In a stunning example of insider sabotage, a software developer installed a kill switch inside his company’s internal systems—a digital trap designed to activate the moment he got fired. This wasn’t a prank or a minor bug. It was a full-scale, premeditated act of destruction that disrupted business operations around the world.
Federal prosecutors pursued the case, and now Davis Lu faces up to 10 years in prison. His story delivers a sharp warning about the risks of insider threats, especially in workplaces where a single developer can deploy code powerful enough to bring everything down.
This case sparked industry-wide concern—and for good reason. When a developer builds a kill switch into core infrastructure, the damage spreads fast and wide.
A Decade at Eaton, Then Everything Changed
Davis Lu, 55, spent more than 10 years working at Eaton Corporation. The global power management company relied on him to manage internal systems at its Houston office. He held a respected position—until the company restructured in 2018 and slashed his role.
The company reduced his responsibilities and limited his system access. Instead of adapting or moving on, Lu started plotting revenge. He quietly began developing code that would strike back if the company ever let him go.
At the heart of the plan, he created a hidden kill switch disguised as a routine utility. The program appeared harmless, but it scanned Eaton’s Active Directory for his user account. If the system marked his account as disabled, the program would execute a coordinated attack.
On September 9, 2019, the company fired Lu. The kill switch immediately activated and his code launched without warning.
Users across the company’s global network found themselves locked out of their systems. Applications froze. Computers crashed. One looped script repeatedly deleted profile accounts and blocked login attempts, making machines unusable.
The attack hit thousands of employees across multiple countries. It brought key business operations to a halt. As a result, Eaton suffered major financial losses and reputational damage. Lu’s hidden code had triggered a global IT disaster.
Digital Forensics Uncover the Truth
Eaton’s IT and security teams launched an urgent investigation. They reviewed system logs and quickly traced the attack back to Lu’s user ID. His company-issued laptop, returned during offboarding, revealed encrypted files that he had recently deleted.
Investigators recovered those files and discovered the malicious code. They also found evidence that Lu had searched online for ways to hide software, elevate permissions, and wipe traces. All signs pointed to a calculated attack, not an impulsive move.
The kill switch didn’t just damage the company. It exposed massive vulnerabilities in how organizations manage access and monitor internal threats.
Federal prosecutors charged Lu with intentionally damaging protected computers under the Computer Fraud and Abuse Act. In March 2025, a jury found him guilty.
The court heard detailed evidence of Lu’s planning and execution. Prosecutors showed how he installed the kill switch, concealed its purpose, and prepared it to go off the moment he lost his job.
Lu now faces up to 10 years in federal prison. Although he plans to appeal, the conviction sends a clear message: employees who weaponize access face real consequences.
Read More: There Are Downsides to Using a Doorbell Camera, and Here’s What You Can Do About It
Why Insider Threats Are So Dangerous and How to Prevent Future Incidents
Many companies spend time and money defending against outside hackers. However, they often overlook insider threats, which can do just as much—if not more—damage.
IT employees like Lu already hold deep access to sensitive systems. When they decide to act against the company, they don’t need to break in—they’re already inside. That’s what makes a kill switch so dangerous in the hands of a trusted insider.
Lu’s attack represents an extreme example, but it highlights a broader risk. Insider attacks—malicious or accidental—happen more often than many companies realize. Businesses must take internal security as seriously as external threats.
Organizations can reduce risk by building stronger protections. First, they should apply least-privilege access policies. Give employees access only to the systems and data they need.
Second, monitor activity logs continuously. Early detection can stop unusual behavior before it causes damage. Third, assign responsibilities across teams. No single person should control critical systems alone.
Most importantly, design a secure offboarding process and disable accounts immediately after termination. Review any custom code or automated tasks created by the employee and scan for potential kill switch triggers before redeploying systems or repurposing devices. These steps help companies detect and neutralize threats before they cause harm.
A Human Side to the Story
Although Lu’s actions caused real harm, they also revealed how workplace frustration can spiral out of control. He felt sidelined after the restructuring. Instead of seeking help or leaving, he decided to strike back.
This incident reminds us that insider threats don’t always start as malicious. Sometimes, they begin as silent frustrations. Companies that support employees through change can prevent some of these incidents before they ever reach the level of a kill switch.
Final Thoughts
Lu’s case doesn’t just reveal the power of code—it shows the importance of trust and accountability. When someone writes a kill switch, they don’t just attack a system. They betray the trust of their team and damage an organization from within.
This incident shows what happens when someone weaponizes their access. Lu’s actions disrupted business, hurt coworkers, and destroyed his own future. For companies, the lesson is clear: trust your people, but build strong checks and balances.
Because in today’s connected world, a few lines of code can shut down an entire network. And sometimes, the greatest threat doesn’t come from outside, but from someone already inside with a kill switch ready to go.
Read More: Veteran Hacker Shares His Most Chilling Dark Web Encounters
