Software Developer Outsources His Own Job, Gets Busted During Security Audit
January 16, 2013 10:00 AM
comment(s) - last by
Bob gets busted bypassing business security
It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.
A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.
Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an
unauthorized VPN access from China was a big deal
Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.
Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.
Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.
Verizon Business Security Blog (cached)
This article is over a month old, voting and posting comments is disabled
RE: Was that worth $50,000?
1/16/2013 12:02:12 PM
More like he was doing much more then humanely possible by a single developer and got large bonuses as the result. Companies just don't pay "several hundred thousand dollars" to a dev.
So he used his bonus to pay for chinese workers. In my mind this was win-win-win. Verizon got excellent work from Bob (all those glorious performance reviews), Bob got lot's of time on his hands and chance to catch up with cat videos (impossible to do as there are too many of them), Chinese devs got a nice chunk of money to make a decent leaving and feed their families.
"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer
Lockheed Warns Foreign Cyberattackers are Targeting Its Contractors
November 13, 2012, 6:33 PM
LinkNYC Terminals to Blanket New York City With Free WiFi, Free Calls, and Ads
November 17, 2014, 6:50 PM
Microsoft is Open-Sourcing Most of .NET, Adding OS X and Linux Support
November 12, 2014, 8:27 PM
Home Depot Lost 53 Million Emails, Blames Windows, Buys Execs New Macs
November 9, 2014, 5:00 PM
Former NSA Lawyer: If Google, Apple Encrypt User Data, They’ll Wither on the Vine Like Blackberry
November 6, 2014, 12:15 PM
Report: AT&T Eyeing $40B DirecTV Purchase
May 1, 2014, 8:00 AM
WebOS Class Action Settlement Costs HP $57 Million
April 1, 2014, 10:22 AM
Most Popular Articles
BlackBerry Classic Sells Out Online (Seriously, It Has) for North America
December 15, 2014, 7:07 PM
LaWS (Laser) "Kills" Boat-Hauled Fuel Tanks, UAV "Bomber" in the Persian Gulf
December 12, 2014, 8:31 PM
Quick Note: Windows Phone Finally Gets Candy Crush Saga
December 13, 2014, 2:03 PM
Lamborghini Offers Up $6,000 Leather-Bound Android Smartphone
December 12, 2014, 3:12 PM
After Coming So Close to Recovering, Northern White Rhino is Nearly Extinct
December 15, 2014, 11:30 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information