Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage firm, was sentenced to 7 years in prison for logging into corporate computers and erasing company data.
Bing allegedly committed the offence in June 2018, when he accessed the company's finance system and deleted all stored data from two database servers and two application servers using his administrative credentials and "root" account.
As a result, substantial areas of Lianjia's operations were immediately crippled, leaving tens of thousands of employees without pay for an extended length of time and necessitating a data restoration effort that cost around $30,000.
The indirect effects from the firm's economic disruption, however, were even more severe, as Lianjia maintains thousands of offices, employs over 120,000 brokers, owns 51 companies, and has a market value of $6 billion.
Investigation on employees
H. Bing was one of the five major suspects in the data deletion event, according to records issued by the court of the People's Procuratorate of Haidian District, Beijing.
When the administrator refused to give the company's investigators his laptop password, he immediately sparked suspicion.
"Han Bing stated that his computer contained confidential data and that the password could only be given to official authorities, or that he would only tolerate entering it himself and being present during the inspections," according to Chinese news sites that reprinted portions of the documents.
The investigators knew that such an operation would leave no traces on the laptops, so they just conducted the checks to evaluate the response of the five employees who had access to the system, as they revealed in court.
After retrieving access logs from the servers, the experts were able to link the activity to specific internal IPs and MAC addresses. The inspectors even obtained WiFi connectivity logs, which they later confirmed by comparing them to CCTV footage.
Bing had wiped the databases using the commands "shred" and "rm," according to the contracted forensic expert's final assessment. The rm command eliminates the files' symbolic links, whereas shred overwrites the data three times with various patterns, rendering it unrecoverable.
Surprisingly, Bing had regularly warned his boss and superiors about security flaws in the financial system, even sending letters to other officials to express his concerns.
However, he was mainly ignored because the security initiative he recommended was never approved by his department's superiors.
This was verified by the testimony of Lianjia's director of ethics, who testified that Han Bing believed his organisational recommendations were undervalued and frequently argued with his superiors.
In a similar case from September 2021, a former credit union employee in New York retaliated against her bosses by destroying approximately 21.3GB of papers in a 40-minute onslaught.