r/technology • u/Choobeen • 9h ago
Software Houston-based (Eaton Corp.) developer gets 4 years for activating network “kill switch” to avenge his firing
https://arstechnica.com/tech-policy/2025/08/developer-gets-4-years-for-activating-network-kill-switch-to-avenge-his-firing242
u/OnlyProblems 8h ago
"was code that Lu named after himself, "IsDLEnabledinAD," which the DOJ translated as an abbreviation for "Is Davis Lu enabled in Active Directory.""
So there was no expectation to get away with this at all? Surely you disguise the name if you're attempting to cause havoc?
191
u/Jackleme 8h ago
On top of that like... put in a delay, and make the script delete itself and the logs?
There are so many things he could have done to at least TRY to cover his tracks.... Why not load a piece of malware that encrypts everything in all the log and storage servers, and then spreads out to the PC's from there? Why not make the script fire at a random time 15 - 45 days after the condition is met (to avoid it being right after his account gets disabled)....
Seems to me this dude was just an idiot, or mentally unwell.
146
u/c0lin46and2 8h ago
Maybe this is why he was fired. He's dumb?
92
u/sunshine-x 8h ago
Well, you don’t hear about talented people’s dead man’s switches going off, do you!
23
u/Isgrimnur 7h ago
On top of that like... put in a delay, and make the script delete itself and the logs?
You gotta Whte_rbt.obj
39
u/aft_punk 5h ago
Ah, Ah , Ah… You didn’t say the magic word!
Ah, Ah , Ah… You didn’t say the magic word!
Ah, Ah , Ah… You didn’t say the magic word!
Ah, Ah , Ah… You didn’t say the magic word!
Ah, Ah , Ah… You didn’t say the magic word!
1
3
1
22
u/OcotilloWells 8h ago
Doubtful the name of the function adjusted them. But it looking for d.lu or davis.lu in Active Directory may have been a real flag.
4
u/EuphoricCrashOut 6h ago
Maybe it was a script to unlock his account, but someone else at the Company went in and edited/changed it? Wonder if he had any enemies.
1
1
u/grayhaze2000 1h ago
He possibly wanted them to know that it was his doing as part of the revenge. Never underestimate the stupidity of those whose driving factor is malice.
425
u/9-11GaveMe5G 9h ago
That "kill switch" was designed to "lock out all users if his credentials in the company’s active directory were disabled
So what if he just died of a heart attack in his sleep, rather than being fired like he expected?
401
151
u/JesusHipsterChrist 8h ago
"If I die before I Wake...I give the lord my toys to break...because I dont want other kids playing with them." -Shel Silverstein
7
12
u/Ok-Creme8960 7h ago
Shel Silverstein’s portrait was frightening as a kid. And, never mind that noise you heard.
19
7
65
u/almo2001 4h ago
But the bankers who messed up the entire economy in 2008 no jail time.
29
u/CypherAZ 3h ago
My thought exactly, when it’s executive teams doing damage by design….thats just the cost of doing business…what a double standard.
71
u/DeafHeretic 8h ago
IMO (as a retired s/w dev with 35 years experience), not a lot of technical savvy or thought went into his revenge attempt or the ramifications if he was caught.
I've been laid off many times. As often as not, the org itself self immolated later - I did not have to (or want to) do anything. Stuff happens (like the dot com crash). Deal with it and move on - IME, it was usually to bigger and better things.
36
u/AngusMeatStick 6h ago
When I was let go from a role I scheduled a handful of announcements in our middleware software asking where I was, starting from about two weeks after I left. The messages got slowly more angry asking for me, but never crossed a line.
Anyone who would pay attention would know it was me, and a harmless prank... But I never asked my old mentor if they had seen it.
Basically, developing a kill switch is psychotic behavior. It's something you just joke about with other devs, not actually do.
5
u/4114Fishy 3h ago
I mean it's fine to do one with contracted work until you're done, to make sure you're paid etc.
