backtop


Print 36 comment(s) - last by virtualdll.. on Jan 18 at 2:43 PM

Bob gets busted bypassing business security

It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.

A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.

Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an unauthorized VPN access from China was a big deal.

Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.

Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.

Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
 
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.

Source: Verizon Business Security Blog (cached)



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Was that worth $50,000?
By Moizy on 1/16/2013 11:30:37 AM , Rating: 2
I could understand better if the guy worked remote and then outsourced his work so he could spend the day at the golf course or whatever. But he still had to sit at a desk. So essentially he was paying $50,000 a year so he could sit at his desk at work, but not work. $50,000 a year so he could watch cat videos and peruse ebay. Wow. If you have to go through the effort to get to work and sit at your desk, wouldn't you work some? Passing your day with cat videos and ebay would take a long, long time, and he was paying $50,000 a year to do it. Not worth it to me.




RE: Was that worth $50,000?
By Nutzo on 1/16/2013 11:44:12 AM , Rating: 2
Sounds like he really wasn't able to do the quality or volume of work that the job required, so he outsourced it. Had to sit at the desk to give the appearance he was doing his job.


RE: Was that worth $50,000?
By Netscorer on 1/16/2013 12:02:12 PM , Rating: 2
More like he was doing much more then humanely possible by a single developer and got large bonuses as the result. Companies just don't pay "several hundred thousand dollars" to a dev.
So he used his bonus to pay for chinese workers. In my mind this was win-win-win. Verizon got excellent work from Bob (all those glorious performance reviews), Bob got lot's of time on his hands and chance to catch up with cat videos (impossible to do as there are too many of them), Chinese devs got a nice chunk of money to make a decent leaving and feed their families.


RE: Was that worth $50,000?
By Belegost on 1/16/2013 12:00:24 PM , Rating: 2
Look at this the other way, he was making several hundred thousand a year, let's say 250k for nice even numbers. Take out the taxes and 50k for the outsourcing, and he has say 125k/year take home.

So in that perspective, he made 125k/year net income for telling some Chinese guys what to do and sitting at his desk watching lolcats. Sounds like a good deal.

Also, sounds like every other manager out there...


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki