This story that comes out of case study from Verizon is just too weird to not share. Verizon apparently had a client that was a U.S. critical infrastructure company. The client noticed that they had a lot of traffic coming through a VPN connection from China on a daily basis for months. The client thought that one of their developers must have been hacked, so they enlisted the security team from Verizon to help them figure the situation out.
I’ll cut right to the end. It turned out that the investigation found out that their developer, who they called “Bob”, was outsourcing his work to China and using his work time to surf Reddit, shop on eBay, post updates on Facebook and LinkedIn and to send out a daily email update to management. On top of that, he apparently had been doing the same thing with several other companies and had been making several hundred thousand a year while only paying $50,000 to the company he was using in China. He had even been noted as the best developer in the building in his performance reviews.
If it wasn’t for the security breach, I would be commending Bob myself. He delivered the best work in the building, after all. Opening up the company’s firewall at a critical U.S. infrastructure company though? Not a good move. Maybe he can get a job handling outsourcing for another company next? He seemed to do a good job of it if his performance reviews can be believed after all.