Former Employee Sentenced to Four Years for Activating Network Shutdown After Termination

A former employee of Eaton Corp. has received a four-year prison sentence after creating and deploying a malicious “kill switch” that disabled access to the company’s network for all users. The action was taken in retaliation after his termination was finalized, sparking significant security concerns.
Davis Lu, a 55-year-old resident of Houston and Chinese national, was convicted of “causing intentional damage to protected computers” by the U.S. Department of Justice in March. The case highlights the growing threat of insider threats and malicious cyber activities triggered by employment disputes.
Lu had been employed at Eaton for approximately 11 years before the company’s 2018 restructuring, which led to a reduction in his responsibilities. Anticipating his impending dismissal, he began developing malicious code aimed at retaliating against the company. His actions culminated in activating a network “kill switch” that locked out all users, effectively crippling the organization’s digital infrastructure.
The incident underscores the importance of robust cybersecurity measures, especially in managing insider threats and post-employment access controls. For organizations, implementing strict access revocation protocols and monitoring for suspicious activities post-termination are critical steps to prevent similar incidents.
For more on cybersecurity best practices and insider threat prevention, consult resources such as the National Institute of Standards and Technology (NIST) cybersecurity framework and official guidance from the Cybersecurity & Infrastructure Security Agency (CISA).