Print 36 comment(s) - last by virtualdll.. on Jan 18 at 2:43 PM

Bob gets busted bypassing business security

It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.

A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.

Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an unauthorized VPN access from China was a big deal.

Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.

Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.

Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.

Source: Verizon Business Security Blog (cached)

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Several hundred thousand for a programmer?
By tayb on 1/16/2013 12:13:12 PM , Rating: 1
No company should be paying someone several hundred thousand to sit and write code. That's absurd. You could get 5-6 high quality developers here in the US for that amount of money. Or a few dozen in China apparently. A salary that high should be in an upper management position.

By FaaR on 1/16/2013 3:12:38 PM , Rating: 2
Tell that to John Carmack next time you see him... ;)

By someguy123 on 1/16/2013 4:14:40 PM , Rating: 3
I believe it was multiple jobs.

By inighthawki on 1/16/2013 4:45:44 PM , Rating: 5
lol upper management... if there was a job that required a serious reduction in salary, you nailed it.

By EricMartello on 1/17/2013 10:49:49 PM , Rating: 1
Oh, here we go. Someone doesn't seem to understand that the salary is determined by the free market, and the market price tends to be the highest that someone is willing to pay for a product/service. If you're not fetching a higher salary for your own skillset it's a failure of your own making to be more valuable.

If you need a coder who has a specific level or area of expertise it could be worthwhile to pay them "several hundred thousand" per year. Areas like cryptology, game engine, network protocols and such require more skill/talent than your typical McProgrammer from freelancer can muster. BTW $50K per year in China isn't far off from someone in the US earning a six-figure salary.

What this guy was doing - arbitrage - isn't new. In fact many people have done this and are currently doing this, not just with programming but also with creative work...however if I hired an American programmer as an employee I would definitely not want them outsourcing the work.

"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
Related Articles

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki