The former database administrator of Chinese brokerage giant Lianjia has wiped the company’s data. It turned out that Han Bing logged into the company’s system and erased the data, for which he received a 7-year prison sentence. The former administrator took this action in June 2018. He then used his administrative privileges and root account to access the company’s financial system. This erased all data stored on the two database servers, as well as on the two application servers. This resulted in the instantaneous paralysis of many of Lianjia’s operations.
Han Bing, a 40-year-old former database administrator of Lianjia, a Chinese real estate giant, was sentenced to 7 years in prison for logging into the company’s systems and deleting 9 TB of data from the company. Bing did this in June 2018 when he used his administrative privileges and root account to access the company’s financial system and delete all data stored on two database servers and two application servers.
This resulted in the immediate paralysis of much of Lianjia’s operations, leaving tens of thousands of its employees without pay for an extended period and forcing a data recovery that cost an estimated $30,000. However, the collateral damage from the company’s suspension was much greater, as Lianjia operates thousands of offices, employs more than 120,000 brokers, has 51 subsidiaries, and is valued at $6 billion.
According to documents released by Beijing’s Haidian District People’s Procuratorate, Han Bing was one of the top five suspects in the data deletion incident. The administrator immediately aroused suspicion when he refused to give company investigators the password to his laptop. Han Bing claimed that his computer contained private data and that the password could only be provided to government agencies, or did not agree to enter it himself and be present at the checks, Chinese media outlets clarified, reproducing parts of the published materials.
Investigators testified in court that they knew that such an operation would leave no traces on the laptops, and therefore only conducted checks to assess the reaction of the five employees who had access to the system. In the end, the technicians extracted the access logs from the servers and traced the activity on specific internal IP and MAC addresses. The inspectors even extracted Wi-Fi connection logs and timestamps and eventually confirmed their suspicions by comparing them with CCTV footage.
A final assessment by a hired forensic scientist showed that Bing used the “shred” and “rm” commands to destroy the databases. The “rm” command removes symbolic links from files, and the “shred” command overwrites the data three times with multiple patterns so that it cannot be recovered.
Surprisingly, Bing repeatedly informed his employer and superiors of security flaws in the financial system, even sending emails to other administrators expressing his concerns. However, he was largely ignored as his department heads never approved of the security project he offered to lead.
This was supported by the testimony of Ethics Director Lianjia, who told the court that Han Bing felt that his organizational suggestions were not valued and that he frequently clashed with his superiors. In a similar September 2021 case, a former New York credit union employee retaliated against her bosses who fired her by deleting more than 21.3GB of documents in 40 minutes.
What is your opinion on this issue?
What do you think of Han Bing’s behavior?
Have you ever encountered such a case in your organization?
In your opinion, how can companies protect themselves from these risks?
According to Beyond Identity, 83% of employees admit to having regular access to their former employer’s accounts, and 56% of them use that access with the specific intent to cause harm.
A former employee fired for incompetence hacked and deleted his former employer’s data stored on Amazon’s servers.
IT professional sentenced to two years in prison for deleting over 1,200 Microsoft 365 accounts from California company after being fired
The former Cisco engineer admitted to removing 456 virtual machines that were used to run the WebEx Teams application. Cisco spends $1.4 million in employee time fixing damage