This Man Is A Genius

From the BBC Comes this gem of a story:

A security check on a US company has reportedly revealed one of its staff was outsourcing his work to China.

The software developer, in his 40s, is thought to have spent his workdays surfing the web, watching cat videos on YouTube and browsing Reddit and eBay.

He reportedly paid just a fifth of his six-figure salary to a company based in Shenyang to do his job.

Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach.

According to Andrew Valentine, of Verizon, the infrastructure company requested the operator’s risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.

“This organisation had been slowly moving toward a more telecommuting oriented workforce, and they had therefore started to allow their developers to work from home on certain days. In order to accomplish this, they’d set up a fairly standard VPN concentrator approximately two years prior to our receiving their call,” he wasquoted as saying on an internet security website.

The company had discovered the existence of an open and active VPN connection from Shenyang to the employee’s workstation that went back months, Mr Valentine said.

And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China.

“Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China,” said Mr Valentine.

Further investigation of the employee’s computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.

The employee, an “inoffensive and quiet” but talented man versed in several programming languages, “spent less than one fifth of his six-figure salary for a Chinese firm to do his job for him”, Mr Valentine said.

“Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day,” he added.

“Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 (£31,270) annually.”

The employee no longer worked at the firm, Mr Valentine said.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: