By rssfeeds-admin 
A global corporation headquartered in Beachwood, Ohio. U.S. District Judge Pamela A. Barker handed down the sentence on August 21, followed by a three-year term of supervised release.
Restitution will be set at a later date.
Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division underscored the gravity of the breach: “The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company.”
He added that technical expertise and subterfuge would not shield cybercriminals from prosecution.
U.S. Attorney David M. Toepfer praised the FBI Cleveland Division’s investigative work: “The extreme chaos caused by just one person who weaponized his knowledge was not only disruptive—it was criminal.
Those who inflict damage will be held accountable.”
Court records reveal that Lu joined the victim company as a software developer in November 2007.
After a 2018 corporate realignment stripped him of key responsibilities and system privileges, he began crafting destructive code. By August 4, 2019, Lu had implemented multiple attack vectors:
- Infinite loops to crash or hang servers, denying user access
- Scripts to delete coworker profiles
- A concealed “kill switch” set to lock all users out if Lu’s Active Directory account is removed
When Lu was terminated and his credentials revoked on September 9, 2019, the kill switch—dubbed “IsDLEnabledinAD”—triggered, disrupting thousands of users globally.
Investigators also uncovered two malware programs named “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese for “sleep” or “lethargy”).
On the day he relinquished his company laptop, Lu ran commands to delete encrypted data, rendering it irretrievable by forensic tools.
Analysis of his internet search history revealed deliberate research into privilege escalation, process hiding, and rapid file deletion—clear indicators of his intent to obstruct remediation efforts.
The corporate victim sustained losses totaling hundreds of thousands of dollars.
FBI Cyber Division Assistant Director Brett Leatherman emphasized the case’s deterrent value: “Cyber actors who deploy malicious code and harm American businesses will face the consequences.
This sentencing sends a strong message about accountability and the importance of early insider threat detection.”
FBI Cleveland Special Agent in Charge Greg Nelsen added, “We will continue to defend American businesses from both external and insider threats, bringing cybercriminals like Davis Lu to justice.”
Prosecution was led by Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), and Assistant U.S. Attorneys Daniel J. Riedl and Brian S. Deckert for the Northern District of Ohio.
Since 2020, CCIPS has convicted over 180 cybercriminals and secured court orders for the return of more than $350 million in victim funds.
| Defendant | Nationality | Sentence | Supervised Release | Estimated Losses | Malware Names | Employment Period |
|---|---|---|---|---|---|---|
| Davis Lu, 55 | Chinese | 48 months | 3 years | Hundreds of thousands | IsDLEnabledinAD, Hakai, HunShui | Nov 2007 – Oct 2019 |
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Chinese Hacker Sentenced for Planting Kill Switch in U.S. Company’s Global Network appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.