A Chinese national has been sentenced to four years in prison for intentionally damaging the computer systems of his former employer, a global company based in Beachwood, Ohio. Davis Lu, 55, who lived in Houston and was authorized to work in the United States, received his sentence from U.S. District Judge Pamela A. Barker on August 21. Lu was convicted by a federal jury in March for deploying destructive computer code on the company’s network.
After serving his prison term, Lu will be subject to three years of supervised release. The amount of restitution he must pay will be determined later.
“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions. The Criminal Division is committed to identifying and prosecuting those who attack U.S. companies, whether from within or without, to hold them responsible for their actions.”
“The extreme chaos caused by just one person who used his creative mind and technical talents to thwart his employer’s business operations was not only disruptive – it was criminal. Those who weaponize their knowledge to inflict damage will be held accountable,” said U.S. Attorney David M. Toepfer for the Northern District of Ohio. “We would like acknowledge and thank the FBI Cleveland Division for their incredible expertise in investigating computer crimes to bring criminals like Mr. Lu to justice.”
Court documents show that Lu worked as a software developer at the company from November 2007 until October 2019. In 2018, after a corporate restructuring reduced his job responsibilities and system access, he began sabotaging internal systems. On August 4, 2019, he introduced malicious code that led to server crashes and blocked user logins by creating “infinite loops.” He also wrote code that deleted coworker profiles and installed a “kill switch” designed to lock out all users if his name was removed from the company’s directory.
The kill switch was activated on September 9, 2019—the day Lu was terminated and lost access—affecting thousands of users worldwide. The code was named “IsDLEnabledinAD,” referencing whether Davis Lu remained enabled in Active Directory.
Investigators found that Lu created other malware programs named “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese for “sleep” or “lethargy”). When instructed to return his company laptop, he deleted encrypted data and executed commands making it unrecoverable even with forensic tools. His internet history showed searches related to escalating privileges, hiding processes, and deleting files quickly—actions intended to obstruct colleagues’ efforts at recovery.
“The FBI works relentlessly every day to ensure that cyber actors who deploy malicious code and harm American businesses face the consequences of their actions,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “I am proud of the FBI cyber team’s work which led to today’s sentencing and hope it sends a strong message to others who may consider engaging in similar unlawful activities. This case also underscores the importance of identifying insider threats early and highlights the need for proactive engagement with your local FBI field office to mitigate risks and prevent further harm.”
The FBI Cleveland Division conducted the investigation leading up to Lu’s indictment.
“Davis Lu was intent on inflicting widescale damage to his employer with reckless disregard,” said FBI Cleveland Special Agent in Charge Greg Nelsen. “The FBI is committed to protecting businesses from cyber intrusions and crippling threats to their companies, not only from unknown attackers, but also when the criminal is a once-trusted employee whose skill and intellect was used for malicious purposes. We will continue defend the homeland and its American businesses to identify and investigate cyber criminals who seek to harm companies, and we will bring them to justice.”
Senior Counsel Candina S. Heath from the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS), along with Assistant United States Attorneys Daniel J. Riedl and Brian S. Deckert for Northern Ohio prosecuted this case.
The CCIPS section investigates cybercrime alongside law enforcement agencies domestically and internationally while working with private sector partners; since 2020 it has secured convictions against more than 180 cybercriminals as well as court orders returning over $350 million in victim funds.
