TZUTC: -0500
MSGID: 1423.consprcy@1:2320/105 2d10673e
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
A disgruntled worker built his own kill-switch malware to take down his 
former employer - and it didn't pay off

Date:
Sun, 24 Aug 2025 06:02:00 +0000

Description:
Once again, malicious insiders prove as dangerous as outside threats, if not
more.

FULL STORY

A disgruntled worker has been sentenced to four years in prison after
installing kill switch malware on his employers network which was set to
trigger if he ever lost network access. 

According to a Department of Justice (DoJ) press release, a Chinese national
named Davis Lu was working for an unnamed software company between November
2007 and October 2019. In 2018, he was demoted and lost system access, after
which he began sabotaging his employers systems. By early August 2019, he
introduced malware that crashed systems and prevented other users from 
logging in. 

Court documents also revealed he created infinite loops that crashed servers,
deleted coworker profile files, and ultimately built a kill switch that would
lock out all users if his access to Active Directory was revoked. In early
September 2019 he was asked to surrender his laptop, after which the kill
switch was triggered.

Hundreds of thousands of dollars in damages 

Investigators found plenty of incriminating evidence on that laptop, 
including that on the day he turned his device in - he deleted encrypted 
data. 

An analysis of his search history showed he was looking for ways to escalate
privileges, hide processes, and quickly delete files. Finally, the kill 
switch code was named IsDLEnabledinAD, short for Is Davis Lu enabled in 
Active Directory. 

A month after the malware ran, Lu was arrested, and later stood trial in 
front of the jury. 

During the trial, it was shown that Lus employer suffered hundreds of
thousands of dollars in losses, as a direct consequence of his actions. Now,
Lu will spend four years in prison, with an additional three years of
supervised release. 

"The FBI works relentlessly every day to ensure that cyber actors who deploy
malicious code and harm American businesses face the consequences of their
actions, said Assistant Director Brett Leatherman of the FBIs Cyber Division. 

I am proud of the FBI cyber teams work which led to todays sentencing and 
hope it sends a strong message to others who may consider engaging in similar
unlawful activities. This case also underscores the importance of identifying
insider threats early and highlights the need for proactive engagement with
your local FBI field office to mitigate risks and prevent further harm. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-disgruntled-worker-built-his-own-kill
-switch-malware-to-take-down-his-former-employer-and-it-didnt-pay-off

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426