Adapted by:
Rubén Andrés
WriterWriter at Xataka. I've been working remotely for more than a decade and I'm a strong advocate of technology as a way to improve our lives. Full-time addict of black, sugar-free coffee.
Alba Mora
WriterAn established tech journalist, I entered the world of consumer tech by chance in 2018. In my writing and translating career, I've also covered a diverse range of topics, including entertainment, travel, science, and the economy.
After 11 years working as a software developer at a Texas company, a man received a letter informing him that his responsibilities and access to the company’s systems would be reduced due to a personnel restructuring. A year later, he was laid off.
However, the employee had time to prepare his revenge against his former company. He created a time-delayed sabotage software designed to cause serious damage to the company’s servers.
A digital time bomb. According to the Department of Justice, Davis Lu, a 55-year-old former employee of multinational energy company Eaton Corporation, inserted malicious code into the company’s system. This code was programmed to activate as soon as his access credentials were deactivated. In other words, the malware that would cause the sabotage would only be triggered once the employee was officially fired.
The primary purpose of Lu’s kill switch was to create infinite loops that would paralyze the Java systems when the company’s workers attempted to log into the server. Specifically, the kill switch signed off sessions and deleted files from his former colleagues’ user profiles.
The code. According to the DOJ, the malware became a key piece of evidence during the trial. Lu referred to it as “IsDLEnabledinAD,” which stands for “Is Davis Lu enabled in Active Directory.” If the answer was “no,” indicating that Lu had been terminated, it triggered two pieces of code that spread chaos among users attempting to log into their accounts. One code was named “Hakai,” the Japanese word for “destruction,” and the other was “HunShui,” the Chinese word for “sleep” or “lethargy.”
Substantial economic damage. Lu’s act of revenge severely impacted the company, preventing employees from accessing their data. It also resulted in the loss of hundreds of work files linked to their profiles. When Lu’s former IT colleagues tried to disable the malware, they found that the software wreaking havoc on their systems was running from a computer and a server that only Lu had access to.
During the trial, FBI agents investigating the case estimated the damage caused to the company at hundreds of thousands of dollars.
Exemplary punishment. After his arrest, Lu faced criminal sabotage charges for intentionally damaging protected servers. Eaton Corporation accused him of disrupting its global operations, blocking the profiles of thousands of users, and causing substantial financial losses.
Although Lu’s defense team attempted to downplay the financial impact of the attack, the DOJ sought a harsh sentence. In the end, the court sentenced him to 10 years in prison, though he plans to appeal.
Image | Árpád Czapp
Log in to leave a comment