In a case that reads like a corporate thriller, a 55-year-old software developer has been convicted of sabotaging his former employer’s computer systems, causing hundreds of thousands of dollars in damage. Davis Lu, a former employee of Eaton Corp., a global power management company, was found guilty of deploying malicious code by a federal jury in Cleveland, including a “kill switch” designed to cripple the company’s network if he was ever fired.
The U.S. Department of Justice announced the verdict on Friday, revealing that Lu’s actions disrupted operations for thousands of employees worldwide. His motive, prosecutors say, stemmed from a corporate restructuring in 2018 that reduced his responsibilities and left him disgruntled. Now, Lu faces up to ten years in prison.
The Code of Destruction
Lu’s sabotage began in 2018, shortly after Eaton Corp. restructured its operations. He was mad. As a software developer with over a decade of experience at the company, Lu had deep access to its systems. Prosecutors say he used that access to plant malicious code, including programs that created “infinite loops” to crash servers, deleted coworker profile files, and prevented legitimate logins.
The malicious software bore ominous names: “Hakai,” the Japanese word for destruction, and “HunShui,” the Chinese word for lethargy. But the most damaging piece of code was a “kill switch” named “IsDLEnabledinAD,” an apparent abbreviation of “Is Davis Lu enabled in Active Directory.” This program was designed to lock out hundreds of thousands of employees from Eaton’s network and would activate automatically if Lu’s account was disabled. That day would come.
On September 9, 2019, the day Lu was terminated, the kill switch triggered, causing widespread disruption.
But despite Lu being good at wrecking things, he wasn’t exactly careful about covering his tracks. When Eaton ran a major debugging campaign to find out what was wrong with their servers, it didn’t take very long until they tracked the infinite looping malware to a computer that worked only with Lu’s user ID. He was the only person who had access to this server. Lu kept other malicious code on the same machine, including the code that kept deleting user profile data and the “kill switch”.
Prosecutors also found evidence in Lu’s search history that he had researched ways to escalate privileges, hide processes, and rapidly delete files. “He had researched methods to obstruct efforts of his co-workers to resolve the system disruptions,” the DOJ wrote in Lu’s case file.
Prosecutors estimate the sabotage cost Eaton Corp. hundreds of thousands of dollars in losses, though Lu’s defense team argued the damage was less than $5,000.
<!– Tag ID: zmescience_300x250_InContent_3
–>
“Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide,” said FBI Special Agent in Charge Greg Nelsen in a statement.
“Davis and his supporters believe in his innocence, and this matter will be reviewed at the appellate level,” said Ian Friedman, Lu’s attorney.
A sentencing date has not been set, but Lu could face up to ten years in prison. His attorney said they will appeal the case.
Revenge Code
Disgruntled employees sabotaging their employers’ systems is not a new phenomenon. Over the years, several high-profile cases have made headlines. For instance, Terry Childs, a network administrator for San Francisco, locked the city out of its own network in 2008, refusing to hand over critical passwords after conflicts with supervisors. Similarly, Yihao “Ben” Pu, a former Siemens engineer, planted a “logic bomb” in 2018 to crash systems after being passed over for a promotion.
Ashley Simmons, a former U.S. Army civilian employee, deleted over 100,000 files in 2019 after being reprimanded, which disrupted military operations. Meanwhile, Roger Duronio, a systems administrator at UBS PaineWebber, planted a logic bomb — a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met — in 2002 over dissatisfaction with his bonus, causing $3 million in damages.
While these tech workers have obviously broken the law at their own risk, their sense of betrayal and powerlessness is relatable. Many people have felt undervalued or sidelined in their careers, and Lu’s actions, though extreme, may be applauded by some who always thought about doing something similar themselves but never had the guts to follow through (or they weren’t pushed to the brink).
These are cautionary tales and something tells me we’ll hear more of these sooner than later. Elon Musk’s DOGE has so far fired around 100,000 federal employees, with more to come. These include employees from virtually all federal agencies, including Veteran Affairs, the Defense Department, the IRS, the CIA, the Department of Justice, NOAA, NASA, the EPA, and so on. Meanwhile, USAID has been completely cut off. Let’s hope we don’t see such a thing happen at a level that could affect many more of us.
