A former database administrator for Chinese real estate agent Lianjia has deleted the company’s data. It turns out that Han Bing logged into the company’s systems and deleted the data, which earned him a 7-year prison sentence. The former admin committed this act in June 2018. He then used his administrative privileges and root account to access the company’s financial system. In doing so, it erased all data stored on two database servers and two application servers. This led to the immediate paralysis of many of Lianjia’s operations.
Han Bing, a 40-year-old former database administrator for Lianjia, a Chinese real estate giant, was sentenced to 7 years in prison for logging into the company’s systems and deleting 9TB of data from it. Bing did this in June 2018 when it used its administrator privileges and root account to access the company’s financial system and wiped all data stored on two database servers and two application servers.
This immediately paralyzed large parts of Lianjia’s operations, leaving tens of thousands of its employees without salaries for an extended period of time and necessitating data recovery that cost an estimated $30,000. However, the consequential damage resulting from the disruption to the company’s operations was far greater as Lianjia operates thousands of offices, employs more than 120,000 brokers, has 51 subsidiaries and is estimated to have a market value of $6 billion.
According to documents released by the Haidian District People’s Procuratorate in Beijing, Han Bing was one of five prime suspects in the data erasure incident. The administrator immediately aroused suspicion when he refused to give company investigators his laptop’s password. Han Bing claimed that his computer contained private data and that the password could only be shared with authorities or did not agree to enter it himself and be present at checks, detailed the Chinese media, which reproduced parts of the published materials.
As the investigators revealed in court, they knew that such an intervention would not leave any traces on the laptops and therefore only carried out the checks to assess the reaction of the five employees who had access to the system. Finally, technicians pulled access logs from the servers and tracked activity on specific internal IP and MAC addresses. Inspectors even pulled out WiFi connectivity logs and timestamps, eventually confirming their suspicions by correlating them with CCTV footage.
The final assessment by the hired forensic scientist revealed that Bing had used the “shred” and “rm” commands to wipe the databases. The rm command removes symbolic links from files, while the shred command overwrites the data three times with multiple patterns, making it unrecoverable.
A disgruntled employee
Surprisingly, Bing had repeatedly informed his employer and supervisor about security vulnerabilities in the financial system, and even sent emails to other administrators voicing his concerns. He was largely ignored, however, as the heads of his department never approved the security project he wanted to lead.
This was corroborated by the testimony of Lianjia’s director of ethics, who told the court that Han Bing felt his organizational proposals were not appreciated and that he often got into conflict with his superiors. In a similar September 2021 case, a former employee at a New York-based credit union retaliated against her bosses who fired her by deleting more than 21.3GB of documents in 40 minutes.
What is your opinion on the topic?
What do you think of Han Bing’s behavior?
Have you ever experienced such a case in your organization?
How do you think companies can protect themselves against these risks?
According to Beyond Identity, 83% of employees admit to having persistent access to their ex-employer’s accounts, and 56% of them use this access with specific intent to cause harm
An ex-employee who was fired for incompetence hacked into his former employer’s data stored on Amazon’s servers and deleted it
IT worker sentenced to two years in prison for deleting more than 1,200 Microsoft 365 accounts at a California company after release
Ex-Cisco engineer admits to deleting 456 VMs used to run Webex Teams app. Cisco spent $1.4 million in employee time to repair the damage