Chinese National Sentenced to 4 Years for ‘Kill Switch’ Computer Code on Employer’s Network

Udumbara Udumbara
Aug 23, 2025 - 09:57 Updated: Aug 23, 2025 - 03:40
0
Chinese National Sentenced to 4 Years for ‘Kill Switch’ Computer Code on Employer’s Network

.

A federal judge in Ohio sentenced a Chinese national to four years in prison on Aug. 21 for sabotaging his former employer’s network with malicious computer code, according to the Department of Justice (DOJ).

Davis Lu, 55, a legal resident in Houston, was convicted by a Cleveland jury of causing intentional damage to protected computers in March. According to a sentencing memorandum filed by prosecutors in early August, the victim is the Ohio-based power management company Eaton Corp., where Lu worked as a computer programmer between 2007 and 2019.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” Matthew Galeotti, acting assistant attorney general in the DOJ’s criminal division, said in a statement on Aug. 21 following Lu’s sentencing.

“However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions. The Criminal Division is committed to identifying and prosecuting those who attack U.S. companies, whether from within or without, to hold them responsible for their actions.”

The DOJ, citing court documents and evidence presented at trial, said Lu began his scheme to sabotage his employer in 2018, following a “corporate realignment that reduced his responsibilities and system access.”

In June 2019, Lu’s role at the company changed from “platform architect” to programmer after his employer removed his responsibility for deploying code to production servers and restricted his access to development servers only, according to the sentencing memorandum.

On Aug. 4, 2019, Lu planted malicious Java code on his employer’s network that caused “infinite loops,” leading to system crashes or causing systems to become unresponsive, according to prosecutors. He also deleted coworker profile files.

In addition, Lu planted a “kill switch” designed to lock out all users of the network, should his employer decide to disable his credentials from the company’s active directory, the DOJ said.

It said the “kill switch” was named “IsDLEnabledinAD,” an abbreviation of “Is Davis Lu enabled in Active Director,” which “automatically activated” when Lu was “placed on leave and asked to surrender his laptop” on Sep. 9, 2019.

Lu’s “kill switch” disrupted “thousands of company users globally,” the DOJ said.

Investigators looked into Lu’s internet search history and discovered that the defendant “had researched methods to escalate privileges, hide processes, and rapidly delete files, indicating an intent to obstruct the efforts of his co-workers to resolve the system disruptions,” according to the DOJ.

In the sentencing memorandum, prosecutors said Lu’s malicious code “was highly sophisticated,” made possible by his “unique position of trust within Eaton’s network.”

“Following the internal investigation, Eaton reported that the company sustained a loss of $365,838.00 due to Lu’s malicious code,” according to prosecutors.

“The loss amount was determined based on the total number of employee work hours that were interrupted by the server crash on August 4, 2019, and the hours spent on tracking down and removing the malicious code from the system, which took over a year to complete.”

Brett Leatherman, assistant director of the FBI’s cyber division, said in a statement that Lu’s sentencing should send a “strong message to others who may consider engaging in similar unlawful activities.”

“This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.”

.

Read More