Outsource your job to China and what would you do with your spare time in the office? Surf Facebook and Reddit of course! That’s what one programmer did with at least one company; earning several hundred thousand dollars a year, while paying a Chinese consulting firm about fifty grand annually.
The scam was found out when a company noticed anomalous activity on their VPN coming from Shenyang, China. The company allowed developers to work from home part of the week. The VPN required a two-factor authentication using a rotating token RSA key fob. Suspecting malware, the company reached out to an investigative team at Verizon Business.
The team scoured the worker’s unallocated disk space for suspicious malware but instead found hundreds of invoices from China and Internet activity that typically involved surfing Facebook, Reddit, Ebay and watching cat videos. Turns out the worker had simply “FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday,” reported J. Andrew Valentine in a Security Blog for Verizon Business.
IMAGE: Staff members in the service outsourcing company China Data Group in the Kunshan Huaqiao International Service Business Park in Kunshan, east China’s Jiangsu Province. (Shen Peng/Corbis)