Forgot your password?
typodupeerror
Security Businesses Programming The Almighty Buck Verizon

Employee Outsourced Programming Job To China, Spent Days Websurfing 457

Posted by Soulskill
from the working-hard-or-hardly-working dept.
New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."
This discussion has been archived. No new comments can be posted.

Employee Outsourced Programming Job To China, Spent Days Websurfing

Comments Filter:
  • Outsourcing (Score:5, Insightful)

    by Janek Kozicki (722688) on Wednesday January 16, 2013 @06:23AM (#42601377) Journal
    Now, who is going to complain about job outsourcing? Market & economy have laws that can't be broken. No matter how hard some countries try to.
  • by Anonymous Coward on Wednesday January 16, 2013 @06:25AM (#42601385)

    Not only was he the most effective employee in the company but he was managing a successful software consulting service providing services to several other local companies. He delivered the goods. In fact he was more successful at managing software outsourcing than most large companies are.

  • But of course (Score:5, Insightful)

    by Anonymous Coward on Wednesday January 16, 2013 @06:26AM (#42601393)
    When corporations do it, it's efficient. When an actual human does it, it's a scam. Can this social order please collapse now? It's bankrupt.
  • Subcontracting (Score:5, Insightful)

    by Gabrill (556503) on Wednesday January 16, 2013 @06:30AM (#42601419)

    What's the problem? Does the employee contract have a clause against subcontracting?

  • Re:Subcontracting (Score:5, Insightful)

    by sesshomaru (173381) on Wednesday January 16, 2013 @06:37AM (#42601437) Journal

    It sounds like it was an unauthorized access problem. Most companies you aren't allowed to let non-vetted people use their equipment or access their network.

    Of course, if he had brought his idea to the company and they had liked it, they'd have said, "Oh, ok, we'll fire you and hire him for a lower salary. Thanks for the idea."

  • by fantomas (94850) on Wednesday January 16, 2013 @06:38AM (#42601439)

    1. Large host organisation / government body requires programming done
    2. Subcontracting specialist organisation / other company/ freelancer / offers price to satisfy tasks
    3. Subcontractor chosen, price agreed, task allocated
    4. If task successfully completed than host organisation happy and continues with its bigger work, may call on smaller subcontractor for further work or even employ them on rolling contract

    Seems to me like this is just how contracting works. The guy was asked to produce code and he did.

    I can see there's a security issue here (unauthorised handing out of VPN) and *potential* legal issue (does his contract say he must do the work? if not then no legal issue perhaps), maybe a tax issue (were tax payments made to subcontractors etc. as should have been).... ...but generally it seems like he was just doing what lots of companies do, subcontracting work out to specialists and claiming a percentage for handling the work and taking the risk on its delivery.

      Not a lot different from how big companies work? and lets face it, big companies would NEVER put data security at risk or look for loopholes to avoid paying tax to the government, would they ? ;-)

  • by Anonymous Coward on Wednesday January 16, 2013 @06:47AM (#42601473)

    well.. and the fact the employee here was collecting a 400% markup..

    employee did employer a favor.. proved his own job could be outsourced better at a fraction of his salary. fire the employee, keep the contractor.

  • by Anonymous Coward on Wednesday January 16, 2013 @06:52AM (#42601485)

    He probably was a decent coder because that it's ether random luck or he knew how to spot a decent/good programmer in the wild half a world away.

  • by Anonymous Coward on Wednesday January 16, 2013 @06:58AM (#42601507)

    The real (and scary) message here is that the best programmer in the building was a chinese working for 1/5th of the usual programmer's income.

    Cheap, low quality asian workforce, indeed...

  • by Weezul (52464) on Wednesday January 16, 2013 @07:15AM (#42601559)

    Yes, I'd consider this a fairly good resume for managerial positions : Efficient, check. Benefitted employer, check. Dishonest, check. etc. He should simply continue with his contracting company providing developer services for clients. In fact, it's almost pathological that he chose to sit in an office all day while doing this.

