Up to 10 years is crazy. Sure, what he did was wrong, planned and malicious, and they claim it cost them tens of thousands of dollars. But 10 years? This is crazy for something that at worst would be a yearly salary of a single employee.
Fucking capitalism.
he should have tried to overthrow the government, or stole classified documents. that’s a drastically lower sentence
“allegedly costing hundreds of thousands of dollars in losses.” It seems he was already messing with the systems while he was still working there. This is not a case of malicious compliance or they fired the only guy who knew how something worked. He was actively sabotaging the company’s network.
“he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,”” So it’s not even like the company was being evil as they fired him while he was on PTO to take care of his daughter with leukaemia (or something). He would’ve been better off finding a new job if he was unhappy. Instead he made things far worse.
But 10 years is way too high. Especially for a victimless crime with alleged “values” of loss. But otherwise he gets no sympathy from me.
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.
god, he was a piece of shit
This kill switch, the DOJ said, appeared to have been created by Lu because it was named “IsDLEnabledinAD,” which is an apparent abbreviation of “Is Davis Lu enabled in Active Directory.”
Lu named these codes using the Japanese word for destruction, “Hakai,” and the Chinese word for lethargy, “HunShui,”
[Lu]’s “disappointed” in the jury’s verdict and plans to appeal
No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.
It would only work if he owned the code and the company stopped paying. There’s lots of precedent for that.
Still probably not. The code also deleted files, deleted accounts, and created infinite loops which took down large chunks of the network and infrastructure.
You could take your code, but you can’t take down the company.
Yeah he’s screwed then.
I take it he hasn’t heard about “hiding things in the open”.
That would be, for example, using a constant of some near year in “end time” column meaning unfinished action.
Or just making some part that will inevitably have to be changed - “write-only”, as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.
So many variants, and such obvious stupidity.
It’s actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don’t do code reviews if this guy managed to get this code into production
- I assumed that the code was running on a machine that Lu controlled.
- Most companies I have worked at had code reviews, but it was on the honor system. I am supposed to get reviews for all the code I push to main, but there is nothing stopping me from checking in code that was not reviewed (or getting code reviewed and making a change before pushing it). My coworkers trust me to follow the process and allow me to break the rules in an emergency.
Weird that these protections exist for corporations that aren’t actually people but no protections exist for the person who was fired.
I don’t see how pretending that’s weird is gonna help anyone.
We all know we don’t live in a just world.
We need to try and make it one, instead of pretending we’re living in one which happens to have horrid injustice happening all the time.
I’m no English major, but I’m pretty sure @SoftestSapphic@lemmy.world calling it weird is a rhetorical device known as sarcasm.
Hmm, I wonder if it is actually. I think it’s just a euphemism for it’s wrong how" or “it’s weird how we as people keep allowing this to happen in a democratic world”, but I honestly don’t think it’s sarcasm.
I get the point and I write that way all the time too, but I thought to see what happens if I just stop participating in the pretense of it being weird.
But yes maybe it is just sarcasm, but like the same sort of rhetoric is often used to talk about problems which are sort of too complex and large to easily assert something which should or even could be done.
But yes. Sarcasm.
r/iamverysmart
I’m disappointed they found so much in his search history. Do these people not have phones? In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
Did it say they went through his work search history? Everything you search on Google with your IP or through your account is recorded, in case law enforcement knocks. Don’t think using a phone protects you. Use a trusted VPN in a separate browser if you want to search for things and not have them show up in court.
I think that what happens on a work computer, a work network, belongs to the company and they are free to check it at will.
However my phone, and what happens on the network it’s attached to are between me and my provider, and usually needs a warrant for someone to look through.
In this day and age with everyone carrying a smartphone, there’s no excuse for using work computers for personal activities
There are plenty of reasons, mostly amounting to “Nobody tends to give a fuck” and “I’m not running out to buy a second high end laptop just to casually browse the web from my couch on the weekend”.
What you’ve got is a very poorly enforced, very draconianly executed set of deliberately vague and inarticulate rules that vary from company to company. And none of that really has anything to do with the “kill switch” thing. In the same way you might say “Well but obviously nobody should smoke weed in a state that criminalizes it! That’s just stupid!” when you’ve got the police tearing apart a particular person’s house for a completely unrelated issue, based on an officer’s exclamation of “I smell weed!” at the front porch.
Just accept you live in a police state and stop buying into excuses made to surveil and punish.
I’m not running out to buy a second high end laptop just to casually browse the web
Even the cheapest laptop or tablet will cover that need
But when you’re at work, planning criminal activities, the least you can do is save your searches for “how to be a criminal mastermind” on your personal phone
don’t underestimate how lazy and stupid even the smartest person can be.
I feel targeted :-)
Don’t worry, we don’t underestimate with you. :)
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after. It doesn’t have to be malicious or illegal.
His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating “infinite loops” that deleted coworker profile files, preventing legitimate logins and causing system crashes
I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.
This is literally my firm’s core business practice. We’ve been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.
So when company do it it’s fine but when we do it to companies it’s not?
Literally the same day as HP *activating a “kill switch” code for their printers.
what happened?
(updated with a link)
Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.
I’d argue that he gave them extra code, a bonus if you will.
I’m the lone human being who understands the code behind the byzantine financial operation of my org. No kill switch necessary.
Pro tip: your poorly thought out business rules can lead to stupidly complex processes.
He fucked up. But it’s also kinda funny.
A 55-year-old software developer
… and…
Lu had worked at Eaton Corp. for about 11 years when he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,” the DOJ said.
So he was 48 at the time he started this. Was he planning on retiring from all work at 48? I can’t imagine any other employer would want to touch him with a 10ft (3.048 meters) pole after he actively sabotaged his prior employer’s codebase causing global outages.
Tbh, what shocks me the most about this is how sloppy this appears to have been executed.
So he was pissed because they gave him less work to do???
I’m trying to understand it
IT work is feast or famine.
“IT people, your not doing anything, what the hell do we pay you for?”
“IT people, everything is on fire, what the hell do we pay you for?”
Dude should have just added comments indicating that the code was part of some security test but was unfinished and extremely dangerous.
Change a few file names, add a comment how it will never run under normal circumstances, and you’ve got plausible deniability.
