No Kidding, All of this comes from Verizon, from a case study outlined by its security team. So basically a developer called Bob who works at US-Based critical infrastructure company was caught last year for outsourcing his work to China.
This guy was damn! smart. He paid less than one fifth of his salary to a guy in China who outsourced the work for Bob. As a result all that he did all day was surf Reddit and watch Cat videos. His browsing history detailed it:-
- 9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos.
- 11:30 a.m. – Take lunch.
- 1:00 p.m. – Ebay time.
- 2:00 – ish p.m Facebook updates – LinkedIn.
- 4:30 p.m. – End of day update e-mail to management.
- 5:00 p.m. – Go home.
Actually Bob’s company had started letting employees work remotely from home on certain days, so it set up a VPN concentrator to facilitate that. The company implemented two-factor authentication for the connection, with the second factor being a physical, rotating token RSA key fob. So all Bob had to do was send the key over to China via FedEx. So when company found out that Bob logged in from China they were kind of surprised as he was in US so it was basically not possible for him to log in from China. So Bob’s Company hired Verizon to find out what was going out as it may result as huge security threat to the company.
After thorough research they identified this situation and so Bob was immediately fired. Still that guy Bob was living one hell of a life of comfort, isn’t he?