back to article Developer sabotaged ex-employer with kill switch activated when he was let go

A federal jury in Cleveland has found a senior software developer guilty of sabotaging his employer's systems – and he's now facing a potential ten years behind bars. Davis Lu, 55, of Houston, Texas, was a seasoned coder employed by power-management biz Eaton Corporation between November 2007 to October 2019. In his last year …

  1. DoctorNine

    Not a very bright boy...

    There are simply so many ways to indirectly hork a system with a tiny, tiny forensic footprint, that one wonders at the sheer stupidity here described. He signed the thing like Picasso. What exactly did he think was going to happen? Did he fantasize that the investigators were going to be so impressed with the code, they would call him up to try to rehire him? What an ego on this guy.

    1. Bebu sa Ware
      Facepalm

      Re: Not a very bright boy...

      10 years in the big house = 1 year for the offence, 9 years for stupidity.

      If stupidity were Ebola most of World's problems would (de)cease within a week.

      1. Fruit and Nutcase Silver badge
        Facepalm

        Re: Not a very bright boy...

        He did mess with an Energy company. Not a very bright spark. They are somewhat sensitive about their systems. Despite examples of ransomware attacks and the like, they do think they run a tight ship

        1. Alan Brown Silver badge

          Re: Not a very bright boy...

          Think being the operative word

          You'd know that if you've ever had to interact with Eaton software

        2. Brian 3

          Re: Not a very bright boy...

          they're actually only sensitive to being done by their own, outsiders get paid handsomely for successful operations

    2. blu3b3rry
      FAIL

      Re: Not a very bright boy...

      Proof as if it wasn't needed that humans, regardless of actual age are capable of acting like particularly stupid children. The not guilty plea after initially admitting to the crime says it all.

      1. witty user name

        Re: Not a very bright boy...

        “The not guilty plea after initially admitting to the crime says it all.”

        No. There are lots of legal reasons why someone might change their plea — the objective for a defendant is to make the best possible deal with the prosecution, not to be as consistent throughout the process as possible. This guy is obviously a mess but not at all for that reason. How do people who’ve had no legal training whatsoever go about deciding that their uninformed guesswork is just as good?

        1. doublelayer Silver badge

          Re: Not a very bright boy...

          Perhaps the bigger problem was admitting it. If you're planning to plead not guilty with the hope of not getting convicted, a provable confession is not a helpful thing to have. Of course, it could have been that he thought he would get a better sentence after trial than from pleading guilty, but, although it happens, it's not the most common outcome. There is one thing he did get, though, a long delay between confession and sentence. Maybe that was worth it.

      2. Not Yb Silver badge

        Re: Not a very bright boy...

        The bit about "initially admitting to the crime" is the dumbest part. US Court system is set up to encourage "not guilty" pleas even if guilt is fairly clear.

        Most criminals, even when caught with plenty of evidence, still plea "not guilty" despite what most would consider "overwhelming evidence" because it's detrimental to their case to start with "guilty".

        1. disgruntled yank

          Re: Not a very bright boy...

          Actually, the US Court system is set up. for the greatest number of defendants to make plea bargains, pleading guilty on certain counts in return for a shorter sentence. If every defendant had his day in court, there would be enormous backlogs of business.

    3. Fruit and Nutcase Silver badge

      Re: Not a very bright boy...

      Yes, insider mischief will be found, eventually, once the damage has been done.

      Not enough focus on that from within the application development process. Sure, there is peer review, but that is a weak spot very late in the process and too often the reviews end up being rubber stamping exercises for coding standards adherence.

      Too many times have I pulled up code for weakness against an insider gone rogue.

      1. Stoic Skeptic

        Re: Not a very bright boy...

        More an issue with build management than code review.

    4. Anonymous Coward
      Anonymous Coward

      Re: Not a very bright boy...

      More Wylie Coyote than Picasso..

