A software developer who was upset after being demoted was convicted of hitting a 'kill switch' on the company's system
A software developer working for a machinery manufacturer in Ohio, USA, was found guilty of planting malware in the company's systems in retaliation for being demoted, and rigging them to crash as soon as he left the company, causing significant damage to the company.
Office of Public Affairs | Texas Man Convicted of Sabotaging his Employer's Computer Systems and Deleting Data | United States Department of Justice
Former Eaton Corp. employee found guilty of sabotaging company's computer systems - cleveland.com
https://www.cleveland.com/court-justice/2025/03/former-eaton-corp-employee-found-guilty-of-sabotaging-companys-computer-systems.html
Developer guilty of using kill switch to sabotage employer's systems
https://www.bleepingcomputer.com/news/security/developer-guilty-of-using-kill-switch-to-sabotage-employers-systems/
Davis Lu worked as a software developer at Eaton Corporation (Eaton) in Beachwood, Ohio, from November 2007 to October 2019.
Eaton is a global manufacturer of power management equipment such as automotive electrical and hydraulic systems. Its registered headquarters is in Dublin, Ireland, but its US headquarters is in Beechwood.
by SilentMatt Psychedelic
After working for Eaton for over 10 years, Lou was demoted and his job authority was restricted following a company restructuring in 2018. In his anger, he developed malicious code to disrupt the company’s systems.
The code, which Lu spent nearly a year developing, executes an 'infinite loop' designed to exhaust server resources and, if enabled, eventually crash the company's systems.
The kill switch, named 'IsDLEnabledinAD,' short for 'Is Davis Lu enabled in Active Directory,' was activated when Lu left the company on September 9, 2019, locking out thousands of employees around the world. Lu's lawyers claim the total damages are less than $5,000, but Eaton claims hundreds of thousands of dollars in losses.
In addition, Lu also created two codes, named 'Hakai' (destruction) and 'HunShui' (Chinese for coma), which deleted the user profiles of his colleagues and also deleted the encrypted data on the day he was ordered to return his company laptop.
Reportedly, Lou's search history showed evidence of research into how to escalate privileges, hide processes, and quickly delete files. Lou was the only developer with access to the affected servers, and the kill switch was also executed from Lou's user ID.
Based on these pieces of evidence, Lu, who was interrogated, pleaded guilty to creating the kill switch in October 2019 and was convicted of 'intentionally damaging a protected computer' at a trial held in the U.S. District Court in Cleveland on March 7, 2025. At the time of writing, Lu, 55, is expected to face up to 10 years in prison, but the date of sentencing has not yet been determined.
'Sadly, Davis Lu used his knowledge, experience and skill to intentionally harm and disrupt his employer, its ability to safely operate its business, and thousands of users around the world,' FBI Special Agent Greg Nelsen said in a statement.
Although Lu has admitted his guilt, he is not satisfied with the guilty verdict. His lawyer, Ian Freedman, said: 'We respect the jury's verdict, but Mr. Lu and his supporters believe he is innocent and the case will be retried on appeal.'
Related Posts:
in Security, Posted by log1l_ks