A 55-year-old Houston man, Davis Lu, has been sentenced to four years in prison followed by three years of supervised release for intentionally damaging his former employer’s computer network. Lu, a software developer, was convicted in March 2025 for a malicious scheme that caused hundreds of thousands of dollars in losses for an unnamed Ohio-based company. His actions, which began after his responsibilities were reduced, included deploying custom malware and a “kill switch” designed to cripple the network if his account was ever disabled.
Lu’s sabotage was a deliberate act of retribution. Following a corporate realignment in 2018 that reduced his system access and responsibilities, he began to introduce malicious code into the company’s network around August 2019. This code was designed to trigger system crashes and prevent user logins. According to court documents, he created infinite loops in the source code, repeatedly generating new Java threads without proper termination, which led to server crashes. He also targeted individual users by deleting coworker profile files, escalating the disruption beyond just system-wide issues.
The most damaging component of Lu’s scheme was the “kill switch,” a piece of code he named “IsDLEnabledinAD,” an abbreviation for “Is Davis Lu enabled in Active Directory.” This code was designed to automatically activate if his credentials were ever disabled. The kill switch was triggered on September 9, 2019, when he was placed on leave and asked to surrender his company laptop. The resulting network lockdown impacted thousands of company users globally, a testament to the premeditated and far-reaching nature of his malicious code.
Further evidence of Lu’s intent was found in the names he gave to other parts of his malware. He named one code “Hakai,” a Japanese word for “destruction,” and another “HunShui,” a Chinese word for “sleep” or “lethargy.” On the day he was instructed to return his laptop, Lu also attempted to erase significant data, including encrypted volumes and Linux directories. His internet search history revealed his research into methods for escalating privileges, hiding processes, and deleting files, all pointing to a concerted effort to obstruct any investigation and prevent the company from resolving the issues he created.
This case serves as a stark warning about the dangers of insider threats. As Acting Assistant Attorney General Matthew R. Galeotti noted, Lu “breached his employer’s trust by using his access and technical knowledge to sabotage company networks.” The financial and operational damage caused by his actions underscores the importance of robust cybersecurity measures and the need for companies to identify and mitigate such threats early. The FBI’s Assistant Director Brett Leatherman also highlighted this, emphasizing that despite his technical skills, Lu’s malicious actions did not save him from the legal consequences.
Reference:
