In a case showcasing the potentially devastating consequences of insider cyber attacks, Davis Lu, a Chinese national located in Houston, was sentenced to a four-year prison term after being found guilty by a federal jury for his involvement in implementing harmful computer code that damaged his former employer’s network system, as reported by the U.S. Attorney’s Office, Northern District of Ohio. The sentence was handed down by U.S. District Judge Pamela A. Barker on August 21, followed by an impending three-year supervised release and a yet-to-be-determined restitution fee.
The chaos that ensued from Lu’s actions was immense but Acting Assistant Attorney General Matthew R. Galeotti encapsulated the gravity of the situation, stating through the U.S. Attorney’s Office, “The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” and he emphasized that those who malign their technical acumen to damage U.S. firms, whether from within or without, will be held accountable. U.S. Attorney David M. Toepfer further elaborated on the dangerous potential of such individual knowledge weaponization, lauding the FBI’s efforts in tracking down and prosecuting the culprits of such computer crimes.
Lu’s employment history with the victimized company, a Beachwood, Ohio-based corporation, stretched from November 2007 to October 2019, but the destructive turn in his behavior followed a corporate restructuring that saw his responsibilities and system access curtailed. The malicious actions culminated on September 9, 2019, when Lu’s severance from the company activated a so-called “kill switch,” named “IsDLEnabledinAD,” abutting thousands of global company users due to impaired access—a perverse homage to his presence within the company’s Active Directory…