(ABC News)–A software developer was busted for outsourcing his job to a programmer in China while he surfed the Web at work.
The case was described by Andrew Valentine, a principal with Verizon Enterprise Solutions, who published a blog post about the incident.
“We've seen plenty of employee misconduct cases, but not typically like
this,” Valentine told ABC News of his consulting caseload, which
includes large scale data breach events.
Valentine's team was contacted by another company based in the U.S. for
assistance over “anomalous activity” it noticed in records of employees
logging remotely into the company's IT system.
Verizon Enterprise Solutions is not releasing the name of the company or the employee.
The company's security team eventually found that someone was logging in
from Shenyang, China with the American employee's credentials — while
that employee was staring at a computer monitor in his U.S. office.
In his blog, Valentine described the employee as being in his mid-40s
with a “relatively long tenure with the company, family man, inoffensive
and quiet. Someone you wouldn't look at twice in an elevator.”
A search of the employee's computer found hundreds of PDF invoices from a third party contractor/developer from Shenyang.
Eventually, it was discovered that the employee had outsourced his own
job to a Chinese consulting firm, paying about $50,000 to the firm out
of his salary of several hundred thousand dollars.
Once on-site, Valentine said it took about two days for investigators to
collect relevant evidence and put all the pieces together.
In the blog, Valentine wrote that according to his Web browsing history,
“a typical 'work day'” for the employee looked like the following:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – EBay time.
2:00 – ish p.m. – Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home
The employee had sent his company log-in key through FedEx to China so
that the third-party contractor could log in under his credentials
during his workday.
The “best part” of the story is that “for the last several years in a
row he received excellent remarks” in his performance review, Valentine
wrote in the blog.
“His code was clean, well written, and submitted in a timely fashion.
Quarter after quarter, his performance review noted him as the best
developer in the building.”
Valentine said the employee was terminated for violating internal company policy.
“The employee denied everything at first, but then changed his story
once we produced the invoices that were recovered from deleted disk
space,” Valentine told ABC News.
“Honestly? I thought it was pretty clever. I think he took a
calculated risk by knowingly violating company policy, for sure — but
it was clever.”
Valentine said that if he was even cleverer, he would have set up a
server at home, or somewhere else off-site, for the Chinese consulting
firm to access. Then he could proxy their traffic, making it appear that
the traffic was coming from his home.
“That would have been a smarter way to go about it. But yes, either way, pretty clever,” Valentine said.
Copyright 2013 by ABC News