from the hell-hath-no-fury-like-a-sysadmin-scorned dept.
Angry IT admin wipes employer's databases, gets 7 years in prison:
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data.
Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers.
[...] Surprisingly, Bing had repeatedly informed his employer and supervisors about security gaps in the financial system, even sending emails to other administrators to raise his concerns.
However, he was largely ignored, as the leaders of his department never approved the security project he proposed to run.
This was confirmed by the testimony of the director of ethics at Lianjia, who told the court that Han Bing felt that his organizational proposals weren't valued and often entered arguments with his supervisors.
In a similar case from September 2021, a former New York-based credit union employee avenged her supervisors for firing her by deleting over 21.3GB of documents in a 40-minute attack.
Anyone have stories of any interesting employee departures that they have exprienced?
(Score: 5, Funny) by Snotnose on Wednesday May 18 2022, @07:58PM (10 children)
Some 30-40 years ago I found myself sysadmin to 14-18 Sun boxes in a Windows World. These were the first Sun boxes meant for developer's desks, I don't remember what they were called nor do I care to look them up (we're talking '91 here). I had my job I was getting paid for, and sysadmin I wasn't. I found out via usenet I could up the RAM of these little Suns by buying off the shelf RAM and just plugging the new chips in. For about 1/4 the price Sun charged. I did so.
I also worried about backups. Long story short, boss didn't want to buy extra backup tapes, let alone storing backups offsite. So I stored monthly backups at home.
I got laid off, and I wasn't happy about it (they did not take into consideration the time I spent being a sysadmin as that wasn't in my job description). About a month later I'm laying on my couch in the middle of the day and Andrea, a former co-worker I had the hots for but not the guts to go for it, called me. "Um, we lost all our source code, I know you kept offsite backups, um, you still have them?"
I looked at my bookshelf with 2 years of monthly backups, thought about how the company had treated me, and "nope, tossed them in the trash".
She knew I was lying, I knew she knew I was lying, and that's the last time I ever talked to her.
So, if your name is Andrea and you recognize this story hit me up, I'd love to reconnect.
/ pacific data products
When the dust settled America realized it was saved by a porn star.
(Score: 5, Informative) by Anonymous Coward on Wednesday May 18 2022, @08:03PM (7 children)
Pro tip: You do not want to see the girl you had the hots for 31 years ago now... they do not age well.
(Score: -1, Troll) by Anonymous Coward on Wednesday May 18 2022, @08:28PM (6 children)
with the current year added complication that "girl" might mean "boy", unless you're a supreme court justice, in which case you don't know the difference. 31 years from now is going to be unrecognizable.
(Score: -1, Troll) by Anonymous Coward on Wednesday May 18 2022, @08:54PM (5 children)
You gender-confused transvestites have just got to accept the facts: 1) there are two sexes which are defined by genes, and 2) everyone else in the world knows this since they aren't t mentally disturbed. Get treatment.
(Score: -1, Flamebait) by Anonymous Coward on Wednesday May 18 2022, @10:13PM
Git educated bigot.
(Score: -1, Offtopic) by Anonymous Coward on Wednesday May 18 2022, @11:18PM (3 children)
Let's see, there are people with two X chromosomes, there are people with an X and a Y, there are people with two X's and one Y, and there are people with one X and two Y's. There's probably more combinations that I'm not aware of.
In your educated counting scheme, how does that add up to 2?
(Score: -1, Troll) by Anonymous Coward on Wednesday May 18 2022, @11:23PM
Better that you explain how that adds up to 69, or 'leventy 'leven, or 1024, or whatever the fuck the count is now.
(Score: 2) by JoeMerchant on Thursday May 19 2022, @03:06PM (1 child)
Not only genetics, but body morphology. If you live in an "average" small town of 6200 residents, there will be one who was born with ambiguous genitalia: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5825923/ [nih.gov] If you attend a large college with 15000 students, on average there will be three students born with DSD. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5825923/ [nih.gov]
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Tuesday May 24 2022, @04:53PM
oh the horror! what if I run into one of them?!?
these numbers are *way* too small for me to care
(Score: 0) by Anonymous Coward on Thursday May 19 2022, @12:08AM
Oh... you were that creep.
