A Houston-based software developer, Davis Lu, was convicted last week for launching a series of attacks on his employer’s systems, costing the company hundreds of thousands of dollars. Lu, 55, had worked for the company for over a decade but began sabotaging its computer network in 2018 after his system access was restricted due to a corporate restructuring.
Court documents revealed that by August 2019, Lu deployed malware that overwhelmed the company’s systems by creating unclosed threads, causing crashes through infinite loops. Additionally, he introduced malicious code that deleted crucial employee profile files. The most damaging act was the implementation of a “kill switch” that shut down all user logins when Lu’s credentials were disabled after his termination.
The code, named ‘IsDLEnabledinAD’—short for ‘Is Davis Lu enabled in Active Directory’—was triggered on September 9, 2019, the day of his dismissal, affecting users globally.
Further investigation revealed that Lu deleted encrypted data from his company-issued laptop upon request, and conducted research online on how to escalate privileges, hide processes, and delete files rapidly. These actions pointed to his efforts to complicate system recovery and conceal his disruptions.
Lu now faces up to 10 years in prison for intentional computer damage following his conviction. A sentencing date is yet to be set.
This case serves as a stark reminder of the potential threats posed by insider attacks and the critical need for organizations to implement stronger security measures and monitoring to safeguard against such risks.
Source: Ionut Arghire, SecurityWeek
