/wion/media/agency_attachments/2024/12/26/2024-12-26t112006978z-wion-white-logo-for-website-2-1.png){kind=logo}
/wion/media/agency_attachments/2024/12/13/2024-12-13t071548098z-wionlogo.webp)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/07/24/369130-untitled-design-60.png)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2023/07/24/369130-untitled-design-60.png)
/wion/media/media_files/2025/03/08/Cb1lQiJrxeiDueq9PKKu.png)
A man in Cleveland used his coding skills to inflict harm on his employer's production systems as revenge for being fired. He installed malicious software on production systems, wrote a Java program that ultimately led to a system crash, and finally created and activated a "kill switch" that locked everyone out of their accounts across countries.
The man was a former Eaton Corp. employee in Cleveland, Ohio, where a jury found him guilty of sabotaging the company's systems. Davis Lu, 55, of Houston, Texas was employed by Eaton from 2007 to 2019 and is facing 10 years in prison.
Malware in systems
He started deploying harmful codes into the computers after his job responsibilities were reduced as part of company-wide restructuring, according to the prosecutors. His access to the company systems was also limited.
Also Read: Woman strips naked on plane, parades down the aisle demanding to get off
Lu became disgruntled and on August 9, 2019, started deploying homemade malware on one system. The Java program ran in an infinite loop and the code ultimately caused it to crash and no one could login to the machine. An investigation tracked the source to an internal development server in Kentucky and Lu's user account was found to have been used to execute the malware on the production box.
Rogue applications with creative names
Lu also installed more rogue applications on several systems and gave them creative names. One of them was named Hakai, meaning destruction in Japanese, while another was HunShui, the Chinese word for sleep. He also deleted co-worker profiles.
Also Read: Mystery ship without any humans aboard seen near Washington state. It is a...
He was later fired and this is when he brought into use what the Feds called the "kill switch". The code was named IsDLEnabledinAD, short for "Is Davis Lu enabled in Active Directory", as per the prosecutors. It was meant to lock everyone out of the software system and their accounts if ever his credentials were revoked. He activated the switch on September 9, 2019, when he was terminated, locking thousands of employees around the world out of the network. Prosecutors said that the company faced massive losses because of this.
When he returned his laptop, he deleted encrypted data and tried to delete more codes and hide processes. In October of the same year, Lu admitted to investigators that he was responsible for the issues. He pleaded guilty and went on to fight the court case.