Dev Gets 4 Years For Creating Kill Switch On Ex-Employer's Systems (bleepingcomputer.com)
- Reference: 0178815282
- News link: https://yro.slashdot.org/story/25/08/22/0039200/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems
- Source link: https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/
> After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems.
>
> "The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was [2]found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.
[1] https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/
[2] https://developers.slashdot.org/story/25/03/10/1921202/developer-convicted-for-kill-switch-code-activated-upon-his-termination
Careless (Score:4)
Dude should have made it so if his manager's account was disabled. It would have been obvious if it was checking for his account. Consider it a parting gift. /s
In all seriousness, kill-switches should only be created for military systems to self-destruct the device so that hardware that falls into the hands of the enemy self-destructs rather than remains operable. It makes it impractical of course in case someone loses the device.
Any other situation, kill switches aren't even necessary, if you're someone vital to the operational stability of the company, then the minute you're gone, your presence missing will be noticed as maintenance stops functioning.
Re:Careless (Score:4, Informative)
kill-switches should only be created for military systems to self-destruct the device
They are actually commonly used in the software industry for the purpose of disabling systems ifn case the customer forgot to make a payment to renew their license. For example: Backup software license expired, so the next day all the scheduled backup jobs are failing. Also, the buttons to start a manual backup or initiate a restore are greyed out requiring you to contact the vendor and pay for more time on that program's copyright license.
Re: (Score:2)
> if his manager's account was disabled
Oh the chaos that would ensue. :)
Narcissists often get caught because they lack subtlety.
Re: Careless (Score:1)
Maybe that is why your favorite abuser of underage girls and enabler of romance scammers is in jail for his financial crimes.
Re: (Score:2)
> Any other situation, kill switches aren't even necessary, if you're someone vital to the operational stability of the company, then the minute you're gone, your presence missing will be noticed as maintenance stops functioning.
The world is full of people who see themselves as vital, who actually aren't. This is how they cope with that reality.
Re: (Score:2)
People that consider themselves vital, but then have to take steps to create artificial vitality - their own actions are proving them wrong.
If you were truly vital, your simple absence would be a disaster all by itself. If you have to engineer that condition, you're NOT vital. This is just an arrogant, self-important narcissist behaving badly and getting what they've got coming, at the cost of others.
I don't think there are enough stories like this in the news. It's pretty easy to find accounts BY such i
Re: (Score:2)
> It's good to see one of them get hat they deserve.
It is, though [1]Terry Childs [wikipedia.org] is the poster child for that flavor of karma.
[1] https://en.wikipedia.org/wiki/Terry_Childs_(network_administrator)
Re: (Score:3)
> The world is full of people who see themselves as vital, who actually aren't. This is how they cope with that reality.
In a large company, if there is someone who is truly vital, then management at that company has failed. It's the bus test: "what would happen if xzy fell under a bus tomorrow?".
While no-one is truly irreplaceable, the issue is cost and time. In a small company, the cost and time to replace some employees may be fatal to the company.
Re: (Score:1)
> if you're someone vital to the operational stability of the company, then the minute you're gone, your presence missing will be noticed as maintenance stops functioning
The last two times I job-hopped, the systems I left behind held out for over a year because I design them for stability and to not require babysitting. Unfortunately for those left behind, that was read as "these things just work and we don't have to worry about them." If things fall apart "the minute you're gone," what you make is crap.
It's basically impossible not to get caught (Score:2)
Everything these days is so heavily tracked by so many different systems that once you do something like this you're going to get caught. If it wasn't this it would have been something else.
I do think it's pretty fucked up that he's getting more time than people get for rape and manslaughter. Really shows where the priorities are. Never mind the fact that besides punishing for the sake of torture there's no reason to lock the guy up. It's relatively easy to keep him out of a role where he could do this
Fool (Score:5, Funny)
"how to elevate privileges, hide processes, and quickly delete files"
He had to look that up? What an incompetent fool. He deserves his sentence.
Makes the rest of us look bad.
Re: (Score:2)
I'm not sure hiding processes would be considered basic knowledge.
Re: (Score:2)
> I'm not sure hiding processes would be considered basic knowledge.
At a defense contractor writing software? It should be a prereq for getting the job.
Re:Fool (Score:4, Funny)
Does sound like amateur hour. After I left the company contracted me to fix a few things because they didn't hire a replacement in time and the guy they got couldn't wrap his head around the systems I had built. Didn't even have to try to sabotage anything, and it was all well documented. All you really need to do is rely on the company to screw it up themselves.
Re:Fool (Score:5, Insightful)
It is not surprising he had to look this up. A competent IT security person would not have done it, because it is exceptionally likely that you will get caught. It is always the amateurs with delusions that do this crap.
