Plugged in, but not at work: Web security personnel were called in to find out how a company's network was being accessed from China. They found that an employee had outsourced his own job.
What began as a company's suspicion that its infrastructure was being hacked turned into a case of a worker outsourcing his own job to a Chinese consulting firm, according to reports that cite an investigation by Verizon's security team. The man was earning a six-figure salary.
The anonymous company, identified only as a critical infrastructure firm, asked Verizon's Web security personnel to look into data that showed its virtual private network was being accessed from China — even as the employee whose credentials were used to log in from overseas was sitting in the company's offices, using his computer.
As Emil Protalinski writes at The Next Web, the company's security measures included a coded fob which, the investigating team learned, a code developer had shipped to Shenyang, China, so that a company there could perform his assigned work.
And it turns out that the job done in China was above par — the employee's "code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building," according to the Verizon Security Blog.
It seems that Verizon has removed the page publishing this "case study" — either that, or it has merely become unavailable for some other reason. But a cached version of the story offers more details. The report, which assigns the inventive employee the fictitious name of "Bob," described him as a family guy in his 40s, with extensive software knowledge.
After they were called in to look for rogue software that allowed hackers to perfectly mimic an employee's log-in, and maintain an active and secure connection, the investigators instead found "hundreds of .pdf notices from a third party contractor/developer in (you guessed it) Shenyang, China."
The Verizon team even found that "Bob" kept a regular schedule at his office:
- 9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
- 11:30 a.m. – Take lunch
- 1:00 p.m. – Ebay time.
- 2:00 – ish p.m Facebook updates – LinkedIn
- 4:30 p.m. – End of day update e-mail to management.
- 5:00 p.m. – Go home
And as they learned, his schedule also included sending less than one-fifth of his salary to the Chinese firm. Verizon's investigators say the evidence they uncovered suggests "Bob" might have had similar arrangements at several companies.
"All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually," according to the Security Blog.
It is not yet clear whether "Bob" has read former kickboxer Tim Ferriss's book The 4-Hour Workweek, which explores ideas that include "Outsourcing Life" and "Disappearing Act: How to Escape the Office."