How a Fired Engineer Crippled Eaton's Global Systems with Malicious Java Code

A 55‑year‑old programmer, Davis Lu, who had worked at Eaton Corporation for over 12 years, anticipated being laid off during the company's 2019 global restructuring.

Before his termination in September 2019, he secretly inserted several malicious Java programs into the company's production system in Kentucky.

One program created endless non‑terminating threads in an infinite loop, consuming server resources until the system crashed; another deleted user files and included a “self‑destruct” switch named “IsDLEnabledinAD” that would lock out all users if his account was disabled.

He also labeled other malicious components “Hakai” (Japanese for “destruction”) and “HunShui” (Chinese pinyin for “drowsiness” or “turbidity”), reflecting his emotional state.

When his dismissal became official on 9 September 2019, the switch triggered, causing thousands of employees worldwide to lose access, resulting in an estimated loss of several hundred thousand dollars.

On the same day he returned the company laptop, he deleted large amounts of encrypted data, attempted to erase Linux system directories and multiple code projects, and his browser history showed searches for “how to elevate privileges,” “how to hide processes,” and “how to quickly delete large folders.”

Although he confessed to the FBI in October 2019, he pleaded not guilty during trial and was eventually convicted of “intentional damage to a protected computer,” receiving a sentence of four years imprisonment plus three years of supervised release.

The case underscores the critical importance of internal security: enterprises must implement proper segregation of duties, regular audit of privileged accounts, and thorough off‑boarding procedures to prevent a single individual from causing widespread disruption.

Legal frameworks such as the U.S. Computer Fraud and Abuse Act impose severe penalties—up to ten years imprisonment—for intentional computer sabotage, illustrating the seriousness of insider attacks.

Similar incidents, such as a disgruntled Tesla employee in 2018 and a former bank administrator in 2021, demonstrate that insider threats often cause more damage than external attacks.

Security experts stress that technical skills should be used to create value, not to destroy, and that organizations need robust access control and monitoring to avoid repeat incidents.