OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Interesting Outsourcing Event

An American infrastructure company was letting its employees work from home once a week. They setup a secure VPN and required second factor authentication using an RSA security token. That's the kind where the number changes every 30 seconds, so the person logging in must have the token and enter the 6 digit number as well as the user's password. They were sure they had made it totally secure, so they forgot about it for awhile.

After a year, it occurred to them that they should check the log files showing access to their computers. The logs showed multiple log ons from Shenyang China. These were not short checks, but many hours with files coming and going. In a panic they called in Verizon's Security team. How had a Chinese hacker managed to breach their security to thoroughly?

The Verizon team determined that they logged in through the account of one of their very best programmers. An exemplary employee consistently rated as one of the best and most skilled programmers in the company. There he was, sitting at his desk, while some Chinese hacker was using his account to transfer files. How did they do it?

It turns out that he simply subcontracted his work to a Chinese firm for less than 20% of his 6 digit salary. He used FedEx to send them his RSA security token and password, so they could login and do his work. Apparently he freelanced at some other companies as well. He spent his day reading news, updating Facebook, and watching YouTube videos while earning a 6 digit profit and over 500% return on investment.

Apparently they fired him.

As reported by the Sydney Morning Herald

As reported by the BBC

Date: February 2013

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster