A Cleveland federal jury has convicted Davis Lu, a Houston-based senior software engineer, of launching a sophisticated malware attack against Eaton Corporation on August 9, 2019. The incident followed a corporate restructuring that demoted Lu, leading him to create a Java program designed to crash the company's systems. The malware, discovered on a Kentucky-based production server, unleashed an endless loop of non-cancelable threads, consuming resources until the system collapsed.
Lu's actions were premeditated, as evidenced by his user account's activity and further investigations revealing his authorship of code intended to corrupt user files. He cleverly labeled his programs "Hakai" and "HunShui," meaning 'destruction' and 'sleep' respectively, in Japanese and Chinese. His strategic planning extended to a kill switch named "IsDLEnabledinAD," activated upon his official termination on September 9, 2019, which effectively locked tens of thousands of employees out of their systems globally, causing significant financial losses.
The saga began when Lu was demoted in 2019, losing his job responsibilities and server privileges. Faced with the prospect of termination, Lu meticulously planned his revenge. His web search history revealed investigations into privilege escalation, data erasure, and process hiding. Upon returning his company laptop, forensic analysis showed attempts to erase encrypted files and delete critical code projects. On October 7, 2019, Lu confessed to federal authorities his role in the catastrophic system failures at Eaton Corporation.
Prosecutors highlighted Lu's deliberate actions, which included the creation of malicious programs that disrupted operations severely. His conviction now sees him facing up to 10 years in prison for knowingly destroying protected computer systems. The attack serves as a stark reminder of the potential risks posed by disgruntled employees with technical expertise.