  • Re:Subcontracting (Score:5, Insightful)

    by L4t3r4lu5 (1216702) on Wednesday January 16, 2013 @07:19AM (#42601575)
    Not until a Chinese company starts offering this company's product at 1/5 the price.
  • by History's Coming To (1059484) on Wednesday January 16, 2013 @07:28AM (#42601593) Journal
    The major issue is handing over access keys to a corporate VPN to a random bloke in another country. Frankly, I'm quite impressed with the general concept, but introducing a huge security breach isn't going to make you popular, he should have just had the guy email him code and the ctrl-V it himself, cutting the security breach out, he'd probably never have been caught unless there was something unexpected in the code.
  • by indeterminator (1829904) on Wednesday January 16, 2013 @07:35AM (#42601613)

    my boss

    I quoted the problematic part. s/boss/client/ and all is well. Independent contractors do this all the time.

    Some other important things: (a) You want to get permission from your boss/client *before* making the arrangement. (b) You *don't* want to disclose the rate of your subcontractor to your boss/client. (c) You *definitely* don't want to send your *personal* RSA token and access credentials to your subcontractor.

  • Re:Outsourcing (Score:5, Insightful)

    by mwvdlee (775178) on Wednesday January 16, 2013 @07:44AM (#42601645) Homepage

    Also, outsourcing happens on our soils as well. I once spent some time with a company that sold our services to another company and the markup rate was 50% or more of what I was getting. I was rather disgusted at the notion. It was impossible for me to get that job, but by going through one of these companies, I could get it and there I was, "the same damned person."

    If you would have gotten sick, died or otherwise unable to work, would you have been replaced at no additional cost?
    If your expertise wasn't up to the required standards, would you have been replaced at no additional cost?
    If you turn out to be a criminal, could they sue you for all damages or just a small fraction of it?
    It's all about insuring risks.

  • Re:Subcontracting (Score:5, Insightful)

    by Yaa 101 (664725) on Wednesday January 16, 2013 @07:54AM (#42601665) Journal

    Yes, and he should have copied the environment that gave access to his subcontractors and make the copied environment update at his employers environment by scripting.

    He was only half smart, his lazyness did him under.

    I appaud his idea as he did the same that most corporations do, but he was sloppy doing it.

  • Summary fix (Score:4, Insightful)

    by Legion303 (97901) on Wednesday January 16, 2013 @08:11AM (#42601721) Homepage

    Company gets butthurt when lowly employee dares to do the exact same thing they've been doing for decades. Film at 11.

  • by jkrise (535370) on Wednesday January 16, 2013 @08:13AM (#42601735) Journal

    1. Programmers in the US are worth the money corporations spend on them.
    2. China and India are full of crappy programmers who can't understand specs, cannot correspond in English, let alone produce quality code.
    3. The value of the US currency is a true measure of its worth in global markets.
    4. US corporations are killing US jobs despite the fact outsourcing produces lesser quality goods and services.

    I know the plural of anecdote is not data, but still...

  • by ByOhTek (1181381) on Wednesday January 16, 2013 @08:40AM (#42601825) Journal

    Yes, it's bad if the employee has 400% markup, but good business if the company does it.

  • by adrn01 (103810) on Wednesday January 16, 2013 @08:52AM (#42601871)

    Employee is in wrong position, if was able to successfully find / hire / manage a highly competent programmer in China.

  • Re:Legality? (Score:4, Insightful)

    by arth1 (260657) on Wednesday January 16, 2013 @09:06AM (#42601951) Homepage Journal

    Get a real crafty accountant and you should be able to keep every red cent.

    The problem is that for most of us non-millionaires, what a real crafty accountant charges is more than what the IRS wants.

    Plus, of course, that when we pay taxes, we do get something back, like roads and police. The accountant, on the other hand, does not feed back to society; it is a parasite that is useful for the host, but bad for the species.

  • by eulernet (1132389) on Wednesday January 16, 2013 @09:13AM (#42601999)

    VPN is not really the problem, since VPN access tends to be quite limited in scope.

    I think that the main problem is that a random guy in China has a local copy of all the source code of the company.

    If access to the code required some NDA, the company is now in pretty deep shit.

    Anyway, kudos to the chinese guy, he seems to be a good coder and had to work at an unusual work schedule.

  • by Anonymous Coward on Wednesday January 16, 2013 @09:33AM (#42602181)

    If mfg CDs is a fraction of the cost, then doing it locally in a more expensive job market won't increase the price of the CD much, will it.

  • by Anonymous Coward on Wednesday January 16, 2013 @09:56AM (#42602469)

    "Market & economy have laws that can't be broken"

    I can only conclude that you just awoke from a 5-year coma...

    glad to hear you're doing better!

