Coder faces 10 years’ jailtime for creating a ‘kill switch’ that screwed-up his employers’ systems when he was laid off

A 55 year-old man from Texas has been convicted by a jury of “causing intentional damage to protected computers” owned by his former employer, Eaton Corp, after creating malicious code that sabotaged elements of the company’s network alongside a “kill switch” designed to shut down everything if he were laid off.

The US Department of Justice announced the conviction (thanks, ArsTechnica), adding that Davis Lu faces a maximum sentence of 10 years in prison. Lu had been employed by Eaton Corp for 11 years before a corporate reshuffle in 2018 “reduced his responsibilities”, with the coder beginning his efforts to sabotage the company network later that year.

Lu created “infinite loops” that would delete coworkers’ profile files, preventing staff from logging in, causing system crashes, and denting Eaton Corp’s overall productivity. The software developer named these programs “Hakai”, Japanese for destruction, and “HunShui”, the Chinese term for sleep or lethargy.

But the coup-de-grace was what the DOJ describes as a “kill switch” that was designed to activate if Lu ever lost his job. The criminal mastermind named this “IsDLEnabledinAD”, an abbreviation of “Is Davis Lu enabled in Active Directory.” Per the DOJ, this was “automatically activated upon his termination on Sept 9, 2019, and impacted thousands of company users globally,” causing “hundreds of thousands of dollars in losses.”

Lu’s code was discovered by other Eaton Corp software engineers trying to solve the system crashes and infinite looping, and was found to be being executed from a computer using Lu’s user ID and running on a server that only Lu had access to. This server was found to contain other malicious code, including the string that activated the kill switch.

The court filing goes on to say that, when Lu was requested to return a company computer, he “deleted encrypted volumes, attempted to delete the Linux directories, and attempted to delete two projects.” Examination of the computer further showed that Lu had “conducted internet searches querying how to escalate privileges, hide processes, and delete large folders and / or files.”

Finally, on October 7, 2019, Lu “admitted to investigators that he created the code described.”

“Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide,” said FBI Special Agent Greg Nelsen.

“Although disappointed, we respect the jury’s verdict,” said Lu’s attorney, Ian Friedman, adding that they intended to appeal. “Davis and his supporters believe in his innocence and this matter will be reviewed at the appellate level.”

Lu faces a maximum penalty of ten years in prison, with a sentencing date yet to be set.