A former developer was found guilty of releasing revenge malware on a corporate server after he was terminated from their position.
Published Aug 23, 2025 10:54 AM CDT
2-minute read time
TL;DR: A former Eaton senior developer, Davis Lu, was sentenced to four years in prison for deploying revenge malware that crashed the company’s global network, deleted data, and blocked employee logins after his demotion. The case highlights the severe consequences of insider cyber sabotage and the importance of early threat detection.
A former developer at power management company Eaton has been sentenced to prison after unleashing revenge malware on the company’s network.
2
VIEW GALLERY – 2 IMAGES
The former developer is 55-year-old Davis Lu, who spent 12 years at Eaton before he decided to take down its network with malware. Why did Lu turn on his employer? During his time at the company, Lu climbed the corporate flagpole to the level of senior developer of emerging technology, but then Eaton went through a restructuring phase that resulted in Lu being demoted. Following this bad news, Lu installed a “kill switch” that was designed to activate if the company removed his local network access.
TrendingTrending Now: NVIDIA silently launches record-breaking mini PC, flexing a tiny compact powerhouse
The malware was in the form of a Java program that was designed to generate increasing numbers of non-terminating threads in an infinite loop, which would eventually exceed the server’s resources and crash the network. Lu labelled this malware as “IsDLEnabledinAD,” which stands for “Is Davis Lu enabled in Active Directory,” and uploaded it using his corporate credentials. Eaton unknowingly activated the malware when Lu was terminated from his position on September 9, 2019.
In addition to bringing down a global corporate network, Lu’s malware resulted in the deletion of some corporate data and the prevention of login attempts of thousands of Eaton employees. Lu was arrested less than a month after the malware infected the server, and after pushing for a corporate trial, Lu was found guilty of intentionally damaging a protected computer and sentenced to four years in prison, with an additional three years of supervised release.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a US company. However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions,” said acting Assistant Attorney General Matthew Galeotti of the Justice Department’s Criminal Division in an email
“I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early,” said assistant director Brett Leatherman of the FBI’s Cyber Division
