Interesting Outsourcing Event

An American infrastructure company was letting its employees work from home once a week. They setup a secure VPN and required second factor authentication using an RSA security token. That's the kind where the number changes every 30 seconds, so the person logging in must have the token and enter the 6 digit number as well as the user's password. They were sure they had made it totally secure, so they forgot about it for awhile.

After a year, it occurred to them that they should check the log files showing access to their computers. The logs showed multiple log ons from Shenyang China. These were not short checks, but many hours with files coming and going. In a panic they called in Verizon's Security team. How had a Chinese hacker managed to breach their security to thoroughly?

The Verizon team determined that they logged in through the account of one of their very best programmers. An exemplary employee consistently rated as one of the best and most skilled programmers in the company. There he was, sitting at his desk, while some Chinese hacker was using his account to transfer files. How did they do it?

It turns out that he simply subcontracted his work to a Chinese firm for less than 20% of his 6 digit salary. He used FedEx to send them his RSA security token and password, so they could login and do his work. Apparently he freelanced at some other companies as well. He spent his day reading news, updating Facebook, and watching YouTube videos while earning a 6 digit profit and over 500% return on investment.

Apparently they fired him.

As reported by the Sydney Morning Herald
http://www.smh.com.au/technology/technology-news/software-developer-bob-outsources-own-job-to-china-and-whiles-away-shifts-on-cat-videos-20130117-2cuib.html

As reported by the BBC
http://www.bbc.co.uk/news/technology-21043693

Date: February 2013

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Interesting Outsourcing Event An American infrastructure company was letting its employees work from home once a week. They setup a secure VPN and required second factor authentication using an RSA security token. That's the kind where the number changes every 30 seconds, so the person logging in must have the token and enter the 6 digit number as well as the user's password. They were sure they had made it totally secure, so they forgot about it for awhile. After a year, it occurred to them that they should check the log files showing access to their computers. The logs showed multiple log ons from Shenyang China. These were not short checks, but many hours with files coming and going. In a panic they called in Verizon's Security team. How had a Chinese hacker managed to breach their security to thoroughly? The Verizon team determined that they logged in through the account of one of their very best programmers. An exemplary employee consistently rated as one of the best and most skilled programmers in the company. There he was, sitting at his desk, while some Chinese hacker was using his account to transfer files. How did they do it? It turns out that he simply subcontracted his work to a Chinese firm for less than 20% of his 6 digit salary. He used FedEx to send them his RSA security token and password, so they could login and do his work. Apparently he freelanced at some other companies as well. He spent his day reading news, updating Facebook, and watching YouTube videos while earning a 6 digit profit and over 500% return on investment. Apparently they fired him. As reported by the Sydney Morning Herald http://www.smh.com.au/technology/technology-news/software-developer-bob-outsources-own-job-to-china-and-whiles-away-shifts-on-cat-videos-20130117-2cuib.html As reported by the BBC http://www.bbc.co.uk/news/technology-21043693 Date: February 2013 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk