A former database administrator for Chinese real estate brokerage giant Lianjia has cleared the company’s data. It turns out that Han Bing logged into the company’s systems and erased data, and was sentenced to 7 years in prison. The former manager committed this act in June 2018. He then used his administrative benefits and root account to gain access to the company’s financial system. In doing so, it cleared all data stored on two database servers, as well as two application servers. This led to the immediate paralysis of most Lianjia operations.
Han Ping, a 40-year-old former database administrator for Lianjia, the Chinese real estate brokerage giant, was sentenced to 7 years in prison for logging into the company’s systems and deleting 9 terabytes of data from them. Bing did this in June 2018, when it used its administrative and root account privileges to access the company’s financial system and delete all data stored on two database servers and two application servers.
This immediately paralyzed large parts of Lianjia’s operations, leaving tens of thousands of its employees without pay for an extended period and imposing a data recovery effort that cost an estimated $30,000. However, the damage from the discontinuation of the company’s activities was much greater, as Lianjia operates thousands of offices, employs more than 120,000 brokers, has 51 subsidiaries and has an estimated market value of $6 billion.
According to documents released by the Haidian District People’s Procuratorate Court in Beijing, Han Bing was one of the five main suspects in the data deletion incident. The official immediately raised suspicion when he refused to give the password to his laptop computer to company investigators. Han Bing claimed that his computer contained private data and that the password could only be provided to public authorities, or he did not agree to enter it himself and be present during the checks, detailing Chinese media that reproduced portions of the published material.
As revealed by court investigators, they knew that such an operation would not leave any trace on the laptops, and therefore they conducted checks only to assess the reaction of the five employees who gained access to the system. In the end, the technicians retrieved access logs from the servers and tracked the activity to specific internal IP and MAC addresses. The inspectors even retrieved WiFi connection logs and timestamps and ended up confirming their suspicions by linking them to CCTV footage.
The final evaluation of a contracted forensic expert revealed that Bing had used the “shred” and “rm” commands to scan databases. The “rm” command removes symbolic links from files, while the “shred” command overwrites the data three times in multiple patterns, making it unrecoverable.
Surprisingly, Bing has repeatedly reported security flaws in the financial system to the business owner and his superiors, even sending emails to other officials expressing his concerns. However, he was largely ignored, because the leaders of his ministry never approved of the security project he proposed to lead.
This was confirmed by testimony from Lianjia’s Director of Ethics, who told the court that Han Ping felt his organizational proposals were underappreciated and that he often went against his superiors. In a similar case from September 2021, a former employee of a New York-based credit union retaliated against her supervisors who fired her by deleting more than 21.3 gigabytes of documents in 40 minutes.
What do you think about it?
What do you think of Han Bing’s behavior?
Have you ever encountered such a situation within your organization?
In your opinion, how can companies protect themselves from these risks?
83% of employees admit to having maintained permanent access to their previous employer’s accounts, 56% of whom use that access with specific intent to harm, according to Beyond Identity
An ex-employee who was fired for incompetence hacked and deleted his ex-employer’s data stored on Amazon servers
An IT worker was sentenced to two years in prison for deleting more than 1,200 Microsoft 365 accounts from a California company after being fired
Ex-Cisco engineer admits deleting 456 virtual machines used to run WebEx Teams app, Cisco spent $1.4 million in employee time to restore damage