A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer’s network with custom malware and deploying a kill switch that locked out employees when his account was disabled.
Davis Lu, 55, of Houston, Texas, was convicted of causing intentional damage to protected computers in March 2025. He was arrested and charged in April 2021 for abusing his position as a software developer to execute malicious code on his employer’s computer servers.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
“However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions.”
Court documents show that Lu was employed as a software developer for the unnamed company based in Ohio from November 2007 to October 2019. But after his responsibilities and system access were reduced following a 2018 corporate realignment, Lu enacted a scheme to deliberately introduce malicious code around August 2019, resulting in system crashes and preventing user logins.
To pull this off, Lu is said to have created infinite loops in source code to trigger server crashes by repeatedly creating new Java threads without proper termination. He also deleted coworker profile files and implemented a kill switch that would lock out all users if his credentials in the company’s Active Directory were disabled.
“The ‘kill switch’ code – which Lu named ‘IsDLEnabledinAD,’ abbreviating ‘Is Davis Lu enabled in Active Directory’ — was automatically activated when he was placed on leave and asked to surrender his laptop on September 9, 2019, and impacted thousands of company users globally,” the Department of Justice said.
“Lu named other code ‘Hakai,’ a Japanese word meaning ‘destruction,’ and ‘HunShui,’ a Chinese word meaning ‘sleep’ or ‘lethargy.'”
Furthermore, on the day Lu was instructed to return his company-issued laptop, the defendant deleted encrypted volumes and attempted to erase Linux directories and two additional projects. His internet search history laid bare the methods he researched to escalate privileges, hide processes, and delete files, suggesting an attempt to obstruct the company’s efforts to resolve the issues.
Lu’s unlawful actions are estimated to have cost the company hundreds of thousands of dollars in losses, per the department. This case also underscores the importance of identifying insider threats early, added Assistant Director Brett Leatherman of the Federal Bureau of Investigation’s (FBI) Cyber Division.
About The Author
Original post here
