Ex-Employee Sabotages Company Systems, Faces Up to 10 Years – Source:hackread.com

Disgruntled ex-employee sabotages company systems with malicious code, causing major disruptions and financial losses.  Learn about the case and the legal consequences.

A legal proceeding concluded in a federal court located in Ohio, where a man from Texas was found responsible for introducing harmful software onto the computer system of his previous workplace.

According to the Department of Justice (DoJ) press release, the convict, Houston-based Davis Lu, aged 55, worked as a software developer for a company headquartered in Beachwood, Ohio from Nov 2007 to Oct 2019. In 2018, a shift in the company’s organizational structure occurred, which resulted in a reduction of his work duties and limitations on his access to certain systems. Following this change, he began to engage in actions that disrupted the company’s operational technology.

Specifically, Lu introduced computer code designed to cause system failures and prevent authorized personnel from logging into the network. The code created a cycle of new processes without ending previous ones, resulting in system crashes. He also erased files belonging to his colleagues and set up a mechanism that would deny access to all users if his own access was revoked. This access-denial feature was designed to activate automatically upon the removal of his credentials from the company’s directory.

Furthermore, he assigned names to his destructive code, using terms from different languages, including the Japanese word Hakai (meaning destruction) and the Chinese word HunShui (meaning sleep) which signified concepts of destruction and inactivity. Prior to surrendering his company-issued computer, he attempted to erase data stored on it using encryption.

A review of his online search activity revealed that he had been researching techniques to gain higher-level access to systems, conceal ongoing processes, and quickly delete files. This confirmed his intention to interfere with the efforts of his former colleagues to resolve the problems he had created.

The company suffered hefty monetary losses as a direct result of Lu’s actions. The court found him guilty of intentionally damaging protected computer systems. He now faces a potential prison term of up to ten years. A judge will determine his final sentence, considering federal sentencing guidelines.

The investigation into this case was conducted by the Federal Bureau of Investigation’s Cleveland Field Office. The prosecution was handled by attorneys from the Justice Department’s Criminal Division and the US Attorney’s Office for the Northern District of Ohio.

This incident is not isolated, as there have been cases involving individuals causing significant damage to their former employers through technological means. In 2020, Sudhish Kasaba Ramesh, a former Cisco employee, pleaded guilty to damaging and exploiting the company’s internal networks, resulting in Cisco spending $1.4 million on remedial measures and refunding $1 million to affected customers.

In another incident, Singapore’s court sentenced 39-year-old Kandula Nagaraju to two years and six months in 2024 for hacking into his former employer’s computer system and deleting critical data. Nagaraju was part of a 20-member team at National Computer Systems, and reportedly, was upset after being fired over poor performance.