Employee Outsourced Programming Job To China, Spent Days Websurfing 457
New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."
Outsourcing (Score:5, Insightful)
Scams? What Scams? He was the MOST effective... (Score:5, Insightful)
Not only was he the most effective employee in the company but he was managing a successful software consulting service providing services to several other local companies. He delivered the goods. In fact he was more successful at managing software outsourcing than most large companies are.
But of course (Score:5, Insightful)
Subcontracting (Score:5, Insightful)
What's the problem? Does the employee contract have a clause against subcontracting?
Re:Subcontracting (Score:5, Insightful)
It sounds like it was an unauthorized access problem. Most companies you aren't allowed to let non-vetted people use their equipment or access their network.
Of course, if he had brought his idea to the company and they had liked it, they'd have said, "Oh, ok, we'll fire you and hire him for a lower salary. Thanks for the idea."
Isn't this just how big companies work? no dif? (Score:4, Insightful)
1. Large host organisation / government body requires programming done
2. Subcontracting specialist organisation / other company/ freelancer / offers price to satisfy tasks
3. Subcontractor chosen, price agreed, task allocated
4. If task successfully completed than host organisation happy and continues with its bigger work, may call on smaller subcontractor for further work or even employ them on rolling contract
Seems to me like this is just how contracting works. The guy was asked to produce code and he did.
I can see there's a security issue here (unauthorised handing out of VPN) and *potential* legal issue (does his contract say he must do the work? if not then no legal issue perhaps), maybe a tax issue (were tax payments made to subcontractors etc. as should have been).... ...but generally it seems like he was just doing what lots of companies do, subcontracting work out to specialists and claiming a percentage for handling the work and taking the risk on its delivery.
Not a lot different from how big companies work? and lets face it, big companies would NEVER put data security at risk or look for loopholes to avoid paying tax to the government, would they ? ;-)
Re:Part of me says, "Good!" (Score:5, Insightful)
well.. and the fact the employee here was collecting a 400% markup..
employee did employer a favor.. proved his own job could be outsourced better at a fraction of his salary. fire the employee, keep the contractor.
Re:Scams? What Scams? He was the MOST effective... (Score:5, Insightful)
He probably was a decent coder because that it's ether random luck or he knew how to spot a decent/good programmer in the wild half a world away.
The order of things (Score:4, Insightful)
The real (and scary) message here is that the best programmer in the building was a chinese working for 1/5th of the usual programmer's income.
Cheap, low quality asian workforce, indeed...
Re:Scams? What Scams? He was the MOST effective... (Score:5, Insightful)
Yes, I'd consider this a fairly good resume for managerial positions : Efficient, check. Benefitted employer, check. Dishonest, check. etc. He should simply continue with his contracting company providing developer services for clients. In fact, it's almost pathological that he chose to sit in an office all day while doing this.
Re:Subcontracting (Score:5, Insightful)
Re:Part of me says, "Good!" (Score:5, Insightful)
Re:Part of me says, "Good!" (Score:5, Insightful)
my boss
I quoted the problematic part. s/boss/client/ and all is well. Independent contractors do this all the time.
Some other important things: (a) You want to get permission from your boss/client *before* making the arrangement. (b) You *don't* want to disclose the rate of your subcontractor to your boss/client. (c) You *definitely* don't want to send your *personal* RSA token and access credentials to your subcontractor.
Re:Outsourcing (Score:5, Insightful)
Also, outsourcing happens on our soils as well. I once spent some time with a company that sold our services to another company and the markup rate was 50% or more of what I was getting. I was rather disgusted at the notion. It was impossible for me to get that job, but by going through one of these companies, I could get it and there I was, "the same damned person."
If you would have gotten sick, died or otherwise unable to work, would you have been replaced at no additional cost?
If your expertise wasn't up to the required standards, would you have been replaced at no additional cost?
If you turn out to be a criminal, could they sue you for all damages or just a small fraction of it?
It's all about insuring risks.
Re:Subcontracting (Score:5, Insightful)
Yes, and he should have copied the environment that gave access to his subcontractors and make the copied environment update at his employers environment by scripting.
He was only half smart, his lazyness did him under.
I appaud his idea as he did the same that most corporations do, but he was sloppy doing it.
Summary fix (Score:4, Insightful)
Company gets butthurt when lowly employee dares to do the exact same thing they've been doing for decades. Film at 11.
