Chinese Hacker Sentenced for Planting Kill Switch in U.S. Company’s Global Network

A federal jury’s March conviction of Davis Lu, a 55-year-old Chinese national residing in Houston, culminated in a 48-month prison sentence for deliberately sabotaging the computer network of his former employer.

A global corporation headquartered in Beachwood, Ohio. U.S. District Judge Pamela A. Barker handed down the sentence on August 21, followed by a three-year term of supervised release.

Restitution will be set at a later date.

Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division underscored the gravity of the breach: “The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company.”

He added that technical expertise and subterfuge would not shield cybercriminals from prosecution.

U.S. Attorney David M. Toepfer praised the FBI Cleveland Division’s investigative work: “The extreme chaos caused by just one person who weaponized his knowledge was not only disruptive—it was criminal.

Those who inflict damage will be held accountable.”

Court records reveal that Lu joined the victim company as a software developer in November 2007.

After a 2018 corporate realignment stripped him of key responsibilities and system privileges, he began crafting destructive code. By August 4, 2019, Lu had implemented multiple attack vectors:

• Infinite loops to crash or hang servers, denying user access
• Scripts to delete coworker profiles
• A concealed “kill switch” set to lock all users out if Lu’s Active Directory account is removed

When Lu was terminated and his credentials revoked on September 9, 2019, the kill switch—dubbed “IsDLEnabledinAD”—triggered, disrupting thousands of users globally.

Investigators also uncovered two malware programs named “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese for “sleep” or “lethargy”).

On the day he relinquished his company laptop, Lu ran commands to delete encrypted data, rendering it irretrievable by forensic tools.

Analysis of his internet search history revealed deliberate research into privilege escalation, process hiding, and rapid file deletion—clear indicators of his intent to obstruct remediation efforts.

The corporate victim sustained losses totaling hundreds of thousands of dollars.

FBI Cyber Division Assistant Director Brett Leatherman emphasized the case’s deterrent value: “Cyber actors who deploy malicious code and harm American businesses will face the consequences.

This sentencing sends a strong message about accountability and the importance of early insider threat detection.”

FBI Cleveland Special Agent in Charge Greg Nelsen added, “We will continue to defend American businesses from both external and insider threats, bringing cybercriminals like Davis Lu to justice.”

Prosecution was led by Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), and Assistant U.S. Attorneys Daniel J. Riedl and Brian S. Deckert for the Northern District of Ohio.

Since 2020, CCIPS has convicted over 180 cybercriminals and secured court orders for the return of more than $350 million in victim funds.

Defendant	Nationality	Sentence	Supervised Release	Estimated Losses	Malware Names	Employment Period
Davis Lu, 55	Chinese	48 months	3 years	Hundreds of thousands	IsDLEnabledinAD, Hakai, HunShui	Nov 2007 – Oct 2019

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Chinese Hacker Sentenced for Planting Kill Switch in U.S. Company’s Global Network appeared first on Cyber Security News.