A Texas man has been found guilty by a federal jury in Cleveland for deploying malicious code on his former employer's network. Davis Lu, 55, from Houston, was convicted of causing intentional damage to protected computers and faces up to 10 years in prison.
Lu worked as a software developer for a company based in Beachwood, Ohio, from November 2007 until October 2019. After a corporate restructuring in 2018 reduced his responsibilities and access, Lu began sabotaging the company's systems. By August 4, 2019, he had introduced malicious code that led to system crashes and login issues. He created "infinite loops" designed to crash servers and implemented a "kill switch" that locked out users if his credentials were disabled. This "kill switch," named “IsDLEnabledinAD,” automatically activated upon his termination on September 9, 2019, affecting thousands globally.
Additionally, Lu deleted encrypted data when asked to return his company laptop and researched methods to hide processes and delete files quickly. His actions resulted in significant financial losses for the company.
The announcement of the conviction was made by Supervisory Official Matthew R. Galeotti of the Justice Department’s Criminal Division, Acting U.S. Attorney Carol M. Skutnik for the Northern District of Ohio, and Special Agent in Charge Gregory D. Nelsen of the FBI Cleveland Field Office.
The FBI Cleveland Field Office conducted the investigation into this case. The prosecution is being handled by Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section along with Assistant U.S. Attorneys Daniel J. Riedl and Brian S. Deckert for the Northern District of Ohio.
A sentencing date has not yet been set; a federal district court judge will determine any sentence after considering various guidelines and statutory factors.