Han Bing allegedly felt undervalued after his security warnings were ignored, and decided to prove his point by trashing four financial servers.

Servers at risk
(Image credit: Getty – Andrew Aitchison)

An indignant IT admin, seemingly aiming to prove the lax security his employer had hitherto ignored, proceeded to delete a bunch of vital financial databases, and has subsequently been given seven years in prison as a result. It’s what’s known in the IT trade as ‘cutting your nose off to spite your face,’ or inadvisably hulking out on a server you’re known to have access to and have already complained about.

Han Bing, a database administrator for Lianjia, a Chinese real estate brokerage, previously known as Homelink, was allegedly one of only five people in the security team with access to the company’s financial system databases. So when someone logged in with root access to Lianjia’s financial system and deleted the lot(opens in new tab) (via Bleeping Computer(opens in new tab)), the company already had a handful of suspects.

Four of the five handed over their laptops and passwords immediately, while Bing refused to hand over his password, claiming that it held private information. He agreed to access the device for the company’s investigators while he was present, and no incriminating evidence was found on his machine. 

The company, however, claimed the attack could be done simply by connecting to the server in a way that would leave no residual trace on the client laptop. 

Subsequent electronic forensic analysis of the company’s server logs, alongside the use of CCTV footage, linked records held on the server with the host name of Bing’s MacBook, “Yggdrasil,” as well as certain MAC and IP addresses linked on his computer.

Yeah, Yggdrasil. The tree of life. The roots of which can be seen sprawling across the sky in Valheim, and as that big f-off plant glowing away in Elden Ring. Everything in 2022 always seems to lead back to Elden Ring. This whole case is probably in the game somewhere as lore.

With all the evidence in hand, the Beijing Tongda Fazheng Forensic Identification Centre concluded none of the other potential suspects could be linked to the attack on June 4, 2018, and Han Bing was found guilty of damaging computer information and sentenced to seven years in prison. 

Initially that feels a bit harsh on the guy, but he did basically destroy four different servers, salting the earth so nothing could be recovered, and grinding the company’s operation to a halt. It then had to pay some $30,000 as amends for the fact that Lianjia employees were left without pay for an extended amount of time.

Which is also pretty harsh.

Bing’s colleagues have suggested that the reasoning behind his deletion of company records was down to the fact he discovered the security of the financial system was compromised, and his concerns were ignored.

He worked with another database admin to bring the issues to his seniors in the organisation but was apparently dismissed. It’s alleged this led to Bing arguing with other colleagues, and after his office was relocated it is suggested that he no longer felt valued by the company, was “passive and sluggish, often late and early, and there is also the phenomenon of absenteeism.” That’s according to the Edge machine translation, so make of that what you will.

Maybe Bing thought he was going to be rewarded for highlighting the problems more obviously, or maybe he was just a grumpy, vengeful admin by the end of it. Either way going to prison for seven years was most definitely not what he was aiming to get out of this.

https://www.pcgamer.com/it-admin-gets-7-years-for-wiping-his-companys-servers-to-prove-a-point/?

#CyberCrime