Nobody messes with Popeye.
Posted on 03/11/2025 11:59:28 AM PDT by ShadowAce
We all, at some point, have fantasized about giving our employers a big middle finger on the way out the door, whether we leave on our own volition or are pushed out. Well, a 55-year-old Texas man allegedly built an automated bird flipper in the form of a kill switch that crashed his company’s systems and locked people out of their accounts when he was fired. Satisfying as that may have been, he now faces up to 10 years in prison, according to the Department of Justice, for setting the trip wire on his way out the door.
Here’s the situation: Houston, Texas resident Davis Lu started working for a company headquartered in Beachwood, Ohio back in November 2007. (The DOJ didn’t identify the firm, but a local report from Cleveland.com indicated that it is power management company Eaton Corporation.) After about 10 years on the job, Eaton underwent a 2018 “corporate realignment,” and Lu had his role downsized, seeing his responsibilities and system access reduced, per the DOJ’s account of the situation.
So, Lu used his newfound free time to build systems of sabotage that would get set off if he were ever let go—which, based on what he had just experienced, probably felt likely to him. That included planting malware that created “infinite loops” that deleted the profile files of his coworkers, blocked login attempts, and crashed the company’s systems. He also built a kill switch that, if activated, “would lock out all users,” according to the Department of Justice.
The kill switch, which Lu named “IsDLEnabledinAD,” was designed to check to make sure Lu’s account was enabled in the company’s Active Directory of employees. Assuming it was, everything was fine. But the day that Lu’s name was removed from active status, the kill switch kicked in—which happened on September 9, 2019.
According to the DOJ’s telling, Lu’s code “impacted thousands of company users globally.” In court, Eaton claimed that Lu had managed to cause the company “hundreds of thousands of dollars in losses,” which frankly would probably be pretty satisfying, though Lu’s defense attorneys claimed that Eaton only suffered about $5,000 in damages, per Cleveland.com.
Unfortunately for Lu, it didn’t take too long for Eaton to trace the attack back to him, as they found the malicious code was being executed from a software developer server that Lu had access to and was being executed on a computer using Lu’s user ID. Lu had also deleted encrypted files from his company-issued laptop on the day he turned it back in, and his internet history apparently contained searches for ways to “escalate privileges, hide processes, and rapidly delete files.”
“Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide,” FBI Special Agent in Charge Greg Nelsen said in a statement—which is really like, three-fourths of the way to being a pretty good endorsement of his abilities if Nelsen had left it on his LinkedIn profile instead of issuing it as a statement following his conviction.
Lu faces up to 10 years behind bars for “causing intentional damage to protected computers,” though he plans to appeal the court’s ruling.
I never understood why people expect that a particular place of employment is a lifetime commitment. Presumably he got paid for his time there - no need for malice and sabotage.
I bet they change their dismissal procedures after this
How about be thankful for the opportunity that was given you rather than bitter about it ending?
There’s a reason why most IT people are escorted out the building when they put their two week notice in.
Such a thing doesn’t require much ‘talent’ but a lot of entitlement.
Not saying you SHOULD do something like this of course, but if you were, the worst thing you could do is set it too trigger as soon as you are fired. You’ll automatically be suspect #1. The correct way to go about would be to set some sort of virus that would kick in say six months down the road, by that time you’ll be totally forgotten by the company.
I left the USS Dwight D Eisenhower when it was in the shipyard (about 1987). There was a welded down file cabinet in my division office with enough space for me to place a raw egg under the bottom drawer. I’m sure that it remained there intact until the ship finally moved. Not sure how they got rid of the smell.
The loss of work time for all employees affected, translated to idle manpower costs, would have to be exponentially greater than the $5,000 in damages.
What can you do?
When you know they’ll fire you
Well if I you can log in
You can still F them
And send their data to the Lu.
Lots of Vietnamese settled in Texas in the 70’s , he could be second or third generation Texan.
I designed an OLTP system in 1992 that was FAR above what my coworkers understood. I spent the next 5 years working on it, and teaching others how it worked, but when I left in ‘97 they started bubble gum and toe-nailing things together. I got a refresher on how things were running a few years ago, and it was BADLY bastardized in ways that made things barely work, and that were against my original design. So, I guess I unintentionally did the same thing as this guy, just with knowledge instead of a logic bomb.
Yeah, people don’t have personal integrity. I work in IT and I would never do anything like that. I was trained to protect the data not destroy it.
The Army trained me well. :-)
That way the user is locked out of the system, but nothing in the system is any different than if the user had rotated (changed) their password, keys, etc. themselves, which is standard authentication rotation best practice anyway.
I've never understood why some organizations delete old accounts, rather than take a few extra steps to do it right. It's just asking for trouble.
When I retired, it activated a kill switch. Our report server ran its jobs under my userid which was de-activated. I could not change it to another person without their password. It was on someone’s list to do.
Your implying having microSoft WinDoze as your operating system IS the kill switch?
I tried to use 3 months of PTO before my retire date but they called me back in so they had to pay me for the time. They added it to my 403b so I wouldn’t get a huge tax bill.
When I left one job, the CIO accused me of “sabotaging the Payroll system”. I was having lunch with a former systems puke who had forearms the size of my thighs. The CIO had actually made him cry once. We looked up and the CIO was in the restaurant. We stopped by to remind him to keep our names out of his mouth.
The systems puke was the only person I ever met who had an automatic weapon. He had worked for the feds and was able to get a permit for a Thompson.
Nobody messes with Popeye.
‘Education without values, as useful as it is,
seems rather to make man a more clever devil.’ — C.S. Lewis
.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.