The 55-year-old Chinese citizen has been sentenced to four years of prison and three years of supervised release to deploy a kill switch that blocked the previous employer’s network with custom malware and locked out employees when their accounts were disabled.
Davis Lou, 55, of Houston, Texas, was found guilty in March 2025 of intentionally causing damage to a protected computer. He was arrested and charged with abusing his status as a software developer who runs malicious code on his employer’s computer server.
“The defendant violated the employer’s trust by using access and technical knowledge to disrupt the company’s network, causing chaos and causing hundreds of thousands of dollars losses for a US company,” said Deputy Assistant Advisor Matthew R. Galeotti, Criminal Division of the Department of Justice.
“However, the defendant’s technically savvy and modest person did not save him from the consequences of his actions.”
Court documents show that LU was hired as a software developer for an unnamed Ohio-based company from November 2007 to October 2019. However, after the company’s reorganization in 2018 was cut in his responsibility and access to the system, LU enacted a scheme around August 2019 that intentionally introduced malicious code.
To separate this, LU is said to have created an infinite loop in the source code to trigger a crash in the server by repeatedly creating a new Java thread without proper termination. I also implemented a Kill Switch that removes coworkers’ profile files and locks out all users if their company’s Active Directory credentials become invalid.
“The “kill switch” code – the “abbreviated” with lu named “isdlenabledinad” and “Davis lu is enabled in Active Directory” was placed on vacation and was asked to surrender his laptop on September 9, 2019, affecting thousands of corporate users worldwide.
“The other codes are named “hakai,” a Japanese word meaning “destroy” and “hanshui,” and a Chinese word meaning “sleep” or “letharm.” ”
Additionally, Lu was instructed to return a laptop issued by the company, and the defendant attempted to remove the encrypted volume and erase the Linux directory and two additional projects. His history of internet search suggests attempts to escalate privileges, hide processes, bare the methods he studied to delete files, and sabotage the company’s efforts to resolve problems.
Lu’s illegal activities are estimated to cost the company hundreds of thousands of dollars, according to the department. The case also underscores the importance of early identification of insider threats, added Brett Leatherman, assistant director of the Federal Bureau of Investigation (FBI) cyber division.
