Developer faces decade in prison for installing kill switch in former employer's network

[midian182]

WTF?! It's tempting to consider getting revenge on a company for firing you. Creating a kill switch that crashes systems and locks thousands of employees out of their accounts, for example, might sound like sweet justice, but a developer who implemented this plan has been convicted of criminal sabotage and faces up to a decade in prison.

In November 2007, Houston resident Davis Lu started working for power management company Eaton Corporation. His work life went well until 2018, when a company-wide corporate realignment saw his role downsized. The change included his responsibilities being reduced and his access to the firm's computer systems limited.

Based on the DoJ's account, this spooked Lu into worrying that the company could eventually let him go. So, he decided to install malware onto the firm's systems that would activate if he were ever fired.

The code he added created infinite loops (code designed to exhaust Java threads by repeatedly creating new threads without proper termination and resulting in server crashes or hangs), deleted coworker profile files, and implemented a "kill switch" that would lock out all users if his credentials in the company's active directory were disabled.

The kill switch code he added was named "IsDLEnabledinAD," an abbreviation for "Is Davis Lu enabled in Active Directory." As the name suggests, it checked that Lu's account was enabled in the company's Active Directory. If it was, nothing happened.

On September 9, 2019, Lu's employment was terminated, setting off the kill switch he had created for such an event. Cleveland.com reports that it caused the company hundreds of thousands of dollars in losses and impacted thousands of users globally – Eaton's global headquarters are in Dublin, Ireland. Lu's defense attorneys argued that the incident cost the company less than $5,000.

Lu also encrypted the data on his company-issued laptop the day he was instructed to turn off the device and return it. His internet search history revealed he had researched methods to escalate privileges, hide processes, and rapidly delete files. Prosecutors say that after he was fired, Lu also tried to find ways of stopping his co-workers from fixing the issues he caused.

Lu was charged by federal prosecutors in 2021. Following a six-day trial, he was found guilty of one count of causing intentional damage to protected computers, a charge that carries a maximum of 10 years in prison. A sentencing date has not been set.

"Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide," said FBI Special Agent in Charge Greg Nelsen.

Permalink to story:

Developer faces decade in prison for installing kill switch in former employer's network

 

[candle86]

Some people just don't figure it out Don't sabotage the companies computer sabotage your own tools sure but never sabotage the network.

I've created automation scripts for deploying computers as the windows system admin on first of all coming over for I plugged in and kill switch to my script but it required you to go in and notice innocuous whenever check that match the exact version number of Windows that was being deployed so soon as they upgraded to us like their version of Windows 10 it stopped working then they're going to use my script anymore The check wasn't mandatory I put it in there anyway but I also didn't document how it worked because I wrote it to make my job easier not there's what I left I didn't delete it I just didn't tell them how to maintain it. I figured they could do their own work and when they call to ask me how to fix it I told them I don't work for you anymore That's how you sabotage legally.

 

[Plutoisaplanet]

Some people just don't figure it out Don't sabotage the companies computer sabotage your own tools sure but never sabotage the network.

I've created automation scripts for deploying computers as the windows system admin on first of all coming over for I plugged in and kill switch to my script but it required you to go in and notice innocuous whenever check that match the exact version number of Windows that was being deployed so soon as they upgraded to us like their version of Windows 10 it stopped working then they're going to use my script anymore The check wasn't mandatory I put it in there anyway but I also didn't document how it worked because I wrote it to make my job easier not there's what I left I didn't delete it I just didn't tell them how to maintain it. I figured they could do their own work and when they call to ask me how to fix it I told them I don't work for you anymore That's how you sabotage legally.

With communication skills like these, they probably won't even contact you to fix it. Someone will just figure it out themselves.

 

[scavengerspc]

I figured they could do their own work and when they call to ask me how to fix it I told them I don't work for you anymore That's how you sabotage legally.

But that would be the act of a coward, completely lacking in even the basics
of strength and decency.

Following a six-day trial, he was found guilty of one count of causing intentional damage to protected computers, a charge that carries a maximum of 10 years in prison.

Once again proof of a completely feckless justice system.

 

[Deathdealers747]

Honestly, the way I see it there's 2 ways to go about this better:

1) Place yourself into a position where you're so important to the company that they can't logically let you go.

or

2) Place yourself into a position where you can easily quit every 1-2 years, move onto another employer, raise your rate, and keep climbing the pay ladder, while not climbing the responsibility ladder.

 

[unoficialoficial]

Perhaps he wasn't renting his services but rather licensing his work. Once the subscription ended, he was required to uninstall his work. It’s a common practice

 

[bviktor]

What an *****.

 

[Theinsanegamer]

What a stupid man. Building an intentional killswitch, did ya think they would just ignore it?

The RIGHT way to do it is to simply be indispensable for getting work done, then once they let you go, and they realize they have no idea how things work, you ow have all the power. That will be $350/hr please.

I fyou build a killswitch, that's a crime. If YOU are the killswitch, you get to rob them blind.

