The Cherokee Supreme Court has overturned the conviction of an individual accused of involvement in a cyberattack that disrupted the Eastern Band of Cherokee Indians’ computer network in December 2019.
The court’s opinion highlighted that, according to the Cherokee Code, merely demonstrating an unauthorized login without further evidence is insufficient to prove the misuse of Tribal property. The ruling emphasized the absence of evidence indicating the misappropriation of Tribal property for the defendant’s personal use or for the use of another person, thereby leading to the vacation of the defendant’s conviction.
Before the cyberattack incident, Benjamin Cody Long, aged 36, held the position of lead systems administrator at the tribe’s Office of Information and Technology. The Supreme Court opinion outlined that on Thursday, Dec. 5, 2019, around 8 a.m., Long was informed by his supervisor of being placed on paid administrative leave pending an investigation into prior employment issues. Subsequently, Long surrendered his credentials, account information, employee badge, and laptops following this directive. However, he did not submit his cell phone SIM card until 9 a.m., explaining to his supervisor that he had left it at home and needed to retrieve it.
In his capacity as lead systems administrator, Long had access to several high-level accounts. An examination of Microsoft Windows account login records within the tribal network indicated a single login to Long’s Domain Administrator Account after his placement on administrative leave but prior to the deactivation of his account at approximately 8:30 a.m. on that day.