A former employee of an Ohio-based industrial power management company was found guilty of destroying the company’s information technology system with malicious computer code, including a “kill switch” that activated after his position was changed.
Davis Lu, 55, had worked as a senior software engineer at Eaton Corp. in Beachwood, Ohio, since 2007, according to Cleveland.com. However, in 2018, a “corporate realignment” limited his duties and system access, prompting him to secretly damage the network.
“By Aug. 4, 2019, he introduced malicious code that caused system crashes and prevented user logins,” the Justice Department says.
Lu’s sabotage comprised sending the company’s IT systems into an “infinite loop,” resulting in server stalls and breakdowns. In addition, Lu placed a “kill switch” that would shut out other employees if the corporation removed his profile from the active directory.
Federal authorities reported that the termination of his position on September 9, 2019, caused disruptions for thousands of users worldwide. However, according to a court filing, Eaton quickly determined that Lu was at fault. Part of the sabotage took place on a development server to which only Lu had access. Meanwhile, “IsDLEnabledinAD”—which translates to “Is Davis Lu enabled in Active Directory”—was the title of the kill switch code.
“Additionally, on the day he was directed to turn in his company laptop, Lu deleted encrypted data,” the Justice Department says. “His internet search history revealed he had researched methods to escalate privileges, hide processes, and rapidly delete files, indicating an intent to obstruct efforts of his co-workers to resolve the system disruptions.”
Lu was first charged in 2021. Following a lengthy court procedure, a federal jury found him guilty this week of causing harm to the protected systems. He is now facing up to ten years in prison.
I’ve been a writer for more than 15 years, beginning as a schools and cities reporter in Kansas City before joining PCMag in 2017.