- A software developer sabotaged his employer after being demoted
- Davis Lu created a “kill switch” that would lock out all users
- He was sentenced to four years in jail and additional three years of supervised leave
A disgruntled worker has been sentenced to four years in prison after installing โkill switchโ malware on his employerโs network which was set to trigger if he ever lost network access.
According to a Department of Justice (DoJ) press release, a Chinese national named Davis Lu was working for an unnamed software company between November 2007 and October 2019. In 2018, he was demoted and lost system access, after which he โbegan sabotaging his employerโs systemsโ. By early August 2019, he introduced malware that crashed systems and prevented other users from logging in.
Court documents also revealed he created โinfinite loopsโ that crashed servers, deleted coworker profile files, and ultimately built a โkill switchโ that would lock out all users if his access to Active Directory was revoked. In early September 2019 he was asked to surrender his laptop, after which the kill switch was triggered.
Hundreds of thousands of dollars in damages
Investigators found plenty of incriminating evidence on that laptop, including that on the day he turned his device in – he deleted encrypted data.
An analysis of his search history showed he was looking for ways to escalate privileges, hide processes, and quickly delete files. Finally, the kill switch code was named IsDLEnabledinAD, short for โIs Davis Lu enabled in Active Directoryโ.
A month after the malware ran, Lu was arrested, and later stood trial in front of the jury.
During the trial, it was shown that Luโs employer suffered โhundreds of thousands of dollarsโ in losses, as a direct consequence of his actions. Now, Lu will spend four years in prison, with an additional three years of supervised release.
“The FBI works relentlessly every day to ensure that cyber actors who deploy malicious code and harm American businesses face the consequences of their actions,โ said Assistant Director Brett Leatherman of the FBIโs Cyber Division.
โI am proud of the FBI cyber teamโs work which led to todayโs sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.โ
Via The Register
Leave a Reply