If it makes you feel any better, we ended up getting divorced - she realized she's a lesbian, she said.
(Score: 5, Interesting) by JoeMerchant on Thursday May 19 2022, @02:58PM
I took a temp job doing data entry in 1988. While there I automated one of the managers' jobs with an Excel spreadsheet - basically meant that instead of six to ten data entry people lining up at her desk for her to run a three step calculation on her desk calculator for them, she turned her computer screen around and they used the spreadsheet to do the calculation for themselves. Over the weeks, the frequency of calculations required increased from 10-15 per day to 20-30 per hour, but no worries, the spreadsheet meant it was zero work for my manager.
The hard drive on her computer crashed (spontaneously, don't know why, nothing I did.) I brought in a boot floppy and had her computer up and running in no-time. Weeks passed. Her manager told me to switch jobs when she was out of the room - I was very up front with her manager: she won't like that - her manager informed me of the chain of command and wouldn't leave my station until I changed tasks as instructed. Her manager left the room. She came into the room, saw I had switched jobs and got furious. I was very up front with her, telling her that her manager explicitly told me to override her instructions and do this. She wouldn't leave my station until I changed tasks back. She left the room. Her manager returned to the room, saw I had switched tasks back, I shrugged and said: she told me to. Her manager left the room, some shouting was heard, and her manager left the building. She returned to the room and I was fired. The only thing unusual about this is that I had worked for about 10 weeks without being fired once, she fired most temps at least once every three weeks or less. They usually returned to work within a week or less. This was Friday.
On Monday I call the office, my manager isn't present but her peer-level co-manager says "oh, no, we need you, come in." I work all of Monday, Tuesday and Wednesday. On Thursday my manager returns and simmers at a low boil for the four hours I am guaranteed to be paid. At 1pm precisely, she has my timesheet filled out and signed and dismisses me. Have you forgotten about MY floppy that repaired her computer with MY spreadsheet? She hadn't exactly forgotten, but she certainly hadn't appreciated how few doughnut breaks she would be taking after I took MY floppy with me. I asked if I may take it with me. She said "oh, but of course dear, that's yours, you take it." I took my disk, and I suppose I could have just left the PC running, it would lose power eventually and my spreadsheet would be gone forever, but... the reset button was right there, calling to me. So, I took my disk, tapped the button and said "thank you, dear." on my way out the door, she saw the screen go black and said, overly sweetly, "oh, you're welcome, Dear!"
The temp agency said they have never had a manager so upset. They kept repeating that they would pay me for my hours worked, as if that were in question, and they said they might not be able to place me again. I was extremely done with them for other reasons and told them not to bother looking for placement, I no longer wanted to earn money for them.
Years later, I was hired by the VP of R&D into a small company that had recently come into a large pile of money. Within less than a year, mostly by hiring people like me, the company was rapidly making the large pile into a small one and the VP of R&D started playing spiteful games to make his hires look bad so he could let them go with cause. I decided to not play along with his game and openly disagree with his characterizations of me as unable to do my work, he was unable to manage my work - switching my tasks every few days whenever I got close to completion of anything. I started encrypting my backups and had a "wipe it all" script that would scrub all actively developed source code. He took a firing case for me to the owner, and I was transferred from his area to the owner's office desk since the owner rarely used it. A few months later I stopped encrypting anything, nobody ever knew about the kill-script. Truth of the matter is, it's highly unlikely they would get anything valuable from my 95% completed source code without me anyway. Five years later I was VP of R&D and he was "lateraled" to another position, but I started signing his time sheets. A year after that he retired from industry to go terrorize college kids with spiteful engineering tests.
🌻🌻 [google.com]
(Score: 2) by Mojibake Tengu on Wednesday May 18 2022, @08:08PM (1 child)
https://en.wikipedia.org/wiki/Lianjia#Controversies [wikipedia.org]
Well, this is a kind of fast karmic retaliation to all your clan you get when you betray a loyal underling who turns to become enraged lone jianghu warrior...
