A Chinese national was sentenced to four years in prison for sabotaging his former employer’s systems through malicious code.
The man, Davis Lu, 55, a legal resident of Houston, Texas, was a software engineer at the victim company, headquartered in Beachwood, Ohio, from November 2007 to October 2019.
According to court documents, Lu began sabotaging the employer’s network after his responsibilities and system access were restricted in 2018, following a corporate realignment.
By August 2019, documents presented in court show, he installed malicious code that exhausted system resources, causing crashes and preventing user logins.
The code was designed to repeatedly create Java threads without proper termination, creating infinite loops leading to server hangs or crashes.
Additionally, Lu deleted coworker profile files, and implemented a kill switch that logged all users out of their accounts as soon as his credentials were disabled in Active Directory, court documents show.
The kill switch, named ‘IsDLEnabledinAD’ (an abbreviation for ‘Is Davis Lu enabled in Active Directory’) was activated when Lu was placed on leave and asked to turn in his laptop. He also deleted encrypted data on the day he was directed to surrender his laptop.
According to documents presented in court, Lu searched the internet for methods to escalate privileges, delete files, and hide processes, which indicate he was researching means to prevent system restoration attempts.
His actions impacted thousands of users worldwide and caused hundreds of thousands of dollars in losses to his employer.
Lu was convicted in March. In addition to the four-year prison sentence, he received three years of supervised release.
Related: Scattered Spider Hacker Sentenced to Prison
Related: Hacktivist Sentenced to 20 Months of Prison in UK
Related: UK Student Sentenced to Prison for Selling Phishing Kits
