U.S.-based company discovered its computer systems were being accessed from China
Company's own employee gave access to Chinese programmers he personally outsourced
Employee, known as "Bob", seen as "someone you wouldn't look at twice in an elevator"
"Bob" earned several hundred thousand dollars a year, paying Chinese firm $50,000 a year
Call it an amazing example of entrepreneurship or a daring play of deceit.
After a U.S.-based “critical infrastructure” company discovered in 2012 its computer systems were being accessed from China, its security personnel caught the culprit ultimately responsible: Not a hacker from the Middle Kingdom but one of the company’s own employees sitting right at his desk in the United States.
The software developer is simply referred to as “Bob,” according to a case study by the U.S. telecommunications firm Verizon Business.
Bob was an “inoffensive and quiet” programmer in his mid-40’s, according to his employee profile, with “a relatively long tenure with the company” and “someone you wouldn’t look at twice in an elevator.”
Those innocuous traits led investigators to initially believe the computer access from China using Bob’s credentials was unauthorized – and that some form of malware was sidestepping strong two-factor authentication that included a token RSA key fob under Bob’s name.
Investigators then discovered Bob had “physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday,” wrote Andrew Valentine, a senior forensic investigator for Verizon.
Bob had hired a programming firm in the northeastern Chinese city of Shenyang to do his work. His helpers half a world away worked overnight on a schedule imitating an average 9-to-5 workday in the United States. He paid them one-fifth of his six-figure salary, according to Verizon.
And over the past several years, Bob received excellent performance reviews of his “clean, well written” coding. He had even been noted as “the best developer in the building.”
A forensic image of Bob’s workstation revealed his true work habits and typical day:
9:00 a.m. – Get to work, surf Reddit, watch cat videos
11:30 a.m. – Lunch
1:00 p.m. – Ebay
2:00 p.m or so – Facebook and LinkedIn
4:30 p.m. – Send end-of-day e-mail update to management
5:00 p.m. – Go home
The Verizon investigation suggested Bob’s entrepreneurial outsourcing spirit stretched across several companies in his area – netting him several hundred thousand dollars a year as he paid out about $50,000 a year to his China-based ghost writers, according to hundreds of PDF invoices also discovered on his work computer.
Verizon’s Valentine told CNN via e-mail that Bob “was in fact terminated at the conclusion of the investigation.”
Presumably Bob’s Chinese helpers were as well.