Former developer gets four years in prison for sabotaging employer with kill-switch malware

In the US, 55-year-old Davis Lu was sentenced to four years in prison for intentionally damaging the computer systems of his former employer in Ohio using a specially created kill-switch worm.

1. Lu worked for the company from 2007 to 2019, but after his powers were reduced, he began to introduce infinite loops into the source code that caused server crashes, deleted colleagues’ profiles and created a mechanism to lock systems when his Active Directory account was disabled.
2. The code had the telling names “Hakai” (“destruction”) and “HunShui” (“sleep”), and was activated in September 2019, when Lu was sent on vacation and asked to hand over his work laptop. This locked out thousands of users around the world. In addition, he tried to delete encrypted volumes and key Linux directories. The company’s losses are estimated at hundreds of thousands of dollars.

Lu was arrested in 2021 and convicted in March 2025 of intentionally damaging protected computers. The U.S. Department of Justice said the case highlights the risks of insiders using their technical expertise to sabotage companies.

The four-year sentence and three years of post-release supervision underscore the seriousness of the threat of insider attacks and the need to identify suspicious employee activity early.