I can’t prove you wrong, but your post made me wonder this: Senator Ted Stevens in 2006, said that “the Internet is a series of tubes”. Every one of those tubes must have an end. The Anus is the end of a tube (the lower intestine). Therefore, the Internet is a series of anuses. Prove me wrong.

Dude gave anyone looking for forensic clues a layup

would lock every employee out of their accounts if his credentials were ever revoked, and named the code IsDLEnabledinAD, as in “Is Davis Lu enabled in Active Directory.”

That’s kind of an easy figure out: look for all the D.L.s in the company and work from there. But then

investigators subsequently found the source code for this program on an internal development server in Kentucky, and that Lu’s user account had been used to execute the malware on the production box. Lu was also the only member of his team who had access privileges for that dev machine.

This guy left an easy forensic trail.