SoylentNews is people
SoylentNews
from the hell-hath-no-fury-like-a-sysadmin-scorned dept.
Angry IT admin wipes employer's databases, gets 7 years in prison:
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data.
Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers.
[...] Surprisingly, Bing had repeatedly informed his employer and supervisors about security gaps in the financial system, even sending emails to other administrators to raise his concerns.
However, he was largely ignored, as the leaders of his department never approved the security project he proposed to run.
This was confirmed by the testimony of the director of ethics at Lianjia, who told the court that Han Bing felt that his organizational proposals weren't valued and often entered arguments with his supervisors.
In a similar case from September 2021, a former New York-based credit union employee avenged her supervisors for firing her by deleting over 21.3GB of documents in a 40-minute attack.
Anyone have stories of any interesting employee departures that they have exprienced?
(Score: 4, Insightful) by hopdevil on Thursday May 19 2022, @01:40AM (4 children)
I'm sure most won't agree with this, but the company should be responsible for protecting itself from insider security threats. While I don't condone what was allegedly done here, prison time is way too heavy handed in my opinion.
Keeping a prison time threat against employees if they run afoul of a company should make sysadmins very uncomfortable. Since this guy has brought up the security risks and was ignored, argued with supervisors he was probably turned into an example.
There are certainly security mechanisms (like 2 people required to get root access) which can be built into systems which prevent this from happening.. if the company decided against doing this it is on them, not the lone wolf. If this guy actually has the permissions and capabilities to delete the data, he was acting on behalf of the company..
(Score: 3, Informative) by jasassin on Thursday May 19 2022, @04:24AM (3 children)
If the vulnerability was so bad, I’m wondering why the hell he logged in with the root password to wack the DB? Sounds like the biggest security threat they had was hiring this dildo.
jasassin@gmail.com GPG Key ID: 0x663EB663D1E7F223
(Score: 4, Insightful) by JoeMerchant on Thursday May 19 2022, @03:22PM (2 children)
First, and objectively worst, vulnerability: a root password which is not changed upon dismissal of an employee who knows it.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 3, Touché) by RS3 on Thursday May 19 2022, @03:29PM (1 child)
That and many other things which all go back to: the company resisting security improvements.
(Score: 3, Funny) by JoeMerchant on Thursday May 19 2022, @03:50PM
Plot twist: they do change the password, but then they post it on an open website so "people who need it can get it."
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end