“Bob” is an unassuming, 40-ish software developer with a big secret: He really likes cat videos.
But Bob had a problem: He has to work, and the American economy doesn’t exactly brim with jobs that pay you to watch cat videos all day.
So Bob hatched a plan: Aiming to get the best of both worlds, Bob outsourced his work to a Chinese developer. The plan was simple, brilliant, and completely water-tight: Not only was Bob able to do whatever he wanted while at “work” (like read Reddit and surf eBay), but he also made hundreds of thousands of dollars in the process. What could possibly go wrong.?
A lot, it seems. According to a blog post by the Verizon Business Security team, Bob’s antics raised a lot of red flags at his employer, which, as a “U.S. critical infrastructure company” saw the traffic coming from China and expected the worst.
Charged with the task of investigating the case, the security team quickly discovered Bob’s plan, which involved routing VPN traffic to his Chinese contractor and passing off the resulting work as his own. Worse, Bob had even shipped the contractor his RSA security token, which enabled the contractor to bypass the two-factor security measures implemented by Bob’s employer. (In case you were curious, the entire post is a case study in why companies should be more proactive about checking their traffic logs for unusual network activity.)
Sadly, Verizon doesn’t say how Bob’s story concludes, but I’m pretty sure it ends up with him getting fired — which is, if you think about it, not the worst thing for him. After all, you can watch all the cat videos you want while you’re unemployed.