In a case showcasing the potentially devastating consequences of insider cyber attacks, Davis Lu, a Chinese national located in Houston, was sentenced to a four-year prison term after being found guilty by a federal jury for his involvement in implementing harmful computer code that damaged his former employer's network system, as reported by the U.S. Attorney's Office, Northern District of Ohio. The sentence was handed down by U.S. District Judge Pamela A. Barker on August 21, followed by an impending three-year supervised release and a yet-to-be-determined restitution fee.
The chaos that ensued from Lu's actions was immense but Acting Assistant Attorney General Matthew R. Galeotti encapsulated the gravity of the situation, stating through the U.S. Attorney's Office, "The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," and he emphasized that those who malign their technical acumen to damage U.S. firms, whether from within or without, will be held accountable. U.S. Attorney David M. Toepfer further elaborated on the dangerous potential of such individual knowledge weaponization, lauding the FBI's efforts in tracking down and prosecuting the culprits of such computer crimes.
Lu's employment history with the victimized company, a Beachwood, Ohio-based corporation, stretched from November 2007 to October 2019, but the destructive turn in his behavior followed a corporate restructuring that saw his responsibilities and system access curtailed. The malicious actions culminated on September 9, 2019, when Lu's severance from the company activated a so-called "kill switch," named "IsDLEnabledinAD," abutting thousands of global company users due to impaired access—a perverse homage to his presence within the company's Active Directory.
The investigation uncovered that Lu also established other malevolent programs with names like "Hakai," and "HunShui," which are words for "destruction" in Japanese and "sleep" or "lethargy" in Chinese, respectively this insight into Lu's operational mindset was drawn from a decisive court testimony and Lu's own deletion of encrypted data and the execution of commands that attempted to evade detection by forensic software, his internet searches notably included escalations of user privileges hiding processes and rapid file deletion, showing premeditation for covering his digital tracks. According to Assistant Director Brett Leatherman of the FBI's Cyber Division, the diligent work of the FBI cyber team showcases the agency's dedication to ensuring that such malefactors are held accountable and stresses the importance of businesses to proactively engage with the FBI to prevent insider threats.
Special Agent in Charge Greg Nelsen of the FBI Cleveland emphasized the bureau's resolve to protect U.S. businesses not only from unknown cyber threats but also from those who might betray the trust once put in them by their employers. The case was prosecuted by Senior Counsel Candina S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section, and Assistant United States Attorneys Daniel J. Riedl and Brian S. Deckert for the Northern District of Ohio, reinforcing the ongoing battle against cybercrime in the digital age.
