Ex-developer jailed 4 years for sabotaging Ohio employer with kill-switch malware that locked employees out after his account was disabled.
Ex-developer Davis Lu (55) was sentenced to 4 years for sabotaging Ohio employer with kill-switch malware that locked staff out after his account was disabled.
The Chinese national was also sentenced to three years of supervised release for writing and deploying malicious code on his then-employer’s network.
In March, a jury convicted Davis Lu, 55, of intentionally damaging protected computers while working as a software developer in Ohio. After a 2018 realignment reduced his role, Lu began sabotaging systems, inserting malicious code that caused crashes, deleting coworker profiles, and planting a kill switch tied to his account.
“Following a 2018 corporate realignment that reduced his responsibilities and system access, Lu began sabotaging his employer’s systems. By Aug. 4, 2019, he introduced malicious code that caused system crashes and prevented user logins. Specifically, he created “infinite loops” (in this case, code designed to exhaust Java threads by repeatedly creating new threads without proper termination, resulting in server crashes or hangs), deleted coworker profile files, and implemented a “kill switch” that would lock out all users if his credentials in the company’s active directory were disabled.” reads the press release published by DoJ. “The “kill switch” code — which Lu named “IsDLEnabledinAD”, abbreviating “Is Davis Lu enabled in Active Directory” — was automatically activated when he was placed on leave and asked to surrender his laptop on Sept. 9, 2019, and impacted thousands of company users globally.”
The kill switch was activated when he was suspended in 2019, and it locked out thousands of users worldwide. He also deleted encrypted data, causing losses of hundreds of thousands.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions. The Criminal Division is committed to identifying and prosecuting those who attack U.S. companies, whether from within or without, to hold them responsible for their actions.”
According to court documents, on the day he was told to return his laptop, Lu deleted encrypted data and tried erasing directories, after researching methods to evade detection and block recovery.
“I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities.” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, kill-switch malware)
