A former database administrator, Han Bing, who works for Lianjia, a Chinese real-estate brokerage firm, was sentenced to seven years in prison.
Bing was arrested after logging into corporate systems and deleting the company’s data in 2018. He used his administrative privileges and his “root” account to access the company’s financial system and delete all stored data from two database servers and two application servers.
According to court documents, Bing was one of the five prime suspects after the company was hit by the data loss, and he drew suspicion after failing to provide the company’s investigators with his laptop password.
In order to trace the origin of the attack, the technicians retrieved access logs from the accounts and traced the activity back to certain internal IPs and MAC addresses.
The final investigation revealed that Bing used the commands “shred” and “rm” to delete the databases. Rm commands remove the symbolic links of the files. Shred commands overwrite the data three times with multiple patterns, making them irrecoverable.
The sources for this piece include an article in BleepingComputer.
