[P2P-F] Fwd: <nettime> Software developer outsources own job and whiles away shifts on cat videos

Michel Bauwens michel at p2pfoundation.net
Fri Jan 18 05:43:38 CET 2013


---------- Forwarded message ----------
From: nettime's employee of the the year <nettime at kein.org>
Date: Thu, Jan 17, 2013 at 7:51 PM
Subject: <nettime> Software developer outsources own job and whiles away
shifts on cat videos
To: nettime-l at kein.org




Software developer Bob outsources own job and whiles away shifts on cat
videos

Verizon's hunt for firm's mysterious hacker exposes 'top worker' at firm
who let Chinese consultants log on to do his daily work

guardian.co.uk, Wednesday 16 January 2013 18.12 GMT

When a routine security check by a US-based company showed someone was
repeatedly logging on to their computer system from China, it naturally
sent alarm bells ringing. Hackers were suspected and telecoms experts were
called in.

It was only after a thorough investigation that it was revealed that the
culprit was not a hacker, but "Bob" (not his real name), an "inoffensive
and quiet" family man and the company's top-performing programmer, who
could be seen toiling at his desk day after day and staring diligently at
his monitor.

For Bob had come up with the idea of outsourcing his own job – to China.
So, while a Chinese consulting firm got on with the job he was paid to do,
on less than one-fifth of his salary, he whiled away his working day
surfing Reddit, eBay and Facebook.

The extraordinary story has been revealed by Andrew Valentine, senior
investigator at US telecoms firm Verizon Business, on its website,
securityblog.verizonbusiness.**com <http://securityblog.verizonbusiness.com>
.

Verizon's risk team was called by the unnamed critical infrastructure
company last year, "asking for our help in understanding some anomalous
activity that they were witnessing in their VPN logs", wrote Valentine.

The company had begun to allow its software developers to occasionally work
from home and so had set up "a fairly standard VPN [virtual private
network] concentrator" to facilitate remote access.

When its IT security department started actively monitoring logs being
generated at the VPN, "What they found startled and surprised them: an open
and active VPN connection from Shenyang, China! As in this connection was
live when they discovered it," wrote Valentine.

What was more, the developer whose credentials were being used was sitting
at his desk in the office.

"Plainly stated, the VPN logs showed him logged in from China, yet the
employee is right there, sitting at his desk, staring into his monitor."

Verizon's investigators discovered "almost daily connections from Shenyang,
and occasionally these connections spanned the entire workday".

The employee, whom Valentine calls Bob, was in his mid-40s, a "family man,
inoffensive and quiet. Someone you wouldn't look twice at in an elevator."

But an examination of his workstation revealed hundreds of pdf invoices
from a third party contractor/developer in Shenyang.

"As it turns out, Bob had simply outsourced his own job to a Chinese
consulting firm. Bob spent less than one-fifth of his six-figure salary for
a Chinese firm to do his job for him."

He had physically FedExed his security RSA "token", needed to access the
VPN, to China so his surrogates could log in as him.

When the company checked his web-browsing history, a typical "work day" for
Bob was: 9am, arrive and surf Reddit for a couple of hours, watch cat
videos; 11.30am, take lunch; 1pm, eBay; 2pm-ish, Facebook updates,
LinkedIn; 4.40pm–end of day, update email to management; 5pm, go home.

The evidence, said Valentine, even suggested he had the same scam going
across multiple companies in the area.

"All told, it looked like he earned several hundred thousand dollars a
year, and only had to pay the Chinese consulting firm about fifty grand
annually".

Meanwhile, his performance review showed that, for several years in a row,
Bob had received excellent remarks for his codes which were "clean, well
written and submitted in a timely fashion".

"Quarter after quarter, his performance review noted him as the best
developer in the building," wrote Valentine.

Bob no longer works for the company.


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/**listinfo/nettime-l<http://mx.kein.org/mailman/listinfo/nettime-l>
#  archive: http://www.nettime.org contact: nettime at kein.org





-- 
P2P Foundation: http://p2pfoundation.net  - http://blog.p2pfoundation.net

<http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation>Updates:
http://twitter.com/mbauwens; http://www.facebook.com/mbauwens

#82 on the (En)Rich list: http://enrichlist.org/the-complete-list/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ourproject.org/pipermail/p2p-foundation/attachments/20130118/eefe5d53/attachment.htm 


More information about the P2P-Foundation mailing list