  • by Dcnjoe60 (682885) on Wednesday January 16, 2013 @10:16AM (#42602769)

    Employee is in wrong position, if was able to successfully find / hire / manage a highly competent programmer in China.

    I don't think you want this guy as your program manager. Look at the facts. He was paid $X and paid somebody to do his job for less. He isn't making any extra money and in fact is taking home less money than if he did the job himself (and since he isn't a business, he can't even deduct the outsourcing expense from taxable income). The guy still had to show up at work each day (where he would just surf the net), but his outsourcing activities didn't free him up to do other programming which would bring him additional revenue.

    No, the only reason to do something like this is because you are incompetent at the job you were hired for and need to cover that up, or you are an idiot because you are giving away a large chunk of your pay so you can surf the net. Neither of those are qualities that I would want in a manager.

  • by beowulfcluster (603942) on Wednesday January 16, 2013 @10:34AM (#42602985)
    If you're only doing it at one place then you might be an idiot, but if as reported with this guy you're doing it at several jobs...? Suddenly you're taking home a lot more than you'd do if you were doing a real job yourself, and you're watching cat videos while doing it. If you have multiple clients who are all satisfied enough with the work your team does that they want to keep hiring you, what more do you need in a manager?
  • by LordLimecat (1103839) on Wednesday January 16, 2013 @10:45AM (#42603109)

    You mean, except for the whole "some random dude in another country now has his RSA ID and noone was the wiser", ya sure.

  • by BVis (267028) on Wednesday January 16, 2013 @10:47AM (#42603127)

    The major issue is a dishonest employee. While he may be crafty, he still took credit for others work and tried to cheat the system.

    That's the American Dream, 2013 style. Hard work only gets you more hard work, but exploiting the hard work of others makes you rich. As others have pointed out, employers do this all the time, and not only is it accepted, it's expected. But when a peon.. whoops, excuse me, the proper term is "an employee", turns the tables on them, well, we can't have that, can we. Companies don't like it when you don't eat the shit you're given.

    To me, yes, what this guy did was wrong and dishonest. But, to a lot of people, the only thing this guy did wrong was get caught. Companies that work the system (legally or not) are praised as 'innovative' and 'efficient', and the execs get huge bonuses while the people who do actual work struggle to make ends meet with their salaries that don't keep pace with inflation. And, should the companies get caught doing something that's actually illegal instead of just morally reprehensible, they pay a fine (which is generally less than the amount of savings/extra profit they realized through the illegal activity) and get a stern talking to. But, when this guy does the same thing, he loses his job, gets his reputation ruined, and may very well go to jail. God Bless America.

  • by Anonymous Coward on Wednesday January 16, 2013 @11:21AM (#42603591)

    companys have no loyalty to employees anymore, so the reverse is just common sense.

  • by cusco (717999) <brian DOT bixby AT gmail DOT com> on Wednesday January 16, 2013 @11:32AM (#42603789)
    So money is the only thing that motivates you to work? That's really sad, you're in the wrong job (whatever it is). I enjoy my work, but there's a certain amount of drudgery associated with it at times (mostly data entry setting up new customer sites). If there were a way to hand off that portion of my work, and still get paid half or more what I normally would while I goofed off instead, I would consider it a good deal. Mind you I'm not an idiot who would ship off my security token without customer approval, but otherwise I think he found an interesting solution.
  • by Half-pint HAL (718102) on Wednesday January 16, 2013 @12:07PM (#42604375)

    People who can do outsourcing that well are very rare.

    How "well" is that? He pushed a "critical infrastructure" job offshore without a full ISO security audit, putting his employer in the position where they risk losing their ISO certification and get sued into non-existance. The reason his offshoring was cheap and profitable was because he made a very, very bad job of it. He has lost his job, and the only reason he hasn't been sued into bankruptcy is the fact that his employer is sh*t-scared of anyone knowing it was them.

  • Re:Outsourcing (Score:5, Insightful)

    by erroneus (253617) on Wednesday January 16, 2013 @12:52PM (#42605113) Homepage

    No it's holding women to a standard. It's not misogynist.

    When a couple are in a 'relationship' it is an agreement of sorts that does not extend to the world. And if that agreement is breeched, only one of the two parties can be responsible for it. A third party cannot be responsible for breeching that agreement.

