Lazy genius or just lazy and stupid?
The Register recently reported that the star developer of a "US critical infrastructure company" (no specifics were offered) had been discovered to be outsourcing his job to China after a security audit of the company.
The man had supplied the workers of a Shenyang software consultancy with his log in credentials. He paid them only a fifth of his salary and he was free to spend the rest of his time freelancing for other companies—work that he outsourced as well—and on social media. Analysis of his "work" days consisted of something like this:
"9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – Ebay time
2:00-ish p.m – Facebook updates, LinkedIn
4:30 p.m. – End-of-day update e-mail to management
5:00 p.m. – Go home"
Keep in mind that this man was making a six figure salary.
"Bob", the developer, was considered the company's top coder and an expert in C, C++, Perl, Java, Ruby, PHP, and Python. Unfortunately for him, his charade was seen through once the company called in its telecommunications supplier, Verizon, for suspicious VPN traffic coming from Shenyang, China.
"The company's IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob's desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator," stated the Verizon Security Blog. "Yes, it is a bit of a convoluted theory, and like most convoluted theories, an incorrect one."
After Verizon did a little bit of sniffing around Bob's computer, they uncovered his little scheme. It turns out that Bob had FedExed his workers his two-factor authentication token so that they could log in to do his work for him.
Obviously, after endangering the security of his company and whatever else the company handled (assuming that The Register is accurate in its description of the company as a part of "US critical infrastructure), Bob was fired. Of course, does it really matter much, considering he's so far probably managed to get away with hundreds of thousands of dollars?