- A software developer sabotaged his employer after being closed down
- Davis Lu created a “kill contact” that would unlock all users
- He was sentenced to four years in prison and another three years of monitored leave
An unhappy worker has been sentenced to four years in prison after installing “Kill Switch” malware on his employer’s network, which should trigger if he has ever lost network access.
According to a press release from the Department of Justice (DOJ), a Chinese national named Davis Lu worked for a named software business between November 2007 and October 2019. In 2018 he was discontinued and lost system access, after which he “began sabotaging his employers’ systems”. In early August 2019, he introduced malware that crashed systems and prevented other users from logging in.
The court’s documents also revealed that he created “endless loops” that crashed servers, deleted college profiles and eventually built a “Kill Switch” that would unlock all users if his access to Active Directory was recalled. At the beginning of September 2019, he was asked to surrender his laptop, after which Kill Switch was triggered.
Hundreds of thousands of dollars in replacement
Investigators found lots of criminal evidence of the laptop, including what he turned his device in – he deleted encrypted data.
An analysis of his search history showed that he was looking for ways to escalate privileges, hide processes and quickly delete files. Finally, the Kill Switch code was named IsoDlenablerinad, an abbreviation for “Is Davis Lu activated in Active Directory”.
One month after Malware ran, Lu was arrested and later stood trial in front of the jury.
During the trial, it was shown that LU’s employer suffered “hundreds of thousands of dollars” in losses, as a direct consequence of his actions. Now LU spends four years in prison with another three years of monitored release.
“The FBI works relentlessly every day to make sure cyber actors implementing malicious code and injuring US companies face the consequences of their actions,” said Assistant Director Brett Leatherman of FBI’s Cyber Division.
“I am proud of the FBI Cyber Team’s work, which led to today’s criminal shower and hope it sends a strong message to others who may consider participating in similar illegal activities. This case also emphasizes the importance of identifying insider threats early and highlighting the need for proactive engagement with your local FBI field office to mitigate risks and prevent further damage.
Via Registered
