Regardless of how unfairly you are treated at your current job or how unhappy you are there, it"s probably not a good idea to take revenge on your employer through illicit means. This is exactly what an IT worker found out after deploying and subsequently activating a killswitch that crippled company systems after he was suspended.
Bleeping Computer has pointed to a press release from the U.S. Department of Justice (DoJ), which explains the story of David Lu, a Chinese national legally residing in Houston and reportedly employed by Eaton Corporation. Lu began his employment at the firm in November 2007 as a software developer, but after a corporate restructuring in 2018, he was effectively demoted as his access was reduced and so were his responsibilities.
This is seemingly the time that Lu sought revenge, and by April 2019, he had introduced malicious code into his employer"s infrastructure. Details regarding how Lu got access to sensitive architectural components are unclear, but he seemingly deployed infinite loops in some code sections that would exhaust system resources, resulting in crashes and hangs.
In addition, he created a killswitch dubbed IsDLEnabledinAD, which basically meant "Is David Lu Enabled in Active Directory?" As the name suggests, this killswitch would periodically check if his credentials were enabled in Active Directory, and lock all users from Active Directory if his credentials were identified as being deactivated. This killswitch got triggered on September 9, 2019, when Lu was placed on administrative leave and asked to surrender his laptop.
Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department"s Criminal Division emphasized that Lu"s actions locked out thousands of employees from the system, resulting in losses worth hundreds of thousands of dollars for the employer too. Assistant Director Brett Leatherman of the FBI’s Cyber Division further mentioned that:
The FBI works relentlessly every day to ensure that cyber actors who deploy malicious code and harm American businesses face the consequences of their actions. I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.
It"s frankly astounding that an employee was able to get enough access to critical infrastructure to deploy malicious code which was seemingly never audited by anyone else at the firm either, but we suppose it may be possible for an employee who has worked for over a decade at their workplace, knows the ins and outs of the architecture, and is vengeful enough.
Indeed, the FBI discovered Lu"s internet search history to consist of methods to escalate privileges, delete files, and hide processes. Following his conviction by the jury, Lu has been sentenced to four years in prison and three years of supervised release.