Han Bing, a former database manager for Lianjia, a major Chinese real estate agency, was given a 7-year prison term for breaking into company computers and erasing data.

Bing is accused of carrying out the conduct in June 2018, when he reportedly accessed the company’s finance system using his administrator rights and “root” account and deleted all previously saved data from two database servers and two application servers.

Large elements of Lianjia’s operations were immediately crippled as a result, leaving tens of thousands of workers without pay for an extended length of time and necessitating a data restoration effort that cost about $30,000.

However, because Lianjia has thousands of offices, employs over 120,000 brokers, owns 51 companies, and has an estimated $6 billion market value, the indirect costs from the firm’s economic disruption were significantly more detrimental.

examination of the staff
H. Bing was one of the five primary suspects in the event involving the data deletion, according to records made public by the court of the People’s Procuratorate of Haidian District, Beijing.

When the administrator refused to reveal his laptop password to the company’s inspectors, suspicions were quickly aroused.

Chinese media outlets who reprinted portions of the disclosed documents explain that “Han Bing stated that his computer had confidential data and the password could only be handed to official authorities, or would only accept entering it personally and being present during the checks.”

The checks were solely carried out to evaluate the response of the five employees who had access to the system because, as the investigators testified in court, they knew that such an operation wouldn’t leave any records on the laptops.

Finally, the experts were able to pinpoint the activity to particular internal IPs and MAC addresses after retrieving access records from the servers. The inspectors even collected WiFi network logs and timestamps, which they afterwards compared against CCTV footage to validate their suspicions.

The forensic expert hired by the company concluded that Bing had wiped the databases using the “shred” and “rm” commands. Rm deletes the files’ symbolic links, whereas shred overwrites the data three times with different patterns to make it unrecoverable.

Unhappy employee?
Unexpectedly, Bing had regularly warned his employer and superiors about security flaws in the finance system, even emailing other administrators to express his concerns.

He was mostly disregarded, nevertheless, as the departmental administrators never gave their approval for the security project he wanted to oversee.

This was supported by the testimony of the director of ethics at Lianjia, who told the court that Han Bing frequently argued with his superiors because he believed his organisational suggestions weren’t valued.

A similar incident occurred in September 2021 when a former employee of a credit union in New York deleted approximately 21.3GB of records in a 40-minute rampage as retaliation for her managers terminating her.