      I've taken over from techies that have left shit like this waiting for me, some of the them have been downright beautiful and I could do nothing other than respect the sheer genius of it, I always check the scripts and code of an exiting sysadmin because it's very rare for a sysadmin to leave on their own terms. This guy left a whole bunch of acme TNT next to a bowl of bird seed.

      Most of the time, if I'm showing up, it's because someone was cut due to budget reasons...it's very rare I take over from someone that was just inept...it's not exactly common to discover you've walked into a minefield, but it's not rare either.

      Sometimes it's not even the incumbent that left the friggin claymores...sometimes it's their predecessor and the only reason they were never triggered is because the new guy didn't trigger them by deleting an account or some arbitrary time hasn't been reached.

      One nasty payload I had to diffuse still had 3 years to run on it before it triggered the nasties and was left by the guy before the guy I took over from, the only reason I found it was because I noticed an email going out once an hour to a gmail address, like clockwork, during Christmas week, it stood out like a sore dick. It was a script buried deep inside a bunch of nested scripts that ran every hour through a cronjob. Took me half a day to drill down to the bucket load of piss and shit that was there. There was a comment left in the code that requested that in the even the code was found and nothing was reported, send an email with "process terminated". I didn't bother reporting it, I just got rid of the garbage and sent an email to the address saying "process terminated". The dude actually replied within about 5 minutes simply with "touché, thank you"...I left it at that...I assume that the instruction was left there in the case that he left the landmines and later regretted it and in the even that someone found it and didn't want to action anything, he could know that he could finally sleep again.

      I've never met the guy, don't know his name, but he's out there...he might be one of you...if you are here I'd like to say fuck you and you're welcome.

      I don't mind if sysadmins want to leave some pranks, but at least be like this guy and leave some options and a fucking trail.

      1. chivo243 Silver badge

        Re: Not a very bright boy...

        sysadmins want to leave some pranks..LOL! sorry but I'm guilty as sin! When I left one place, on good terms, I went around all the server rooms and data cabinets, and stuck my business cards* between all the gear! They will be coming up on a hardware refresh soon, I'm waiting for all the hilarity to ensue! I'm still in contact with them...

        *Business cards were a hot topic at one point. We couldn't have them as lowly sysadmins... When I finally got them, they gave me 500!

        1. Anonymous Coward
          Anonymous Coward

          Re: Not a very bright boy...

          For sure, most sysadmins typically leave on good terms and leave because they're moving on to something better...I will leave pranks and hidden jokes in documentation, code comments etc...that way, if they ever call me, if they refer to the jokes, I know they've read the docs and been through code etc etc...I can help them, they've put some effort in and I know they're genuinely stuck...if they haven't seen any of the hidden stuff...I know they're lazy and possibly dim and I probably can't help them because they aren't looking for information, they don't want to understand something...they're just under pressure because they're about to be outed as rubbish.

        2. Anonymous Coward
          Anonymous Coward

          Re: Not a very bright boy...

          "We couldn't have them as lowly sysadmins"

          You sir had some really shit management then. When I ran my own business, I'd get business cards printed for anyone that felt they needed them. Business cards cost nothing and provide a huge amount of motivation for some people...it costs less than a tenner to make someone feel empowered with a stack of business cards...and when you promote them by giving them a new title, they get that feeling all over again. Why wouldn't you get some cards printed for someone? It's such a small cost for a boost in morale.

          Having a business card also makes some people more inclined to sit in face to face meetings without side contacts (suppliers, customers etc) because they don't have to feel like an ass when someone asks for their card...nothing makes someone feel unimportant like having to scribble their contact details on a post it note.

          Me on the other hand, I've never had business cards for anywhere I've worked...even in my own businesses...I always insist on a generic card with the front desk number on it if I'm issued with a card from a business...I had my own personal business cards with my contact details on...if I felt like I needed to give you my specific "hotline", I'd give you two cards...for two reasons, I wanted to control the level of spam and hassle I got...and if you make a point of handing someone a second card with your "personal" details on, it can make the person you're talking to feel like they've accessed some special level of comms with you and make them feel that bit more important than they otherwise would.

