Introduction to the Case

A 55-year-old software developer, Davis Lu, has been convicted by a jury for deploying malicious code that sabotaged his former employer's network. The code, which was designed to cause intentional damage to protected computers, allegedly cost the company hundreds of thousands of dollars in losses.

Lu had worked at the Ohio- and Dublin-based power management company, Eaton Corp, for about 11 years before his termination in 2019. However, it was during his time at the company, specifically in 2018, that Lu became disgruntled with a corporate realignment that reduced his responsibilities.

The Malicious Code

Lu's efforts to sabotage the company's network began in 2018, and by the next year, he had planted different forms of malicious code. The code created infinite loops that deleted coworker profile files, prevented legitimate logins, and caused system crashes. The code was named using the Japanese word for destruction, Hakai, and the Chinese word for lethargy, HunShui.

The most destructive aspect of the code was a kill switch that Lu designed to shut down everything if he was ever terminated. The kill switch, which was named IsDLEnabledinAD, an apparent abbreviation of Is Davis Lu enabled in Active Directory, automatically activated on the day of Lu's termination in 2019, disrupting Eaton Corp users globally.