Case demonstrates risk of retaliation from terminated, demoted employees
A software developer in Texas has been convicted for developing a "kill switch" code that damaged his former employer's computer systems when it activated after he was fired.
David Lu, 55, was found guilty in Cleveland for writing and deploying malicious code on his former employer's network.
In a media release from the US Department of Justice, Lu was hired as a software developer for the Ohio-headquartered company between November 2007 and October 2019.
Evidence presented at trial, however, revealed that after a 2018 corporate restructuring reduced Lu's responsibilities and access privileges, he began sabotaging the company's systems.
Prosecutors said Lu introduced malicious code designed to crash servers and prevent employee logins. This included creating "infinite loops" that exhausted Java threads and deleting co-worker profile files.
He also developed a "kill switch" that would disable user access if his own credentials were revoked.
The kill switch, named "IsDLEnabledinAD" — short for "Is Davis Lu enabled in Active Directory" — was triggered automatically after Lu's termination on September 9, 2019.
Its activation affected thousands of users globally, with his actions resulting in hundreds of thousands of dollars in losses.
Further investigation revealed that Lu deleted encrypted data on the day he returned his company laptop. His internet search history also revealed that he looked up ways to escalate privileges, hide processes, and delete files quickly.
According to the probe, these actions indicated that he wanted to obstruct efforts by his colleagues to resolve the system disruptions.
Lu admitted to investigators in October 2019 that he created the code that caused disruption to his former employer's network.
He was convicted of causing intentional damage to protected computers, a charge that carries a maximum penalty of 10 years in prison. Sentencing has not yet been scheduled.
Lu's case is just one of the various incidents where former employees retaliated against their employers after they left the company.
In 2022, IT professional Casey K. Umetsu, Sr. pled guilty in September 2022 for disrupting his former employer's network operations for "personal gain."
According to the US DOJ, Umetsu incapacitated the company's web presence and email by purposefully misdirecting web and email traffic to computers unaffiliated with the company. He also kept the company locked out of the website, prolonging the outage for several days.
Last year, Indian national Kandula Nagaraju was sentenced to more than two years in jail after he accessed his former company's computer test systems and deleted 180 virtual servers, Channel News Asia reported.
The incident cost the employer about US$678,000, with the reason behind Nagaraju's actions pinned on his "confusion and upset" over being fired.
These incidents underscore the importance of compassionately terminating staff, as widespread layoffs across organisations over the past years raise the risk of employee retaliation.
Rudy Bailey, managing partner at RGP Consulting LLC, said it can be possible for employers to terminate workers gracefully and "with a thoughtful approach."
Bailey outlined on LinkedIn a practical framework that leaders can use in terminating an employee:
