A software developer has been busted for secretly outsourcing his work to China and instead spending his time in the office messing about on the web.
The revelation comes from Verizon’s security team, which was called in to investigate at an unnamed US company involved in “critical infrastructure.” The company allows some staff to work at home now and again and thus sets up a virtual private network.
During a routine check of the network logs they noted an active connection from China, which raised major security questions. This was particularly baffling as the system not only required log-in details for remote access, but also a secondary authentication through a physical device housed on a keyfob.
The immediate assumption was that a Chinese hacker had breached the system, perhaps through malware, and had gained the ability to pose as a legitimate employee. That employee, dubbed Bob for the purposes of publicising the case, was described as in his mid-40s and having a ” Relatively long tenure with the company, family man, inoffensive and quiet. Someone you wouldn’t look at twice in an elevator.”
Verizon investigators discovered that the Chinese connection had actually been active almost every day and had been open for most of the working hours. They then took an image of Bob’s hard drive and — in the hope of getting more clues about the supposed Chinese hacker — began recovering files that had been deleted but where the relevant disk space hadn’t yet been reused.
That brought up several hundred PDF documents of invoices for a Chinese developer. It turned out that Bob had not only been outsourcing his work, paying around 20 percent of his salary to the Chinese developer, but had even mailed his security keyfob across the Pacific.
The investigators then looked at Bob’s browsing history and discovered he filled the now-empty hours visiting popular websites such as Reddit, eBay and Facebook. The closest thing he did to productive work was a daily e-mail update to his managers.
And the reason he was able to get away with it without bosses asking any questions was that “for the last several years in a row he received excellent remarks. His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building.”
There’s no word yet on what’s become of Bob, or whether his Chinese substitute has earned a job.