          There used to be so much you could get out of business cards for very little money.

          I even had a bunch of "free" ones that I'd carry around...the kind you could get for free that had wank print quality and a load of ads on the back...like escort services etc...as a gag...the leverage there is you can make yourself appear busier than you actually are (man, I had someone get these printed for me because I was tight for time and this is what I got!) or easier going / more caring than you otherwise might be (I gave someone some cash to get these printed, looks like they pocketed the cash and I got this rubbish! Oh well, I won't give them a hard time. I've only got 100 left, well 99 now, can't bring myself to waste them).

          There was a time where business cards were much more than just a means of sharing information. They were an effective tool. Just not in an "American Psycho" kind of way.

          I even kept business cards handy that other people might reject, like cards with a typo on them. If I suspected that a person I was speaking to wasn't entirely on the ball, I'd hand them one with a typo to see if they spot it.

          These days I don't bother with business cards at all, I carry QR codes that link to vCards...because nobody cares anymore.

    5. Dimmer Silver badge

      Re: Not a very bright boy...

      I don’t think it was a bright idea to delete his creds. When a sysadmin, specifically when it is a bad one, change the passwords. You will find out all those hidden automated jobs that were setup as a temp fix break and nothing works the next day. Once you find all those jobs that did not run, then delete the creds.

      Pay close attention to any outside access.

      The only time I have had to do this was when the admin gave 2 weeks notice. As part of his departure, he was required to change the password and fix what broke.

      1. Prst. V.Jeltz Silver badge

        Re: Not a very bright boy...

        Should there be an overall "god" account whose password has never changed these days?

        A personal elevated privileges admin account should be getting changed monthly, making it pointless to use it for "quick fixes"

        The server processes should be running on documented system accounts.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not a very bright boy...

          "The server processes should be running on documented system accounts"

          It would be great if that was possible every time...there is plenty of software out there that needs to run in user mode interactively with admin rights and therefore cannot have it's own service account. Quite a lot of crappy backup tools and CCTV products work like this.

    6. Prst. V.Jeltz Silver badge

      Re: Not a very bright boy...

      You got that right. I'm no legal expert but I reckon if you're going to plead not guilty dont also admit you did it.

      Lu admitted to federal investigators he was behind the computer problems at his previous employer, but still decided to fight his case by pleading not guilty to a charge of intentionally damaging a protected computer.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not a very bright boy...

        I assume he would have had a better case if he made it look like the unintentional result of incompetence?

    7. big_D Silver badge

      Re: Not a very bright boy...

      It sounds like he also worked on the ERP system we use... That is written in Java, spawns thousands of processes and brings the system to its knees, so the users can't work...

      1. Anonymous Coward
        Anonymous Coward

        Re: Not a very bright boy...

        I'm guessing it will soon be bought by Microsoft as they have found a better way to watse computer power than even MS code is capable of..

        1. big_D Silver badge
          WTF?

          Re: Not a very bright boy...

          It is a shame, the previous version was written in COBOL for UNIX in the 80s and converted to Windows and Microfocus COBOL at the end of the 90s. It could cope with 100 users on a single server (application, database and terminal server, 4 cores, 32GB RAM), the new system requires 3 terminal servers (8 cores & 128GB each), an application server (8 cores, 64GB) and a SQL Server (8 cores, 64GB) and is 10x slower than the old system... :-S

  2. Anonymous Coward
    Anonymous Coward

    Database slowly drifted away from reality

    À national customer support system that I set up and managed received weekly updates from the big multinational corporate system that had to be massaged with some fancy SQL scripts. Every week, there were exceptions that required manual intervention.

    Before an upcoming vacation, I was asked to brief a non technical employee on how to run the updates. The poor girl had never heard of SQL - and some of the commands were close to a page long.

    Shortly after I was downsized and the database began a slow deterioration. It wouldn't surprise me if the phone people increasingly were dealing with issues on newly acquired customer machines that weren't in the system.

