A disgruntled developer has been sentenced to four years in prison after building a "kill switch" that locked all users out of a US firm's network the moment that his name was deleted from the company directory following his termination.
Davis Lu, a 55-year-old Chinese national residing in Houston, was convicted of "causing intentional damage to protected computers" in March, the US Department of Justice said in a press release announcing his sentencing Thursday.
Lu had worked at Eaton Corp. for approximately 11 years when suddenly the company reduced his responsibilities during a 2018 "realignment." Anticipating his termination was imminent, Lu began planting different forms of malicious code.
Some of the malicious code—which Lu named using the Japanese word for destruction, "Hakai," and the Chinese word for lethargy, "HunShui"—created "infinite loops" that deleted coworker profile files, prevented legitimate logins, and caused system crashes, the DOJ said previously.
But the most damaging to Eaton Corp. was code that Lu named after himself, "IsDLEnabledinAD," which the DOJ translated as an abbreviation for "Is Davis Lu enabled in Active Directory."
That "kill switch" was designed to "lock out all users if his credentials in the company’s active directory were disabled," the DOJ said Thursday. And it worked flawlessly, "automatically activated" when Lu "was placed on leave and asked to surrender his laptop" in 2019. It locked out "thousands of company users globally," and no one had a clue what was going on.
Eaton Corp. finally discovered the kill switch while investigating the "infinite loops" that were eventually traced back to a computer using Lu's user ID, a court filing said. That discovery led the company to a server—which only Lu had access to—where all the other malicious code was found.
Ultimately, Eaton Corp. bore substantial costs getting its network back online, Matthew Galeotti, acting assistant attorney general of the Justice Department’s criminal division, said Thursday.
"The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," Galeotti said.
Developer loses fight to avoid prison time
After his conviction, Lu moved to schedule a new trial, asking the court to delay sentencing due to allegedly "surprise" evidence he wasn’t prepared to defend against during the initial trial.
The DOJ opposed the motion for the new trial and the delay in sentencing, arguing that "Lu cannot establish that the interests of justice warrant a new trial" and insisting that evidence introduced at trial was properly disclosed. They further claim that rebuttal evidence that Lu contested was "only introduced to refute Lu’s perjurious testimony and did not preclude Lu from pursuing the defenses he selected."
In the end, the judge denied Lu's motion for a new trial, rejecting Lu's arguments, siding with the DOJ in July, and paving the way for this week's sentencing. Giving up the fight for a new trial, Lu had asked for an 18-month sentence, arguing that a lighter sentence was appropriate since "the life Mr. Lu knew prior to his arrest is over, forever."
"He is now a felon—a label that he will be forced to wear for the rest of his life. His once-promising career is over. As a result of his conduct, his family’s finances have been devastated," Lu's sentencing memo read.
According to the DOJ, Lu will serve "four years in prison and three years of supervised release for writing and deploying malicious code on his then-employer’s network." The DOJ noted that in addition to sabotaging the network, Lu also worked to cover up his crimes, possibly hoping his technical savvy would help him evade consequences.
"However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions," Galeotti said. "The Criminal Division is committed to identifying and prosecuting those who attack US companies whether from within or without, to hold them responsible for their actions."
Peacemaker, Season 2: Lets Talk About That Dead Character's Return