An American software developer is facing 10 years in prison after being found guilty of inserting a “kill switch” that wreaked havoc on his company’s systems after he was fired.

A Cleveland federal jury earlier this month found Davis Lu, a 55-year-old man from Texas, guilty of writing and deploying malicious code on his former employer’s network which was said to have caused hundreds of thousands of dollars in losses.

He was found to have “sabotaged” the systems of his employer and to have implemented a ‘kill switch’ in its code which went off when he was fired, locking other employees out and deleting their files.

Lu worked as a software developer at US multinational power management company Eaton Corp from November 2007 to October 2019, a US Department of Justice Office of Public Affairs statement said.

Sabotaging from the inside

The court heard that a company restructure in 2018 saw a reduction in Lu’s responsibilities and his system access, which led him to begin “sabotaging his employer’s systems”.

By August 2019, Lu had inserted malicious code into the company’s systems that caused crashes and blocked other employees from logging in.

He also deployed “infinite loops”, a form of code aiming to exhaust Java threads through the repeated creation of new threads without proper termination, leading to server crashes, and deleted the profiles of some of his coworkers.

Fearing that he was going to be let go from the job, Lu also created a ‘kill switch’ that would lock all employees out of his own credentials if the company’s active directory was disabled, in the event of him being fired.

This code was named “IsDLEnabledinAD”, or “Is Davis Lu enabled in Active Directory”, and was automatically activated when Lu was fired from the company on 9 September 2019, impacting thousands of Eaton Corp employees around the world.

Other malicious code implemented by Lu included one named “Hakai”, a Japanese word meaning “destruction”, and “HunShui”, a Chinese word meaning “sleep” or “lethargy”.

When Lu was ordered to return his work laptop after he was being fired, he deleted encrypted data on it, and his internet search history revealed he had researched ways to escalate privileges, hide processes and rapidly delete files.

The court found that showed an “intent to obstruct efforts of his coworkers to resolve the system disruptions”.

Rogue employees

The jury found Lu guilty of causing intentional damage to protected computers, which comes with a maximum prison sentence of 10 years.

He will be sentenced at a later date.

It’s not the first time a frustrated ex-employee has gone rogue against his former workplace.

Last year a fired tech worker was jailed for deleting servers at his old company and allegedly causing $1 million in damages.

The IT worker was sentenced to two years and eight months’ jail by a Singapore court after remotely deleting about 180 of his former employer’s virtual servers.

The man was reportedly fired by tech firm NCS in October 2022 due to poor performance, leaving him “upset and confused”.

After this, he was found to have gained unauthorised access to the testing system by using administrator login details, and eventually deleted the virtual servers of the team he had worked in.

In 2021 a National Australia Bank IT worker was fired for making an “unauthorised upload” that led to a data breach impacting 13,000 customers.

Customer names, date of birth, contact information and government-issued ID numbers were allegedly uploaded to two third-party data companies by the employee, causing the bank to pay nearly $687,000 to cover the cost of fraud detection and re-issued IDs.