The whole incident could be staged as well, ordered by someone else (a customer or high rank) for a specific hidden reason.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by RamiK on Wednesday May 18 2022, @10:06PM
IMHO, the level of education required from corporate tech workers along with their social status, level of compensation, how they're not required to go through an apprenticeship or expected to fulfill any filial-like duties places them closer to the Confucian scholar-bureaucrats, soldiers and priests than the lower classes workers and hired swords of Ancient China.
If you throw in a bit of conspiracies and romance you might be able to squeeze out a court drama or something... Either way, this guy is no John Wick I can tell you that much.
compiling...
(Score: 4, Interesting) by DannyB on Wednesday May 18 2022, @08:46PM (6 children)
I like to think and believe that in any dispute with or departure from my employer that I would act professionally regardless of any personal hurt feelings.
I think some people today do not seem to recognize what they own and what the company owns. In some cases people don't seem to properly recognize other people's things -- that there is a bright line between what is mine and what is thine.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by Booga1 on Wednesday May 18 2022, @10:09PM (1 child)
People get overly defensive about things they are responsible for. Look at the whole saga of Terry Childs. [wikipedia.org]
My take on it is this: If you have done everything you can to improve a situation but the company doesn't want to actually solve the problem, it's on them. Let it go. Let the job go if you have to, but don't be the problem.
(Score: 1, Interesting) by Anonymous Coward on Thursday May 19 2022, @09:35AM
My recommendation is (if you haven't already) start gathering as much documentation and evidence that proves it's on them and not on you.
Keep backups of those.
Fact is in most cases even though it's a problem, if they don't get very unlucky, nothing happens for decades.
For example > 90% of workplaces could theoretically have their servers physically stolen from their server rooms/datacenters but in practice that's extremely unlikely. So do you take extra effort to encrypt all the drives of the servers to prevent access to the data? If you do this it means if the servers need to be booted up someone needs to enter the passphrases, otherwise they won't boot up... So is it really worth it for most companies? I'd actually recommend against doing such stuff since it'd actually cause more problems for the company.
As for this particular case, "oh wow the admin can delete the data and the backups", looks like the biggest mistake the company made was hiring that idiot. He should have solved the company's security problem by resigning and leaving the industry.
(Score: 2) by Thexalon on Wednesday May 18 2022, @11:21PM (2 children)
The degree to which I act "professionally" (as in, the ways my bosses want me to act) depends a lot on the degree to which the bosses are acting illegally or unethically.
For instance, I quit a job without notice once, because the owners had made it pretty clear they were not going to be able to pay us, without notice.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by DannyB on Thursday May 19 2022, @02:11PM (1 child)
In my view, that is professional. If you are told without notice that they can't pay you, there is nothing unprofessional about quitting without notice. The reason you are working is to get paid. Not out of the kindness of your heart.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Thursday May 19 2022, @11:05PM
^
Lots of old school mentalities are finally getting the booy. Reminds me of the ohrase "the customer is always right" and recently learned that it is only part of the quote. The full quote was along the lines of "in regards to fashion choices the customer is always right." It was never meant to make customers feel like entitled royalty that can treat employees like shit.
(Score: 1) by khallow on Thursday May 19 2022, @12:10AM
It's more a vague smudge... that you can adjust with a crowbar.
(Score: 2) by RS3 on Wednesday May 18 2022, @09:09PM (15 children)
I'm not defending Bing's actions at all, but the legal system / courts usually take many things into consideration when determining punishment. Again, Bing was definitely wrong, but TFS says he tried to get them to agree to a (possibly) better security system that he wanted to implement. I believe part of his action derived from him wanting to prove he was right, that the systems were quite vulnerable.
FTFA:
I guess they didn't have a good efficient backup / recovery system in place?
(Score: 2) by Revek on Wednesday May 18 2022, @09:43PM (1 child)
So basically the plot to a low rent die hard sequel with Jason Mewes as the basement dwelling hacker.
This page was generated by a Swarm of Roaming Elephants
(Score: -1, Spam) by Anonymous Coward on Thursday May 19 2022, @12:24AM
Yippie ki yay, doobie snax! [ehealthme.com]
(Score: 3, Insightful) by Anonymous Coward on Wednesday May 18 2022, @09:43PM (1 child)
This is one of those situations where being "right" should not work in your favor. If you point out a security flaw, and the company chooses not to fix it, that is not an invitation to exploit that security flaw. It is an invitation to laugh your ass off when someone else exploits it.
