Chinese software developer faces 4 years jail time for cyberattacks against his former US employer

A software developer named David Lu has been sentenced to four years in prison in the US for creating and deploying destructive computer code on the systems of his former employer,

Eaton Corporation

, a report claims. As per court documents, the 55-year-old, a Chinese citizen, carried out the cyberattacks in 2019 after his responsibilities at the power management company were reduced. Lu was convicted in March by a jury in the US District Court for the Northern District of Ohio for intentionally damaging Eaton's computers. The company, which is based in Beachwood, Ohio, has yet to share an official comment on the sentencing. Lu worked at Eaton, which develops power products for the aerospace, vehicle and electrical industries, as a software developer from 2007 to 2019. However, Peter Zeidenberg, the lawyer representing Lu, said that his client was disappointed with the jury’s verdict and continued to maintain his innocence. Mr. Zeidenberg added that he is currently “weighing his appeal options.” Meanwhile, in a news release, Matthew R. Galeotti, the acting assistant attorney general of the Justice Department’s criminal division, said that Lu misused his access to Eaton’s computer systems and technical expertise to disrupt its networks, causing the company losses amounting to hundreds of thousands of dollars.

How the Chinese software developer carried out cyberattacks against his former employer

According to a report by The New York Times (NYT), in August 2019, Lu introduced malicious code that caused servers to crash and blocked user logins. Some of the code included time delays, allowing him to trigger server crashes even when he was not at his laptop.

The prosecutors claimed that the disruptions made servers unresponsive at unpredictable intervals, and the code was written in a way that suggested co-workers who had assumed some of his duties were responsible.Court documents state that as early as 2017, Lu also created code that deleted profile settings of random colleagues. One of his malware programs was called “Hakai,” the Japanese word for “destruction.”Prosecutors said Lu developed a “kill switch” designed to lock thousands of users out of Eaton’s software if his name was removed from the company directory. After his termination in September 2019, the code was activated, preventing employees from accessing company systems.Eaton’s internal investigation found losses of over $360,000 linked to Lu’s actions, and it reportedly took more than a year to clear the corrupted code fully. Prosecutors added that Lu named one program “IsDLEnabledinAD” and another “HunShui,” meaning “sleep” or “lethargy.” His search history showed efforts to escalate network privileges and delete files quickly. Before returning his company laptop, he erased encrypted data and ran a command to block recovery attempts.