Davis Lu, a former developer at Eaton Corporation, has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with malware and a custom kill switch that locked out thousands of employees once his account was disabled. The attack caused significant operational disruption and financial losses, with Lu also attempting to cover his tracks by deleting data and researching privilege escalation techniques.
According to the DOJ, Lu retaliated against his demotion in 2018 by embedding malicious code throughout the company’s Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named ‘IsDLEnabledinAD’ (‘Is Davis Lu enabled in Active Directory’) that would automatically lock all users out of their accounts if his account was disabled in Active Directory.
When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems. The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company, according to Acting Assistant Attorney General Matthew R. Galeotti.
When instructed to return his laptop, Lu reportedly deleted encrypted data from his device, and investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.