'Bob' would spend most of his working day browsing entertainment and social networking sites such as Facebook
'Bob' would spend most of his working day browsing entertainment and social networking sites such as Facebook

Nice work if you can outsource it - IT expert surfed the net while Chinese firm did his job

Mystery man paid out thousands of dollars but still kept most of his salary

Tim Walker
Wednesday 16 January 2013 20:16
Comments

A software developer employed by a US critical infrastructure company, and known only as “Bob”, was fired for outsourcing his duties to China so that he could spend the day surfing the internet.

The story comes from a case study by US telecommunications company Verizon, which was contacted by the man’s employer in May 2012 to help clear up an anomaly in its computer systems.

According to the case study, the offender is in his mid-forties, had worked for the company for some time, and was known as a quiet and inoffensive “family man”, who happened to have expertise in programming languages such as C, C++, Perl, Java, Ruby, PHP and Python. He was, the report suggests: “Someone you wouldn’t look at twice in an elevator. For the sake of the case study, let’s call him ‘Bob’.”

Two years before the case came to light, Bob’s firm had begun to allow its employees to work from home on certain days of the week, while connected to the company’s virtual private network. When its IT security team began monitoring the system in 2012, however, it discovered a perpetually open connection to the network from Shenyang, a major city in China.

Given the country’s reputation for cyber-espionage, and the company’s role in the “critical infrastructure” of the US, the team was understandably “greatly unnerved” by its discovery, not least because it seemed the connection to China had been open on and off for over six months.

The worker whose computer was making the suspicious connection – “Bob” – appeared to be at his desk, working hard. The company expected no less: performance reviews by its HR department revealed that he had been deemed an excellent employee, who wrote impeccable computer code and submitted it on time. “Quarter after quarter,” the case study claims, “his performance review noted him as the best developer in the building.”

The company feared Bob had fallen prey to Chinese malware, which could have been redirecting sensitive information from his desktop to China, and immediately contacted Verizon, its internet provider, for assistance. Verizon’s investigators sifted through the files in his computer, only to find hundreds of invoices from a Chinese consulting firm, based in Shenyang.

Bob, it quickly emerged, had paid the Chinese company less than 20 per cent of his six-figure salary to perform his duties on his behalf, and then spent the day coolly browsing the web. According to the report, which logged his daily computer habits, Bob began his mornings at 9am by flicking through Reddit, and would then “watch cat videos” before taking his lunchbreak at 11.30am. At 1pm he returned to his desk to surf eBay and update his Facebook and LinkedIn accounts. At 4.30pm he would send an email to his bosses, before leaving the office at 5pm.

When the ruse was uncovered, Bob was swiftly dismissed, yet it appears he was running a similar operation across several companies. He paid the Chinese firm approximately $50,000 per year, but took home a salary of several hundred thousand dollars.

“Every now and then,” reads the Verizon security report, “an attack comes along that, albeit small, still involves some unique attack vector – some clever and creative way that an attacker victimised an organisation. It’s the one-offs... that often become the most memorable and most talked about among the investigators.”

Day in the life of a cyber-skiver

9am Bob begins his working day by flicking through the social news and entertainment website Reddit. He then “watches cat videos”.

11.30am Bob takes his lunchbreak.

1pm Bob returns to his desk to browse eBay and update his Facebook and LinkedIn accounts. From now on, he may need to spend more time on LinkedIn, the professional social network often used for job-hunting.

4.30pm Having spent half an hour emailing his bosses, Bob leaves the office at 5pm.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in