Posted on 03/11/2025 11:59:28 AM PDT by ShadowAce
We all, at some point, have fantasized about giving our employers a big middle finger on the way out the door, whether we leave on our own volition or are pushed out. Well, a 55-year-old Texas man allegedly built an automated bird flipper in the form of a kill switch that crashed his company’s systems and locked people out of their accounts when he was fired. Satisfying as that may have been, he now faces up to 10 years in prison, according to the Department of Justice, for setting the trip wire on his way out the door.
Here’s the situation: Houston, Texas resident Davis Lu started working for a company headquartered in Beachwood, Ohio back in November 2007. (The DOJ didn’t identify the firm, but a local report from Cleveland.com indicated that it is power management company Eaton Corporation.) After about 10 years on the job, Eaton underwent a 2018 “corporate realignment,” and Lu had his role downsized, seeing his responsibilities and system access reduced, per the DOJ’s account of the situation.
So, Lu used his newfound free time to build systems of sabotage that would get set off if he were ever let go—which, based on what he had just experienced, probably felt likely to him. That included planting malware that created “infinite loops” that deleted the profile files of his coworkers, blocked login attempts, and crashed the company’s systems. He also built a kill switch that, if activated, “would lock out all users,” according to the Department of Justice.
The kill switch, which Lu named “IsDLEnabledinAD,” was designed to check to make sure Lu’s account was enabled in the company’s Active Directory of employees. Assuming it was, everything was fine. But the day that Lu’s name was removed from active status, the kill switch kicked in—which happened on September 9, 2019.
According to the DOJ’s telling, Lu’s code “impacted thousands of company users globally.” In court, Eaton claimed that Lu had managed to cause the company “hundreds of thousands of dollars in losses,” which frankly would probably be pretty satisfying, though Lu’s defense attorneys claimed that Eaton only suffered about $5,000 in damages, per Cleveland.com.
Unfortunately for Lu, it didn’t take too long for Eaton to trace the attack back to him, as they found the malicious code was being executed from a software developer server that Lu had access to and was being executed on a computer using Lu’s user ID. Lu had also deleted encrypted files from his company-issued laptop on the day he turned it back in, and his internet history apparently contained searches for ways to “escalate privileges, hide processes, and rapidly delete files.”
“Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide,” FBI Special Agent in Charge Greg Nelsen said in a statement—which is really like, three-fourths of the way to being a pretty good endorsement of his abilities if Nelsen had left it on his LinkedIn profile instead of issuing it as a statement following his conviction.
Lu faces up to 10 years behind bars for “causing intentional damage to protected computers,” though he plans to appeal the court’s ruling.
A “Texas man” named “Lu”.
Someone did that at Cisco. As far as I heard, the company never admitted what happened. Took down their conferencing system and messaging systems. Took them a month or so to get their customers fully back online.
Most guys I have met from Texas spell their name Lou differently. And that is usually the first name, not the last.
I worked in IT Support for my 38-year work career, having lived thru countless layoffs, I watched a good friend get escorted out of the office one day when armed security arrived, came to his desk, told him to stand up and empty his pockets of anything that belonged to the company, told him to identify any personal items on his desk, the company would box them up and mail them to his house.
Usually, when IT employees get fired or laid off, escorting them out is standard operating procedure.
It’s really a Resume Enhancer.
.
Eventually, someone should hire this guy for something good. He definitely has talent.
Early probation or parole where he has to work to protect America.
Thanks to ShadowAce and Red Badger for the pings!
Having talent isn’t a guarantee of being trustworthy.
Hence why the swamp is so desperate to get fired bureaucrats back in to their office. Even if it is just for a few weeks they can do tremendous damage.
hang`em high. screwing everybody is not the right way to accept the hand you are dealt.
Well, my daddy left home when I was three
Didn’t leave very much to my mom and me
Except this old guitar and an empty bottle of booze
Now I don’t blame him ‘cause he run and hid
But the meanest thing that my daddy ever did
Was before he left, he went and named me Lu
Well, he must’ve thought that it was quite a joke
And I got a lot of laughs from a lots of folk
Seems I had to fight my whole life through
Some gal would giggle and I’d turn red
And some guy’d laugh and I’d bust his head
I tell you, life ain’t easy for a boy named Lu
But I grew up quick and I grew up mean
My fist got hard and my wits got keener
Roam from town to town to hide my shame
But I made me a vow to the moon and stars
I’d search the honky tonks and bars
And kill that man that gave me that awful name
Well, it was Gatlinburg in mid-July
And I just hit town and my throat was dry
Thought I’d stop and have myself a brew
At an old saloon on a street of mud
There at a table, dealing stud
Sat the dirty, mangy dog that named me Lu
That wouldn't have helped in this situation. The perp wrote software that ran when his account was disabled after he was fired.
According the article, it said the kill checked to see that his account was still in Active Directory, when it got deleted, the kill switch kicked in and did it’s damage.
What I’ve seen companies do is not delete accounts when get fired or laid off, the disable them just in case they have to be access at some point in the future, email is a perfect example.
He planned this well before his termination and had a built in trigger if his user account was even deleted. It was a time bomb.
Read my other post, instead of deleting the account most of the time accounts are disable in case accounts have to be accessed in the future, emails for example.
They didn't delete the account, just disabled it, but that's what he checked.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.