A 55 year-old man from Texas has been convicted [[link]] by a jury of "causing intentional damage to protected computers" owned by his former employer, Eaton Corp, after creating malicious code that sabotaged elements of the company's network alongside a "kill switch" designed to shut down everything if he were laid off.
The US Department of Justice [[link]] (), adding that Davis Lu faces a maximum sentence of 10 years in prison. Lu had been employed by Eaton Corp for 11 years before a corporate reshuffle in 2018 "reduced his responsibilities", with the coder beginning his efforts to sabotage the company network later that year.
Lu's code was discovered by other Eaton Corp software engineers trying to solve the system crashes and infinite looping, and was found to be being executed from a computer using Lu's user ID and running on a server that only Lu had access to. This server was found to contain other malicious code, including the string that activated the kill switch.
goes on to say that, when Lu was requested to return a company computer, he "deleted encrypted volumes, attempted to delete the [[link]] Linux directories, and attempted to delete two projects." Examination of the computer further showed that Lu had "conducted internet searches querying how to escalate privileges, hide processes, and delete large folders and / or files."
Finally, on October 7, 2019, Lu "admitted to investigators that he created the code described."
"Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide," said FBI Special Agent Greg Nelsen.
"Although disappointed, we respect the jury’s verdict," said Lu's attorney, Ian Friedman, adding that they intended to appeal. "Davis and his supporters believe in his innocence and this matter will be reviewed at the appellate level."
Lu faces a maximum penalty of ten years in prison, with a sentencing date yet to be set.