A disgruntled worker built his own kill-switch malware to take down his former employer – and it didn’t pay off

• A software developer sabotaged his employer after being demoted
• Davis Lu created a “kill switch” that would lock out all users
• He was sentenced to four years in jail and additional three years of supervised leave

A disgruntled worker has been sentenced to four years in prison after installing “kill switch” malware on his employer’s network which was set to trigger if he ever lost network access.

According to a Department of Justice (DoJ) press release, a Chinese national named Davis Lu was working for an unnamed software company between November 2007 and October 2019. In 2018, he was demoted and lost system access, after which he “began sabotaging his employer’s systems”. By early August 2019, he introduced malware that crashed systems and prevented other users from logging in.

Court documents also revealed he created “infinite loops” that crashed servers, deleted coworker profile files, and ultimately built a “kill switch” that would lock out all users if his access to Active Directory was revoked. In early September 2019 he was asked to surrender his laptop, after which the kill switch was triggered.

Hundreds of thousands of dollars in damages

Investigators found plenty of incriminating evidence on that laptop, including that on the day he turned his device in – he deleted encrypted data.

An analysis of his search history showed he was looking for ways to escalate privileges, hide processes, and quickly delete files. Finally, the kill switch code was named IsDLEnabledinAD, short for “Is Davis Lu enabled in Active Directory”.

A month after the malware ran, Lu was arrested, and later stood trial in front of the jury.

During the trial, it was shown that Lu’s employer suffered “hundreds of thousands of dollars” in losses, as a direct consequence of his actions. Now, Lu will spend four years in prison, with an additional three years of supervised release.

“The FBI works relentlessly every day to ensure that cyber actors who deploy malicious code and harm American businesses face the consequences of their actions,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division.

“I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.”

Via The Register

You might also like

• British Museum forced to partly close following cyberattack by ex-worker
• Take a look at our guide to the best authenticator app
• We’ve rounded up the best password managers