    Multinational corporate some years and tens of megabucks later finally brought in a customer support system that was obsolete the day it finally was working.

  3. Bongo_xy

    an amateur, obviously

    Had to be let go for obvious reasons

  4. IGotOut Silver badge
    Joke

    What?

    "non-terminating threads that would consume more and more resources until the computer running the code crashed"

    Who the hell is still running SQL server on NT4?

    1. Jou (Mxyzptlk) Silver badge

      Re: What?

      > had attempted to wipe its Linux OS directories and two code projects

      Who the hell runs production on Linux, let alone Java and SQL on Linux?

      1. Doctor Syntax Silver badge

        Re: What?

        "Who the hell runs production on Linux"

        Anyone who wants a nice stable platform and has years of Unix experience from well back into the last century.

      2. Prst. V.Jeltz Silver badge
        Windows

        Re: Who the hell runs production on Linux

        You walked into that one Jou!

      3. Anonymous Coward
        Anonymous Coward

        Re: What?

        please educate me, what OS should we run in production and what coding language instead of Java?

        (I will accept zOS with COBOL or PL/1 as a valid answer but only if you can find me enough sysadmins and coders under the age of 65 to make it viable)

        1. Anonymous Coward
          Anonymous Coward

          Re: What?

          NonStop (formerly Tandem).

          Built in database and resilience. Supports DevOps and Java.

      4. tatatata

        Re: What?

        I'm actually more puzzled by "had attempted to wipe" and apparently failed to do so.

        When I attempt to wipe Linux OS directories, you will need to restore from backup.

    2. Alan Brown Silver badge

      Re: What?

      I'f you've ever had to interact with Eaton products, this really shouldn't be a surprise

    3. big_D Silver badge

      Re: What?

      It sounds like our current Java based ERP system, to be honest.

  5. Anonymous Coward
    Anonymous Coward

    Speaking as a Java programmer of 30 years

    It's hard to beat "while(1) fork()" in C for this particular job.

    Choosing the wrong tools for the job, demotion well deserved.

    1. Frumious Bandersnatch

      Re: Speaking as a Java programmer of 30 years

      :(){ :|:& };: is shorter

      1. Eclectic Man Silver badge
        Facepalm

        Re: Speaking as a Java programmer of 30 years

        The Halting Problem* is to determine whether a given Turing Machine** will halt after a finite number of actions given a specified input.

        Lu's defence could have been that he was merely attempting some theoretical Computer Science research as his retirement 'project' and did not realise the harm it would cause.

        (According to Church's Thesis*** all digital computers are equivalent to some Turing machine or other.)

        OK, enough basic Mathematical Logic: How on Earth did he think he would get away with this?

        * https://en.wikipedia.org/wiki/Halting_problem#:~:text=In%20computability%20theory%2C%20the%20halting,or%20continue%20to%20run%20forever.

        ** https://plato.stanford.edu/entries/turing-machine/#:~:text=Turing%20machines%2C%20first%20described%20by,the%20computing%20of%20real%20numbers.

        *** https://en.wikipedia.org/wiki/Church–Turing_thesis

      2. Ignazio

        Re: Speaking as a Java programmer of 30 years

        /me smiling at people trying shorter code snippets to cause forkbombs, as if efficiency or readability are important in that use case

  6. froggreatest

    other options

    I suppose he could have left a backdoor instead, which would have allowed him remote access for the destruction and cleanup. Otherwise, the trigger based on his name in the system is rather naive, but I’m struggling to come up with other type of checks you could do to check if one was sacked from within a production box.

    1. Roger Lipscombe

      Re: other options

      "I’m struggling to come up with other type of checks you could do to check if one was sacked from within a production box."

      You just set up a bunch of scheduled tasks and the like that run under your user account. It happens frequently enough in normal enterprises -- even those that should know better -- that it looks fairly innocuous, and it'll break stuff shortly after your account is disabled. If it's, say, a certificate renewal, you'll be long gone before anyone figures out the cause.

