A coder is facing 10 years in jail after creating a ‘kill switch’ that activated when he was fired from his job.
The 55-year-old man has been found guilty of ‘causing intentional damage to protected computers’ after he sabotaged his employer’s network.
The ‘kill switch’ was designed to shut down everything in the event that he lost his job.
Advert
And the Texan man activated it when he was fired from Eaton Corp in 2019.
Now, Davis Lu is facing up to 10 years in prison for the crime which impacted thousands of company users as well as causing ‘hundreds of thousands of dollars in losses’.
The court heard how Lu created ‘infinite loops’ to delete staff members’ files as well as create system crashes and prevent workers from logging in.
He named the kill switch ‘IsDLEnabledinAD’, which stood for ‘Is Davis Lu enabled in Active Directory’.
When Lu lost his job on September 9, 2019, the system was automatically activated.
The scorned former employee was uncovered as the culprit when a team of software engineers who were trying to solve the crashes found Lu’s code.
Further investigation led to them discovering that the code had been executed from a computer with Lu’s ID.
In the court filing, it details how Lu was requested to hand in his company computer but not before he ‘deleted encrypted volumes, attempted to delete the Linux directories, and attempted to delete two projects’.
When the computer was examined, it revealed that Lu had searched the internet ‘querying how to escalate privileges, hide processes, and delete large folders and/or files’.
Just under a month after his termination from the company, on October 7, 2019, Lu admitted to investigators that he had ‘created the code described’.
Following his conviction, Lu’s attorney, Ian Friedman said: “Although disappointed, we respect the jury’s verdict. Davis and his supporters believe in his innocence and this matter will be reviewed at the appellate level.”
Friedman added that Lu intends to appeal the ruling.
FBI Special Agent Greg Nelsen said: “Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide.”
A date has not yet been set for Lu’s sentencing, in which he could face up to a maximum of 10 years in prison for the crimes against his former employer.