An audit conducted by Verizon’s Risk Team last year revealed that an employee at a US company had successfully outsourced his job to China for ‘months’, it emerged on Wednesday.
The resourceful software developer, only referred to as ‘Bob’ by Verizon, perpetrated this scam at a number of telecommunications companies at the same time, earning several hundred thousand dollars a year for essentially browsing the Internet all day long.
Obviously, Bob is no longer employed by the company in question.
After Bob outsourced his job, he was left with eight completely free hours every day, which he spent reading Reddit, socialising on Facebook, and watching cat videos on YouTube. At the end of every day, Bob would dutifully send email updates to the management, reporting on the progress of the projects he was supposed to be working on.
The developer reportedly paid 20 percent of his six-figure salary to a software company based in Shenyang, Northern China, which was writing the code for him. The contractors had always delivered exceptional results, making Bob a favourite with the management.
This “innovative” arrangement came to light after Bob’s employers noticed strange activity in their Virtual Private Network (VPN) logs and requested an audit from Verizon’s Risk Team. The VPN was implemented at the company two years prior to the incident, in order to allow some employees to work from home.
During the audit, the Risk Team discovered a VPN connection to Shenyang which was active on working days of the week. Naturally, the first reaction of cybersecurity experts was to suspect the involvement of the Chinese hackers, no doubt siphoning off trade secrets. The truth was much more unconventional.
In order to make his plan work, Bob gave up his credentials and actually sent his physical authentication token to China by post. Further investigations revealed ‘hundreds’ of invoices issued by the contractors and addressed to the developer.
And yet, the story gets better. “Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 annually,” explained Andrew Valentine from Verizon’s Risk Team on the Help Net Security blog.
This article appeared on TechWeekEurope. Click here for the full story.
Security vendor Flashpoint debuts partner programme following $28m funding
Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture
Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”
Ensono highlights importance of mainframes still to major industries
Security vendor VASCO looks to replicate UK and German set up across EMEA
Splunk details investment in Partner+ programme at .conf2017