American Programmer Outsources Job to China

Karloff

New member
Oct 19, 2009
6,474
0
0
American Programmer Outsources Job to China



A U.S. company got a shock when it discovered its systems were being accessed by someone in China.

Bob was the man you wouldn't suspect of any wrongdoing; 40s, nebbish, good at his job - one of the best programmers in the office, in fact - never complained, and always got a good review from management, who he emailed every day to update on his progress. Trouble was, that email was his only significant work contribution. Everything else was being done by the Chinese programmer to whom Bob had outsourced his job, at a fraction of his six figure salary.

The U.S. critical infrastructure company lucky enough to have Bob on its payroll first found out about the scam when it conducted a routine log review, trying to make sure its telecommuting employees were on the job. When it noticed an anomalous log-in apparently originating in China and using Bob's identity, its first thought was espionage, perhaps involving some sophisticated malware; all the more so because its log-in system was supposed to be highly secure, with two-factor authentication, utilizing a fob that Bob was supposed to have on his person.

Then it dug deeper, and discovered Bob's daily work routine consisted of:


9:00 a.m. - Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. - Take lunch
1:00 p.m. - Ebay time.
2:00 - ish p.m Facebook updates - LinkedIn
4:30 p.m. - End of day update e-mail to management.
5:00 p.m. - Go home


Alas, poor Bob. His web of secrets soon unraveled. That oh-so secure system with its fancy fob had been undone by FedEx, for Bob had simply mailed the doodad to his Chinese confederate. It turned out that this was not Bob's first time to the rodeo; evidence suggested that he'd been pulling the same trick elsewhere, raking in hundreds of thousands in fees while paying his subcontractor about fifty grand.

Nice work, if you can get it ...

Source: Verizon Security Blog [http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/]


Permalink
 

Hazzard

New member
Jan 25, 2012
316
0
0
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.
 

juyunseen

New member
Nov 21, 2011
292
0
0
Hazzard said:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.
I don't THINK its illegal, just kind of immoral I suppose. The company wont be happy with him mailing his security thing to china though. Probably will get fired for 'compromising system security' or something like that.
 

redknightalex

Elusive Paragon
Aug 31, 2012
266
0
0
May not be illegal but, dependent on the firm and the contract, may be breaking some sort of Homeland Security protection or breaking his contract. Many companies have contracts that make it very easy to fire someone for reasons they don't need to explain. Also, if this were the US government...well, that would be pretty bad.

Also, didn't this story break more towards the beginning of the week? I know news is always "breaking" but I swear I read about this much earlier than today. Funny how living on the East Coast of the US means I get the same news stories I read hours earlier when the Pacific Coast firms wake up.
 

Eclipse Dragon

Lusty Argonian Maid
Legacy
Jan 23, 2009
4,259
12
43
Country
United States
Bob can't seriously do his work AND surf the internet at the same time?
He must be horrible at multitasking.
 

Zombie_Moogle

New member
Dec 25, 2008
666
0
0
I feel like I could make Online Proxy jokes all day long

Shame he didn't just have the guy access the system through VPN. Mighta kept his grift going a lot longer
 

gardian06

New member
Jun 18, 2012
403
0
0
Hazzard said:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.
as long as there were no NDA, or security clearance requirement for the position then he was breaking no laws, but if any of these were required then he technically voided his current contract at the point he started do this at his job (after that portion of the contract took effect in many cases immediately) then he could be responsible to reimburse the company on grounds of fraud all funds that were not spent doing the work (so everything he did not pay to his Chinese counterpart), and then damages to "confidential" company assets (similar to that of copyright infringement, but a lot bigger number)
 

Ken Sapp

Cat Herder
Apr 1, 2010
510
0
0
gardian06 said:
Hazzard said:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.
as long as there were no NDA, or security clearance requirement for the position then he was breaking no laws, but if any of these were required then he technically voided his current contract at the point he started do this at his job (after that portion of the contract took effect in many cases immediately) then he could be responsible to reimburse the company on grounds of fraud all funds that were not spent doing the work (so everything he did not pay to his Chinese counterpart), and then damages to "confidential" company assets (similar to that of copyright infringement, but a lot bigger number)
A NDA is a contract, not a law. If you break one you can be sued for breaking a contract but you have broken no laws.
 

Baresark

New member
Dec 19, 2010
3,908
0
0
I have to say, that is fuckin' genius. As a guy who just narrowly averted (for an indeterminate amount of time) his company outsourcing his entire department, this is a lot better than the company doing it. His downfall was utterly stupid though. When workers log in remotely, even the most insecure of companies usually participate in IP tracking on some rudimentary level. It's just the most basic of security. Idiot should have taken some of that cash and payed for a proxy for the guy to log into.
 

AngryMongoose

Elite Member
Jan 18, 2010
1,230
0
41
...
Contact the Chinese guy with a job and a visa? He's obviously very good at it, willing to work cheap under bad conditions, and has none of those pesky morals that can ruin a good employee. A perfect replacement for Bob.
 

CriticalMiss

New member
Jan 18, 2013
2,024
0
0
I might hire a Chinese person to make posts for me, I'll save so much time and be able to catch up on my sleep whilst appear to be an active member of various websites. Ror!
 

Quaxar

New member
Sep 21, 2009
3,949
0
0
On other news, Escapist staff suddenly 300% more productive. Also, fluent in Mandarin.
 

m72_ar

New member
Oct 27, 2010
145
0
0
http://www.youtube.com/watch?v=rYaZ57Bn4pQ

The Onion predict this years before.

This might open up the floodgates.
So much for the illusion that american programmers are better than the Chinese

If he achieved multiple coder of the months by using Chinese programmer,
What's the point of companies hiring locals anymore? Apparently they're not better than the cheap chinese or indian contractors
 

gigastar

Insert one-liner here.
Sep 13, 2010
4,419
0
0
Hazzard said:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.
Maybe his company can sue for damages for breach of security.

After all, passing the workload and access details to someone in China is an easy breach of security and leaking company secrets.

At any rate they could certainly fire him and hire the Chinese guy instead.