A Texas software developer has been convicted for deploying malicious code on his former employer’s network, causing system failures and widespread disruptions.
A federal jury in Cleveland found Davis Lu, 55, of Houston, guilty of intentionally damaging protected computers. Lu, a former software developer for a Beachwood, Ohio-based company, introduced malicious code into the company’s systems after his job responsibilities were reduced following a corporate realignment.
By August 4, 2019, he had inserted code that crashed servers and blocked user access. He created "infinite loops" that overloaded Java threads, deleted coworker profiles, and installed a "kill switch" that disabled user access if his credentials were revoked. This switch activated upon his termination on September 9, 2019, affecting thousands of employees worldwide.
Additionally, Lu erased encrypted data on his company laptop before returning it, and his search history revealed he had researched ways to escalate privileges, hide processes, and delete files. His actions resulted in hundreds of thousands of dollars in losses for the company.
Federal officials stressed the severity of the attack. Supervisory Official Matthew R. Galeotti of the Justice Department’s Criminal Division, Acting U.S. Attorney Carol M. Skutnik for the Northern District of Ohio, and Special Agent in Charge Gregory D. Nelsen of the FBI Cleveland Field Office announced the conviction.
Lu’s actions caused operational and financial harm to his former employer. Thousands of employees worldwide were unable to access critical systems, leading to widespread disruptions. The company had to invest in forensic investigations, security upgrades, and system recovery efforts.
This case shows the risks of insider threats in cybersecurity. Employees with technical knowledge and system access can cause severe damage if motivated by personal grievances.
Lu faces a maximum sentence of 10 years in prison. His conviction displays the importance of strong cybersecurity policies and proactive monitoring to prevent insider threats from disrupting critical systems.
Investigators traced the malicious code to Lu’s credentials and discovered incriminating search history on his devices.
Stronger access controls, real-time monitoring, and early detection of unusual system activity could have mitigated the damage.
An infinite loop is a programming flaw that causes a system to repeat a process indefinitely, consuming resources and potentially crashing the system.
A kill switch is a mechanism designed to disable systems or lock out users when certain conditions, like account termination, are met.