Forensic, General & Medical
Expert Witnesses

IT Engineer Damages Employer's Computers, Gets 4 Years in Prison


     By Evidence Solutions, Inc. Computer Technology and Digital Forensic Firm

PhoneCall Scott Greene of Evidence Solutions, Inc. at (866) 795-7166


United States Attorney Booth Goodwin, announced recently that a former network engineer at Charleston, South Carolina based EnerVest Operating, LLC (“EnerVest”), was sentenced to four years in federal prison for intentionally causing significant damage to his employer’s computer system. The culprit: Ricky Joe Mitchell, 35, of Charleston, West Virginia.
Mitchell admitted that in June 2012, before he was fired from EnerVest, he remotely accessed EnerVest’s computer system and reset the company’s network servers back to factory settings. In doing so, he eliminated access to the company’s data and applications for its eastern United States operations. EnerVest manages oil and gas exploration and production operations for its parent company, EnerVest Ltd.—a major national oil and gas holding company.

Mitchell Knew he was Going to be Fired

What is interesting about this case is Mitchell did so after he became aware he was going to be fired, but before he was actually terminated. Mitchell told a federal judge he shut down his former company's computer network and phone system the same night he found out he was going to be fired. Mitchell, who worked for EnerVest from August 2009 through June 26, 2012 - the date the computer system was damaged, intended to prevent company employees from logging on to computers, accessing the Internet, or checking e-mails for one day after he sent the command.

In addition to resetting the servers, Mitchell entered the offices after business hours, disconnected critical pieces of computer-networking equipment, and disabled the equipment’s cooling system. The disabled EnerVest was unable to conduct business, a situation which lasted approximately 30 days. The company spent hundreds of thousands of dollars attempting to recover historical data from its network servers. However, some of its data was lost forever, data the company thought had been backed up by Mitchell. He had sent a command to disable the data replication process, which is designed to transmit backup data to the company's Houston location.

U.S. Attorney's Office

“Imagine having your company’s computer network knocked out for a month,” said U.S. Attorney Goodwin. “In this day and age, that kind of attack is devastating. And this defendant didn’t just hurt EnerVest. He hurt his former co-workers, he hurt EnerVest’s customers, and, ultimately, he hurt consumers. The only good news here is that he didn’t get away with it.”

Mitchell had a History of Vandalism

This type of vandalism is not new to Mitchell. When he was 17, he went by the nickname "RickDogg" online and was accused of attempting to plant "108 computer viruses from floppy diskettes to disk space allocated and assigned to another student on the Capital High School computer system." He was suspended and later forced to transfer schools.

The Criminal Investigation

The United States Secret Service conducted the investigation. Prosecution was handled by U.S. Attorney Goodwin and Assistant U.S. Attorney Thomas C. Ryan. The case was prosecuted under the U.S. Attorney’s Business Protection Initiative, which fights fraud and other crimes against West Virginia businesses. Mitchell received a four-year prison sentence and was ordered to pay $428,000 in restitution to EnerVest, plus a $100,000 fine.

Steps to take when an employee leaves

Organizations should have a check list to follow when terminating an employee. Terminate employees quickly, follow the written list of procedures to keep them from doing harm. We have seen companies advertise a position for their IT manager in the local paper and have heard from the manager who is about to be replaced “I saw my job in the paper this morning”. This is just a bad idea. If you're going to fire someone, keep the information to a ‘need to know’ group and then fire quickly - making sure all physical and remote access to data and facilities is cut before or during the termination meeting.

Organizations should also consider having an outside company review the backup systems in use. Ensure that your organization’s data can be recovered when the organization needs it most: in the event of a disaster.

ABOUT THE AUTHOR: Scott Greene of Evidence Solutions, Inc.
For over 30 years, Scott Greene has been helping companies meet the challenges of the swiftly evolving computer technology industry.

Directly from high school, Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.

The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records, Email systems and more. Scott then explains the digital evidence in plain English.

Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.

Copyright Evidence Solutions, Inc.

More information about Evidence Solutions, Inc.


While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.
For specific technical or legal advice on the information provided and related topics, please contact the author.

Find an Expert Witness