A top software developer at a critical infrastructure company in the U.S. had outsourced his job to China so he could spend his day surfing the web and watching cat videos, according to an investigation by the firm’s telecommunications provider, Verizon.
The firm’s telecommunications supplier Verizon was called in after the company set up a Virtual Private Network (VPN) so employees could work from home over a secure link to the main office network. The VPN traffic logs showed consistent logins to the company’s main server from Shenyang, China, using the credentials of the firm’s top programmer, identified only as “Bob,” reported the British technology website The Register.
“The company’s IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob’s desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator,” Verizon wrote on its RISK Team Security Blog. In normal English, that means they feared Bob’s computer had been secretly coopted by a hacker using a previously unknown virus or other malicious software.
But a red flag went up after Verizon investigators got permission to study Bob’s computer habits. What they found: Bob had hired a software consulting firm in Shenyang to do his programming work for him. He had even shipped the Chinese developers the RSA security token they’d needed for authentication so they could log into his account.
Bob was paying the Chinese software consultancy a fifth of his six-figure salary to do the work, while he spent his time on other activities, like watching cats.
A typical workday for Bob, according to The Register:
- 9:00 am – Arrive at work and surf Reddit for a couple of hours. Watch cat videos.
- 11:30 am – Lunch
- 1:00 pm – E-bay time
- 2:00 pm – Facebook updates, LinkedIn
- 4:30 pm – End-of-day update email to management
- 5:00 pm – Go home
Bob’s “creative” thinking paid off in his performance reviews by the firm’s human resources department. “He was the firm’s top coder for many quarters and was considered expert in C, C++, Perl, Java, Ruby, PHP and Python,” reported The Register.
The kicker: Further digging found that Bob was taking jobs with other firms and outsourcing that work to China too. “It looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually,” said Verizon.
Verizon didn’t mention what became of “Bob,” but one can assume he now has even more time to update his LinkedIn profile.