An experienced software engineer has been convicted of carrying out a cyberattack on his ex-employer, resulting in colossal disruptions and monetary losses.
The developer reportedly deployed malware for the cyberattack in a unique scheme that works like a kill switch.
Software Engineer Sabotages Employer’s Systems
Kill Switch: Fired Software Engineer Goes Rogue, Cripples Employer’s Network
Jaye Haych/Unsplash
According to The Register, the Cleveland federal jury has convicted Davis Lu, a 55-year-old Houston, Texas-based senior software engineer, of knowingly destroying protected computer systems. Lu, who was an employee at Eaton Corporation between November 2007 and October 2019, now risks spending up to 10 years behind bars.
Lu’s collapse started in 2019 when a corporate restructuring demoted him, stripping him of job duties and server privileges. This seeming grievance provided the background for a sophisticated cyberattack on his employer.
Read more:
Beware Windows Users: Hackers Spread Lumma Stealer Malware Through Fake Human Verification Pages
Malware Attack Cripples Operations
Lu carried out a highly advanced malware attack on Eaton Corporation’s production systems on 9 August 2019. Prosecutors confirmed that he created a Java program that would produce an endless loop of non-cancelable threads, consuming resources until the system went down. This effectively shut down employees from accessing their accounts and interfered with business activities.
Agents learned that Lu’s user account had run the malicious code on a production server based in Kentucky. Interestingly, he was the lone member of his team who possessed access rights to the infected development machine.
The ‘Kill Switch’—A Devastating Blow
In a deliberate action, Lu also had a kill switch—aptly named “IsDLEnabledinAD” and a nod to his own name—that was activated if his credentials were ever revoked. When he was officially fired on September 9, 2019, this kill switch engaged, locking out tens of thousands of employees around the globe and resulting in widespread financial losses.
More probes revealed that Lu had also authored code intended to corrupt users’ files. He had cleverly labeled some of his malicious programs “Hakai” (meaning ‘destruction’ in Japanese) and “HunShui” (meaning ‘sleep’ in Chinese), solidifying his intention to destroy the company.
Evidence of Intent: A Digital Trail of Destruction
Officials tracked Lu’s web search history and discovered several related to privilege escalation, data erasure, and process hiding—meaning he had planned his attack. Additionally, when he returned his company laptop, forensic analysis revealed he had tried to erase encrypted files, wipe Linux OS directories, and delete two important code projects.
On October 7, 2019, Lu admitted to federal authorities that he was guilty of the system failures at Eaton Corporation. He later changed his mind and pleaded not guilty in court, but one that did not ultimately persuade the jury.
The Eaton Corporation cyberattack might be a wake-up call for companies to improve their cybersecurity systems, particularly when handling employee terminations. Organizations must implement robust monitoring, limit access privileges, and quickly revoke credentials to mitigate such risks.
Related Article:
YouTube Scam: Fake YT Emails Deceive Users into Downloading Malware—How to Protect Yourself