Ex-Developer Jailed for Revenge “Kill Switch” After Firing
▼ Summary
– A disgruntled developer was sentenced to four years in prison for intentionally damaging protected computers after his termination.
– Davis Lu planted malicious code, including one named “Hakai” that created infinite loops to delete files and crash systems.
– His most damaging code was a kill switch named “IsDLEnabledinAD” that locked all users out if his credentials were disabled.
– The kill switch automatically activated when Lu was placed on leave, locking thousands of global users out of the network.
– Eaton Corp. discovered the code during an investigation and incurred substantial costs to restore network access.
A former software engineer has received a four-year prison sentence for embedding a destructive “kill switch” into his employer’s network infrastructure, which activated immediately after his termination and locked out thousands of users worldwide. The case underscores the critical importance of robust cybersecurity protocols and internal oversight, especially when managing personnel transitions involving system access.
Davis Lu, a 55-year-old Houston resident originally from China, was found guilty in March of intentionally damaging protected computer systems. The U.S. Department of Justice confirmed the sentencing this week, detailing how Lu’s actions crippled operations at Eaton Corp., where he had been employed for over a decade.
Lu began inserting malicious code into the company’s network after his role was diminished during a corporate restructuring in 2018. Sensing that his dismissal was likely, he developed several harmful scripts designed to disrupt normal operations. Some of these programs used coded names like “Hakai”, Japanese for destruction, and “HunShui,” a Chinese term suggesting lethargy. These scripts triggered endless loops, erased employee profiles, blocked authorized logins, and induced repeated system failures.
The most damaging element, however, was a piece of code Lu named after himself: “IsDLEnabledinAD.” This function served as a digital tripwire, programmed to execute a global lockout the instant his credentials were revoked from the company’s Active Directory. When Lu was finally placed on leave in 2019 and instructed to return his laptop, the kill switch activated exactly as designed. It immediately barred access for employees across the globe, creating widespread confusion and halting business operations.
Eaton’s internal investigation into the recurring system crashes eventually uncovered the source: a computer still logged in under Lu’s credentials. This discovery led them to a restricted server that only he could access, where investigators found the full suite of malicious code.
Matthew Galeotti, acting assistant attorney general for the Justice Department’s criminal division, emphasized that the company incurred significant financial losses while working to restore network stability and security. The incident serves as a stark reminder of the vulnerabilities companies face from within, particularly when disgruntled employees retain system privileges.
(Source: Ars Technica)
