55-Year-Old Engineer Sentenced to 10 Years for Revenge Code That Shut Down Company Systems

Event reconstruction: Davis Lu, a 55‑year‑old programmer with 11 years at Eaton, was demoted in 2018, prompting him to embed three types of malicious code.

1. Malicious code implanted

Infinite‑loop Java thread that exhausts server resources, causing system hang.

Self‑destruct switch named IsDLEnabledinAD that activates when his AD account is disabled, locking all user access.

Sabotage program designed to slow operations and delete colleagues’ configuration files.

On 9 September 2019, the day Davis was terminated, the self‑destruct switch fired, preventing thousands of users from logging in and causing an outage valued at over one million dollars. The FBI seized his accounts and servers; a jury convicted him of “intentional damage to protected computers” under the U.S. Computer Fraud and Abuse Act (CFAA), with a possible sentence of up to ten years.

2. Legal red lines

The CFAA allows up to ten years imprisonment and civil damages triple the loss for intentional destruction of critical infrastructure. Similar conduct in China would violate Criminal Law Article 276 (damage to production and operation), carrying three to seven years imprisonment for losses exceeding ¥5,000, with the case here exceeding one million dollars.

Technical expertise does not exempt one from criminal liability; any employee who deliberately damages a company’s systems can be prosecuted.

3. Proper workplace grievance handling

When faced with an unlawful demotion or salary reduction, employees should follow a three‑step process:

Evidence collection (within 72 hours): demand a written notice, back up contracts, payroll records, work outputs, and communication logs before account access is revoked.

Negotiation: use a scripted statement referencing the Labor Contract Law to request restoration of the original position or a salary no lower than 90 % of the prior level.

Legal action: submit a written objection within one month, maintain attendance, and if negotiations fail, file a complaint with labor inspection or initiate arbitration to seek reinstatement or double compensation.

4. Dual warnings for employees and employers

For employees: technical skills are tools, not weapons; retaliatory sabotage leads to criminal charges and career ruin.

For employers: enforce proper authorization controls (principle of least privilege), implement regular permission audits, maintain cold and off‑site backups, and establish code‑review processes to detect hidden malicious programs.

The case underscores that workplace conflicts must be resolved within legal boundaries, and both parties should respect the limits of law and ethics.