A software developer has been found guilty of sabotaging his ex-employer’s systems by running custom malware and installing a “kill switch” after being demoted at the company.

Davis Lu, 55, of Houston, was a software developer for an Ohio company, reportedly Eaton Corp, from November 2007 to October 2019.

Eaton Corporation is a global power management company that provides electrical, hydraulic, and mechanical solutions for various industries.

Following a corporate restructuring in 2018, Lu lost responsibilities at his job and was found guilty of sabotaging his employer’s computer systems and network with custom malware and kill switches.

The malicious activities included code that ran in an “infinite loop,” exhausting a production server’s resources and eventually causing the system to crash and prevent user logins. These infinite loops were designed to exhaust Java threads by repeatedly generating new threads without proper termination.

According to Lu’s indictment, Lu also deleted coworker’s user profiles and implemented a “kill switch” that would lock out all users if his account in the company’s Windows active directory was disabled. The “kill switch” code, named “IsDLEnabledinAD,” was an abbreviation of “Is Davis Lu enabled in Active Directory.”

This kill switch was automatically triggered when Lu was terminated on September 9, 2019, causing thousands of employees to lose access to systems.

On the day he was directed to return his company laptop, Lu reportedly deleted encrypted data.

The DOJ says internet search queries also revealed that Lu had been researching ways to elevate privileges, hide processes, and quickly delete files.

The Department of Justice says that Lu’s activities and system disruption cost the company hundreds of thousands of dollars.

A jury convicted Lu of causing intentional damage to protected computers, a charge that carries a maximum penalty of 10 years in prison. A sentencing date has not been set.