Clandestine kill switch was designed to lock out other users if the developer's account in the company's Windows Active Directory was ever disabled.
March 10, 2025 By Kristina Beek
An ex-employee of an unidentified company in Ohio was found guilty of federal charges, including sabotaging his former employer with custom malware, a "kill switch" on the company network, and data theft.
Davis Lu, a software developer for the company, lost some of his job responsibilities following a 2018 corporate restructuring. Lu began introducing the malicious code in August 2019, which would ultimately cause operational and monetary damages.
Lu's code ran on a loop, causing a production server to exhaust itself and crash the system to prevent user logins. It also deleted co-workers' user profiles, and the kill switch he installed was designed to lock out other users if his account in the company's Windows Active Directory was ever disabled. The kill switch was automatically activated upon his termination in September 2019, and affected thousands of company users internationally.
