A 37-year-old company systems administrator has been convicted of federal violations within the Computer Fraud and Abuse Act in the Eastern District of Texas, announced U.S. Attorney John M. Bales today.
Michael Thomas, of Lewisville, Texas, was found guilty by a jury on June 8, 2016, of knowingly transmitting programs, information, codes, or commands that intentionally caused damage to his employer’s computer system, that he did not have authorization to cause the damage, and that those damages incurred losses to the employer in excess of $5,000.
The verdict came following a three-day trial before U.S. District Judge Amos L. Mazzant, III.
According to the indictment and evidence presented at trial, on Dec. 2-5, 2011, Thomas, while employed as the Information Technology Operations Manager for ClickMotive in Plano, Texas, became upset about a business decision the company made.
In retaliation, Thomas granted himself access to the company executives’ email accounts in order to search through emails and forward them to an external email account he created for that purpose.
Over the weekend, Thomas also tampered with the company paging system by entering false contact information for various company executives, ensuring that any automatically-generated alerts indicating system problems would not be received.
Thomas also removed company employees and executives from email distribution groups created for the benefit of its customers, who were large automotive companies and dealerships.
This ensured that customers’ request for support would similarly go unnoticed.
Thomas deleted virtual machines that were currently in active use and being used to store and perform important backup functions, deleted 615 files of backup history which were not able to be recovered, and also deleted jobs for future backups across various environments in the network.
Those deletions were performed contrary to established practices and procedures routinely followed by the company.
Thomas also deleted several internal “wiki” pages that employees routinely accessed and relied upon to perform their jobs.
Furthermore, Thomas manually changed the setting for an authentication service that eventually led to the inability of employees to work remotely through a Virtual Private Network.
Thomas left his resignation on Sunday, Dec. 5, 2011, before his nefarious activities were discovered.
Company IT personnel and expert witnesses testified that Thomas’ activities, taken as a whole, were not consistent with normal trouble-shooting and maintenance.
Thomas’ friend and former colleague testified that in the days following the events in question, Thomas admitted to have “tinkered” with the system and specifically to deleting backups and related files, tampering with the door monitoring system, absconding with passwords, and also stating that he thought he broke the law.
When later questioned about the incident, Thomas similarly admitted to FBI Agents to deleting wiki pages and spying on company executives’ emails, also saying he didn’t want the job to be easier for the next person.
On Aug. 12, 2013, Thomas abruptly resigned from a well-paying job and purchased a plane ticket to Brazil, departing that same day, after being notified that the government intended to formally charge the defendant on Aug. 14, 2013.
He did not return to the United States until April 20, 2016.
ClickMotive’s co-founder and Chief Technology Officer extensively testified as to the importance of the data that the defendant tampered with and destroyed which not only affected the company’s ability to access certain data but also instilled a sense of fear that persisted within the company for months.
The witness explained that no one had permission to delete or impair data that is valuable to the company.
The cost to investigate and remediate the problems created by Thomas was more than $100,000.
Thomas was indicted by a federal grand jury on Sep. 11, 2013.
Mandatory Facts:
Defendant/Respondent: Michael Thomas
Criminal Charges: Knowingly transmitting programs, information, codes, or commands that intentionally caused damage to his employer’s computer system, that he did not have authorization to cause the damage, and that those damages incurred losses to the employer in excess of $5,000.
City and State: Sherman, Texas
Exact Date: June 8, 2016
Sentence or Outcome: Found guilty by a jury
Dollar Amounts: Losses to the employer in excess of $5,000, cost to investigate and remediate the problems created by Thomas was more than $100,000
Related Federal Cases
- Ken Paxton, Securities Fraud, Texas 2022 · Texas
- Anthony Clark, Wire Fraud Conspiracy, Texas 2024 · Washington
- Tyler C. King, Computer Fraud, New York 2023 · Texas
- Evgeniy Doroshenko, Wire Fraud and Computer Fraud, New Jersey 2024 · North Carolina
- Brandon A. Coughlin, Computer Damage and Wire Fraud, Pennsylvania 2013 · Texas
Key Facts
- State: Texas
- Category: Cybercrime
- Source: DOJ Press Release â†â€â€
ðŸâ€Â’ Get the grimiest stories delivered weekly. Subscribe free →

