A software program developer has been sentenced to 4 years in jail for sabotaging his ex-employer’s Home windows community with customized malware and a kill change that locked out staff when his account was disabled.
Davis Lu, 55, a Chinese language nationwide dwelling legally in Houston, labored for an Ohio-based firm, reportedly Eaton Company, from 2007 till his termination in 2019.
After a company restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code all through the corporate’s Home windows manufacturing surroundings.
The malicious code included an infinite Java thread loop designed to overwhelm servers and crash manufacturing techniques.
Lu additionally created a kill change named “IsDLEnabledinAD” (“Is Davis Lu enabled in Lively Listing”) that might robotically lock all customers out of their accounts if his account was disabled in Lively Listing.
When his employment was terminated on September 9, 2019, and his account disabled, the kill change activated, inflicting hundreds of customers to be locked out of their techniques.
“The defendant breached his employer’s belief by utilizing his entry and technical information to sabotage firm networks, wreaking havoc and inflicting tons of of hundreds of {dollars} in losses for a U.S. firm,” mentioned Appearing Assistant Lawyer Basic Matthew R. Galeotti.
When he was instructed to return his laptop computer, Lu reportedly deleted encrypted information from his machine. Investigators later found search queries on the machine researching the best way to elevate privileges, disguise processes, and shortly delete recordsdata.
Lu was discovered responsible earlier this yr of deliberately inflicting harm to protected computer systems. After his four-year sentence, Lu may even serve three years of supervised launch following his jail time period.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
