backtop


Print 36 comment(s) - last by virtualdll.. on Jan 18 at 2:43 PM

Bob gets busted bypassing business security

It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.

A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.

Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an unauthorized VPN access from China was a big deal.

Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.

Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.

Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
 
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.

Source: Verizon Business Security Blog (cached)



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Not bad
By eagle470 on 1/16/2013 10:55:46 AM , Rating: 5
But you can't trust him is the problem.....


RE: Not bad
By Murst on 1/16/2013 11:26:06 AM , Rating: 3
Maybe not as a programmer, but it does take some know-how to be able to manage multiple outsourcing projects for several companies at a time, report to meetings, etc. He certainly was pretty good at that.


RE: Not bad
By someguy123 on 1/16/2013 12:39:15 PM , Rating: 3
Normally you're not paid hundreds of thousands for outsourcing a small amount of software projects while spending the rest of your time watching cats chase laser pointers. I'm sure he could get work managing outsourcing but his goal is probably the money as much as it is the ease.


RE: Not bad
By fic2 on 1/16/2013 3:48:03 PM , Rating: 4
You have obviously never dealt with a contract house. They are all about making loads of money from your work.


RE: Not bad
By someguy123 on 1/16/2013 10:24:06 PM , Rating: 2
You must be dreaming or living with the worlds top contractors if you think most of them are making hundreds of thousands of dollars annually through outsourcing.


RE: Not bad
By Flunk on 1/16/2013 1:16:06 PM , Rating: 3
There are a lot of people who are willing to take chances. Take a look at Kevin Mitnick.

Actually I think he would be best off starting his own business, outsourced software development. You talk to him and he outsources to China. They said the results were good, why not continue? If it's not defense work it's not a serious issue.


RE: Not bad
By Flunk on 1/16/2013 1:16:35 PM , Rating: 2
I'm actually tempted to try a legal version of this myself.


“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki