Man sues EBCI for wrongful prosecution
The Eastern Band of Cherokee Indians is being sued for alleged libel and malicious prosecution, among other things. File photo
A man initially convicted in a Cherokee Tribal Court for playing a role in a debilitating December 2019 ransomware attack is suing the tribe.
Cody Long, the tribe’s former lead systems administrator for its Office of Information and Technology, was held in jail for 454 days and was in solitary confinement for the better part of a year following his initial arrest for tampering with public records and obstructing government functions.
However, in 2023, the Eastern Band’s Supreme Court ultimately determined that there was not enough evidence to prove that Long had any connection to the attack and overturned that conviction.
The ransomware attack crippled tribal operations across the board. In an interview with Digital Peace Now from November 2022, former Principal Chief Richie Sneed recalled the moment he realized the attack was no joke.
“On the morning of the attack, I was going through my inbox. I noticed an email written in broken English that said my data was held hostage,” Sneed said in the interview. “I figured it was just spam, you know? I thought it was one of those early 2000s Nigerian prince scams. So, I thought it was best to delete it and not risk clicking any links. Then, another email came. I deleted it again. Later, I got a phone call. The hacker told me that this was not a joke, and this was not a drill — it was real.”
Long, represented by Robert Saunooke, is suing for over $100,000 for libel and malicious prosecution, among other things. Along with the Eastern Band of Cherokee Indians, the suit also names several other defendants — Sneed; former Director of EBCI Information Technology Bill Travitz; EBCI Attorney General Mike McConnell; Douglas Chase, an information security administrator; and former tribal prosecutor Cody White.
Related Items
Helene assistance deadline extended
2024 A Look Back: The steamroller award
Fake News Freakout: Episode 9
The Joyful Botanist: Happy Holly Days
Saunooke begins the suit by laying out what he alleges are the facts of the case. At the time of the attack, Long had been suspended from his job with the tribe, meaning his account access and credentials had been terminated and he couldn’t log into any internal tribal systems. However, the suit claims that with “little to no investigation,” Chase and Travitz “created a narrative” that was presented to Sneed. That narrative suggested that Long was responsible for the ransomware attack.
The suit highlights Sneed’s quote from the Digital Peace Now interview.
“The e mails were in broken English … The voice on the phone was clearly not anyone local or from within the Tribe and was of foreign accent,” the suit reads. “Sneed was aware during the call that Long was not the person making the call.”
However, Sneed was told by Chase and Travitz that the attack had been created by Long or at least with Long’s help, and then once those claims were made, McConnell and White allegedly failed to investigate those claims before a warrant was issued for Long’s arrest.
The suit alleges that false statements in court made by Chase contributed to Long’s conviction and also claims that Travitz, following his investigation of the incident, made a similar claim with no proof. Over the next month as the tribe interacted with ransomware hackers to regain access to its own internal systems, ultimately paying out $487,000 by wire to an account outside the United States, the suit claims that the defendants knew the hackers had operated independent of Long.
“The ransomware hackers sent emails confirming that Long was not a part,” the suit reads.
According to the suit, the hackers purchased access to the Tribe’s internet and operations through a Russian language hacker forum to take advantage of a “poorly secured admin access portal where the password had not been modified or changed for the preceding 10 years.”
However, in spite of “clear evidence” that Long had nothing to do with the hackers, the defendants continued to oppose dismissal of the charges against Long — and even bond —until 10 months after his arrest and, according to the suit, nine months after the defendants had knowledge that he wasn’t responsible for the attack.
The initial charges against Long for the ransomware attack were dismissed on Feb. 17, 2022, due to a lack of evidence. However, the defendants still pursued a “course of action that would justify the false narrative” they had previously developed to allegedly protect their own positions within the tribe.
Long was charged with seven more crimes relating to the trespassing on the tribe’s IT network, despite the fact he was locked out of the system.
“… while Long was being held in solitary confinement there had been numerous attempts to access the EBCI IT using Long’s access information,” the suit reads. “Although it was obvious that Long was not able to gain access while in solitary confinement, none the less the additional charges were brought.”
White dismissed six of those seven charges but proceeded on one count of trespassing. Long was initially convicted; however, he appealed, and on Dec. 14, 2023, the EBCI Supreme Court vacated the conviction and acquitted him.
“After careful review, we hold that under the Cherokee Code, evidence of an unauthorized login, without more, is insufficient to convict for the misuse of Tribal property,” the opinion reads. “Because the Tribe failed to provide evidence of appropriation of Tribal property for Defendant’s own use or use of another, as required by the Cherokee Code, we vacate Defendant’s conviction.”
The opinion notes that as lead systems administrator, Long had access to multiple high-level accounts. A review of records tracking logins to Microsoft Windows accounts on the tribal network showed that one login had occurred to Long’s Domain Administrator Account after he was placed on administrative leave but before his account was disabled around 8:30 a.m. that day.
The opinion notes that to convict Long, the prosecution had to prove several elements, including that he appropriated tribal property for his own use or that of another. The Supreme Court disagreed with the tribe’s argument that simply logging into the network without permission amounted to an “appropriation” of tribal property and ruled that because the statute laying out the appropriation crime defines it as appropriation of tribal property “to his own use or that of another,” proving guilt must include proving to what use the property in question was put.
“Taken in the light most favorable to the Tribe, the evidence shows that Defendant logged into his administrator-enabled account after he was placed on leave and was instructed not to access network resources,” the opinion reads. “The Tribe provided no evidence that Defendant obtained information, downloaded data, changed settings, or installed or ran software: the evidence showed no conduct beyond simply logging into the account without permission. Further, there was no evidence of the use to which Defendant put Tribal property.”
“Had the Tribe provided evidence of Defendant’s intent while accessing the network or that he had installed software, accessed files, or otherwise actually made use of his access, that evidence may have been sufficient to show that Defendant’s appropriation of Tribal property was ‘to his own use or use of another,’” the opinion later reads. “In this case, the Tribe simply failed to carry its burden on that element.”
Long’s suit against the tribe ultimately alleges that from the date of the ransomware attack, through newspaper articles, television interviews, social media and “other public forums,” the defendants continued to identify Long as the man responsible for the attack, which harmed his reputation.
“Travitz and Chase knew that they had failed to properly maintain the password and admin access within the Tribe’s internet technology, including failing to change system admin passwords during the preceding ten year period,” the suit reads. “This led to a system wide failure for which Chase and Travitz had responsibility.”
“To avoid this responsibility and the ultimate loss of their own employment, they created the false narrative, without probable cause or support, that Long was responsible for the sole purpose of shifting blame away from themselves,” it continues, adding that the defendants have never taken any steps to retract or explain the prior false statements regarding Long’s alleged role in the attack.
Long is seeking in excess of $100,000.