Re: (Score:3)
Imagine for a moment if the company wasn't competent enough to trace it back to him.
They would then have no idea that the damage happened as a result of his firing.
Can you really enjoy your revenge, if the victim doesn't even know that it was revenge ?
I think it is a bit of a conundrum. It might be why he didn't even try to hide it.
Re: (Score:2)
Good point. Angry, aggressive, out for revenge and not thinking about the consequences for himself at all. Essentially an intellectual child.
The demotion is probably a clue... (Score:2)
...that the company already realised that the guy was a bit of a jackjass. A demotion is a clear message that "we think you're a waste of desk space but you're not so useless that we can fire you but perhaps you should think about looking elsewhere"
Re: (Score:2)
Generally but not always. I used to work with a guy who got promoted to director. He wasn't terribly good at it. It was a shift lower management that he was very good at. However it also represented the change from tactical problem solving to strategic thinking and to pitching ideas and convincing people you mostly report to ie VPs, and C-Suite, vs organizing people who mostly report to you.
It was perfectly clear to everyone, including him after 8 months or so he was just not working out in the new role
Re: (Score:2)
I've always avoided moving into management despite having had the oipportunity a few times. I'm not a people person, I'm not interested in managing them or dealing with their issues, I'm far better doing stuff on a computer. Probably cost me a fair amount of money in the long run but I've no regrets.
Sigh (Score:4, Insightful)
Tell me why a dev has access to AD enough to lock out other people, including admins.
This is just dumb-ass network management.
Re: (Score:2)
I would guess it is pretty common in large enterprises. Most of them will have some custom identity and access management solutions, even if it just glue to make some actions in PeopleSoft/SAP/Pick-your-HR-IS-SaaS-thing trigger events in AD:DS/Entra/Okta/AWS-IAM/etc.
Maybe they don't have an account themselves with access but if they commit some code that gets promoted to production and runs with account privileges that do...well bob's your uncle.
Re: (Score:2)
> Maybe they don't have an account themselves with access but if they commit some code that gets promoted to production and runs with account privileges that do...well bob's your uncle.
Right on. The fact that he had a process, one he named after himself, checking if his own account had been disabled, and that the disabling of his account was the trigger to do stuff, means said bit was using other credentials (not his own).
Re: (Score:2)
Because the PHB thinks it's a good idea.
Security is important until the president is shown a presentation of this cool new gizmo/fad.
Re: (Score:2)
> Tell me why a dev has access to AD enough to lock out other people, including admins.
Perhaps it is because Windows has frequent security issues?
IsDLEnabledInAD (Score:2)
Shows he either really likes his initials, or did not care if he got caught, or both.
In the good old days, he could have used self-modifying code to try to cover his tracks a little bit.
Re: (Score:2)
> Shows he either really likes his initials, or did not care if he got caught, or both.
You could call it WatermelonRutabaga and the test would still have to point to the account in order to function, so it would still be self-documenting.
Re: (Score:2)
So point it at some other accounts too, with a timer so you have time to change them if those people get fired before you do. You could make it look like a maintenance thing that was just poorly coded.
Well... (Score:2)
That guy just made sure he will never be hired again for the same or similar functions again.
Re: (Score:2)
It’s a youthful mistake. Won’t the 4 years spent in prison be enough for him to deserve a second chance?
Re: (Score:2)
No. People that full of themselves (and malice) do not learn. I wouldn't hire someone with that poor of judgement, and that delusional a view of their own abilities, to flip burgers.
kill switch (Score:2)
So no one does code reviews anymore? No one noticed new code going into a codebase?
Re: (Score:2)
Yeah, lots of red flags all over the place. If one person can create a disaster like this, what else is this company doing horribly wrong? I wouldn't trust them with my information, that's for sure.
Re: (Score:2)
Why would you follow code review policy when you're writing and installing malware? Are you expecting a Change Management meeting? Guy wrote a program and installed it, not like it was part of production code base.
Now, why he had access to AD, that's a different and very interesting question that does raise the same sort of question you're alluding to.
Re: kill switch (Score:1)
Would he commit to a repo? Why? Such a system would be deployed without due process
for running the Killswitch (Score:2)
He did not actually get four years for creating the software. He got four years for running it.
Kill switches don't kill computers, it is the people that run the commands who...
Thoughts and prayers for the data..
Still waiting for the other side of this equation (Score:2)
People go to jail for harming a company. Still waiting for a company to go to jail for harming a person. Oh wait, that never happens.
Wait... (Score:2)
According to TFA he was a Chinese national, living legally in the US.
Does that mean ICE is in his future?
