Developer sabotaged exemployer IT systems with kill switch The Register

pA federal jury in Cleveland has found a senior software developer guilty of sabotaging his employers systems and hes now facing a potential ten years behind barsppDavis Lu 55 of Houston Texas was a seasoned coder employed by powermanagement biz Eaton Corporation between November 2007 to October 2019 In his last year with the outfit there was a corporate restructuring and he was demoted both in terms of job responsibilities and server accessppOn August 9 2019 Lu began introducing homedesigned malware onto at least one of his employers production systems He wrote a Java program that would in an infinite loop create more and more nonterminating threads that would consume more and more resources until the computer running the code crashed and prevented people from logging in and using the machineppAccording to the prosecutions filings PDF to an Ohio federal court investigators subsequently found the source code for this program on an internal development server in Kentucky and that Lus user account had been used to execute the malware on the production box Lu was also the only member of his team who had access privileges for that dev machineppIt was further claimed Lu wrote code on that development box that would trash other users filesppThen its said Lu created what the Feds described as a kill switch more like a dead mans switch perhaps that would lock every employee out of their accounts if his credentials were ever revoked and named the code IsDLEnabledinAD as in Is Davis Lu enabled in Active DirectoryppWhen his position was eventually terminated on September 9 2019 the kill switch was activated and thousands of employees around the world were locked out of the network causing hundreds of thousands of dollars of damage it is saidppLu was creative in naming his malicious code He dubbed one rogue application Hakai the Japanese word for destruction Another he dubbed HunShui from the Chinese word for sleepppA subsequent investigation found that on the day he had to hand back his corporate laptop he had deleted a chunk of encrypted data and had attempted to wipe its Linux OS directories and two code projects A review of his search history also showed requests for advice on escalating privileges deleting data and folders and hiding processesppOn October 7 2019 Lu admitted to federal investigators he was behind the computer problems at his previous employer but still decided to fight his case by pleading not guilty to a charge of intentionally damaging a protected computer Unfortunately for him the jury wasnt impressed finding him guilty today and he faces sentencing at a later dateppWeve asked Eaton Corp for any comment on Lus conviction ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p