Stories
Slash Boxes
Comments

SoylentNews is people

Angry IT Admin Wipes Employer’s Databases, Gets Seven Years in Prison

posted by hubie on Wednesday May 18 2022, @07:19PM   Printer-friendly
from the hell-hath-no-fury-like-a-sysadmin-scorned dept.

upstart writes:

Angry IT admin wipes employer's databases, gets 7 years in prison:

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data.

Bing allegedly performed the act in June 2018, when he used his administrative privileges and "root" account to access the company's financial system and delete all stored data from two database servers and two application servers.

[...] Surprisingly, Bing had repeatedly informed his employer and supervisors about security gaps in the financial system, even sending emails to other administrators to raise his concerns.

However, he was largely ignored, as the leaders of his department never approved the security project he proposed to run.

This was confirmed by the testimony of the director of ethics at Lianjia, who told the court that Han Bing felt that his organizational proposals weren't valued and often entered arguments with his supervisors.

In a similar case from September 2021, a former New York-based credit union employee avenged her supervisors for firing her by deleting over 21.3GB of documents in a 40-minute attack.

Anyone have stories of any interesting employee departures that they have exprienced?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Angry IT Admin Wipes Employer’s Databases, Gets Seven Years in Prison | Log In/Create an Account | Top | 37 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Thursday May 19 2022, @09:35AM

    by Anonymous Coward on Thursday May 19 2022, @09:35AM (#1246195)

    If you have done everything you can to improve a situation but the company doesn't want to actually solve the problem, it's on them

    My recommendation is (if you haven't already) start gathering as much documentation and evidence that proves it's on them and not on you.

    Keep backups of those.

    Fact is in most cases even though it's a problem, if they don't get very unlucky, nothing happens for decades.

    For example > 90% of workplaces could theoretically have their servers physically stolen from their server rooms/datacenters but in practice that's extremely unlikely. So do you take extra effort to encrypt all the drives of the servers to prevent access to the data? If you do this it means if the servers need to be booted up someone needs to enter the passphrases, otherwise they won't boot up... So is it really worth it for most companies? I'd actually recommend against doing such stuff since it'd actually cause more problems for the company.

    As for this particular case, "oh wow the admin can delete the data and the backups", looks like the biggest mistake the company made was hiring that idiot. He should have solved the company's security problem by resigning and leaving the industry.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1