2
u/Business-Proof9882 1h ago
Don't even joke about it, don't even mention it. I did after I resigned during my leaving period and got matched off site, I was too young to realise the consequence of mentioning it to a friend , well I thought he was a friend.
6
u/InternalBirthday6185 5h ago
I don't think it's psychotic to put in a kill switch, but it's definitely a big no no. I love the company I work for, but if I were laid off because they are moving development to India or the Phillipines, I'd be very tempted lol
27
u/OrneryError1 6h ago
Does this really deserve a prison sentence?
27
26
u/DingleDangleTangle 4h ago
Probably a good thing.
I don’t want my plane crashing or my hospital’s systems to go out because they fired some disgruntled employee. I mean shit, imagine if someone got fired from AWS and left something to take down their servers. This sort of thing needs to be very highly discouraged.
4
u/JShelbyJ 2h ago
And Eaton, being an infrastructure provider, could have those outcomes come to fruition.
1
u/FreyaVanDenHeuvel 1h ago
4 years is an absurdly long amount of time for something where no one died or was injured, really shows how little worth our lives are assigned by the people in power….
11
9
2
u/PanzerKomadant 2h ago
Corporations ruin lives for no punishments, but lord of mercy if an employee puts a kill switch! The government is going to be on their ass!
It’s like paying taxes. You better hope your taxes are in proper order or the IRS is gonna come knocking. But corporations can avoid and skirt the IRS as many times as they want and get a tap on their wrist.
2
7
u/Viharabiliben 6h ago
Why would a dev have admin level access to AD? A dev should never have that kind of access to change any account in AD. Seems like there were poor controls at Eaton.
7
u/spec-tickles 3h ago
To me it sounds like his code monitored the status of his AD credentials, and locked the whole company out of a resource he did have authority over.
1
1
u/justifications 2h ago
It's probably not unusual for companies that are downsizing employees to also cross train the other remaining employees "to wear more hats" or moments of "say you know rather than me always being the person who updates AD it would be easier if I allowed an entire executive admin branch the same rights as regular admins" with the latter being a major oversight.
I once worked IT help desk at a student loan consolidation company. My higher ups were all exec brown nosers, lots of ex cons, everyone above my pay grade was basically a friend of someone's friend which is why they got the job, not because they were skilled in IT. That same job gave my base level help desk role administrator rights in AD because I was responsible for setting up new users regularly.
At one point we hired a few dudes who were actually more qualified than me, and more qualified for my entire department... Those dudes knew their shit. One of them even got me fired because he felt like I was a "knowledge risk" to the company, essentially I knew too much, so they were looking for a reason to fire me. I used to flirt with the secretary a lot, they caught us flirting through email (full on consensual dirty talk convos through company email). New admin guys pulled all my emails, printed them out and that's what I was threatened with in order to get me to quit.
That place sucked and I had dirt on the CEO which is why they really wanted me out.
2
u/Pryoticus 2h ago
They got what they deserve is their security was such that this was possible for a single person to do.
1
u/ThisIsKev 2h ago
Bet money the guy rhought it was a good fuck you and didn't expect jail time. He could have doubled or tripled down on the malice easily.
1
0
u/CheezTips 1h ago
Disgruntled developer was caught after naming the "kill switch" after himself.
That's just idiotic.
A disgruntled developer has been sentenced to four years in prison after building a "kill switch" that locked all users out of a US firm's network the moment that his name was deleted from the company directory.
And brilliant!
Davis Lu, a 55-year-old Chinese national residing in Houston
Why aren't they deporting this fucker after he serves his term?
-16
195
u/Sovngarten 7h ago
I tried to do something similar with a local employer who inevitably downsized me for some financial reason or other. I had a remote login still established to my former computer, which inexplicably had access to the company servers (I was in shipping).
In a moment of clarity months later, I remotely logged in only to delete my access to remote access, removing any stupid ass temptation.