So these arguments are bullshit.... (Score:5, Insightful)
1. Programmers in the US are worth the money corporations spend on them.
2. China and India are full of crappy programmers who can't understand specs, cannot correspond in English, let alone produce quality code.
3. The value of the US currency is a true measure of its worth in global markets.
4. US corporations are killing US jobs despite the fact outsourcing produces lesser quality goods and services.
I know the plural of anecdote is not data, but still...
Re:Part of me says, "Good!" (Score:5, Insightful)
Yes, it's bad if the employee has 400% markup, but good business if the company does it.
Re:Part of me says, "Good!" (Score:5, Insightful)
Employee is in wrong position, if was able to successfully find / hire / manage a highly competent programmer in China.
Re:Legality? (Score:4, Insightful)
Get a real crafty accountant and you should be able to keep every red cent.
The problem is that for most of us non-millionaires, what a real crafty accountant charges is more than what the IRS wants.
Plus, of course, that when we pay taxes, we do get something back, like roads and police. The accountant, on the other hand, does not feed back to society; it is a parasite that is useful for the host, but bad for the species.
Re:Part of me says, "Good!" (Score:5, Insightful)
VPN is not really the problem, since VPN access tends to be quite limited in scope.
I think that the main problem is that a random guy in China has a local copy of all the source code of the company.
If access to the code required some NDA, the company is now in pretty deep shit.
Anyway, kudos to the chinese guy, he seems to be a good coder and had to work at an unusual work schedule.
Therefore outsourcing doesn't change the price. (Score:4, Insightful)
If mfg CDs is a fraction of the cost, then doing it locally in a more expensive job market won't increase the price of the CD much, will it.
speedy/full recovery! (Score:3, Insightful)
"Market & economy have laws that can't be broken"
I can only conclude that you just awoke from a 5-year coma...
glad to hear you're doing better!
Re:Part of me says, "Good!" (Score:5, Insightful)
Employee is in wrong position, if was able to successfully find / hire / manage a highly competent programmer in China.
I don't think you want this guy as your program manager. Look at the facts. He was paid $X and paid somebody to do his job for less. He isn't making any extra money and in fact is taking home less money than if he did the job himself (and since he isn't a business, he can't even deduct the outsourcing expense from taxable income). The guy still had to show up at work each day (where he would just surf the net), but his outsourcing activities didn't free him up to do other programming which would bring him additional revenue.
No, the only reason to do something like this is because you are incompetent at the job you were hired for and need to cover that up, or you are an idiot because you are giving away a large chunk of your pay so you can surf the net. Neither of those are qualities that I would want in a manager.
Re:Part of me says, "Good!" (Score:5, Insightful)
Re:Part of me says, "Good!" (Score:5, Insightful)
You mean, except for the whole "some random dude in another country now has his RSA ID and noone was the wiser", ya sure.
Re:Part of me says, "Good!" (Score:5, Insightful)
That's the American Dream, 2013 style. Hard work only gets you more hard work, but exploiting the hard work of others makes you rich. As others have pointed out, employers do this all the time, and not only is it accepted, it's expected. But when a peon.. whoops, excuse me, the proper term is "an employee", turns the tables on them, well, we can't have that, can we. Companies don't like it when you don't eat the shit you're given.
To me, yes, what this guy did was wrong and dishonest. But, to a lot of people, the only thing this guy did wrong was get caught. Companies that work the system (legally or not) are praised as 'innovative' and 'efficient', and the execs get huge bonuses while the people who do actual work struggle to make ends meet with their salaries that don't keep pace with inflation. And, should the companies get caught doing something that's actually illegal instead of just morally reprehensible, they pay a fine (which is generally less than the amount of savings/extra profit they realized through the illegal activity) and get a stern talking to. But, when this guy does the same thing, he loses his job, gets his reputation ruined, and may very well go to jail. God Bless America.
Re:Part of me says, "Good!" (Score:2, Insightful)
companys have no loyalty to employees anymore, so the reverse is just common sense.
Re:Part of me says, "Good!" (Score:2, Insightful)
Re:Part of me says, "Good!" (Score:5, Insightful)
People who can do outsourcing that well are very rare.
