A Chinese software developer has been sentenced after being convicted of causing intentional damage to protected computers by deploying malicious code, including a “kill-switch,” in the network of his US employer.
Chinese national Davis Lu, aged 55, will serve four years in prison and three years of supervised release after being convicted in March, the USDepartment of Justice (DoJ) revealed in a press release dated August 21.
The insider activity was motivated by disgruntlement with the employer, with no suggestion of nation-state involvement.
Read now: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
The crimes took place while Lu was employed as a software developer for the unnamed victim company headquartered in Beachwood, Ohio, between November 2007 and October 2019.
Lu, who legally resides in Houston, Texas, sabotaged his employer’s systems from 2018, according to court documents. This occurred after a corporate realignment that reduced his responsibilities and system access.
By August 2019, Lu had introduced malicious code that caused system crashes and prevented user logins.
This code created “infinite loops,” designed to exhaust Java threads by repeatedly creating new threads without proper termination, resulting in server crashes.
Additionally, the malicious code deleted coworker profile files and implemented a kill switch that would lock out all users if Lu’s credentials in the company’s active directory were disabled.
This kill switch was automatically activated when Lu was placed on leave by his employer and asked to surrender his laptop on September 9, 2019. Thousands of company users were impacted globally and hundreds of thousands of dollars in losses for the employer were accrued.
Investigators found that on the day he was directed to turn his laptop in, Lu deleted encrypted data.
His internet search history revealed he had researched methods to escalate privileges, hide processes and rapidly delete files, indicating an intent to obstruct the efforts of his co-workers to resolve the system disruptions.
Acting Assistant Attorney General Matthew R. Galeotti, of the Justice Department’s Criminal Division, commented: “The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a US company.”
He continued: “However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions. The Criminal Division is committed to identifying and prosecuting those who attack US companies, whether from within or without, to hold them responsible for their actions.”