
Here's a story right out of the "why didn't I think of that" file. Have you ever wanted to spend all day checking out cat videos and surfing Facebook and LinkedIn? Well one US developer found a way to do it that went undetected for several years.
This clever developer found someone in China that was qualified to do his job. He then mailed his SecureID token to the outsourced employee and paid the person 1/5 of his 6 figure salary to do his job. Then the guy sat back and surfed cat videos on Reddit all day and watched the money roll in.
Well the company that he worked for recently hired Verizon to perform a security audit. Verizon immediately spotted the unauthorized access from China and busted the employee. It turns out this same guy had been pulling in multiple jobs simultaneously all in the 6 figure range.
Brendan Spaar thinks this guy was pretty smart but he could have been a little more tech savy by having the outsourced employee traverse the VPN through a US based proxy. How did he ever come up with enough info for a management report at the end of the day? He surely didn't put down that he had been surfing cat videos all day.
Source: https://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/
This clever developer found someone in China that was qualified to do his job. He then mailed his SecureID token to the outsourced employee and paid the person 1/5 of his 6 figure salary to do his job. Then the guy sat back and surfed cat videos on Reddit all day and watched the money roll in.
Well the company that he worked for recently hired Verizon to perform a security audit. Verizon immediately spotted the unauthorized access from China and busted the employee. It turns out this same guy had been pulling in multiple jobs simultaneously all in the 6 figure range.
Brendan Spaar thinks this guy was pretty smart but he could have been a little more tech savy by having the outsourced employee traverse the VPN through a US based proxy. How did he ever come up with enough info for a management report at the end of the day? He surely didn't put down that he had been surfing cat videos all day.
Source: https://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/