Angry employee

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company’s data.

Bing allegedly performed the act in June 2018, when he used his administrative privileges and “root” account to access the company’s financial system and delete all stored data from two database servers and two application servers.

This has resulted in the immediate crippling of large portions of Lianjia’s operations, leaving tens of thousands of its employees without salaries for an extended period and forcing a data restoration effort that cost roughly $30,000.

The indirect damages from the disruption of the firm’s business, though, were far more damaging, as Lianjia operates thousands of offices, employs over 120,000 brokers, owns 51 subsidiaries, and its market value is estimated to be $6 billion.

Investigation on employees

According to documents released by the court of the People’s Procuratorate of Haidian District, Beijing, H. Bing was one of the five main suspects in the data deletion incident.

The administrator immediately raised suspicion when he declined to give his laptop password to the company’s investigators.

“Han Bing claimed that his computer had private data and the password could only be provided to public authorities, or would only accept entering it himself and being present during the checks,” detail Chinese outlets that reproduced portions of the published documents.

As the investigators revealed in court, they knew that such an operation wouldn’t leave traces on the laptops, so they only performed the checks to gauge the response of the five employees who had access to the system.

Eventually, the technicians retrieved access logs from the servers and traced the activity to specific internal IPs and MAC addresses. The inspectors even retrieved WiFi connectivity logs and timestamps and eventually confirmed their suspicions by correlating them with CCTV footage.

The final appraisal of the contracted forensic expert was that Bing had used the commands “shred” and “rm” commands to wipe the databases. The rm command removes the symbolic links of the files, while shred overwrites the data three times with multiple patterns so that they become irrecoverable.

Disgruntled employee?

Surprisingly, Bing had repeatedly informed his employer and supervisors about security gaps in the financial system, even sending emails to other administrators to raise his concerns.

However, he was largely ignored, as the leaders of his department never approved the security project he proposed to run.

This was confirmed by the testimony of the director of ethics at Lianjia, who told the court that Han Bing felt that his organizational proposals weren’t valued and often entered arguments with his supervisors.

In a similar case from September 2021, a former New York-based credit union employee avenged her supervisors for firing her by deleting over 21.3GB of documents in a 40-minute attack.

Source: www.bleepingcomputer.com