A Texas resident has been found guilty of constructing and deploying malware aimed at disrupting his former employer’s computer systems. Davis Lu, 55, of Houston, who served as a software developer for the company for 12 years, began his campaign of sabotage in 2018, following a corporate restructuring that limited his system access.
According to evidence presented during the trial, Lu, by August 2019, had introduced code into the company’s systems that triggered crashes. This was achieved by overwhelming system resources through the creation of numerous threads without proper termination, leading to infinite loops.
Additionally, Lu deployed malicious code designed to delete employee profile files and implemented a “kill switch” that prevented all user logins once his credentials were deactivated in the company’s Active Directory.
his code, named “IsDLEnabledinAD,” an abbreviation for “Is Davis Lu enabled in Active Directory,” was activated on September 9, 2019, upon Lu’s termination, impacting thousands of users globally.
Lu deleted encrypted data from his company-provided laptop when instructed to return it. Court documents also revealed that Lu had conducted internet searches for methods to “escalate privileges, hide processes, and rapidly delete files,” indicating his intent to obstruct co-workers from resolving system disruptions.
Lu’s actions resulted in substantial financial losses for the affected company, estimated in the hundreds of thousands of dollars. He was convicted of intentional computer damage and now faces up to 10 years in prison. A sentencing date has yet to be determined.
The affected organization, while not explicitly named by the Department of Justice, has been identified as the power management giant, Eaton Corporation.
