UPDATE: Lu has been sentenced to four years in prison and three years of supervised release.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a US company,” says Acting Assistant Attorney General Matthew R. Galeotti of the DoJ’s Criminal Division.
“This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm,” adds Assistant Director Brett Leatherman of the FBI’s Cyber Division.
Original Story 3/10:
A former employee of an Ohio-based industrial power management company has been found guilty of sabotaging that company’s IT system with malicious computer code, including a “kill switch” that activated after his position was changed.
Davis Lu, 55, had worked as a senior software developer at Eaton Corp. in Beachwood, Ohio, since 2007 according to Cleveland.com. But in 2018, a “corporate realignment” reduced his responsibilities and system access, which led him to secretly sabotage the network.
“By Aug. 4, 2019, he introduced malicious code that caused system crashes and prevented user logins,” the Justice Department says.
Lu’s sabotage involved triggering the company’s IT systems to enter an “infinite loop,” resulting in server hangs and crashes. In addition, Lu installed a “kill switch” designed to lock out other employees the moment the company disabled his profile from the company’s active directory.
Recommended by Our Editors
That happened on Sept. 9, 2019, after his job had been terminated, resulting in disruptions for thousands of users across the globe, federal investigators say. But according to a court document, it wasn’t hard for Eaton to figure out that Lu was to blame. Part of the sabotage was hosted on a development server to which only Lu had access. Meanwhile, the kill switch code was named “IsDLEnabledinAD”—which translates to “Is Davis Lu enabled in Active Directory.”
“Additionally, on the day he was directed to turn in his company laptop, Lu deleted encrypted data,” the Justice Department says. “His internet search history revealed he had researched methods to escalate privileges, hide processes, and rapidly delete files, indicating an intent to obstruct efforts of his co-workers to resolve the system disruptions.”
Lu was originally charged in 2021. Following a lengthy court process, a federal jury found him guilty this week for causing damages to the protected computers. He now faces up to 10 years in prison.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
