Koala tea internal code review practices
I actually think I want to give this guy a pat on the back
A 55-year-old software developer
… and…
Lu had worked at Eaton Corp. for about 11 years when he apparently became disgruntled by a corporate “realignment” in 2018 that “reduced his responsibilities,” the DOJ said.
So he was 48 at the time he started this. Was he planning on retiring from all work at 48? I can’t imagine any other employer would want to touch him with a 10ft (3.048 meters) pole after he actively sabotaged his prior employer’s codebase causing global outages.
I’m sure DOGE is actively considering hiring him.
This kill switch, the DOJ said, appeared to have been created by Lu because it was named “IsDLEnabledinAD,” which is an apparent abbreviation of “Is Davis Lu enabled in Active Directory.”
Lu named these codes using the Japanese word for destruction, “Hakai,” and the Chinese word for lethargy, “HunShui,”
[Lu]’s “disappointed” in the jury’s verdict and plans to appeal
No, this guy is cooked, there’s even evidence of him looking up how to hide processes and quickly delete files, absolutely no way an appeal would work out for him, I don’t think an “I got hacked” argument is going to work.
It would only work if he owned the code and the company stopped paying. There’s lots of precedent for that.
Still probably not. The code also deleted files, deleted accounts, and created infinite loops which took down large chunks of the network and infrastructure.
You could take your code, but you can’t take down the company.
Yeah he’s screwed then.
I take it he hasn’t heard about “hiding things in the open”.
That would be, for example, using a constant of some near year in “end time” column meaning unfinished action.
Or just making some part that will inevitably have to be changed - “write-only”, as in unreadable. Or making documentation of what he did bad enough in some necessary places that people would have to ask him.
So many variants, and such obvious stupidity.
That’s an amazing point, actually
It’s actually kind of worrisome that they have to guess it was his code based on the function/method name. Do these people not use version control? I guess not, they sure as hell don’t do code reviews if this guy managed to get this code into production
- I assumed that the code was running on a machine that Lu controlled.
- Most companies I have worked at had code reviews, but it was on the honor system. I am supposed to get reviews for all the code I push to main, but there is nothing stopping me from checking in code that was not reviewed (or getting code reviewed and making a change before pushing it). My coworkers trust me to follow the process and allow me to break the rules in an emergency.
He fucked up. But it’s also kinda funny.
Dude should have just added comments indicating that the code was part of some security test but was unfinished and extremely dangerous.
Change a few file names, add a comment how it will never run under normal circumstances, and you’ve got plausible deniability.
So he was pissed because they gave him less work to do???
I’m trying to understand it
IT work is feast or famine.
“IT people, your not doing anything, what the hell do we pay you for?”
“IT people, everything is on fire, what the hell do we pay you for?”
How is that feast or famine
i goes it is ON not OR
I think they mean in terms of workload, not like pay or something. Either you have a lot of work, or very little work. But when you’re needed, you’re needed urgently.
Every person that has worked in a sysadmin type role, has joked about doing something like this. Very few actually carry through with it. So, in a way, I kinda like this guy for actually doing it, even if he didn’t cover his tracks very well.
Reminds me of the timebombs in windows 2000. I guess he’s forced to start fresh.
Timebombs in Windows 2000?
Timebombs in windows 2000!
Oh shit that is a large number
out of the loop :
2000 x 1999 x 1998 x … x 3 x2 x 1 = 2000 !
I worked for a company once that installed a remote-activation killswitch in their drivers, as a secret weapon to force the customer to stay current on their maintenance contract.
The CEO was a fuckup however, and the code killed their system even without being activated - resulting in a bunch of angry phonecalls and some of the most egregious lying I’ve ever heard.
god, he was a piece of shit
Sounds like lawsuit territory
That’s hilarious.
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after. It doesn’t have to be malicious or illegal.
His efforts to sabotage their network began that year, and by the next year, he had planted different forms of malicious code, creating “infinite loops” that deleted coworker profile files, preventing legitimate logins and causing system crashes
I wish this guy was were actually politically motivated, but he seems to have been just really petty minded person.
That’s what my old company used to do. You did this? Do a KT to some underpaid remote employee and when they leave it’s again your responsibility to maintain it, alongside the new bugs and spaghetti they introduced.
We once told a SP50 customer that we would not provide a business critical service because an employee went on sabatical for a month and she had the only working version on her cookery computer. At that point the customer was so integrated with us that it would take them years to replace us.
Why do kill switches when you can just hog all the work of maintaining some critical part of the infrastructure and make it’s functioning and maintenance so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.
This is literally my firm’s core business practice. We’ve been at it for so long that at this point we have to be included in competing bids because we are the only ones in the world that can do certain specific things.
so opaque and impenetrable that the employer can’t replace or fire you without their shit catching fire soon after.
Somehow, that’s the kinda roles I always land in lol
deleted by creator
Initially makes me wonder how the employer could be so dumb as to give one employee so much access. But then I remember a former employer of mine did the same and worse.
Colleague was known for writing his comments in such a way that only he could read them, including mixing in German (US based company doing all business in English). He was also the admin of our CAD system and would use it as leverage to get his way on things, including not giving even default user access to engineers he didn’t like. We migrated systems and everyone was thinking, “this is it, the chance to root this guy out of the admin position” and… they gave him admin access again. Not even our IT department had the access he had. I left before the guy retired / was fired, this post is making me wonder if he left peacefully or left bricking the CAD system out.
Initially makes me wonder how the employer could be so dumb as to give one employee so much access.
The amount of access he had doesn’t surprise me. He’d been there for 11 years already likely working on many things as he interacted with systems in the course of his legitimate work. While its possible to set up access and permissions in an organization utilizing the “least privilege principle”, its expensive, difficult to maintain, and adds lots of slowdowns in velocity to business operations. Its worth it to prevent this exact case from the article, but lots of companies don’t have the patience or can’t afford it.
Initially makes me wonder how the employer could be so dumb as to give one employee so much access.
Right now, just based purely on the access I need to do my day-to-day job involves me having access where I can pretty much nuke everything from orbit, with an ssh loop.
At some point, you need to trust your employees, in order to get work done. Sure, you can lock it all down tightly, but then you just made work take longer. It’s a trade off.
My previous work didn’t revoked my access to their CMS. I was so upset when they laid me off after telling them my wife is pregnant.
But I ain’t that stupid.
Aren’t you no longer binded by profesional silence? Just log in into their DB, export it and try to get a seller
Again, not that stupid.
guy really tagged his name on the kill function, which was running on his own system. smh my head