      I'm not recommending this (obviously) but incompetence and malice are often hard to distinguish. That's why we have Hanlon's Razor, after all.

      1. Jou (Mxyzptlk) Silver badge

        Re: other options

        eah, that's what service accounts are for. But in many cases you don't even need that. If the target was a Windows Server you schedule tasks as local system, and set the "owner" and "creator" to "NT AUTHORITY\SYSTEM". If it is a Linux you can do practically the same.

        Neither the article nor the prosecution PDF tell about the OS, but a lot here seem to assume that it was Windows? Then why was his own machine a Linux? In the end it does not matter, I am just a bit annoyed by "jumping to conclusion which OS it had been".

        (Maybe the production machine was a Mac, or a 15+ year old Alpha 64 with some other unix variant?)

        1. TheWeetabix Bronze badge

          Re: other options

          Funny, your “who runs production on linux” seems awfully close to assuming what OS they run…

      2. Anonymous Coward
        Anonymous Coward

        Re: other options

        Or ideally under the user account of someone who's retired a few years ago and can't be contacted, then put an expiry date on their account that you keep moving forward quarterly.

    2. Anonymous Coward
      Anonymous Coward

      Re: other options

      Safer to do what the security services do, i.e. find an existing weakness and hold onto it for when you need it. Even safer if you then find a way to make it known to some nefarious third party rather then try to exploit it yourself.

    3. BinkyTheMagicPaperclip Silver badge

      Re: other options

      The very obvious one is a delayed dead man's switch. Set up a process that achieves the desired action if something innocuous doesn't happen on a regular basis. Do not forget to do that thing on a regular basis whilst you're still employed.

      It doesn't take a genius to work out who the culprit is if someone is sacked and suddenly everyone else is locked out of the system. On the other hand, if things started going wrong three weeks later, and then became worse the finger of blame might not point in the ex employee's direction. Particularly if this was disguised as malware from the 'Wr3c4r Kr00' rather than IsJoeEmployeeStillEmployed.

    4. Persona Silver badge

      Re: other options

      It's better to check for someone who is on their notice period rather than yourself. Just before they go you change it to test for someone else who is serving their notice period. The day your access is revoked the final countdown begins.

    5. Lee D Silver badge

      Re: other options

      I don't think he could.

      He clearly didn't have the access to create administrative users, and his own code had to run as himself and in doing so left a paper trail a mile long.

      I think that he just had some programs that were detected whether he was disabled because he couldn't STOP his accounts getting disabled. So the only things affected were already deployed code, and with the access rights disabled, he would have had insufficient access to do anything beyond what he did - cause a bit of trouble.

      This is why you disable accounts when people leave, and don't give out admin but delegate permissions instead. Sure they may have left themselves some stuff on the back end, but it's executing as themselves, and that account is deleted and apart from resource starvation, they shouldn't even have the ability to delete files they previously had permission to because their account is disabled.

      The way to manage this is change management... when someone wants a long running process on a server, it has to be approved. Someone should check the system for unauthorised programs and scripts and scheduled tasks and whatever. And someone else should check THE EXACT SAME independently so no one person can ignore/implement a change.

  7. Blackjack Silver badge

    As I have said before, just force every office computer to update (or try to update) Windows instead then blame Microsoft.

    1. Jou (Mxyzptlk) Silver badge

      Article states: "had attempted to wipe its Linux OS directories and two code projects"

      WTF is wrong with so many being unable to read? No surprise how the current generally deteriorating world situation happens...

      1. Doctor Syntax Silver badge

        From TFA: "Is Davis Lu enabled in Active Directory."

        Reading ability?

        1. Jou (Mxyzptlk) Silver badge

          Checking whether someone is active in AD is a simple LDAP query. Linux variant I have to use often enough (simplified, use search engine for more details):

          ldapsearch -H ldap://domain.local -x -W -D "service-user-used-to-query@domain.local" -b "dc=domain,dc=local" "(sAMAccountName=Davis.Lu)"

          Java variant: No idea, but cannot be difficult since LDAP predates Active Directory.

