Texas developer convicted for planting malicious 'kill switch' on employer's system
A federal jury in Cleveland has found a Texas software developer guilty of intentionally damaging his former employer's computer systems, including the implementation of a "kill switch" designed to activate upon his termination. Davis Lu, 55, of Houston, faces up to 10 years in prison for his actions, which caused hundreds of thousands of dollars in losses.
The scheme
Lu, who worked as a software developer for a Beachwood, Ohio-based company from 2007 to 2019, began sabotaging the company's network following a 2018 corporate realignment that reduced his responsibilities.
According to court documents and trial evidence, Lu introduced malicious code that led to system crashes and user login failures. Specifically, he deployed "infinite loops" designed to overload the system, deleted coworker profile files, and implemented a "kill switch."
This kill switch, aptly named "IsDLEnabledinAD" (short for "Is Davis Lu enabled in Active Directory"), was programmed to lock out all users if his company credentials were disabled. True to his intent, the kill switch activated upon his termination on September 9, 2019, impacting thousands of users globally.
Other malicious code deployed by Lu had ominous names like “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese for “sleep” or “lethargy”), further indicating his intent to disrupt operations. His internet search history also revealed he had researched ways to escalate privileges, hide processes, and rapidly delete files—suggesting a calculated effort to cover his tracks and hinder his employer’s recovery efforts.
This case is a perfect example of insider attacks, where individuals with authorized access exploit their privileges to cause harm. While companies invest heavily in external cybersecurity defenses, insider attacks remain one of the hardest threats to prevent and detect.
Hopefully, businesses can take it as a lesson to implement stricter access controls, continuous monitoring, and to factor in insider attacks when developing incident response plans.
What happens next to the developer?
Lu's sentencing date has not yet been set. A federal district court judge will determine his sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
