Han Bing, a 40-year-old former database administrator for Lianjia, a Chinese real estate brokerage giant, was sentenced to 7 years in prison for logging into the company’s systems and deleting 9TB of data from it. -this. Bing did this in June 2018, when it used its administrative privileges and root account to access the company’s financial system and delete all data stored on two database servers and two application servers.
This resulted in the immediate paralysis of large parts of Lianjia’s operations, leaving tens of thousands of its employees without pay for an extended period and forcing a data restoration effort that cost an estimated $30,000. The consequential damages resulting from the interruption of the company’s activities, however, were far greater, as Lianjia operates thousands of offices, employs more than 120,000 brokers, has 51 subsidiaries and is estimated to have a market value of $6 billion.
employee survey
According to documents released by the People’s Procuratorate Court of Haidian District, Beijing, Han Bing was one of five main suspects in the data deletion incident. The administrator immediately aroused suspicion when he refused to give the password to his laptop to company investigators. Han Bing claimed that his computer contained private data and that the password could only be provided to public authorities, or did not agree to enter it himself and be present during checks, details the Chinese media that reproduced parts of the published materials.
As the investigators revealed in court, they knew that such an operation would leave no traces on the laptops, and therefore carried out the checks only to assess the reaction of the five employees who had access to the system. Eventually, technicians retrieved access logs from the servers and traced activity to specific internal IP and MAC addresses. Inspectors even retrieved WiFi connectivity logs and timestamps and ended up confirming their suspicions by correlating them with CCTV footage.
The contracted forensic expert’s final assessment revealed that Bing had used the « shred » and « rm » commands to wipe the databases. The « rm » command removes symbolic links from files, while the « shred » command overwrites the data three times with multiple patterns, so that it becomes unrecoverable.
A disgruntled employee
Surprisingly, Bing had repeatedly informed his employer and superiors of security flaws in the financial system, even sending emails to other administrators expressing his concerns. However, he was largely ignored, as the leaders of his department never approved of the security project he proposed to lead.
This was confirmed by testimony from the Lianjia Ethics Director, who told the court that Han Bing felt that his organizational proposals were not appreciated and that he often came into conflict with his superiors. In a similar case from September 2021, a former employee of a New York-based credit union got revenge on her supervisors who fired her by deleting more than 21.3 GB of documents in 40 minutes.
Source: 4hou
And you?
See as well :