Staff Report
A federal jury in Cleveland has found a Texas man guilty of deploying malicious code to disrupt his former employer’s computer network, causing severe operational and financial damage.
Davis Lu, 55, of Houston, was convicted of intentionally damaging protected computers.
According to court records and trial evidence, Lu worked as a software developer for a company based in Beachwood, Ohio.
After a corporate restructuring in 2018 reduced his job responsibilities, he retaliated by sabotaging the company’s systems.
Lu’s actions included planting “infinite loops” to crash servers, deleting his coworkers’ profile files, and installing a “kill switch” — labeled “IsDLEnabledinAD” — designed to lock out all users if his access was revoked.
When Lu was fired in September 2019, the kill switch activated, affecting thousands of users worldwide.
He also embedded other malicious programs named “Hakai” (meaning destruction) and “HunShui” (sleep or lethargy).
In addition, Lu deleted encrypted data from his company laptop and researched ways to gain higher-level access and conceal his activities, further complicating recovery efforts.
The company suffered hundreds of thousands of dollars in losses due to the attack.
“Mr. Lu deliberately targeted a company that serves various industries and organizations,” said Acting U.S. Attorney Carol M. Skutnik. “We, along with the FBI and the Criminal Division, remain committed to prosecuting those who seek to disrupt business operations and cause broader harm.”
FBI Special Agent in Charge Greg Nelsen added, “Instead of using his skills constructively, Davis Lu chose to sabotage his employer, affecting thousands of users globally.”
Lu faces a maximum sentence of 10 years in prison. His sentencing date has yet to be scheduled.
The FBI’s Cleveland Division led the investigation.
