A federal court has handed down a four-year prison term to a former software developer who sabotaged his employer’s global network with a custom “kill switch,” crippling operations and inflicting hundreds of thousands in losses.
Davis Lu, 55, a Chinese national legally residing and working in Houston, was sentenced on August 21 by U.S. District Judge Pamela A.
Barker after a jury convicted him of intentionally damaging protected computers. Lu will also serve three years of supervised release, with restitution to be determined at a later date.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
Prosecutors detailed that Lu worked at the victim firm, headquartered in Beachwood, Ohio, as a software developer from November 2007 until October 2019.
After a corporate realignment in 2018 stripped him of key responsibilities and system privileges, Lu began secretly embedding malicious code into the company’s infrastructure.
By August 4, 2019, he had introduced “infinite loops” that caused servers to crash or hang and prevented hundreds of users worldwide from logging in.
He also wrote scripts to delete coworker profiles and, most malignantly, created a “kill switch” set to lock every user out of the network if his own Active Directory account was disabled or removed.
On September 9, 2019, shortly after his termination and the deactivation of his credentials, Lu’s kill switch—dubbed “IsDLEnabledinAD”—activated, instantly barring thousands of employees from system access.
Investigators discovered that Lu had named other malware components “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese for “sleep” or “lethargy”).
On the day he surrendered his company laptop, Lu also deleted encrypted data and executed a command that rendered forensic recovery impossible.
His browser history showed searches for privilege escalation, process hiding, and rapid file deletion, underscoring his intent to obstruct remediation efforts.
U.S. Attorney David M. Toepfer for the Northern District of Ohio praised the FBI Cleveland Division’s work: “The extreme chaos caused by just one person who used his creative mind and technical talents to thwart his employer’s business operations was not only disruptive—it was criminal.”
FBI Cyber Division Assistant Director Brett Leatherman added, “This case underscores the importance of identifying insider threats early and engaging proactively with law enforcement to mitigate risks.”
The investigation was spearheaded by the FBI Cleveland Division, with lead prosecution by Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Daniel J. Riedl and Brian S. Deckert.
Since 2020, CCIPS has secured convictions of over 180 cybercriminals and facilitated court orders returning more than $350 million in victim funds.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
