In the process of conducting a security check on the systems of an American company, Verizon found a software developer who had outsourced his job to China, leaving him free to surf the internet all day.
The developer (Verizon called him ‘Bob‘) sent one fifth of his six-figure salary to a company in Shenyang to do all his work for him. He had, months earlier, sent his security token to China, allowing a third-party contractor to log in under his credentials during the day. He came in from nine to five every day.
Bob, described by Verizon’s Andrew Valentine as an “a family man, inoffensive but quiet”, gained a reputation as a top programmer, skilled in multiple languages.
“Investigators had the opportunity to read through his performance reviews,” Valentine wrote. “For the last several years in a row he received excellent remarks. His code was clean, well-written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building.”
Bob told Verizon his typical workday consisted of surfing Reddit and watching cat videos on YouTube from 9am to 11.30am, then taking an hour and a half for lunch, followed by an hour on eBay, two and a half hours of social networking, before an end of the day update to management detailing his accomplishments for the day.
All good things must come to an end: Bob isn’t working at the firm anymore.
Ref: Security Blog, Verizon RISK Team. Myriam Robin, Leading Company