Content |
Biography
2025
Virus injection into Eaton servers
A fired employee of Eaton Corporation injected a virus into the company's servers, which led to a halt in production and the destruction of work accounts. This became known in March 2025. A jury in Cleveland convicted software developer Davis Lou, who, disagreeing with the demotion, created and launched the malware. As a result of the attack in 2019, thousands of employees lost access to accounts, and production systems were paralyzed.
Davis Lou worked for Eaton Corporation from 2007 to 2019. The company specializes in energy management and has offices around the world. In 2019, as a result of corporate restructuring, the programmer was demoted, which caused his dissatisfaction.
The investigation showed that in the summer of 2019, Lu began to introduce his own developed malware into one of the company's production systems. He created a Java program containing infinite loops that overloaded server resources. This code caused critical system malfunctions and blocked the ability to authorize users.
Law enforcement found malware source code on an internal development server in Kentucky. The investigation confirmed that Lou's account was used to run the malware. An important circumstance of the case was that it was this programmer who was the only member of the team who had privileged access to the server.
In addition to creating a program that overloads servers, Lou developed code that destroyed other users' files. The most destructive element of his actions was the creation of the so-called "emergency switch" - a script called IsDLEnabledinAD, which automatically triggered when Lou's account in the corporate system was disabled. Active Directory Windows[1]
Sentence - four years in prison for deliberately installing viruses at Eaton
On August 21, 2025, a court USA sentenced Davis China Lu, a former employee of the American Engineering Corporation, to four years in prison. Eaton He was found guilty of intentionally harming the computer systems of this company, which led to losses of hundreds of thousands. dollars
55-year-old Lu, born in Shanghai, came to the United States on a work visa in 1999. He worked at Eaton for more than ten years - from 2007 to 2019, holding, in particular, the post of senior programmer. However, following a corporate reorganization in 2018, Lu was demoted. Fearing that he would be fired in the future, the programmer decided to prepare a "response": he injected a malicious program into the corporate network, which was supposed to be activated if Lu himself lost access to the employer's systems. The malware was Java code that generates instruction streams in an infinite loop. According to Lou's idea, in the end this should have turned into server failures.
On September 9, 2019, Eaton fired Lou and shut him down from the network, leading to the launch of the malware. This triggered an overload of systems: thousands of Eaton employees lost access to corporate resources. In addition, certain information has been deleted. The damage caused is estimated at $365 thousand.
Law enforcement officials quickly identified the culprit of the failures. It turned out that Lou downloaded the malware to the Eaton network through his own account. Moreover, he assigned the name IsDLEnabledinAD to his malware - short for "Is Davis Lu enabled in Active Directory" ("Is Davis Lu included in Active Directory"). Less than a month after the incident, federal agents arrested Lu. He pleaded guilty to committing cybercrime.[2]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |