Davis Lu, a 55 year old software developer from Texas has been convicted of planting Logic Bomb to intentionally damage the computer systems at his ex-employer, a MNC Eaton. Davis worked at Eaton from 207 to 2019, could face up to 10 years in prison.

Background

  • Lu worked as a software developer at Eaton, which offers energy-efficient systems for aerospace, automotive, and other sectors.
  • Knowing that his company was restructuring and his responsibilities were being reduced, Davis became fearful that Eaton would soon fire him.
  • Upon frustration, Davis plans to sabotage the company’s IT Infrastructure.

Note: Logic bomb is a malicious code that stays inactive until triggered by a specific event, like a date or action, then executes harmful actions as deleting files, corrupting data, or causing system crashes.

What Happened

On August 4,2019, David planted malicious Java code that caused “infinite loops”, which would crash or free Eaton’s server. He deleted colleagues’ profile files and planted a “kill switch” that would lock all users out of the network if his own credentials were disabled in the company’s Active Directory.

The code was designed to activate if Eaton terminated his employment, locking out all users on the network.

Davis named “kill switch” code “IsDLEnabledinAD,” an abbreviation for “Is Davis Lu enabled in Active Directory.” He triggered the code on n September 9, 2019, the day Lu’s employment was terminated, affecting thousands of Eaton’s staff worldwide.

Investigation Findings

When Davis was directed to return his company laptop, he had erased encrypted data. Upon analysing investigators discovered that Lu had searched online for ways to hide processes, rapidly delete files, and escalate his privileges—actions believed to be intended to prevent co-workers from fixing the sabotage.

Moreover, themalicious Java code(Loic bomb)) was found on an internal Kentucky-based development server and Investigators uncovered additional malicious code written by Lu, including one named “Hakai” (Japanese for “destruction”) and another called “HunShui” (Chinese for “sleep” or “lethargy”).

The Bottom Line

This case is still ongoing, with the defendant pleading not guilty to the charges. It highlights the significant security risk posed by disgruntled former employees, as employee-driven sabotage of computer systems remains a major concern for businesses worldwide.

Follow us on X and Linkedin for the latest cybersecurity news.

Source: hxxps[://]www[.]justice[.]gov/opa/pr/texas-man-convicted-sabotaging-his-employers-computer-systems-and-deleting-data