IT admin deletes company’s databases and is jailed for seven years
Forensic experts correlated WiFi connectivity logs and timestamps with internal CCTV footage to confirm their suspicions
A former database administrator in China has been jailed for seven years after deleting data belonging to his employer Lianjia, a real-estate brokerage giant.
Han Bing allegedly performed the act in June 2018, according to Bleeping Computer. Bing used admin privileges and a root account to access the company’s financial system and delete data found on two database servers and two application servers.
The action immediately affected large parts of Lianjia’s operations which left tens of thousands of employees without salaries for an extended period. The company also had to carry out data restoration efforts which cost around $30,000.
Bing was one of five suspects in the data deletion incident, detailed documents released by the court of the People's Procuratorate of Haidian District. The administrator raised the authorities’ suspicion when he refused to give his laptop password to the company’s investigators.
"Han Bing claimed that his computer had private data and the password could only be provided to public authorities, or would only accept entering it himself and being present during the checks," reported local news outlet 4hou.
Technicians retrieved access logs from the servers and traced the activity to internal IPs and MAC addresses. The inspectors also retrieved WiFi connectivity logs and timestamps and eventually confirmed their suspicions by correlating them with CCTV footage.
The truth about cyber security training
Stop ticking boxes. Start delivering real change.
FREE DOWNLOAD
The forensic expert also found that Bing had wiped the databases by using the commands “shred” and “rm”. The shred command overwrites the data three times with multiple patterns so they cannot be recovered while rm removes the symbolic links of the files.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Bing had previously informed his employer about security gaps in the company’s financial system and communicated his worries to other administrators through email. Despite this, he was largely ignored and his department’s leaders never approved the security project he had proposed.
Lianjia’s director of ethics testified at the court and said that Bing felt that his organisational proposals weren’t valued and often entered arguments with supervisors.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.