Software developer known only as ‘Bob’ spent his workdays looking at cat videos
An audit at a certain US company conducted by Verizon’s Risk Team last year revealed that one of its employees had successfully outsourced his job to China for ‘months’, it emerged on Wednesday.
The clever software developer, known only under the name ‘Bob’, perpetrated this scam at a number of telecommunications companies at the same time, earning several hundred thousand dollars a year for essentially browsing the Internet all day long.
Obviously, Bob is no longer employed by the company in question.
The legend of Bob
After Bob outsourced his job, he was left with eight completely free hours every day, which he spent reading Reddit, socialising on Facebook and watching cat videos on YouTube. At the end of every day, Bob would dutifully send email updates to the management, reporting on the progress of the projects he was supposed to be working on.
The developer reportedly paid 20 percent of his six-figure salary to a software company based in Shenyang, Nortern China, which would write the code for him. The contractors had always delivered exceptional results, making Bob a favourite with the management.
This original work arrangement came to light after Bob’s employers noticed strange activity in their Virtual Private Network (VPN) logs, and requested an audit from Verizon’s Risk Team. The VPN was implemented at the company two years prior to the incident, in order to allow some employees to work from home.
During the audit, the Risk Team discovered a VPN connection to Shenyang which was active on working days of the week. Naturally, the first reaction of cybersecurity experts was to suspect the involvement of the Chinese hackers, no doubt siphoning off trade secrets. The truth was much more unconventional.
In order to make his plan work, Bob gave up his credentials and actually sent his physical authentication token to China by post. Further investigations revealed ‘hundreds’ of invoices issued by the contractors and addressed to the developer.
And yet, the story gets better. “Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 annually,” explained Andrew Valentine from Verizon’s Risk Team on the Help Net Security blog.
How well do you know Internet security? Try our quiz and find out!