Chinese National Sentenced to Prison for Deploying Destructive Computer Code on Ohio-based Company’s Global Network

CLEVELAND - A Chinese national who inflicted severe damage to the computer network systems of a global corporation where he was formerly employed has been sentenced to prison.

Davis Lu, 55, a citizen of China residing in Houston and authorized to legally work in the U.S., was sentenced to 48 months (four years) in prison by U.S. District Judge Pamela A. Barker Aug. 21. A federal jury convicted Lu in March of intentionally damaging protected computers for his role in creating destructive computer code that he deployed on his former employer’s network. He was also ordered to serve three years of supervised release after imprisonment. Restitution is to be determined at a later date.

“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions. The Criminal Division is committed to identifying and prosecuting those who attack U.S. companies, whether from within or without, to hold them responsible for their actions.”   

“The extreme chaos caused by just one person who used his creative mind and technical talents to thwart his employer’s business operations was not only disruptive – it was criminal. Those who weaponize their knowledge to inflict damage will be held accountable,” said U.S. Attorney David M. Toepfer for the Northern District of Ohio. “We would like to acknowledge and thank the FBI Cleveland Division for their incredible expertise in investigating computer crimes to bring criminals like Mr. Lu to justice.”

According to court documents and evidence presented at trial, Lu was employed as a software developer for the victim company headquartered in Beachwood, Ohio, from November 2007 to October 2019. In 2018, Lu began to sabotage his employer’s systems after a corporate realignment reduced his responsibilities and system access. By Aug. 4, 2019, he introduced malicious code that caused system crashes and prevented user logins. Specifically, he created what are known as “infinite loops,” that resulted in server crashes or hangs, making it unavailable to users. Lu also created code to delete coworker profiles, and implemented a “kill switch” that would lock out all users if his name was removed from the company’s directory.

On Sept. 9, 2019, the kill switch was triggered when Lu was terminated from the company and his computer credentials were disabled. With the “kill switch” activated, thousands of company users were impacted globally. Lu named his kill switch code “IsDLEnabledinAD”, which was an abbreviation for “Is Davis Lu enabled in Active Directory.”

Investigators learned that the defendant named another malware program “Hakai,” a Japanese word meaning “destruction,” and “HunShui,” a Chinese word meaning “sleep” or “lethargy.” Additionally, on the day he was directed to turn in his company laptop, Lu deleted encrypted data and ran a command that made the data unrecoverable by forensic software. His internet search history revealed he had researched methods to escalate privileges, hide processes, and rapidly delete files, indicating an intent to obstruct efforts of his co-workers to resolve the system disruptions. Lu’s employer suffered hundreds of thousands of dollars in losses as a result of his actions.

"The FBI works relentlessly every day to ensure that cyber actors who deploy malicious code and harm American businesses face the consequences of their actions,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “I am proud of the FBI cyber team’s work which led to this sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.”

The investigation leading to the indictment was conducted by the FBI Cleveland Division.

“Davis Lu was intent on inflicting widescale damage to his employer with reckless disregard,” said FBI Cleveland Special Agent in Charge Greg Nelsen. “The FBI is committed to protecting businesses from cyber intrusions and crippling threats to their companies, not only from unknown attackers, but also when the criminal is a once-trusted employee whose skill and intellect was used for malicious purposes. We will continue to defend the homeland and its American businesses to identify and investigate cyber criminals who seek to harm companies, and we will bring them to justice.”

Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), and Assistant United States Attorneys Daniel J. Riedl and Brian S. Deckert for the Northern District of Ohio, prosecuted the case.

The Department of Justice’s CCIPS investigates and prosecutes cybercrime in coordination with domestic and international law enforcement agencies, often with assistance from the private sector. Since 2020, CCIPS has secured the conviction of over 180 cybercriminals, and court orders for the return of over $350 million in victim funds.