A software programmer was recently fired after the company he worked for found out he outsourced his job, which he got paid a six-figure salary to perform, to a worker in China.
Andrew Valentine wrote on the Verizon Business blog (which is down at this time) that these actions by the employee identified as “Bob” were discovered during a log analysis that is intended to find security mistakes. In fact, the name of the blog post is cheekily called “Case Study: Proactive Log Review Might Be a Good Idea.”
Help Net Security reported Valentine, with Verizon’s risk team, saying that a US-based company asked them for help to understand activity they saw in VPN logs that showed an active connection from China to one of their employees who worked remotely in the U.S. More concerning is that they saw the VPN connection was being made nearly every day for months. The company feared malicious activity could have been conducted and brought in Verizon to investigate.
What Verizon found, Valentine explained according to Help Net Security, ultimately lead them to the knowledge that “Bob” spent his time surfing the Internet, looking at cat videos on YouTube and searching on eBay and Reddit, instead of doing his job.
“Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day,” Valentine wrote.
But that’s not all.
“Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually,” Valentine wrote.
Help Net Security reported the blog saying that the employee’s work even got good reviews from H.R. for meeting deadlines and writing clean code. The one bit of work “Bob” did seem to complete each day was an end of day email sent to management.
Featured image via Shutterstock.com.
(H/T Reddit, The Register)