 |
|---|
|
Developer Convicted for “kill switch” Code Activated Upon his Termination
ArsTechnica
Mon March 10, 2025
Area: Houston
A 55-year-old software developer faces up to 10 years in prison for deploying malicious code that sabotaged his former employer's network, allegedly costing hundreds of thousands of dollars in losses.
The US Department of Justice announced Friday that Davis Lu was convicted by a jury after "causing intentional damage to protected computers" reportedly owned by the Ohio- and Dublin-based power management company Eaton Corp.
Lu had worked at Eaton Corp. for about 11 years when he apparently became disgruntled by a corporate "realignment" in 2018 that "reduced his responsibilities," the DOJ said.
His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating "infinite loops" that deleted coworker profile files, preventing legitimate logins and causing system crashes, the DOJ explained. Aiming to slow down or ruin Eaton Corp.'s productivity, Lu named these codes using the Japanese word for destruction, "Hakai," and the Chinese word for lethargy, "HunShui," the DOJ said.
But perhaps nothing was as destructive as the "kill switch" Lu designed to shut down everything if he was ever terminated.
This kill switch, the DOJ said, appeared to have been created by Lu because it was named "IsDLEnabledinAD," which is an apparent abbreviation of "Is Davis Lu enabled in Active Directory." It also "automatically activated" on the day of Lu's termination in 2019, the DOJ said, disrupting Eaton Corp. users globally.
Eaton Corp. discovered the malicious code while trying to end the infinite looping causing the systems to crash. They soon realized the code was being executed from a computer using Lu's user ID, a court filing said, and running on a server that only Lu, as a software developer, had access to. On that same server, other malicious code was found, including the code deleting user profile data and activating the kill switch, the filing said.
Additionally, the DOJ rooted through Lu's search history and found evidence that "he had researched methods to escalate privileges, hide processes, and rapidly delete files, indicating an intent to obstruct efforts of his co-workers to resolve the system disruptions."
According to the filing, Lu admitted to investigators that he created the code causing "infinite loops." But he's "disappointed" in the jury's verdict and plans to appeal, his attorney, Ian Friedman, told Cleveland.com.
"Davis and his supporters believe in his innocence, and this matter will be reviewed at the appellate level," Friedman said.
A sentencing date has not been set yet, the DOJ said.
Read Posts in the Forum
