Ex-Denali CTO Michael Leeper Pleads Guilty To Computer Fraud, Could Face Up To 10 Years In Prison

Michael Leeper admitted Wednesday to intentionally accessing the computer network of Columbia Sportswear without authorization while employed as CTO of Denali Advanced Integration.

"I know when I was logging into Columbia's network that I would likely encounter information relevant to Denali's business relationship with Columbia," Leeper wrote in a 10-page guilty plea. "In accessing and viewing some of those emails, I was motivated at least in part by my capacity as Denali's CTO, in that I believed those emails might contain information that would be useful to Denali."

Leeper acknowledged that his intrusions into Columbia's network began no later than March 2014 and continued until roughly October 2016, adding that he "accessed the network purely out of curiosity." Leeper joined Denali in March 2014 after spending 14 years in Columbia's IT department, and admitted he used network credentials he had been given as a Columbia employee after he became part of Denali.

[RELATED: Feds Charge Ex-Denali CTO Michael Leeper With Computer Fraud In Columbia Sportswear Hacking Case]

id
unit-1659132512259
type
Sponsored post

Columbia will receive $34,479 in restitution from Leeper to compensate for the loss associated with his illegal conduct, according to the plea agreement signed by the U.S. Attorney's office and Leeper. The agreement indicates that the maximum sentence for Leeper's computer fraud conviction is 10 years of imprisonment, a $250,000 fine, and three years of supervised release.

"Unauthorized computer intrusion is a serious crime, and those that unlawfully gain sensitive or proprietary information must be held accountable for their illegal conduct," Billy Williams, U.S. Attorney for the District of Oregon, said in a statement.

Redmond, Wash.-based Denali, No. 83 on the 2017 CRN Solution Provider 500, said it terminated Leeper on March 14, 2017, for violating company policy. Denali was not charged with anything by the U.S. Attorney's office, but is a named defendant in a civil lawsuit filed by Portland, Ore.-based Columbia in March.

"As the criminal charge and plea confirms, Denali played no role in – nor benefited from – Leeper's misconduct," Denali said in a statement posted to the company's website Wednesday. "The company takes pride in its integrity. It does not condone unfair business practices, and will not tolerate illegal conduct."

Denali denied any wrongdoing in the civil case, which is still pending. The company said Wednesday that it remains committed to resolving all issues with Columbia referenced in the civil lawsuit.

Although Leeper could spend up to 10 years in prison, the U.S. Attorney's office is likely to recommend that he spend just six months in prision in accordance with federal sentencing guidelines. This recommendation would be predicated on Leeper having little or no criminal history.

Aggravating factors associated with Leeper's conviction include his abuse of a position of trust or a special skill, as well as that Columbia's loss exceeded $15,000. Mitigating factors include Leeper's acceptance of responsibility for his unlawful conduct in this case, according to the plea agreement. Leeper is scheduled to be sentenced Dec. 7 before U.S. District Court Judge Robert Jones.

In a 19-page lawsuit filed March 1 with the U.S. District Court in Portland, Columbia accused Leeper of using dummy email accounts on more than 700 occasions to illegal view internal communications concerning deals in which Denali had a financial interest, emails between Columbia and Denali's competitors, and confidential documents related to Columbia's long-range IT budget plans.

As a result of Leeper's time in Columbia's IT department, the company said Leeper had nearly unlimited access to the company's private computer network, including thousands of secure email accounts used by Columbia employees around the world.

In total, Columbia alleges Leeper hacked into at least eight of its employees' email accounts during the late summer and early fall of 2016, and additionally accessed other documents and information stored on Columbia's network.

Columbia is seeking economic and punitive damages, attorneys' fees, and an order prohibiting Denali and Leeper from using any unlawful Columbia information they still possess, according to the lawsuit.