Ex-Programmer Davis Lu Jailed for Triggering Malicious “Kill Switch” at Eaton

In March 2025, 55-year-old programmer Davis Lu had triggered a “kill switch” to delete company data. He has now been sentenced by the U.S. Department of Justice to four years in prison and three years of supervised release.

From November 2007 to October 2019, Lu was employed at Eaton Energy Management, a U.S.-based company. Following a corporate restructuring in 2019, he was demoted and his server access privileges were curtailed.

Sensing that his dismissal was imminent, Lu began crafting malicious code, which he named Hakai (a Japanese word meaning “destruction”) and Hunshui (a Chinese word meaning “sleep” or “lethargy”). Once activated, the malware initiated endless loops, spawning non-terminating threads that consumed system resources.

The ultimate effect of the code was to exhaust server hardware resources until the systems became unresponsive, preventing other Eaton employees from logging in or using them. Additionally, the malware was programmed to delete colleagues’ personal folders.

Lu’s “kill switch” was embedded in a script named isDLEnabledInAD — shorthand for “Is Davis Lu enabled in Active Directory.” When his termination led to his account being disabled and removed from Microsoft Active Directory, the malware recognized that his account was “dead” and automatically triggered its destructive routines.

During the investigation into the infinite loops and runaway threads, Eaton’s security team uncovered the kill switch. Tracing the code led back to a machine once used exclusively by Lu, which had been connected to a server storing the malicious scripts.

The Justice Department’s Criminal Division declared that the defendant had abused his access and technical expertise to sabotage the company’s network, causing severe damage. Eaton spent hundreds of thousands of dollars restoring its systems and recovering data.

In the sentencing memorandum, the presiding judge stated that Lu is now a convicted felon, a label that will follow him for the rest of his life. His once-promising career has been irreparably destroyed, and his actions have also devastated his family’s financial stability.

Beyond the immediate damage, investigators revealed that Lu attempted to conceal his tracks, likely hoping his technical prowess would shield him from accountability. Ultimately, however, his crimes were laid bare and brought to justice.

Related Posts:

• Conti ransomware source code leaks
• NVIDIA: “No Backdoors, No Kill Switches,” Rejecting Calls for Government Hardware Controls
• The WhatsApp Kill Switch: New npm Packages Use Developer’s Phone Number to Wipe Systems