    What I find to me extremely weird is the unexplained "lower standard" we expect of women. We don't expect them to keep their word or their promises or to keep secrets. We expect that it is somehow a woman's perogative to change her mind without cause, notice or explanation. I'm not sorry that I heartily disagree with this notion. Men and women are people and I hold them both to the same expectations of honor and integrity.

    So once again, if a girlfriend cheats, I am not going to blame the handsome, charming stranger. I am going to hold her accountable for her actions. How is that misogynist?

  • by Jeremiah Cornelius (137) on Wednesday January 16, 2013 @01:02PM (#42605245) Homepage Journal

    When a corporation does this?

    Good stewardship of shareholder investment.

    Make the corporation illegal!

  • by ultranova (717540) on Wednesday January 16, 2013 @01:04PM (#42605293)

    In other words, he knows how to make a profit by screwing over other people and escape the consequences. Clear Wall Street material.

  • by ultranova (717540) on Wednesday January 16, 2013 @01:23PM (#42605565)

    Why would anyone work if they didn't have to?

    Because accomplishing things you consider valuable triggers the reward circuits in your brain. That's the reason people do volunteer work, have hobbies, etc.

    Both you and the parent are confusing "work" and "job". They are not the same thing, altough if you're lucky they might overlap.

  • by cayenne8 (626475) on Wednesday January 16, 2013 @03:37PM (#42607447) Homepage Journal

    Why would doing something you like for money stop being fun.

    It ceases or becomes less fun, when you are dependant on that money for living, it introduces worry about the money, more than the enjoyment of the task.

    And again...things I like to do, make very no money or not nearly enough to support my lifestyle.

    For instance.

    I like to cook. I do it for friends and neighbors and myself. If I were a lottery winner, I might possibly buy a small restaurant, and open it to cook stuff for whenever I felt like it. Frankly, if you make something small, good and hard to get into, foodies will flock to it.

    However, in the past, I did food service for a living, and it is TOUGH...hours and work.

    I hope I NEVER have to do that again for a living, to have my livelihood depend on the stress and strain of doing that to live.

    However, if I had extreme wealth...I could open a place do it for fun.....open when I felt, whatever, but if I didn't feel like doing it that day, I wouldn't have to.

    With a 'job' or 'work'...you don't have that option because you depend on it for money, and that adds strain and decreases or destroys the fun in it.

  • by davester666 (731373) on Wednesday January 16, 2013 @03:54PM (#42607665) Journal

    Yes, the contractor has to have a VPN connection to the employee's home. The employee needs to periodically upload the work from his home to the office. And maybe sometimes just forward the connection through his home as necessary for specific projects.

  • by cayenne8 (626475) on Wednesday January 16, 2013 @03:58PM (#42607715) Homepage Journal

    My wife died in 2006 when I was 42; we were together for 20 years. We lived responsibly, partly because she was 19 years older than me and would retire way before me, so I'm debt-free and don't need to work (ever again), but do because I haven't yet figured out what I want to do with my self/life and I'd be bored otherwise. My house is quiet and lonely enough on the weekends as it is, I don't need that 24/7.

    Sorry to hear about your loss, but why are you alone?

    That was about 7 years ago...do you not have a bunch of other friends or people you can do things with? When you were married, did you not keep close friends then...or was it just you and her and no outside people?

    You're near 50....hell, get out there, meet another woman, they are a dime a dozen out there. Get laid. Hell, if you want..get involved.

    I know there is a period of grieving, but you're still in this world, and I doubt your wife would want you to be down forever. Get out and enjoy yourself. If you don't have to work for a living...get out and find something to do.

    Have you ever been a tourist in your own town?

    Once, when I was in between contracts for about 7mos...I got up each day....walked the dog, hit the gym for a couple hours...and in the afternoons, I'd hop on my motorcycle and do something different every day. I went to check out the various museums...stuff like that.

    And if you like computers...tinker with those.

    And start to embrace some 'alone time'. I love my alone time, make use of it to do things that having someone around all the time can distract you from, like maybe learning a new language.

    And hell...TRAVEL. If you have the means, go somewhere. How about this spring, go rent a bungalow in Key West and go party on Duval street and dine out for a week? Plenty of people to meet there or anywhere else you travel.

    There's not a lack of things to do in this world at all, just pick something and GO.

    Good luck. Again, sorry about your wife passing, but after 7 years, you really need to be moving on and enjoying the rest of your life. Your a the midpoint now, don't waste time!!

I use technology in order to hate it more properly. -- Nam June Paik

Working...