"Arrive and surf Reddit for a couple of hours. Watch cat videos"
[Andrew Valentine, a principal with Verizon Enterprise Solutions] was contacted by another company based in the U.S. for assistance over "anomalous activity" it noticed in records of employees logging remotely into the company's IT system.
The company's security team eventually found that someone was logging in from Shenyang, China with the American employee's credentials. ... A search of the employee's computer found hundreds of PDF invoices from a third party contractor/developer from Shenyang. Eventually, it was discovered that the employee had outsourced his own job to a Chinese consulting firm, paying about $50,000 to the firm out of his salary of several hundred thousand dollars. The employee had sent his company log-in key through FedEx to China so that the third-party contractor could log in under his credentials during his workday.
So what's wrong with that? The company's body shop didn't get their cut?
In the blog, Valentine wrote that according to his Web browsing history, "a typical 'work day'" for the employee looked like the following:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – EBay time.
2:00 – ish p.m. - Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home
The "best part" of the story is that "for the last several years in a row he received excellent remarks" in his performance review, Valentine wrote in the blog.
"His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building."
So the harm is where? And now comes the best part. Valentine carefully explains how be your own body shop -- undetected!
Valentine said that if he was even cleverer, he would have set up a server at home, or somewhere else off-site, for the Chinese consulting firm to access. Then he could proxy their traffic, making it appear that the traffic was coming from his home.
"That would have been a smarter way to go about it. But yes, either way, pretty clever," Valentine said.
So now the corporations are going to outsource their outsourcing...