This true story involves a high tech software job and networking. Being involved in these areas during my engineering career I could understand and relate to what had happened. One acronym that is key to the story is “VPN” which stands for a Virtual Private Network. I have used VPN’s and they are common tools for mobile workers. Using encryption techniques a VPN creates a private network over a public network (internet).
Ok, hopefully I didn’t scare any non-technical readers away. Now on to the story.
A well paid software developer outsourced his own job to a contractor in China. The irony here is the employee not the employer initiated the outsourcing. I’ll summarize and leave the story link at the end.
The Verizon Business security services risk team was contacted by one of their customers to help them investigate an anomaly they discovered in their network equipment logs. The Verizon customer was seeing a daily VPN log-in from China. The log information tracked the VPN credentials to a certain software developer within the company who had been issued a VPN for occasional remote work. They noticed the Chinese log-in was active while the employee was not working remote but visibly at his desk.
The next step to investigate was analysing the employee’s computer memory. There they found a surprising smoking gun. The found hundreds of invoices from a Chinese contractor in the employee’s computer.
This developer was spending about $50,000 to have his assignments done for him in China while he made a good six-figure salary. They then checked his web activities and piece together a picture of his typical day. It included facebook, ebay and cat videos.
One additional kicker to the story - the developer had outstanding performance reviews and was considered the best developer in the building. I’m guessing he was also the go-to guy for good cat videos too.
At a basic level he was a highly paid dishonest cheat which is not unknown in executive circles. Do you view him as a shrewd operator that sought a good deal? Because he violated the security of the company’s private information entrusted to him, I consider him very close to a corporate spy.
Just speculating with my limited knowledge, I say his boss didn’t have a clue about the nature and details of work required of his subordinates. Outsmarting your boss can be too easy in many situations.
Here’s a link to the story on the Verizon Security Blog.