There are no winners in the revenge story.
We may all have heard some striking stories that a furious IT employee deleted the data of the company and then run away forever as revenge on the workplace where he might receive mistreatment in his mind. Whether a programmer takes this method to express his grudge or holds it as a hostage to demand unpaid salaries when leaving the position, these events, although appalling-sounding, are common in the industry no matter it targeted at database on-premise or in the cloud, or even open-source projects in some cases. A conscientious employee who used to guard the immense amounts of data every day now could be the first one to throw them into the fire.
Recent Cases
Not long ago, a well-known Internet company in Shanghai that experienced a "delete & disappear" event in 2021 received the final verdict from the local court. The former employee, whose family name was Wang, was punished by an imprisonment sentence of ten months.
In March 2021, Wang was recruited by the company to do R&D work on computer systems and was responsible for the company's e-commerce platform to develop business logic. Three months after his joining, Wang was dissuaded from the company for failing to pass the requirements during the probationary period, and on the day of his leaving, without the company's permission, Wang deleted all the system code that was about to go online.
This action was not noticed until the system was about to go into production a few days later, and the company had nothing to do but urgently postponed the schedule. Meanwhile, it had to pay a large amount of money to hire a third party to recover the data and organized employees to rewrite the code to ensure subsequent operations of the system.
Wang, who violated the state regulations about sabotaging the computer information system, therefore was sentenced to prison terms.
Early this year, Marak, author of the well-known open source tool Faker.js, deliberately broke the open source repo on GitHub, eliminating all the code and leaving the word "endgame" in the commit. This action affected colors.js, another repo he developed as well, and Github later suspended his access to all public and private projects.
No winners in the revenge story
A furious IT may have various reasons to make this kind of behavior, but no matter how righteous it sounds, the ending will not be a happy one.
In September 2018, a senior engineer of SF Express deleted the online system database of the multinational delivery services by mistake and was finally fired. Just three months before that, we saw a similar incident in Lianjia, one of the top real estate brokerage companies in China. On January 6, 2021, Beijing First Intermediate People's Court gave a verdict on the former Lianjia employee with a 7-year sentence for deleting 9 TB of data from the company due to dissatisfaction with work adjustments, which costed the company RMB 180,000 to restore its financial system.
While the most striking one of these kinds of incidents happened in Weimob, a cloud-based business and marketing solutions provider for Chinese enterprises. In February 2021, Weimob's online service broke down after an employee maliciously deleted the database, causing the main business to collapse and halting the business of 3 million merchants. Weimob then worked with service providers to recover the data, and it took seven days and nights to retrieve the deleted data. However, due to the negative impact, more than HK$ 3 billion has disappeared from the market value of Weimob. As for a large number of merchants, Weimob said it had prepared 150 million RMB to compensate users. The employee confessed to this act for personal reasons of being drunk and unable to repay his loans and was eventually sentenced to 6 years in prison.
We could list many other stories and none of them ended with no money loss or the technician’s imprisonment of less than one year.
In August 2020, an Ex-Cisco engineer faced up to five years imprisonment and a fine of US$250,000 because he maliciously deleted 456 VMs for WebEx Teams after exit, causing the company to lose up to $2.4 million including employee costs fixing the damage and refunds to impacted customers.
In November 2020, Wu, a Shanghai programmer in charge of product development, operations, and management deleted his former company's data for having a dispute over salaries, resulting in the loss of user behavior logs from its APP "Zhuzuo". As a result, users are unable to read their designs and 3D models. Wu also eradicated more than 27,000 images and model files created and uploaded by registered users, and he was found guilty of damaging computer information systems and was sentenced to 11 months in prison.
In September 2021, Shannon Stafford, a 50-year-old IT executive in the United States, was sentenced to 12 months and a day in prison after he logged in after being fired for poor performance and wiped an office's computer storage drives. He also had to pay his former bosses restitution totaling $193,258.10 (about RMB 1.32 million).
The Truth of “No Solution”
On the other hand, there are also people who will not delete your data at all, as their revenge method is to disclose them to the public. In April 2019, it was reported that the source code of the backend of Bilibili was leaked. Published on GitHub, the source code was not hosted under the official Bilibili domain but in a repository called "go-common" created by a user called "openbilibili".
Generally, it seems that there are three situations that might cause a furious programmer to lose his cool.
· The employee was unfairly treated due to salary reduction, demotion, layoffs or heavy tasks.
· The company lacks specific data management measures.
· Caused by accidents.
Living in a world with "digital intelligence" and "digital transformation", data can easily become a bargaining chip in a deathmatch between a company and its employees, as the trust between the two is quite fragile. Enterprises could choose to low down risks by trusting a fixed system or relying on a management mechanism which is a disordered one for some companies.
Establishing a functional trust mechanism requires frequent and timely updates so that the working processes and systems could adapt to external environment changes.
Enterprises should realize that the capability to resist risk is not only in the business model or supply chain, but also in the technical capacity to support an excellent architecture, secure data, and effective management.
To achieve this goal, defining specific data operation permission for an IT worker is not enough, and employers should care about the mental health of their staff instead of chasing profits and business goals.
Cloud Is Not the Panacea
Whenever we saw a similar story before, we may receive possible solutions from technical experts who may give various suggestions such as architecture backup, decentralized management, process management, safe house, operational supervision, etc. Among these, going to the cloud seems to be a common choice.
However, can this really eliminate or at least reduce the occurrence of these kinds of events?
It is true that data in the cloud is more secured, as it could get more public resources for the data with the features such as snapshot and offsite disaster recoveries. When data deletion occurs, snapshots can quickly restore or roll back to a certain historical time, and then update to the latest data state through other methods. Meanwhile, offsite replication DR services could make the initial investment more cost-effective compared with the locally implemented one.
Even though, the events in recent years show that cloud databases cannot avoid disasters either as it only solves the problem of technical architecture, but not the trust crisis among IT employees and their enterprises.
In the end, an IT's self-awareness is the last resort to ensure database security, and if they cannot comply with the professional ethics, even the best defense process and mechanism will eventually be breached.
Conflict Resolution Mechanism
Enterprises would take profits and revenues as the prior targets from the first day of foundation and sometimes employees who grow with the company are neglected in some ways. Heavy work pressure and unfair treatment will not only reduce the efficiency of employees but also arise negative emotions such as irritation and complaints. Going on like this will eventually exacerbate the situation and hinder the harmonious relationship between enterprises and employees.
But the law cannot be flouted even if you are having a hard time, and doing it violently will eventually harm others and yourselves.
Therefore, companies should pay more attention to the staff's personal growth and give employees sufficient humanistic care while improving the conflict resolution mechanism. Besides, staff should also abide by professional ethics and not make wrong decisions just because of "momentary displeasure" which may cause irreparable damage to the company and even society, and no one could escape from the net of justice after all.
Conclusion
When you use the command "rm" to delete files, you should know it carries a lot. The action of "delete, then disappear" may sound jolly at the moment, but it will also cut your personal career life, which is quite unworthy. For enterprises, this could also lead to unimaginable losses which may cost both time and money.
Therefore, the solution to this lies not only in the technical architecture, operating authority or working flow, how to re-examine the trust between enterprises and employees is also worthy of attention and deep thinking.