Developer Sentenced to 4 Years in Prison for Creating “Kill Switch” in Former Employer’s Systems
A former software developer has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with custom malware and a “kill switch” that locked out thousands of employees worldwide.
According to the U.S. Department of Justice, 55-year-old Davis Lu, a Chinese citizen legally residing in Houston, worked at Ohio-based Eaton Corporation from 2007 until his dismissal in 2019. Following a demotion during a corporate restructuring in 2018, Lu anticipated being fired and began plotting revenge by embedding malicious code into the company’s production environment.
The malware carried out multiple disruptive actions:
- Running infinite loops that strained servers.
- Deleting colleagues’ profile files.
- Blocking legitimate logins.
- Forcing repeated system crashes.
Most notably, Lu developed a “kill switch” named IsDLEnabledinAD (Is Davis Lu Enabled in Active Directory). The code was designed so that if Lu’s account was ever disabled in Active Directory, the system would immediately lock out all users across the network.
On September 9, 2019, Lu was terminated and his account deactivated, triggering the kill switch. As a result, thousands of Eaton employees around the globe were locked out of corporate systems.
“The defendant violated his employer’s trust by abusing his access and technical knowledge to sabotage corporate networks, creating chaos and causing the company hundreds of thousands of dollars in losses,” the U.S. Attorney’s Office stated.
When asked to return his company-issued laptop, Lu allegedly attempted to wipe it, deleting encrypted data. Forensic investigators later found evidence that he had been researching privilege escalation, process hiding, and rapid file deletion techniques in the lead-up to the sabotage.
In March 2025, Lu was convicted of intentionally damaging protected computers. Prosecutors emphasized that beyond deploying destructive code, he also attempted to cover his tracks—believing his technical expertise would shield him from accountability.
Lu has now been sentenced to four years in federal prison, followed by three years of supervised release upon completion of his term.
