TZUTC: -0500   
   MSGID: 1423.consprcy@1:2320/105 2d10673e   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   A disgruntled worker built his own kill-switch malware to take down his    
   former employer - and it didn't pay off   
      
   Date:   
   Sun, 24 Aug 2025 06:02:00 +0000   
      
   Description:   
   Once again, malicious insiders prove as dangerous as outside threats, if not   
   more.   
      
   FULL STORY   
      
   A disgruntled worker has been sentenced to four years in prison after   
   installing kill switch malware on his employers network which was set to   
   trigger if he ever lost network access.    
      
   According to a Department of Justice (DoJ) press release, a Chinese national   
   named Davis Lu was working for an unnamed software company between November   
   2007 and October 2019. In 2018, he was demoted and lost system access, after   
   which he began sabotaging his employers systems. By early August 2019, he   
   introduced malware that crashed systems and prevented other users from    
   logging in.    
      
   Court documents also revealed he created infinite loops that crashed servers,   
   deleted coworker profile files, and ultimately built a kill switch that would   
   lock out all users if his access to Active Directory was revoked. In early   
   September 2019 he was asked to surrender his laptop, after which the kill   
   switch was triggered.   
      
   Hundreds of thousands of dollars in damages    
      
   Investigators found plenty of incriminating evidence on that laptop,    
   including that on the day he turned his device in - he deleted encrypted    
   data.    
      
   An analysis of his search history showed he was looking for ways to escalate   
   privileges, hide processes, and quickly delete files. Finally, the kill    
   switch code was named IsDLEnabledinAD, short for Is Davis Lu enabled in    
   Active Directory.    
      
   A month after the malware ran, Lu was arrested, and later stood trial in    
   front of the jury.    
      
   During the trial, it was shown that Lus employer suffered hundreds of   
   thousands of dollars in losses, as a direct consequence of his actions. Now,   
   Lu will spend four years in prison, with an additional three years of   
   supervised release.    
      
   "The FBI works relentlessly every day to ensure that cyber actors who deploy   
   malicious code and harm American businesses face the consequences of their   
   actions, said Assistant Director Brett Leatherman of the FBIs Cyber Division.    
      
   I am proud of the FBI cyber teams work which led to todays sentencing and    
   hope it sends a strong message to others who may consider engaging in similar   
   unlawful activities. This case also underscores the importance of identifying   
   insider threats early and highlights the need for proactive engagement with   
   your local FBI field office to mitigate risks and prevent further harm.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/a-disgruntled-worker-built-his-own-kill   
   -switch-malware-to-take-down-his-former-employer-and-it-didnt-pay-off   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426