Chinese real estate biz giant Lianjia’s former database administrator, Han Bing (40-year-old), has been sentenced to 7 years in prison for hacking the corporate company’s systems and wiping their data.
Bing allegedly deleted all stored data from two database servers and two application servers using his administrative privileges and a “root” account in June 2018.
As a consequence, Lianjia has been forced to suspend large parts of its operations immediately. With this disruption, the company was unable to pay its employees for longer periods of time.
Not only that even restoring the whole data cost the company around $30,000, and it’s really expensive. It is not the direct damages caused by the interruption of the firm’s business, but rather the indirect damages, which were far more devastating.
Why this damage could have devasting impacts?
Since its market value is estimated to be $6 billion, and as of December 31, 2013, Lianjia owned 51 subsidiaries across 51 countries, operated thousands of offices, and employed over 120,000 brokers.
The incident of data deletion was attributed to the five main suspects, including Han Bing. When the company’s investigators asked the administrator to provide the company investigators with his laptop password, the administrator declined.
An investigator testified in court that they were aware such an operation would leave no trace on the laptop afterward. It is for this reason that only the five employees with access to the system were examined in order to measure their response.
A few days later, from the servers, the technicians retrieved all the access logs and also tracked all the activities back to specific internal IPs and MACs.
Moreover, they managed to retrieve the WiFi logs and timestamps, determining that the WiFi logs corresponded with CCTV footage, which would confirm their suspicions.
The contract forensic expert concluded that Bing had used the shred and rm commands to wipe its databases. This was the final reflection of the forensic expert’s analysis.
Here the shred overwrites data three times with multiple patterns, while rm deletes symbolic links to files.
Bing’s attempts to notify
The security holes in the financial system have repeatedly been reported by Han Bing to his employer and supervisors since he started working there.
Additionally, Han Bing also has sent a number of emails to other administrators in regard to the concerns he has.
The security projects he proposed to run, to ensure the safety of the company, were not approved and were harshly ignored by the department leaders.
Several witnesses at Lianjia, including the director of ethics at LianJia, Zhou Mou have come forward to help confirm this. While he told the court that Han Bing often found himself in arguments with his supervisors as he felt that his proposals were not being valued.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.