A software developer for a U.S. company paid a fraction of his six-figure salary to a contractor in China to do his work, then spent the bulk of his workday surfing the Web.
By all accounts, Bob was a model employee, a software developer who consistently wrote clean code for his company and never missed deadlines. Then investigators found out it wasn’t Bob who was doing his job.
Turns out Bob had outsourced his work to China, paying a lowly overseas surrogate a fraction of his six-figure salary to do his 9-to-5 job. All the while, Bob sat at his desk, pretending to be busy while actually surfing the Internet, updating his Facebook page and watching cat videos.
Bob isn’t his real name, but his story is real, says Andrew Valentine of Verizon’s RISK team, which uncovered the elaborate workplace scam for a business client described only as a “U.S. critical infrastructure company."
“Every now and again a case comes along that, albeit small, still involves some unique attack vector – some clever and creative way that an attacker victimized an organization. It’s the unique one-offs, the ones that are different that often become the most memorable and most talked about amongst the investigators,”
The scam was uncovered in 2012. According to Valentine, here’s how it went down:
The U.S. company called in Verizon security investigators after noticing some unusual activity on their VPN, or virtual private network, logs. VPNs allow employees and companies to share and access information from any computer anywhere.
The company was startled to discover that someone appeared to be accessing the network from Shenyang, China, while the worker whose credentials were being used was sitting at his desk in the office.
“Plainly stated, the VPN logs showed him logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor,” Valentine writes.
The company initially suspected a hacker.
Verizon investigators noticed that the network connections from China were happening almost daily, and occasionally lasted the entire workday. They turned their attention to Bob.
They examined the data on Bob’s computer and hard drive and found hundreds of PDF invoices from a third-party contractor/developer in Shenyang.