[ISN] Developer outsources work to China so he can watch cat videos (and gets caught)

From: InfoSec News <alerts_at_private>
Date: Thu, 17 Jan 2013 00:15:35 -0600 (CST)
http://venturebeat.com/2013/01/16/developer-outsources-work-cat-videos/

By Ricardo Bilton
venturebeat.com
January 16, 2013

"Bob" is an unassuming, 40-ish software developer with a big secret: He 
really likes cat videos.

But Bob had a problem: He has to work, and the American economy doesn’t 
exactly brim with jobs that pay you to watch cat videos all day.

So Bob hatched a plan: Aiming to get the best of both worlds, Bob 
outsourced his work to a Chinese developer. The plan was simple, 
brilliant, and completely water-tight: Not only was Bob able to do 
whatever he wanted while at “work” (like read Reddit and surf eBay), but 
he also made hundreds of thousands of dollars in the process. What could 
possibly go wrong.?

A lot, it seems. According to a blog post by the Verizon Business 
Security team, Bob’s antics raised a lot of red flags at his employer, 
which, as a “U.S. critical infrastructure company” saw the traffic 
coming from China and expected the worst.

Charged with the task of investigating the case, the security team 
quickly discovered Bob’s plan, which involved routing VPN traffic to his 
Chinese contractor and passing off the resulting work as his own. Worse, 
Bob had even shipped the contractor his RSA security token, which 
enabled the contractor to bypass the two-factor security measures 
implemented by Bob’s employer. (In case you were curious, the entire 
post is a case study in why companies should be more proactive about 
checking their traffic logs for unusual network activity.)

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Wed Jan 16 2013 - 22:15:35 PST

This archive was generated by hypermail 2.2.0 : Wed Jan 16 2013 - 22:33:23 PST