Pages

Wednesday, March 6, 2013

Surf Reddit




At any given time, we have all probably wished that we could outsource our work to someone in China and spend our days browsing the Web.

One software developer, however, did just that - spending his days watching cat videos and perusing Reddit. But he failed to realize that daily VPN log-ins from Shenyang, China might arouse suspicion.
The employee's exploits were detailed in a Jan. 13 blog post from J. Andrew Valentine, a principal and team lead with the forensic and investigative response team within Verizon. The blog post appears to have been pulled offline, but a cached version is still available.

Valentine said his team uncovered the scam when a U.S.-based company asked Verizon "for our help in understanding some anomalous activity that they were witnessing in their VPN logs." The company had allowed more workers to telecommute in the last two years via a VPN, but after reading a 2012 data breach investigative report from Verizon, the firm decided to start monitoring its VPN connections.
"What they found startled and surprised them: an open and active VPN connection from Shenyang, China! As in, this connection was LIVE when they discovered it," Valentine wrote.

Given that the company in question handled critical infrastructure, the VPN required two-factor authentication, and the employee whose credentials were in use overseas was sitting at his desk, the log-in from China was troubling.
The team initially suspected malware, but an exhaustive investigation proved otherwise. "As it turns out, 'Bob' had simply outsourced his own job to a Chinese consulting firm," Valentine wrote. "Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him."

The worker "physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday."

When the team looked at Bob's Web history, the picture got a bit clearer. The worker - described as an "inoffensive and quiet" programmer in his mid-40s - spent much of his day on Reddit, eBay, Facebook, or watching cat videos.

"Evidence even suggested he had the same scam going across multiple companies in the area," Valentine concluded. "All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually."

It seems Bob chose his developers carefully. Performance reviews cited his clean, well-written code. "Quarter after quarter, his performance review noted him as the best developer in the building," Valentine said.

Valentine did not mention what became of "Bob," but one can assume that providing Chinese workers with sensitive data was frowned upon by upper management.

0 comments:

Post a Comment