A former software developer has been sentenced to four years in federal prison for orchestrating a malicious cyberattack against his former employer. Davis Lu, 55, deployed custom malware, including a "kill switch," designed to lock out employees and crash systems after his own account was disabled. The attack caused hundreds of thousands of dollars in losses and disrupted operations globally.

Key Takeaways

• Davis Lu, a 55-year-old Chinese national, received a four-year prison sentence and three years of supervised release.

• He was convicted of intentionally damaging protected computers.

• The sabotage involved custom malware, including a "kill switch" tied to his account status.

• The attack caused system crashes, locked out thousands of users, and deleted encrypted data.

• The incident highlights the significant risks posed by insider threats.

The Sabotage Unveiled

Davis Lu, who worked as a software developer for an Ohio-based company, reportedly Eaton Corporation, from 2007 until his termination in 2019, enacted a plan to sabotage the company's systems. Following a corporate realignment in 2018 that reduced his responsibilities and system access, Lu began inserting malicious code into the company's network. This code was designed to cause system crashes and prevent user logins.

The Kill Switch and Its Impact

Among the malicious code Lu deployed was a "kill switch" he named "IsDLEnabledinAD," an abbreviation for "Is Davis Lu enabled in Active Directory." This code was programmed to automatically activate and lock out all users if his credentials in the company's Active Directory were disabled. When Lu was suspended and asked to surrender his laptop on September 9, 2019, his account was disabled, triggering the kill switch. This resulted in thousands of company users worldwide being locked out of their systems.

Lu also created "infinite loops" in Java code, designed to exhaust server resources and cause crashes. He further deleted coworker profile files and encrypted data, attempting to cover his tracks and hinder recovery efforts. His internet search history revealed research into methods for evading detection and blocking data recovery.

Legal Consequences and Broader Implications

Acting Assistant Attorney General Matthew R. Galeotti stated that Lu "breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company." Lu was found guilty by a jury in March 2025 of intentionally damaging protected computers. In addition to his four-year prison sentence, he will serve three years of supervised release. The FBI emphasized the importance of identifying insider threats early and encourages proactive engagement with law enforcement to mitigate such risks.

The case serves as a stark reminder of the vulnerabilities within corporate IT environments and the severe consequences of insider threats. Experts highlight the need for robust internal safeguards, including behavior analytics and stricter offboarding procedures, to prevent similar incidents.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Former developer jailed after deploying kill-switch malware at Ohio firm, Security Affairs.

• Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware, The Hacker News.

• Chinese national gets 4 years in federal prison for sabotaging Eaton Corp. computers, Cleveland.com.

• Dev gets 4 years for creating kill switch on ex-employer's systems, BleepingComputer.

• Ex-Eaton Developer Sentenced to 4 Years for Malware Sabotage, WebProNews.