Man found guilty of planting infinite loop logic bomb on ex-employer's system

55-year old Davis Lu, of Houston, Texas, has been found guilty of intentionally causing damage to the computer systems of his ex-employer, and could face up to 10 years in prison.

Lu had been employed as a software developer between 2007 and 2019 by multinational firm Eaton, which provides energy-efficient solutions for the aerospace, automotive and other industries.

However, when Lu's responsibilities were reduced in a restructuring of the organisation, and driven by concern that Eaton would no longer want to employ him, he began to sabotage the company's network.

According to a press release by the US Department of Justice (DOJ), by August 4 2019, Lu had planted malicious Java code onto his employer's network that would cause "infinite loops" that would ultimate result in the server crashing or hanging.

Furthermore, Lu was said to have deleted co-workers' profile files and had planted a "kill switch" that would lock all users out of the network if his own credentials were found to no longer be active in the company's Active Directory. In other words, if the company locked Lu out of its network, his logic bomb would lock everybody out.

Perhaps unwisely, Lu named his "kill switch" code "IsDLEnabledinAD" (an abbreviation for "Is Davis Lu enabled in Active Directory").

Sure enough, Lu's code activated on September 9, 2019, automatically when his employment was terminated, impacting thousands of Eaton's staff around the world. Prosecutors claimed in court that the incident cost the company "hundreds of thousands of dollars in losses."

When directed to hand in his company laptop following his dismissal, Lu was found to have erased encrypted data - but his internet search history showed that he had researched on the web methods to hide processes, rapidly delete files, and escalate his privileges. Prosecutors claimed that this was a deliberate attempt to prevent his co-workers from fixing the issues that he had caused.

Investigators found the code for Lu's malicious Java program on an internal Kentucky-based development server, and evidence that it was his user account that had been used to execute the malicious code on the company's production systems. Lu was found to be the only member of staff who had access privileges to the development server

Other malicious code written by Lu that was uncovered in the investigation was found to be named "Hakai" - the Japanese word for "destruction" - and “HunShui” a Chinese word meaning "sleep" or "lethargy."

On October 7, 2019, less than one month after his logic bomb first triggered, Lu admitted to federal investigators that he was responsible, but still decided to plead not guilty to charges of intentionally damaging a computer system.

Lu faces sentencing at a later date. His lawyers have said that they plan to appeal against his guilty verdict.

It is sadly not uncommon to find organisations attacked by disgruntled former employees. It has been going on for years.

Way back in 2009, for instance, a British man who had lost his job after lying about his qualifications and job history was found guilty of planting spyware on his former colleagues' PCs.

Two years later, fired IT manager Walter Powell found himself in hot water after he was found to have hijacked control of his former CEO's PowerPoint presentation as it was displayed to the board of directors, and replaced it with porn.

In 2012, Toyota said that an ex-IT contractor had broken into its computers systems, and stolen sensitive information including trade secrets.

Perhaps most bizarrely of all, a former Ubiquiti Networks software engineer was jailed for six years in 2023, after posing as an anonymous hacker attempting to extort $2 million. Nickolas Sharp was one the Ubiquiti staff assigned to investigate the very security breach he had perpetrated.

Too often companies do not recognise the threat that can be posed by insiders and roguee employees - the very people that a company has placed trust in to protect its sensitive information from falling into the hands of hackers.