Verizon Wireless has helped a critical infrastructure company based in the United States catch one of its developers paying Chinese workers to do his job so that he could browse the Internet all day. “Bob” outsourced all of his work to China and paid the workers just a fraction of his six-figure salary so that he could spend his time on sites like Reddit, Facebook, LinkedIn, and eBay.
Verizon has revealed the fascinating story in a new case study.
Bob (not his real name) worked at the unnamed company for a relatively long period, earning “several hundred thousand dollars a year,” and he received excellent performance reviews. He was regarding the best developer in the building, according to Verizon; his code was clean and well-written, and submitted in a timely fashion.
The thing is, it wasn’t actually Bob’s code. You see, Bob sent all of his work to China and paid workers there to do it for him for “about fifty grand annually.” So what did Bob do while he was in the office? Well, Verizon has drawn up schedule for Bob’s typical working day — this is it:
- 9 a.m. — Arrive at work and surf Reddit for several hours, watching cat videos.
- 11:30 a.m. — Take lunch.
- 1 p.m. — Browse eBay.
- 2 p.m. — Browse Facebook and LinkedIn.
- 4:30 p.m. — Send an end of day email to management.
- 5 p.m. — Go home.
At this point, it’s worth pointing out that this story isn’t at all fabricated, and it’s not a joke. It comes straight from Verizon — via The Next Web — which has published this information not because it was a large-scale data breach, but because Bob’s scam had a “unique attack vector.”
This is the most fascinating part: Bob didn’t just pull this scam with this particular company; he reportedly had it going with several companies in the area. And he’d probably still be doing it today if he wasn’t caught “accidentally.”
Verizon’s security team received a request from the critical infrastructure company that asked for help in understanding anomalous activity it had discovered in its VPN logs. The company had found an open and active connection from Shenyang, China, which was using Bob’s credentials to access its network. The connection occurred almost every day, and often spanned the entire work day.
However, part of the company’s authentication was a rotating token RSA key fob — without that, a successful connection to its network could not be made. It had initially suspected that a malware program had found its way onto Bob’s computer, but when Verizon investigated it, it was discovered that the VPN connection from Shenyang was at least six months old, which is how far back the VPN logs went.
Unable to explain how an intruder could have gained access to the company’s system, Verizon decided to take a closer look at Bob, since it was his credentials that were being used. The carrier’s case study described him as an “inoffensive and quiet” family man who “you wouldn’t look at twice in an elevator.”
After taking a look at Bob’s computer, Verizon found hundreds of PDF invoices from a Chinese consulting firm in Shenyang that was being paid to do Bob’s work.
So how did the firm gain access to the network? Bob had his RSA token mailed all the way to China.
I must say, Bob’s scam is pretty ingenious. He’s clearly gone to great lengths just so that he can spend his entire working day browsing the web. What I can’t figure out is this: if Bob was clever enough to put the elaborate scheme together just so he didn’t have to do any work, why wasn’t he clever enough to store all of his invoices on a private computer?
Via: The Next Web