Straight from the corner of the web that is populated with stories so crazy there’s no way they could have been made up comes a case study laid out in a blog post by Verizon’s security team. According to the report, last year, one of their clients asked them to investigate a suspicious connection recorded in its VPN (Virtual Private Network) logs, which suggested that someone was logging in with an employee’s credentials from China. Even while the employee was sitting at his desk in his office in the US.
The security team says the company thought that somehow the 40-something software developer (nicknamed “Bob”) had accidentally downloaded some malware which had allowed someone in Shenyang, China to access his desktop computer. As it turns out, Bob had simply outsourced his job to Chinese sub-contractors, and they were logging in every day to do his work for him while he watched cat videos and sat on Reddit.
According to Verizon, the security team figured out that Bob typically spent his day like this:
09:00 Arrive at work and surf Reddit for a few hours. Watch cat videos.
11:30 Take lunch.
13:00 Go on Ebay.
14:00 Update Facebook and LinkedIn.
16:30 Send an update email to management.
17:00 Go home.
The IT security team found this out after they accessed Bob’s work computer to look for malicious software, and were instead rewarded with a colourful web browsing history and hundreds of PDF invoices from the Chinese developer he’d paid to do his job. Their VPN logs, which only went back six months, showed that the sub-contractor had been logging in almost daily for as far back as they could see.
Bob, who had been at the company for years, had even apparently couriered his RSA token to China to get round his company’s two-factor authentication system. To top it all off, he had received stellar performance reviews for the exemplary work submitted by the Chinese developers he was paying a fifth of his salary to.
Image: McBeth / Flickr