backtop


Print 36 comment(s) - last by virtualdll.. on Jan 18 at 2:43 PM

Bob gets busted bypassing business security

It comes as no surprise to anyone that it is typically much cheaper to have programming performed in China rather than in the U.S., as the work can typically done for a fraction of the cost. A security case involving this interesting dynamic between the U.S. and China has surfaced that's both funny and disturbing at the same time.

A developer for a U.S.-based critical infrastructure company simply called "Bob" was busted for outsourcing his programming job to China. Obviously, his employer had no idea what Bob was doing despite the fact that he had been receiving glowing performance reviews.

Bob was caught during a company security review of VPN logs. Security personnel at the company discovered that there was an unauthorized VPN connection coming into their system from China. Since they are a U.S. critical infrastructure company, having an unauthorized VPN access from China was a big deal.

Making the problem even scarier for the security personnel was that the company had implemented two-factor authentication for the VPN using a rotating token RSA key fob. An unauthorized Chinese connection to the VPN meant that whoever was accessing the system from China had also been able to bypass a security token, or at least they thought this was the case.

Making things even more puzzling for the investigators was that the developer whose credentials were being used was sitting at his desk in the office when the live VPN connection from China was discovered. On further investigation, it was discovered that Bob had physically mailed his RSA key fob to China and had hired developers to do his work.

Bob was reportedly making several hundred thousand dollars per year while paying roughly $50,000 per year to the Chinese developers who were doing his work for him. Bob was spending his day watching cat videos, surfing Facebook, and messing around on eBay according to evidence the security researchers later found on his computer. Bob was also storing invoices from his Chinese developer on his work computer.
 
Bob had a good thing going, but unsurprisingly, his company wasn’t too fond of his antics and fired him.

Source: Verizon Business Security Blog (cached)



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By EricMartello on 1/17/2013 10:49:49 PM , Rating: 1
Oh, here we go. Someone doesn't seem to understand that the salary is determined by the free market, and the market price tends to be the highest that someone is willing to pay for a product/service. If you're not fetching a higher salary for your own skillset it's a failure of your own making to be more valuable.

If you need a coder who has a specific level or area of expertise it could be worthwhile to pay them "several hundred thousand" per year. Areas like cryptology, game engine, network protocols and such require more skill/talent than your typical McProgrammer from freelancer can muster. BTW $50K per year in China isn't far off from someone in the US earning a six-figure salary.

What this guy was doing - arbitrage - isn't new. In fact many people have done this and are currently doing this, not just with programming but also with creative work...however if I hired an American programmer as an employee I would definitely not want them outsourcing the work.


"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki