# Software Developer Found Guilty for Inserting Malicious Code to Challenge Ruling
Davis Lu, a 55-year-old software developer, faces a potential sentence of up to 10 years in prison following his conviction for undermining the computer systems of his previous employer. The U.S. Department of Justice (DOJ) revealed that Lu was deemed guilty of “intentionally damaging protected computers” at Eaton Corp., a power management firm located in Ohio and Dublin. Despite the ruling, Lu intends to contest the verdict, asserting his innocence.
## Case Background
Lu had worked at Eaton Corp. for 11 years when a corporate reorganization in 2018 diminished his role. Reportedly dissatisfied with this alteration, Lu started to implement malicious code within the firm’s network. Over the subsequent year, he introduced various types of harmful scripts aimed at disrupting functions.
According to the DOJ, Lu’s sabotage actions included:
– **Endless Loop Codes**: These scripts erased colleague profile files, hindered legitimate logins, and caused system failures.
– **Harmful Naming Schemes**: He referred to some of the malicious codes using the Japanese term for destruction, “Hakai,” and the Chinese term for lethargy, “HunShui.”
– **A Shutdown Mechanism**: Possibly the most damaging aspect of Lu’s assault was a “kill switch” intended to disable the company’s systems should he be terminated.
This kill switch, called “IsDLEnabledinAD” (likely a shorthand for “Is Davis Lu enabled in Active Directory”), activated automatically upon the day of his dismissal in 2019, impairing Eaton Corp.’s global operations.
## Uncovering the Malicious Code
Eaton Corp. uncovered the sabotage while probing system crashes linked to infinite looping. The company traced the malicious code to a server that only Lu had access to. A court document revealed that investigators discovered additional harmful scripts on that server, including those that deleted user profile information and triggered the kill switch.
Further inquiry into Lu’s search history indicated he had looked into methods to gain elevated privileges, conceal processes, and swiftly erase files—implying an intention to hinder resolve efforts regarding the disruptions.
## Legal Developments and Appeal
During the investigation, Lu acknowledged creating the infinite loop code. Nonetheless, his lawyer, Ian Friedman, expressed that Lu feels “disappointed” with the jury’s verdict and plans to appeal.
“Davis and his supporters stand by his innocence, and this issue will be reviewed at the appellate level,” Friedman informed Cleveland.com.
The DOJ has yet to establish a sentencing date, but Lu could potentially face a 10-year prison term if the conviction is upheld.
## Effects on Cybersecurity
This case underscores the considerable dangers posed by insider threats to organizations. It is crucial for companies to enforce stringent access controls, routinely audit system activity, and adopt comprehensive cybersecurity strategies to avert similar occurrences.
As Lu gears up to challenge his conviction, this case serves as a warning for businesses and IT professionals regarding the possible repercussions of internal security breaches.
