Former Eaton developer Davis Lu has been sentenced to four years in prison after admitting he deployed malicious code, including a ‘kill switch,’ that knocked out his employer’s systems in 2019 – a case that matters because it shows insider sabotage can cause huge losses and federal prosecution.
Lu pleaded guilty to designing and deploying a range of damaging code while he was still employed. The disruption began after a 2018 corporate realignment at Eaton Corporation led to his demotion.
The Department of Justice described how Lu’s work included scripts that crashed systems, blocked logins, deleted files, and ultimately a kill switch that locked out all users if his credentials were disabled – the kill switch label was reportedly IsDLEnabledinAD, short for “Is Davis Lu enabled in Active Directory.” The DoJ published details of the case on its site.
The kill switch triggered when Lu was put on leave and asked to return his company laptop on September 9, 2019. The resulting outages and data loss cost the company hundreds of thousands of dollars, and investigators say Lu even tried to mask the sabotage so it would look like it came from co-workers. The New York Times covered that reclamation attempt.
Lu deleted encrypted data from his laptop before turning it in, but the FBI tied the attacks back to him. Now the sentence is four years’ custody followed by three years supervised release.
