Developer built a "kill switch" into Eaton's network in case of release and received 4 years in prison

What could be worse than losing an interesting and profitable job? Losing your job and then being imprisoned for sabotaging your former employer’s network. Yes, not every revenge story ends with a happy ending, as depicted in Hollywood blockbusters.

Software engineer Davis Lu worked at Eaton Corporation from 2007 to 2019. It is a large company with more than 92 thousand employees and $24.9 billion in revenue in 2024. On a bad day, Lu decided that he could leave his own “time bomb” on his employer’s network in case he was forced to look for another job.

According to the U.S. Department of Justice, a month before Davis was fired, Lu created “infinite loops” — code that continuously generated Java threads without completing correctly, overloading servers and causing them to crash. He also deleted colleagues’ profile files and installed a “kill switch” that would block all users if their Active Directory account was deactivated.

He hid this “kill switch” in a surprisingly primitive way. The activation function was called IsDLEnabledinAD — short for Is Davis Lu enabled in Active Directory. It was automatically triggered when the developer was placed on leave and asked to hand over his corporate laptop. The result was a global outage of Eaton systems that affected thousands of employees.

When Lu realized that he would have to pay for his plan, he also deleted the encrypted data on the day he handed in the equipment. The investigation found that he was looking for methods to increase privileges in the system, hide processes, and quickly delete files. This confirmed his intention to prevent his colleagues from restoring the infrastructure.

As a result, Davis Lu was arrested and taken to court. The court found him guilty and sentenced him to four years in prison and another three years of supervised release after serving his sentence.

Source: tomshardware