A software engineer was convicted of intentionally sabotaging his employer's systems, causing international disruptions.
A 55-year-old software engineer is facing a potential 10-year prison sentence after being convicted of deliberately damaging computer systems at his former company.
The man, identified as Davis Lu, had worked for Eaton Corp in Texas before he was terminated in 2019. But instead of just packing up his desk and moving on, he had something else in mind - a "kill switch" programmed to trigger if he was ever fired.
Once activated, the malicious code wiped out employee files, disrupted operations, and locked users out of their accounts, causing chaos within the company.
The coder is now facing up to 10 years in prison Emilija Manevska/Getty Images
Lu's revenge plot went into action immediately after he was let go on September 9, 2019. The moment his credentials were disabled, his kill switch executed automatically.
His actions resulted in massive disruptions, affecting thousands of employees worldwide. The damage was extensive, with the company estimating hundreds of thousands of dollars in financial losses.
The court also heard that Lu's sabotage included coding infinite loops, which effectively deleted staff files, crashed systems, and prevented other employees from logging into the network.
Investigators later discovered that Lu had given his revenge plot a very telling name. The kill switch he programmed was labeled "IsDLEnabledinAD", which translates to "Is Davis Lu enabled in Active Directory".
The moment his user access was revoked, the system automatically executed his malicious code, launching a series of shutdowns.
When engineers scrambled to fix the problem, they quickly noticed the suspicious pattern. After a thorough investigation, all the evidence pointed back to Lu's coding.
The forensic team then traced the code’s execution to a computer registered under Lu’s ID. This discovery led them to check his company-issued laptop, where they found that, before turning it in, Lu had deliberately wiped encrypted volumes, deleted Linux directories, and erased entire projects.
Digging deeper, his internet search history revealed even more troubling signs. Investigators found queries related to escalating privileges, hiding processes, and permanently deleting large files and folders—strong evidence that his sabotage was intentional and premeditated.
A sentencing date has not yet been set ANDREY DENISYUK/Getty Images
Less than a month after being fired, on October 7, 2019, Lu admitted to investigators that he had indeed created and deployed the kill switch.
After his conviction, his attorney, Ian Friedman, issued a statement, saying: "Although disappointed, we respect the jury's verdict. Davis and his supporters believe in his innocence and this matter will be reviewed at the appellate level."
Friedman also confirmed that Lu plans to appeal the decision.
Meanwhile, FBI Special Agent Greg Nelsen weighed in on the case, stating: "Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide."
As of now, Lu's sentencing has not yet been scheduled, but he faces a maximum prison term of 10 years for his revenge-fueled cyber attack.