Redazione RHC : 23 August 2025 17:01
A former employee has been convicted of intentionally committing digital sabotage against his employer. Davis Lu, 55, a Chinese citizen living in Houston, was sentenced to four years in prison and three years of supervised release after being convicted of intentionally damaging protected computers, causing months of downtime and hundreds of thousands of dollars in losses, the Justice Department said.
According to the case file, Lu worked as a programmer at an Ohio company from 2007 to 2019. After an internal reorganization, his responsibilities and access to systems were reduced, which represented a turning point.
In August 2019, he introduced malicious fragments into the source code that caused server crashes and blocked user logins. To do this, he used infinite loops, constantly creating new Java threads without terminating, which led to service crashes.
He also deleted colleagues’ profiles and installed a so-called “kill switch” that automatically activated if his account was blocked in Active Directory. He called the mechanism “IsDLEnabledinAD,” short for “Is Davis Lu enabled in Active Directory.” After being placed on administrative leave on September 9, 2019, and having to hand over his laptop, the code went offline, crippling access for thousands of employees worldwide.
Some of the added components had symbolic names: “Hakai,” the Japanese word for “destruction,” and “HunShui,” the Chinese word for “sleep” or “lethargy.” On the day he handed over the equipment, Lu also deleted encrypted volumes, attempted to delete Linux directories, and two other projects. His internet searches confirmed that he was exploring ways to escalate privileges, hide processes, and delete files, all in an attempt to make it more difficult to recover the infrastructure. The investigation concluded that these measures were intended to make remediation of the attack as difficult as possible.
Lu’s actions not only destabilized key services but also caused significant financial damage to the company. The FBI noted that the incident highlights the need to identify insider threats to organizations before they become catastrophic. The Department of Justice called Lu’s actions a breach of trust and an example of how technical expertise, when misused, can become a tool of destruction.
Redazione