Developer gets prison time for sabotaging former employer’s network with a ‘kill switch’

A former software developer has been handed a four-year prison sentence for intentionally sabotaging the computer network of his previous employer following his departure from the company. Davis Lu, aged 55, was found guilty of implementing a malicious 'kill switch' that was designed to crash the firm’s servers if he lost his job. The sabotage was triggered when Lu’s employment was terminated, and his access credentials were revoked. The malicious code, named "IsDLEnabledinAD," checked if Lu's account remained active in the company’s Active Directory, leading to widespread access issues for thousands of employees. According to the Justice Department, which oversaw the prosecution, the unnamed employer—allegedly the power technology firm Eaton—suffered damages amounting to hundreds of thousands of dollars due to this malicious act. Authorities were able to trace Lu's actions in part through his internet search history, which contained queries related to techniques for escalating privileges, concealing processes, and rapidly deleting files.