How "well" is that? He pushed a "critical infrastructure" job offshore without a full ISO security audit, putting his employer in the position where they risk losing their ISO certification and get sued into non-existance. The reason his offshoring was cheap and profitable was because he made a very, very bad job of it. He has lost his job, and the only reason he hasn't been sued into bankruptcy is the fact that his employer is sh*t-scared of anyone knowing it was them.
Re:Outsourcing (Score:5, Insightful)
No it's holding women to a standard. It's not misogynist.
When a couple are in a 'relationship' it is an agreement of sorts that does not extend to the world. And if that agreement is breeched, only one of the two parties can be responsible for it. A third party cannot be responsible for breeching that agreement.
What I find to me extremely weird is the unexplained "lower standard" we expect of women. We don't expect them to keep their word or their promises or to keep secrets. We expect that it is somehow a woman's perogative to change her mind without cause, notice or explanation. I'm not sorry that I heartily disagree with this notion. Men and women are people and I hold them both to the same expectations of honor and integrity.
So once again, if a girlfriend cheats, I am not going to blame the handsome, charming stranger. I am going to hold her accountable for her actions. How is that misogynist?
When An Individual Does This, It's Fraud (Score:5, Insightful)
When a corporation does this?
Good stewardship of shareholder investment.
Make the corporation illegal!
Re:Part of me says, "Good!" (Score:5, Insightful)
In other words, he knows how to make a profit by screwing over other people and escape the consequences. Clear Wall Street material.
Re:Part of me says, "Good!" (Score:5, Insightful)
Because accomplishing things you consider valuable triggers the reward circuits in your brain. That's the reason people do volunteer work, have hobbies, etc.
Both you and the parent are confusing "work" and "job". They are not the same thing, altough if you're lucky they might overlap.
Re:Part of me says, "Good!" (Score:4, Insightful)
It ceases or becomes less fun, when you are dependant on that money for living, it introduces worry about the money, more than the enjoyment of the task.
And again...things I like to do, make very no money or not nearly enough to support my lifestyle.
For instance.
I like to cook. I do it for friends and neighbors and myself. If I were a lottery winner, I might possibly buy a small restaurant, and open it to cook stuff for whenever I felt like it. Frankly, if you make something small, good and hard to get into, foodies will flock to it.
However, in the past, I did food service for a living, and it is TOUGH...hours and work.
I hope I NEVER have to do that again for a living, to have my livelihood depend on the stress and strain of doing that to live.
However, if I had extreme wealth...I could open a place do it for fun.....open when I felt, whatever, but if I didn't feel like doing it that day, I wouldn't have to.
With a 'job' or 'work'...you don't have that option because you depend on it for money, and that adds strain and decreases or destroys the fun in it.
Re:Part of me says, "Good!" (Score:3, Insightful)
Yes, the contractor has to have a VPN connection to the employee's home. The employee needs to periodically upload the work from his home to the office. And maybe sometimes just forward the connection through his home as necessary for specific projects.
Re:Part of me says, "Good!" (Score:5, Insightful)
Sorry to hear about your loss, but why are you alone?
That was about 7 years ago...do you not have a bunch of other friends or people you can do things with? When you were married, did you not keep close friends then...or was it just you and her and no outside people?
You're near 50....hell, get out there, meet another woman, they are a dime a dozen out there. Get laid. Hell, if you want..get involved.
I know there is a period of grieving, but you're still in this world, and I doubt your wife would want you to be down forever. Get out and enjoy yourself. If you don't have to work for a living...get out and find something to do.
Have you ever been a tourist in your own town?
Once, when I was in between contracts for about 7mos...I got up each day....walked the dog, hit the gym for a couple hours...and in the afternoons, I'd hop on my motorcycle and do something different every day. I went to check out the various museums...stuff like that.
And if you like computers...tinker with those.
And start to embrace some 'alone time'. I love my alone time, make use of it to do things that having someone around all the time can distract you from, like maybe learning a new language.
And hell...TRAVEL. If you have the means, go somewhere. How about this spring, go rent a bungalow in Key West and go party on Duval street and dine out for a week? Plenty of people to meet there or anywhere else you travel.
There's not a lack of things to do in this world at all, just pick something and GO.
Good luck. Again, sorry about your wife passing, but after 7 years, you really need to be moving on and enjoying the rest of your life. Your a the midpoint now, don't waste time!!