Software Developer Outsources His Own Job, Gets Busted During Security Audit
January 16, 2013 10:00 AM
comment(s) - last by
Bob gets busted bypassing business security
It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.
A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.
Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an
unauthorized VPN access from China was a big deal
Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.
Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.
Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.
Verizon Business Security Blog (cached)
This article is over a month old, voting and posting comments is disabled
1/17/2013 3:51:27 PM
If the Chinese developer was VPN'd into his desktop PC, how did he use it to surf eBay and cat videos? When he logged into his desktop, didn't it sever the VPN connection?
"And boy have we patented it!" -- Steve Jobs, Macworld 2007
Lockheed Warns Foreign Cyberattackers are Targeting Its Contractors
November 13, 2012, 6:33 PM
Google's Gleaming Glass HQ Gets Mountain View Snub, LinkedIn Gets the Love
May 7, 2015, 6:58 AM
Tech's Tax Day Fortunate Few: Qualcomm, Xerox, GE, et al. Pay Little or No Taxes
April 15, 2015, 11:30 AM
LinkNYC Terminals to Blanket New York City With Free WiFi, Free Calls, and Ads
November 17, 2014, 6:50 PM
Microsoft is Open-Sourcing Most of .NET, Adding OS X and Linux Support
November 12, 2014, 8:27 PM
Home Depot Lost 53 Million Emails, Blames Windows, Buys Execs New Macs
November 9, 2014, 5:00 PM
Former NSA Lawyer: If Google, Apple Encrypt User Data, They’ll Wither on the Vine Like Blackberry
November 6, 2014, 12:15 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information