Information Security News
mailing list archives
Developer outsources work to China so he can watch cat videos (and gets caught)
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Jan 2013 00:15:35 -0600 (CST)
By Ricardo Bilton
January 16, 2013
"Bob" is an unassuming, 40-ish software developer with a big secret: He
really likes cat videos.
But Bob had a problem: He has to work, and the American economy doesn’t
exactly brim with jobs that pay you to watch cat videos all day.
So Bob hatched a plan: Aiming to get the best of both worlds, Bob
outsourced his work to a Chinese developer. The plan was simple,
brilliant, and completely water-tight: Not only was Bob able to do
whatever he wanted while at “work” (like read Reddit and surf eBay), but
he also made hundreds of thousands of dollars in the process. What could
possibly go wrong.?
A lot, it seems. According to a blog post by the Verizon Business
Security team, Bob’s antics raised a lot of red flags at his employer,
which, as a “U.S. critical infrastructure company” saw the traffic
coming from China and expected the worst.
Charged with the task of investigating the case, the security team
quickly discovered Bob’s plan, which involved routing VPN traffic to his
Chinese contractor and passing off the resulting work as his own. Worse,
Bob had even shipped the contractor his RSA security token, which
enabled the contractor to bypass the two-factor security measures
implemented by Bob’s employer. (In case you were curious, the entire
post is a case study in why companies should be more proactive about
checking their traffic logs for unusual network activity.)
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Developer outsources work to China so he can watch cat videos (and gets caught) InfoSec News (Jan 17)