Re: (Score:1)
Earlier he was saying how he hates safety regulations and healthcare.
Such strong opinions from a retired keyboard jockey.
Re: (Score:2)
-1 Offtopic
Re: (Score:2)
What exactly? Is the issue that he committed a crime, search for how to do it outside of porn mode, wrote it in java, didn't add time bombs, put his name on it, didn't obfuscate, or something else I missed?
Re: (Score:2)
"punishing shitheads is frowned upon by the Slashdot population" Selective memory. It's easy, only remember what supports your view. Even little kids do it.
Re: (Score:2, Offtopic)
> No, that's the president.
Yeah, Clinton is quite the monster.
Re: (Score:1)
> Yeah, Clinton is quite the monster.
You think that's some kind of burn, but fuck Clinton.
You also think that's insightful, but Cheeto Benito was Epstein's best buddy and wingman. Clinton was an Epstein customer, Trump was an Epstein partner .
Re: (Score:3)
> ...fuck Clinton.
I'd rather not, thanks. Plus I'm way too old for him.
Re:Four years? (Score:4, Informative)
> I'd rather not, thanks. Plus I'm way too old for him.
I don't recall Clinton even being accused of fucking any kids. The tangerine terror, on the other hand...
Re: (Score:1)
Though he visited epstein island a number of times. And don't forget Biden.
Re: (Score:2)
Guess you won't mind posting links for these claims?
Re: (Score:2)
Don't you remember that the Clintons were part of a global elite paedophile ring, based out of a pizza restaurant basement?
The fact that some guy went there, armed, and found nothing, hasn't disproven it for some dedicated QAnon followers. I'm sure it's just coincidence that Clinton's rival's name is definitely in the Epstein Files.
Re: (Score:2)
You have zero evidence for any of that and the assertion is a retarded as you are.
Trump obviously does not believe there are any unexplainable connections between him and Epstein, or that he ever did anything with Epstein that would ultimately be judged unacceptable by the public.
He cautioned a lot of names would turn up, but also ran on releasing those files. Trump also being Trump expected to win! He knew he'd be in a position to release the files and given his other follow thru probably expected to do.
Re: (Score:2)
> He cautioned a lot of names would turn up, but also ran on releasing those files
And the MAGA fools believed him. The believed someone with a history of lying.
Did I miss Trump releasing his tax returns, as he promised in 2016?
Re: (Score:2)
You're the ones who believed Biden was mentally competent, so I'm detecting some glass houses here whilst you're throwing stones.
Re: (Score:2)
"Look, having nuclear — my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart — you know, if you're a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I'm one of the smartest people anywhere in the world — it's true! — but when you're a conservative Republican they try — oh, do they do a number
Re: (Score:2)
I think the most likely case is there is no conclusive evidence on anybody who hasn't already been prosecuted, but a lot of (powerful) people are named as associates, having visited, and that it is certain that much of the public will equate being named in the records at all as being a child rapist, so the names of everybody who e.g. flew on his plane are kept under wraps.
As for Trump I see long lists of incriminating and creepy things that he has done given as "proof." But what I don't see is actual und
Re: (Score:2)
You're working REALLY hard to justify covering up for pedophiles. If the system is propped up by protecting evil people then the system is doomed to fail - and should. If your standard for intelligence is "two brain cells", I understand the conclusions you draw. Normal people don't become close, intimate friends who show up at all of each other's parties without knowing what those friends do - and the comments Trump makes are so blatantly obviously his ego bursting to tell his secrets that a high schooler
Re: (Score:2)
> You have zero evidence for any of that and the assertion is a retarded as you are. ...
> The real issue with releasing the files is obvious to anyone with two functioning brain cells. After the election Trump found out someone close to him or some critical House, Senate, Court members are really implicated and it really could be anyone including family members. ...
> Trump is innocent and he knows he innocent and everyone else will too if the stuff actually comes out.
The thing I can't stand the most is hypocrisy.
Re: (Score:2)
Is this some kind of "gotcha liberals!" quip? I mean if Clinton was part of the pedo party then yes please lock him up too. But since the guy who was buddies with Epstein [1]https://x.com/dpakman/status/1... [x.com] refuses to release the files and ordered his name be scrubbed from the evidence [2]https://www.newsweek.com/donal... [newsweek.com] then things are looking a bit suspicious.
[1] https://x.com/dpakman/status/1279055596982087680
[2] https://www.newsweek.com/donald-trump-name-redacted-epstein-files-public-figures-2107647
Re: (Score:2)
Remind me again who runs the DOJ?
Re: (Score:2)
Yeah, that would have accomplished something. Or not. Well, it might have satisfied your sadism.
I am always surprised how many unrefined primitives are around even today.