(Score: 1, Informative) by Anonymous Coward on Wednesday May 18 2022, @10:55PM
How do you know that wasn't exactly what happened, and then the bosses pointed the "investigators" to a convenient, too-informed scapegoat?
TFA: "The administrator immediately raised suspicion when he declined to give his laptop password to the company's investigators."
Which means, he was vary of them planting "evidence". Has not helped him any in the end; evidence conveniently found on company's devices afterwards (however it arrived there) was enough for Chinese court to jail him anyway.
(Score: -1, Flamebait) by Anonymous Coward on Wednesday May 18 2022, @09:43PM (2 children)
PRC government, and their crony capitalists, can do absolutely anything to absolutely anyone. Done it for decades, are doing now, will continue till whatever finale they have coming. What is to discuss about this one case out of uncounted millions?
(Score: 0) by Anonymous Coward on Wednesday May 18 2022, @11:21PM (1 child)
What about the New York-based credit union employee mentioned in the story as well?
(Score: 0) by Anonymous Coward on Wednesday May 18 2022, @11:34PM
Two words: "plea bargain".
(Score: 4, Insightful) by hopdevil on Thursday May 19 2022, @01:40AM (4 children)
I'm sure most won't agree with this, but the company should be responsible for protecting itself from insider security threats. While I don't condone what was allegedly done here, prison time is way too heavy handed in my opinion.
Keeping a prison time threat against employees if they run afoul of a company should make sysadmins very uncomfortable. Since this guy has brought up the security risks and was ignored, argued with supervisors he was probably turned into an example.
There are certainly security mechanisms (like 2 people required to get root access) which can be built into systems which prevent this from happening.. if the company decided against doing this it is on them, not the lone wolf. If this guy actually has the permissions and capabilities to delete the data, he was acting on behalf of the company..
(Score: 3, Informative) by jasassin on Thursday May 19 2022, @04:24AM (3 children)
If the vulnerability was so bad, I’m wondering why the hell he logged in with the root password to wack the DB? Sounds like the biggest security threat they had was hiring this dildo.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 4, Insightful) by JoeMerchant on Thursday May 19 2022, @03:22PM (2 children)
First, and objectively worst, vulnerability: a root password which is not changed upon dismissal of an employee who knows it.
🌻🌻 [google.com]
(Score: 3, Touché) by RS3 on Thursday May 19 2022, @03:29PM (1 child)
That and many other things which all go back to: the company resisting security improvements.
(Score: 3, Funny) by JoeMerchant on Thursday May 19 2022, @03:50PM
Plot twist: they do change the password, but then they post it on an open website so "people who need it can get it."
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday May 19 2022, @09:46AM (1 child)
In most companies even if they have separate people involved in sysadmin and handling of backups the sysadmins would still know ways to destroy the backups. There are certain backup systems in my company I'm not in charge of but I still know where the stuff is.
[1] Even if you hate the company that much and are willing to do something unethical, you don't do the deed yourself - you get someone else to do it. If some outsider can't do it even if you expose info to them (that has no links to you - e.g. not your ID and password) then maybe the company's systems really aren't that insecure? In which case the company's biggest security problem was him. And to fix it he should have resigned and got a job in a different industry.
(Score: 2) by RS3 on Thursday May 19 2022, @03:34PM
Proper backup includes making multiples, and also includes some kind of physical media that is removed from the site and stored by a 3rd-party company in a secure vault.
Even in a small company, corporate principals (CEO, president, VP, secretary) should keep copies in a small safe or fireproof strong box, at home, bank safety deposit box, etc.
(Score: 2) by JoeMerchant on Thursday May 19 2022, @03:14PM
Seems disproportionate: the data restoration effort only cost $30K but tens of thousands of employees were without salaries for an "extended period." In the U.S. they would lump on the cost of dealing with the employee salary snafu which doubtlessly would cost much more than $3 per employee.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Wednesday May 18 2022, @10:58PM
7 years in prison for wiping a server with a cloth.