Honestly, the way I see it there's 2 ways to go about this better:

1) Place yourself into a position where you're so important to the company that they can't logically let you go.

or

2) Place yourself into a position where you can easily quit every 1-2 years, move onto another employer, raise your rate, and keep climbing the pay ladder, while not climbing the responsibility ladder.

Being irreplaceable means being unpromotable.

Unless you're getting a fat check, always go with option 2. "corporate loyalty" is a lie left over from the 60s. You do not matter, you are a replaceable cog.

 

[Ashford]

Before I got to the comments, I said to myself, "How many people are going to propose the "right" way to build a kill switch?"

Not disappointed

 

[Che Cazzo]

"His internet search history revealed...."

Seriously??? He is a double idi0t!

 

[candle86]

With communication skills like these, they probably won't even contact you to fix it. Someone will just figure it out themselves.

No I use voice to text most of the time because it's simpler, blame the AI.

As far as fixing it no I have a friend that stayed working there for another year and a half they had to start over, couldn't follow my script, couldn't make sense of it they were upset it wasn't documented. fun fact my job wasn't to right scripts my job was to image computers and my job description did not require me to write tools that made my job easier that was a choice I made. so since it was my own tool that I wrote for myself I chose not to document it because I knew what it did and that was their problem when they let me go.

 

[Karlos95]

No I use voice to text most of the time because it's simpler, blame the AI.

As far as fixing it no I have a friend that stayed working there for another year and a half they had to start over, couldn't follow my script, couldn't make sense of it they were upset it wasn't documented. fun fact my job wasn't to right scripts my job was to image computers and my job description did not require me to write tools that made my job easier that was a choice I made. so since it was my own tool that I wrote for myself I chose not to document it because I knew what it did and that was their problem when they let me go.

Wait, so your job was to do the most simplistic task an IT tech could do? You realise imaging devices is very simple right? You think they lost sleep over that? LMAO

 

[subnex]

I would love if the justice system works similarly when the situation is reversed and the business is screwing over their employees. Would the ceo/managers also receive a jail sentence of up to 10 years?

 

[amghwk]

Well, he ALMOST did it...he must have missed one of his cover-up steps somehwere....

If he was wrongly fired, that would have been the sweetest revenge.

 

[candle86]

Wait, so your job was to do the most simplistic task an IT tech could do? You realise imaging devices is very simple right? You think they lost sleep over that? LMAO

Imaging yes, deploying all software packages afterwards while querying a database to see what software to install because the company is to cheap to pay for a real solution so previously a reimage was a manual 6 hour process I automated into 2 and half hours it becomes a little more complicated.

 

[Zsoltblabla]

I am always amazed to see how much in America people live for their jobs. Loosing a job is considered a terrible thing. What a sad state of affairs.
You only have one life. No matter how high you climb on that corporate ladder - guess what after you’re dead no one cares!
All you have achieved is that you made the shareholders and CEO’s richer. Its completely stupid
Yes, we all must work, but work clever so that you can live. Not live to work! Thats a wasted lie.

 

[candle86]

I am always amazed to see how much in America people live for their jobs. Loosing a job is considered a terrible thing. What a sad state of affairs.
You only have one life. No matter how high you climb on that corporate ladder - guess what after you’re dead no one cares!
All you have achieved is that you made the shareholders and CEO’s richer. Its completely stupid
Yes, we all must work, but work clever so that you can live. Not live to work! Thats a wasted lie.

some of us genuinely love our "work" I havn't worked in 16 years, I get to go into an office, and play with other peoples computer systems, learn new stuff and just have a blast every day, I hanv't worked since I got into IT

 

[opckieran]

Some people just don't figure it out Don't sabotage the companies computer sabotage your own tools sure but never sabotage the network.

I've created automation scripts for deploying computers as the windows system admin on first of all coming over for I plugged in and kill switch to my script but it required you to go in and notice innocuous whenever check that match the exact version number of Windows that was being deployed so soon as they upgraded to us like their version of Windows 10 it stopped working then they're going to use my script anymore The check wasn't mandatory I put it in there anyway but I also didn't document how it worked because I wrote it to make my job easier not there's what I left I didn't delete it I just didn't tell them how to maintain it. I figured they could do their own work and when they call to ask me how to fix it I told them I don't work for you anymore That's how you sabotage legally.

TL;DR
Take your scripts with you if they fire you.

 

[lonetac]

No I use voice to text most of the time because it's simpler, blame the AI.

As far as fixing it no I have a friend that stayed working there for another year and a half they had to start over, couldn't follow my script, couldn't make sense of it they were upset it wasn't documented. fun fact my job wasn't to right scripts my job was to image computers and my job description did not require me to write tools that made my job easier that was a choice I made. so since it was my own tool that I wrote for myself I chose not to document it because I knew what it did and that was their problem when they let me go.

Technically speaking, anything you create while being paid on the job is owned by the organization.

Whatever you do while on the clock is the property of the company paying you.

