2014

It is a mantra with us to terminate employees quickly, following a written list of procedures to keep them from doing harm. Here's another story to underscore the importance of doing exactly that.

It was recently reported that a former network engineer at EnerVest Operating, LCC, in Charleston W.V., was sentenced to four years in prison for causing severe damage to his employer's computer system. EnerVest manages oil and gas exploration and production operations for EnerVest Ltd., a major national oil and gas holding company.

Ricky Joe Mitchell, 35, admitted that in June 2012, shortly after he learned he was going to be fired, remotely accessed EnerVest's computer system and reset the company's network servers to factory settings, essentially eliminating access to all of the company's data and applications for the eastern US operations.

Before his access to EnerVest was terminated, Mitchell went to the office after business hours, disconnected critical pieces of computer-network equipment and disabled the equipment's cooling system. EnerVest was unable to fully communicate or conduct business operations for nearly 30 days.

The company spent hundreds of thousands of dollars trying to recover historical data from its network servers. Some data was lost forever.

In addition to his prison sentence, Mitchell was ordered to pay $428,000 in restitution to the company and pay a $100,000 fine.

If you're going to fire someone, don't let a lot of people know – and do it quickly – making sure all physical and remote access to data is cut before or during the meeting in which the employee is fired.

Hat tip to Bill Menzie.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq