Employee Outsourced Programming Job To China, Spent Days Websurfing 457
New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."
Google cache (Score:5, Informative)
google cache of page [googleusercontent.com]
Google Cache (Score:5, Informative)
Re:Outsourcing (Score:5, Informative)
Yeah something of a double-edged sword there. Of course their argument is about knowledge and all that, but in reality, many outsourced jobs go to contract companies who then sell the jobs out to other, unknown entities. All the companies out there having things made by slave children invariably claim no knowledge based on these types of practices.
Also, outsourcing happens on our soils as well. I once spent some time with a company that sold our services to another company and the markup rate was 50% or more of what I was getting. I was rather disgusted at the notion. It was impossible for me to get that job, but by going through one of these companies, I could get it and there I was, "the same damned person."
But we people routinely get angry at people who do the very same things we do... or we simply get angry at the wrong people. Case in point: A guy finds his woman has been with another man. The guy gets angry and goes after the other man. Say what?! This guy is doing what pretty much every other guy would do when it's being made available to them. Why get pissed off at another guy who is doing what you would be tempted to do? I wouldn't. The real problem was the woman and sometimes she is blamed and other times even forgiven. Ridiculous.
So the business who is likely to outsource (call centers and stuff like that) finds one of its employees is paying someone else to do the work he was hired to do. On one hand, they shouldn't care. On the other, there are security concerns... sort of. If they thought he was a safe employee, they now know it was just an illusion like all of our other notions of being safe. (But we gave up our freedom, our right to self-defence and lots and lots of money to taxes and we're NOT safer? I'm shocked! Shocked I tell you!)
Well, there is certainly much to talk about with regards to this and a lot of perspectives to weigh in. But most of us definitely feel companies like Verizon 'deserves' this though it would only make a difference if most everyone was doing this... which they aren't. Can't be. So, kudos to the scammer. May he never be given another job like this or in the industry again. You are scum just like the companies who outsource our jobs. It doesn't make it right when you do it, any more than when they do it. That they get upset when someone did it to them shows perfectly that they know what they are doing and who they are doing it to. That they feel justified in doing it while others shouldn't just shows their hypocrisy.
Not news to me (Score:5, Informative)
We did something like this more than 7 years ago.
"We" being a team of developers in Eastern Europe. Our employers were two brothers who had moved to the US and had found IT jobs. We did their work for them and had time left over for side projects. Our team of 5 people got some fraction or other from their regular salaries and it was still a good wage for us. Things have changed in the last couple of years, but not by that much.
Alternative link (Score:4, Informative)
Bellman (Score:5, Informative)
Re:Error establishing a database connection (Score:5, Informative)
It's front page at reddit right now as well I believe - and HN
'Bob" is gone. (Score:5, Informative)
Re:Outsourcing (Score:2, Informative)
Actually it's more about the IRS and benefits. The IRS started getting mad at employees taking on independent contractors instead of full time employees. There was even a lawsuit a couple years ago where a guy won benefits from the company that he was contracting for.. Not health care benefits but he is now allowed to go to the company parties and all of that stuff. Going through the middle man consulting firm, stupid though it may be, adds a layer between the employer and you making them safer against the IRS reclassifying you as an employee. Also, wrt the lawsuit I mentioned when that all went down my employer instituted a new rule that no contractor could work for them for more than 1 year. You'd have to take off at least 90 days, and then could return.
Re:Part of me says, "Good!" (Score:2, Informative)
Any decent VPN software at a security focused company will not allow split tunneling for exactly the reason you state, someone controlling the workstation could ride the corporate VPN in.
Re:Part of me says, "Good!" (Score:5, Informative)
Well enough not to be found out for a long time and be found best coder of the workplace.
Re:Part of me says, "Good!" (Score:5, Informative)
Of course it is....? Are you kidding?
I'd assume that is the case for most people out there.
If I won the lottery tomorrow, with enough money to never work again, I'd be out of here so fast it would make your head swim.
I'd likely not even bother coming back for my stuff at my desk (not that much there, nothing really personal).
The only reason I work...is to earn as much money as possible, which gives me the means to pay for the life and lifestyle I enjoy. If I didn't have to burn hours working for money, I can tell you, I could easily spend the rest of my life pursing happiness to the fullest!!
I like to travel, date various women, I have hobbies, I have TONS of things that I'd be doing every day if I didn't have to bother coming to a job to work.
Why would anyone work if they didn't have to?
I know there are some fringe cases out there, people who apparently actually define themselves by their jobs. They're also the ones that hit deep depression or get really overly upset if they lose their job, or something goes wrong at work at times.
I've never understood that, I guess I never will.
I'm defined by myself, and I really, really do LIKE myself....and would love to not have to work, and spend more time having fun and doing interesting things.
Are you just joking, or do you actually work for any other reason than making money?
Re:Part of me says, "Good!" (Score:4, Informative)
Apparently you're not understanding what disabling split tunneling does on a VPN.
When you disable split tunneling while using VPN, you essentially lose the route out of your computer towards the internet. The only route that your PC knows is through your VPN adapter, which then sends any packet that way. Even local traffic - say my PC is on 192.168.1.1, my router is 192.168.1.5 and another PC is at 192.168.1.2 - when my PC is on VPN, I can't talk to the internet (without going to the company first) nor can I talk to 192.168.1.5.
Once you fire up the VPN session, the SSH would drop towards the Chinese guy, because all packets are now going across the tunnel.