Introduction to a Bitter Departure

We have all, at some point, fantasized about making a dramatic exit from our jobs, whether by choice or due to termination. A 55-year-old man from Texas allegedly took this fantasy to a new level by creating an automated system that crashed his company’s networks and locked out user accounts when he was fired. Although this act might have been satisfying, it has landed him in serious trouble, facing up to 10 years in prison, according to the Department of Justice, for sabotaging his employer’s computer systems.

The Background

Davis Lu, a resident of Houston, Texas, began working for a company based in Beachwood, Ohio, in November 2007. The company, identified by local reports as Eaton Corporation, a power management company, underwent a corporate realignment in 2018. This restructuring downsized Lu’s role, reducing his responsibilities and system access. Following this, Lu utilized his spare time to devise a system of sabotage. This included planting malware that could delete coworker profile files, block login attempts, and crash the company’s systems. He also developed a kill switch designed to lock out all users if activated.

The Sabotage Unfolds

The kill switch, named "IsDLEnabledinAD," was programmed to check if Lu’s! account was still enabled in the company’s Active Directory. If it was, the system would function normally. However, the day Lu’s account was removed from active status, which occurred on September 9, 2019, the kill switch was triggered. According to the Department of Justice, Lu’s code affected thousands of company users worldwide. In court, Eaton Corporation claimed that Lu’s actions resulted in hundreds of thousands of dollars in losses. Conversely, Lu’s defense team argued that the actual damages were approximately $5,000.

Investigation and Aftermath

Fortunately for the investigators, it did not! take long to trace the attack back to Lu. They discovered that the malicious code was being executed from a software developer server that Lu had access to, and it was running on a computer using Lu’s user ID. Additionally, Lu had deleted encrypted files from his company-issued laptop on the day he returned it, and his internet history included searches on how to escalate privileges, hide processes, and rapidly delete files.

Conclusion and Sentencing

FBI Special Agent in Charge Greg Nelsen stated, "Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide." Lu faces up to 10 years in prison for causing intentional damage to protected computers. Despite this, he plans to appeal the court’s ruling. This case serves as a cautionary tale about the consequences of using one’s skills for harmful purposes, especially in the context of employment and cybersecurity.