Texas Man Charged with Hacking: Activates ‘Kill Switch’ on Ex-Employer’s Network, Faces Prison Time
In a significant case highlighting cybersecurity issues, Texas software developer Davis Lu has been convicted of causing intentional damage to his former employer’s network. Facing potential prison time of up to 10 years, this case underscores the serious ramifications of insider threats in the tech industry.
Details of the Conviction
Davis Lu, aged 55, was found guilty after a federal jury determined that he deliberately sabotaged his employer’s systems following a corporate restructuring in 2018. This restructuring reduced Lu’s responsibilities and access to critical systems.
The “Kill Switch” Incident
Prosecutors allege that Lu developed and implemented a malicious “kill switch” designed to lock all company employees out of the network if his credentials were ever deactivated. The code for this kill switch was ominously dubbed “IsDLEnabledinAD,” referencing whether Lu’s account remained active in the company’s Active Directory.
Consequences of the Sabotage
Upon Lu’s departure from the company on September 9, 2019, the kill switch was activated, resulting in widespread disruptions that affected thousands of employees globally. The Justice Department has indicated that Lu’s actions led to losses estimated in the hundreds of thousands of dollars for the organization.
Upcoming Sentencing
The sentencing for Davis Lu is scheduled for June 23, as noted in the court’s docket. This case serves as a critical reminder of the importance of cybersecurity measures and the potential risks posed by insider threats.
For more information on cybersecurity and insider threats, you can visit CISA’s Cybersecurity Resources or explore our internal articles on insider threats in cybersecurity.
