Article Details
Scrape Timestamp (UTC): 2025-08-21 23:53:10.008
Original Article Text
Click to Toggle View
Dev gets 4 years for creating kill switch on ex-employer's systems. A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. Davis Lu, 55, a Chinese national living legally in Houston, worked for an Ohio-based company, reportedly Eaton Corporation, from 2007 until his termination in 2019. After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems. "The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term. Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Daily Brief Summary
Davis Lu, a former software developer, received a four-year prison sentence for deploying custom malware against his previous employer, reportedly Eaton Corporation.
The malware included an infinite Java thread loop designed to crash production systems and a kill switch that locked out employees when Lu's account was disabled.
The sabotage caused significant disruption, locking thousands of users out of their accounts and resulting in hundreds of thousands of dollars in losses.
Lu's actions were reportedly in retaliation for a demotion following a corporate restructuring, demonstrating the potential risks of insider threats.
Investigations revealed Lu deleted encrypted data from his laptop and researched methods to elevate privileges and hide processes.
Following his prison term, Lu will serve an additional three years of supervised release, highlighting the legal repercussions of cyber sabotage.
This incident serves as a reminder of the importance of robust insider threat detection and response strategies to protect corporate networks.