I was recently asked by the BBC whether IT contractors, known as Ringers, were winning multiple contracts and sub-letting the work to low cost workers.
Well a blog post by company Verizon reveals that a software developer in a US organization was doing both.
He was sending his development work to a Chinese service provider and paying them a fraction of his earnings.
He was foiled when Verizon was asked to investigate suspicious VPN activity that looked like a security breach. Funny thing his he was praised in his annual reviews for his code quality.
The Verizon blog said: “Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China.
Employee profile -mid-40’s software developer versed in C, C++, perl, java, Ruby, php, python, etc. Relatively long tenure with the company, family man, inoffensive and quiet. Someone you wouldn’t look at twice in an elevator. For the sake of case study, let’s call him ‘Bob.'”
“As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day. Investigators checked his web browsing history, and that told the whole story.
A typical ‘work day’ for Bob looked like this:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – Ebay time.
2:00 – ish p.m Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.”
5:00 p.m. – Go home.”
Bob is now COO. Only joking.