For entering into corporate networks and erasing the company’s data, Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage behemoth, was sentenced to 7 years in prison.
Bing allegedly committed the crime in June 2018, when he accessed the company’s finance system and deleted all stored data from two database servers and two application servers using his administrative credentials and “root” account.
Large elements of Lianjia’s operations were immediately crippled, leaving tens of thousands of employees without pay for a lengthy period of time and prompting a data restoration effort that cost around $30,000.
The indirect effects of the firm’s business disruption were considerably more severe, given that Lianjia has thousands of offices, employs over 120,000 brokers, owns 51 companies, and has a market value of $6 billion.
Employees are being investigated.
H. Bing was one of the five major suspects in the data deletion event, according to records issued by the court of the People’s Procuratorate of Haidian District, Beijing.
When the administrator refused to give the company’s investigators his laptop password, he immediately sparked suspicion.
“Han Bing stated that his computer contained confidential data and that the password could only be given to official authorities, or that he would only tolerate entering it himself and being present during the inspections,” according to Chinese news sites that reprinted portions of the documents.
The detectives knew that such an operation would leave no traces on the laptops, so they just conducted the checks to evaluate the response of the five employees who had access to the system, as they revealed in court.
After retrieving access logs from the servers, the experts were able to link the activity to specific internal IPs and MAC addresses. The inspectors even acquired WiFi network logs and timestamps, which they then corroborated with CCTV footage to validate their suspicions.
Bing had wiped the databases using the commands “shred” and “rm,” according to the contracted forensic expert’s final assessment. The rm command eliminates the files’ symbolic links, whereas shred overwrites the data three times with various patterns, rendering it unrecoverable.
Employee dissatisfied?
Surprisingly, Bing had regularly warned his boss and superiors about security flaws in the financial system, even sending letters to other officials to express his concerns.
However, he was mainly ignored because the security initiative he recommended was never approved by his department’s superiors.
This was verified by the testimony of Lianjia’s director of ethics, who testified that Han Bing believed his organizational recommendations were undervalued and frequently argued with his superiors.
In a similar case from September 2021, a former credit union employee in New York retaliated against her bosses by destroying approximately 21.3GB of papers in a 40-minute onslaught.