          So, yes, reading ability, now with added understanding ability on top :P . (<- that might get me extra down vote)

  8. Howard Sway Silver badge

    named the code IsDLEnabledinAD

    Perhaps he was hoping for leniency by strictly adhering to internal code naming standards when he wrote his malware. Did he fully document his function too?

    1. JoeCool Silver badge

      Re: named the code IsDLEnabledinAD

      it's so hard to get programmers to code eloquently.

      8 Functions

      8.1 naming convention

      8.1.1 Verb+Noun

      Verb+noun+article+noun

      Verb+noun+adjective

      Verb+noun+preposition+noun

      sad that natural ability is stunted by malicousness

      1. doublelayer Silver badge

        Re: named the code IsDLEnabledinAD

        Everyone has their own opinion. In this case, the closest I can get while sticking religiously to your naming options is CheckDLInAD (Verb+noun+preposition+noun). For hiding what he was doing, that name is just so slightly better, but for readability, I prefer his. I do not see a reason to mandate that function names always be imperative phrases. Most of my imperative functions do, but this was not an imperative function.

  9. Pascal Monett Silver badge
    Thumb Down

    "he faces sentencing at a later date"

    And he faces never getting a coding job ever again.

    And that is well deserved.

    1. Eclectic Man Silver badge
      Devil

      Re: "he faces sentencing at a later date"

      And he faces never getting a coding job ever again.

      Well, not from a legal, respectable employer ...

      1. TheMaskedMan Silver badge

        Re: "he faces sentencing at a later date"

        "Well, not from a legal, respectable employer"

        He'd have to find one first!

        But I can't see the other, more common variety wanting him either - after all, he got caught very easily.

  10. Anonymous Coward
    Anonymous Coward

    A better way

    I would gate complicated performance critical code (vs. simple slow code) behind a validation system that consumes tokens in a database table that I refill with another process.

    Refill the tokens routinely as unit tests are passed proving that the performant code is working the same as the simple slow code.

  11. Winkypop Silver badge

    But the good news is

    He no longer needs to worry about applying for any new jobs.

    Free accommodation, food and zero tax.

    1. Dizzy Dwarf

      Re: But the good news is

      He’s 55 now, so he’ll be 65 when he gets out - then he can start drawing down on his company pension.

      Winning :)

  12. gnasher729 Silver badge

    Criminals usually try to make money. Not this one. Criminals usually try not to get caught (some not good at it), not this one. Seems some kind of mental breakdown.

    1. RAMChYLD Bronze badge

      Well, he was laid off. Probably also found out that he would be laid off but the head of the corporation would be getting a huge raise instead.

      Some people can take that train of thought. Some people just couldn't.

  13. zawarski

    Damn

    It feels good to be a gangsta.

    1. Anonymous Anti-ANC South African Coward Silver badge

      Re: Damn

      Until you get a lot of plods on your case.

  14. Anonymous Anti-ANC South African Coward Silver badge

    People who think they're gangsta and do the BOFH thing need to wake up to reality.

    Just walk away without leaving any nasty logic bombs. It is always for the best to be the high man and to keep your integrity intact than to stoop to low level dirty tricks...

    1. Anonymous Coward
      Anonymous Coward

      > Just walk away without leaving any nasty logic bombs. It is always for the best to be the high man and to keep your integrity intact

      Got an ongoing issue with a previous employer, they are still (3.months after leaving) sending me emails. Only problem, I only know they have sent an email when I get a curt text message asking why I have not responded to their email. This is because despite knowing my private email address, they persist in sending emails to the employee email account on their system, which I, as a point of principle, see no reason in accessing even though it is clear they have not disabled login.

      1. rafff

        "curt text message asking why I have not responded to their email."

        Just add them to your block list - assuming the TXT does not come from a "private number"

      2. tiggity Silver badge

        " I, as a point of principle, see no reason in accessing even though it is clear they have not disabled login."

