Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

United States v. Grupe

United States District Court, D. Minnesota

February 8, 2018


          Aaron R. Cooper, UNITED STATES DEPARTMENT OF JUSTICE; Timothy C. Rank, UNITED STATES ATTORNEY'S OFFICE, for plaintiff.

          Tor Ekeland, Frederic B. Jennings, and Amanda Grannis, TOR EKELAND LAW, PLLC; and Daniel Mohs, for defendant.


          Patrick J. Schiltz United States District Judge

         Defendant Christopher Grupe was convicted by a jury of one count of intentional damage to a protected computer in violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i). This matter is before the Court on Grupe's motion for acquittal or, in the alternative, a new trial. For the reasons that follow, the motion is denied.

         I. BACKGROUND

         From September 2013 to December 2015, Grupe was a senior network design engineer for Canadian Pacific Railway (“CP”). Trial Tr. (“TT”) 16-17. In early December 2015, Grupe was working on a network upgrade at CP's Nahant Yard, a major diesel servicing yard in Davenport, Iowa. TT 19-20, 27. The cutover to the new system (which required taking down the existing system) was scheduled to take place during a “change window” starting at 8:00 pm on December 3. TT 20-23. Grupe had requested that the change window be moved to December 2, but senior management denied his request. TT 31.

         Grupe nevertheless decided on his own to proceed with the upgrade on December 2. In so doing, Grupe caused an unexpected outage that Grupe's supervisor, Ernest Seguin, had to rectify. TT 19, 26-27, 31-32. After restoring service, Seguin instructed Grupe that the two of them would upgrade the system together during the scheduled change window on December 3 and that Grupe should not proceed by himself. TT 34-35. Seguin was concerned that there was an underlying problem in the system and believed that the upgrade might not be successful. Seguin wanted to work with Grupe so that, in the event of a problem, Seguin could quickly restore the existing service. TT 34-35. Seguin also reminded Grupe that making changes outside of the scheduled change window would be cause for termination. TT 34-35.

         Despite that warning, Grupe again disregarded Seguin's instructions and again tried to upgrade the system on his own. TT 37-40. As Seguin had anticipated, the upgrade caused problems. TT 38. After Grupe ignored Seguin's multiple attempts to contact him (including through the on-site project manager), Seguin told the on-site project manager that he was going to have Grupe escorted from the property by CP police. TT 40-45. That got Grupe's attention. Grupe finally called Seguin and was verbally abusive to Seguin on the phone. TT 45-46 (“And then he broke into a state of profanities and started literally yelling and screaming on the phone about unrelated things like you Canadians don't know how to run a railway. It went on for quite awhile, very loud, very profane.”).

         At the end of the call, Seguin suspended Grupe, although the two continued to work with other CP employees to complete the upgrade. TT 47, 51, 54-56. Seguin later told Grupe to stay off CP property during his suspension. TT 61. Seguin also took steps to suspend Grupe's computer accounts and building access. TT 63-64. Yet again, Grupe disregarded Seguin's instructions, this time by showing up on CP property and communicating with on-site CP staff. TT 70-71.

         On December 15, CP informed Grupe that he was being terminated.[1] TT 75-78. CP instructed Grupe to return all company property, including his laptop and building- access cards. TT 79-80, 82. On December 17, shortly before returning his laptop, Grupe used the laptop to log in to two of CP's network switches. These switches- located in Calgary, Alberta, and referred to as the “Ogden switches”-function as “the central nerve center for all data and voice traffic through” CP's computer network. TT 93; see also TT 11, 91. CP network engineers use administrative-level accounts to access the switches to reconfigure them to accommodate new applications, diagnose and fix problems with the network, and perform other tasks. TT 100. Grupe deleted two administrative-level accounts (including an account that he had created for himself without authorization) and changed the password for the main administrative (“admin”) account that CP employees use to access and administer the switches. TT 127, 131-35, 170-71, 174, 183, 332-43.

         On January 6, 2016, a CP employee tried and failed to log in to the switches using the admin account. TT 90, 95, 101-02, 312. The issue escalated up the chain of command until it became an “all hands on deck” situation. TT 499, 556-57. CP employees investigated whether someone had changed the password and whether there was another way to log in to the switches. TT 100-02. As part of the investigation, Thomas Gurney, another network design engineer, called Grupe to ask if he knew of any previous passwords that would get them into the switch. They talked for about a half an hour, trying various combinations of passwords, none of which worked. TT 322-23. Grupe did not tell Gurney that he had changed the password for the admin account-nor, of course, did Grupe give the new password to Gurney. TT 358.

         Eventually, CP determined that its only option was to manually power off and reboot the switches in the hope that the admin password would reset itself. TT 103. The following evening (January 7), CP rebooted each of the two switches, a process that took approximately 45 to 60 minutes. TT 115, 153, 178, 197. The reboot was successful, and CP regained administrative access to the switches. TT 115.

         In the wake of this incident, CP retained CrowdStrike, an information-security firm, to investigate. TT 246, 249, 557, 664. CP was already using a CrowdStrike product called FalconHost to monitor the computers used by CP employees. TT 248-49. CP's and CrowdStrike's investigation identified Grupe as the likely culprit.

         II. ANALYSIS

         A. Motion for Acquittal

         Under Fed. R. Crim. P. 29, “the court on the defendant's motion must enter a judgment of acquittal of any offense for which the evidence is insufficient to sustain a conviction.” In considering a Rule 29 motion for acquittal, the court must view the evidence in the light most favorable to the government, resolve all evidentiary conflicts in the government's favor, and accept all reasonable inferences drawn from the evidence that support the jury's verdict. United States v. Cook, 603 F.3d 434, 437 (8th Cir. 2010). The motion should be granted only if no reasonable jury could have found the defendant guilty. Id.

         Grupe was charged with causing intentional damage to a protected computer in violation of the CFAA, 18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i). As the Court instructed the jury, the elements of this offense are as follows: (1) the defendant knowingly caused the transmission of a program, code, or command to a protected computer; (2) the defendant acted without authorization; (3) the transmission caused damage to the protected computer; and (4) the defendant intended to damage the protected computer. ECF No. 61 at 6. After finding Grupe guilty, the jury further found that Grupe's offense caused a “loss to 1 or more persons . . . aggregating at least $5, 000 in value, ” as is necessary for a felony-level offense. See 18 U.S.C. § 1030(c)(4)(B)(i) (incorporating § 1030(c)(4)(A)(i)(I), which imposes a $5, 000 loss requirement).

         Grupe argues that there is insufficient evidence to support his conviction. Specifically, Grupe argues that there is insufficient evidence to prove that he either caused or intended to cause “damage” within the meaning of the CFAA; that the network switches are “computers” within the meaning of the CFAA; or ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.