A software developer employed by a US critical infrastructure company, and known only as "Bob", was fired for outsourcing his duties to China so that he could spend the day surfing the internet.
The story comes from a case study by US telecommunications company Verizon, which was contacted by the man’s employer in May 2012 to help clear up an anomaly in its computer systems.
According to the case study, the offender is in his mid-forties, had worked for the company for some time, and was known as a quiet and inoffensive “family man”, who happened to have expertise in programming languages such as C, C++, Perl, Java, Ruby, PHP and Python. He was, the report suggests: “Someone you wouldn’t look at twice in an elevator. For the sake of the case study, let’s call him ‘Bob’.”
Two years before the case came to light, Bob’s firm had begun to allow its employees to work from home on certain days of the week, while connected to the company’s virtual private network. When its IT security team began monitoring the system in 2012, however, it discovered a perpetually open connection to the network from Shenyang, a major city in China.
Given the country’s reputation for cyber-espionage, and the company’s role in the “critical infrastructure” of the US, the team was understandably “greatly unnerved” by its discovery, not least because it seemed the connection to China had been open on and off for over six months.
The worker whose computer was making the suspicious connection – “Bob” – appeared to be at his desk, working hard. The company expected no less: performance reviews by its HR department revealed that he had been deemed an excellent employee, who wrote impeccable computer code and submitted it on time. “Quarter after quarter,” the case study claims, “his performance review noted him as the best developer in the building.”
The company feared Bob had fallen prey to Chinese malware, which could have been redirecting sensitive information from his desktop to China, and immediately contacted Verizon, its internet provider, for assistance. Verizon’s investigators sifted through the files in his computer, only to find hundreds of invoices from a Chinese consulting firm, based in Shenyang.
Bob, it quickly emerged, had paid the Chinese company less than 20 per cent of his six-figure salary to perform his duties on his behalf, and then spent the day coolly browsing the web. According to the report, which logged his daily computer habits, Bob began his mornings at 9am by flicking through Reddit, and would then “watch cat videos” before taking his lunchbreak at 11.30am. At 1pm he returned to his desk to surf eBay and update his Facebook and LinkedIn accounts. At 4.30pm he would send an email to his bosses, before leaving the office at 5pm.
When the ruse was uncovered, Bob was swiftly dismissed, yet it appears he was running a similar operation across several companies. He paid the Chinese firm approximately $50,000 per year, but took home a salary of several hundred thousand dollars.
“Every now and then,” reads the Verizon security report, “an attack comes along that, albeit small, still involves some unique attack vector – some clever and creative way that an attacker victimised an organisation. It’s the one-offs... that often become the most memorable and most talked about among the investigators.”
Day in the life of a cyber-skiver
9am Bob begins his working day by flicking through the social news and entertainment website Reddit. He then “watches cat videos”.
11.30am Bob takes his lunchbreak.
1pm Bob returns to his desk to browse eBay and update his Facebook and LinkedIn accounts. From now on, he may need to spend more time on LinkedIn, the professional social network often used for job-hunting.
4.30pm Having spent half an hour emailing his bosses, Bob leaves the office at 5pm.