        ..never mind as principle, if you no longer work there then accessing it is an offence (in many countries, certainly in the UK) - and never rule out it being a deliberate provocation to keep using that email to make you illegally log in.

        1. Anonymous Coward
          Anonymous Coward

          A while back I received a phone call from my previous employer. I worked there for 17 years, and left on very good terms. They have a few production web servers and a database server that live in a DMZ, and are thus not part of their AD infrastructure. It seems that they locked themselves out of these servers somehow, and were not able to log in to them anymore. Don't ask me how, I have no idea what they did.

          They asked for my old password. I wasn't going to tell them the password. Even though I left on good terms, I'm not that trusting. Then I ask them why may account was still active, since it had been over two years since I left. In the end, I told them to send me a link for a remote session to the new admin's PC (my old PC actually), then open a remote session to the server, and I would log into my old account and reset the admin password for them. I told them this way they can see everything I do (and I wanted to log out my old account). I made them promise to delete my old account, however I would bet money it's still active.

          1. FeRDNYC

            I would bet money it's still active.

            Money you have to spare, since presumably you billed them exorbitantly for this service?

            "Leaving on good terms" doesn't mean they get to take advantage of you when they suddenly have a problem that needs solving. "Leaving on good terms" should mean that they're more than happy to compensate you reasonably, if not generously, for riding in on your white horse and extracting their fat from the frying pan. Heck, if they didn't offer right up front, then they're kind of being jerks.

  15. Luiz Abdala Silver badge
    Devil

    He doesn't read BOFH, does he?

    He did it on a machine with his own credentials, and he was the only one that had access to it. And wrote the code on his own login.

    Non-BOFH conformity all around.

    ======

    Yeah, jail time. Appropriate.

    1. Moonunit

      Re: He doesn't read BOFH, does he?

      Jail time if only to slap on the wrist for sheer dimwittedness in execution. No pride in his craft ... none ...

  16. Moonunit

    Dimwit

    The reported naming conventions and mechanisms are, err, what I'd expect of some spotty teen who is bent on world (or at least server) domination Lu could have done far, far better ito covering his tracks and avoiding drawing attention to himself. Bloody ego ... always gets in the way!

  17. Dabooka

    Always the same

    For all there ability and creativeness, they lack simple cognition for covering their tracks. I'm utterly bemused by the failings of these rogue admins, they must want to be caught for notoriety

    1. tiggity Silver badge

      Re: Always the same

      I don't see the point in people doing such things, keep your dignity & integrity instead.

      If someone in IT did have a gripe with ex employer then usually legitimate ways to get back at them.

      e.g. Many companies, even those making best efforts, will have a few licencing issues, be it accidentally having more users than licence allows, a dev licence being used on a server that ends up in production, licence limit hit & so several people share creds so they can use a piece of software whilst waiting for request to increase user count to be processed by the bean counters etc.

      All they need to do is have some of these licencing infringements well documented and they can anonymously pass it on to FAST or similar & maybe some action occurs*

      * If employer was making best efforts this would still be petty behaviour, but if employer was a proud software pirate then it would be fair enough (IMO)

  18. FeRDNYC

    Creative use of "Creative", here

    Presumably Lu is of Chinese descent and speaks Chinese at least semi-fluently, so can we not describe it as "creative" when someone simply falls back to their native/second language when labeling things, relying on the fact that most English-speaking users won't be able to recognize the meaning behind the foreign words? I mean, he named applications "destruction" and "sleep" — would those be "creative" names if the English words were used?

    I dunno, maybe I'm looking at it wrong, but it feels like there are two ways to present that information:

    • Dang, this guy labeled his software in Chinese so they'd never be able to detect it, he's some sort of criminal mastermind!
    • Huh, lucky break for him that nobody caught on to this. Some of his code was even labeled things like "destruction" or "sleep" in Chinese!

  19. CabaRay

    How is the article not titled EATON MESS?

    1. Anonymous Coward
      Anonymous Coward

      Because El Reg is now an American publication, and the writer is an American.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like