Developer jailed for taking down employer's network with kill switch malware
(2025/08/22)
- Reference: 1755822430
- News link: https://www.theregister.co.uk/2025/08/22/worlds_dumbest_it_admin_gets/
- Source link:
A US court sentenced a former developer at power management biz Eaton to four years in prison after he installed malware on the company’s servers.
Davis Lu, 55, spent a dozen years at Eaton and rose to become a senior developer of emerging technology, before the company demoted him after restructuring. Lu unwisely responded to that setback by [1]installing a "kill switch" that would activate if the company revoked his network access.
The package was a Java program that generated increasing numbers of non-terminating threads in an infinite loop that would eventually use enough resources to crash the server.
[2]
"The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a US company," said acting assistant Attorney General Matthew Galeotti of the Justice Department’s Criminal Division in an email. "However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions."
[3]
[4]
Not that he had much technical savvy. Lu labeled his malware IsDLEnabledinAD , for "Is Davis Lu enabled in Active Directory." Furthermore, after developing the software he uploaded it using his corporate credentials – hardly clean OPSEC, to [5]quote the US Defense Secretary.
Eaton terminated Lu’s position on September 9, 2019, and cut off his network access, which caused the Java program to fire up, overloading the network, preventing login access for thousands of Eaton's global staff, and deleting some corporate data.
[6]
But when it came time for Lu to turn in his corporate laptop, it turned out he'd been using it to execute his plan. His search history showed he'd been looking up how to delete data, escalate privileges, and conceal process trails. He also deleted a large chunk of encrypted data.
[7]Ex-school IT admin binned student, staff accounts and trashed phone system
[8]Holy smokes! Ex-IT admin gets two years prison for trashing Army chaplains' servers
[9]US military battling cyber threats from within and without
[10]The choice: Pay BT megabucks, or do something a bit illegal. OK, that's no choice
Less than a month after his malware ran, federal agents arrested Lu. He admitted to his crime but still opted for a jury trial. That didn't work out so well for him, and a federal jury in Cleveland found him [11]guilty of intentionally damaging a protected computer. On Thursday he received a four-year sentence and an additional three years of supervised release.
"I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities," said assistant director Brett Leatherman of the FBI’s Cyber Division. "This case also underscores the importance of identifying insider threats early."
As The Register has pointed out time and time again, insiders can cause the most damage with ease. All the fancy firewalls, AI tools, and malware monitoring services won't protect you if the person running them goes rogue.
Eaton had no comment on the sentence. ®
Get our [12]Tech Resources
[1] https://www.theregister.com/2025/03/08/developer_server_kill_switch/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/03/26/signal_calls_congress/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2023/12/01/it_admin_guilty/
[8] https://www.theregister.com/2019/09/30/army_chaplain_admin_jailed/
[9] https://www.theregister.com/2023/08/01/us_military_cybersecurity/
[10] https://www.theregister.com/2023/07/28/on_call/
[11] https://www.justice.gov/opa/pr/texas-man-convicted-sabotaging-his-employers-computer-systems-and-deleting-data
[12] https://whitepapers.theregister.com/
Davis Lu, 55, spent a dozen years at Eaton and rose to become a senior developer of emerging technology, before the company demoted him after restructuring. Lu unwisely responded to that setback by [1]installing a "kill switch" that would activate if the company revoked his network access.
The package was a Java program that generated increasing numbers of non-terminating threads in an infinite loop that would eventually use enough resources to crash the server.
[2]
"The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a US company," said acting assistant Attorney General Matthew Galeotti of the Justice Department’s Criminal Division in an email. "However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions."
[3]
[4]
Not that he had much technical savvy. Lu labeled his malware IsDLEnabledinAD , for "Is Davis Lu enabled in Active Directory." Furthermore, after developing the software he uploaded it using his corporate credentials – hardly clean OPSEC, to [5]quote the US Defense Secretary.
Eaton terminated Lu’s position on September 9, 2019, and cut off his network access, which caused the Java program to fire up, overloading the network, preventing login access for thousands of Eaton's global staff, and deleting some corporate data.
[6]
But when it came time for Lu to turn in his corporate laptop, it turned out he'd been using it to execute his plan. His search history showed he'd been looking up how to delete data, escalate privileges, and conceal process trails. He also deleted a large chunk of encrypted data.
[7]Ex-school IT admin binned student, staff accounts and trashed phone system
[8]Holy smokes! Ex-IT admin gets two years prison for trashing Army chaplains' servers
[9]US military battling cyber threats from within and without
[10]The choice: Pay BT megabucks, or do something a bit illegal. OK, that's no choice
Less than a month after his malware ran, federal agents arrested Lu. He admitted to his crime but still opted for a jury trial. That didn't work out so well for him, and a federal jury in Cleveland found him [11]guilty of intentionally damaging a protected computer. On Thursday he received a four-year sentence and an additional three years of supervised release.
"I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities," said assistant director Brett Leatherman of the FBI’s Cyber Division. "This case also underscores the importance of identifying insider threats early."
As The Register has pointed out time and time again, insiders can cause the most damage with ease. All the fancy firewalls, AI tools, and malware monitoring services won't protect you if the person running them goes rogue.
Eaton had no comment on the sentence. ®
Get our [12]Tech Resources
[1] https://www.theregister.com/2025/03/08/developer_server_kill_switch/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/03/26/signal_calls_congress/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aKfrW4c6XxRy2hSBY0sTsAAAAM4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2023/12/01/it_admin_guilty/
[8] https://www.theregister.com/2019/09/30/army_chaplain_admin_jailed/
[9] https://www.theregister.com/2023/08/01/us_military_cybersecurity/
[10] https://www.theregister.com/2023/07/28/on_call/
[11] https://www.justice.gov/opa/pr/texas-man-convicted-sabotaging-his-employers-computer-systems-and-deleting-data
[12] https://whitepapers.theregister.com/
Re: Pro tip
David 132
He really wasn't the brightest spark at the company, was he?
On a lesser note, I am gravely disappointed that the author of this fine article omitted the obvious pun: "Developer makes an [1]Eaton Mess ".
Probably wouldn't resonate with your good self and the other non-Brit readers, though! (NB: despite the name and the appearance, the dish in question is delicious.)
[1] https://en.wikipedia.org/wiki/Eton_mess
Re: Pro tip
JoeCool
The lack of basic goal oriented effort on display is galling. Since when did millenials become 55 ?
he "opted for a jury trial"
JoeCool
Let me guess ... self represented.
Anonymous Coward
I'm hardly surprised he was demoted if that was the best he could come up with!
Anonymous Coward
My thought exactly,
But if I was on the jury, I would still have found him innocent - pour encourager les autres,
Pro tip
When taking revenge, don't.
FTFY