I am no lawyer but I do know about this clause. There could possibly be repercussions to be had here if they discovered this and can prove you willfully did it on company time.

 

[toooooot]

It is hard to believe that adult people can behave this way.
Perhaps, many people never grow up.
And adult would know how this would end.
And for one of this *****, millions of innocent
people are treated like sh*t exactly because the employes
are afraid something like this happens to their systems.

 

[Plutoisaplanet]

Technically speaking, anything you create while being paid on the job is owned by the organization.

Whatever you do while on the clock is the property of the company paying you.

I am no lawyer but I do know about this clause. There could possibly be repercussions to be had here if they discovered this and can prove you willfully did it on company time.

Especially since he openly admits it

No I use voice to text most of the time because it's simpler, blame the AI.

As far as fixing it no I have a friend that stayed working there for another year and a half they had to start over, couldn't follow my script, couldn't make sense of it they were upset it wasn't documented. fun fact my job wasn't to right scripts my job was to image computers and my job description did not require me to write tools that made my job easier that was a choice I made. so since it was my own tool that I wrote for myself I chose not to document it because I knew what it did and that was their problem when they let me go.

The AI says to check its work before using it so I blame you. 20 people liked my post and only 5 people liked yours, so 80% of people stopped reading your post halfway through and couldn't understand it. It once again reinforces my original point. It didn't generate proper grammar but you decided to hit post anyways

Also, it sounds like your poor communication skills apply to your coding as well! I hate reading code from trash programmers. I never wonder why they are no longer employed here, I'm just glad that they aren't.

 

[Karlos95]

Imaging yes, deploying all software packages afterwards while querying a database to see what software to install because the company is to cheap to pay for a real solution so previously a reimage was a manual 6 hour process I automated into 2 and half hours it becomes a little more complicated.

Easily replaced by InTune

 

[candle86]

Easily replaced by InTune

You're right and I wish they would have been willing to use in town but they weren't there's a whole reason I had to do scripting to do the whole thing these are the same people that had the desktop guys going by trays of processors from eBay to replace a Pentium dual cores in the 6-year-old computers with used I-5s because they didn't have the budget for new machines.


You want to get to the nitty gritty on our only window server of the three total servers we had and they weren't willing to pay for more so even though it's not something I would normally recommend doing I did do it with our active directory controller because I didn't have a choice I installed wds, My script was integrated at that point is part of the installer process and we'll go out and check the database for the serial number which appeared using WMIC commands naturally and compared serial number versus what I had in the database so it could also name itself back to the original name once it was done it would also know which software to load onto the computer. Everything works fine until they replaced my install.wim with the new version of Windows 10 when I stop working there we had just moved to 1803 when I got laid off so the second day upgraded to 1809 the whole thing would break, and it did and they didn't know how to fix it.

Now here's the moral Don't get your five man IT department to come to the headquarters building we work at two different locations both spread apart about 30 miles but they got all of us together at the headquarters location because we had just completed a move to a new headquarters and they wanted to congratulate us and recognize the hard work the IT department did.


When HR walked in they walked in with two armed security guards and handed each of us a notice that we had been laid off with no severance pay some of us had been there for only a year two of the guys had been there for 12, and we're part of the original startup crew when the company was founded. They laid me the window systems admin off, both desktop guys are Mobil guy in the VP that oversaw IT were all laid off together in the same room The one guy they kept the guy said was a friend of mine he was a network administrator and the MSP had told them that they needed him to stay because they needed a guy on site apparently he said working for them but the MSP they brought in only came in once a week and if a computer went down you shipped it to them so I have no sympathy for what they went through and if they had taken me to court I'm almost positive the VP and IT would have come to bat for me and said no he did what I wanted him to do it's better that way he had my back 100%

 

[candle86]

Especially since he openly admits it

The AI says to check its work before using it so I blame you. 20 people liked my post and only 5 people liked yours, so 80% of people stopped reading your post halfway through and couldn't understand it. It once again reinforces my original point. It didn't generate proper grammar but you decided to hit post anyways

Also, it sounds like your poor communication skills apply to your coding as well! I hate reading code from trash programmers. I never wonder why they are no longer employed here, I'm just glad that they aren't.

My job wasn't the program My job was to manage the group policy for the network, take care of the MVM software and manage imaging all of the computers when they need it to be reimaged and no point was my job to quote unquote code I wrote my script to make my deployment process easier but it was not my job it was something I did to make my life more convenient, The funny part was when they decided to lay me off as well as everybody else in the IT department all five of us they brought in an MSP which I'm guessing was doing it cheaper than we were and I got called to help them figure out my tool, because they just assumed that it was going to keep working for them and their MSP couldn't make it work and as I said before I was doing this because this company was super cheap. Now as far as programmers go with us what you are good job what programmers don't work in my area and I really wish it's not prefer to you people as IT because you're not.

 

[IksPiks]

There are a million ways he could have made this completely anonymous. Instead, hi did a check on his own name, with a code probably signed with his user-name... What a genius.