Security audit finds dev OUTSOURCED his JOB to China to goof off at work
 

While The Register is usually a pretty reliable source, parts of this fall into the 'too good to be true' area for me, particularly the logs which have supposedly been released for some reason of exactly what he spent his time doing. Although to be true UL material it wouldn't end with him no longer being at the company, he'd have been promoted.

http://www.theregister.co.uk/2013/01...ces_job_china/

Company is unnamed. The company's ISP Verizon is cited as the source, but the link to their statement in the article is dead.

Surely if he was that smart he wouldn't have entrusted his VPN key to people half way around the world and would have had them upload their work somewhere for him to pull down, rather than giving them full security access to his systems?

Many times its not possible to do the work without accessing the company network. You have data that you need, source code and infrastructure like databases etc. if he had to send everything to the offshore developer, he would be spending all day copying stuff

I don't think this is real though. A big part of a developers job is communication, especially if s/he is a star onshore developer. The raw coding by itself is probably half the work. Also, to be able to communicate effectively, he will have to understand issues himself, so he would have to spend time talking to his developer offshore. Our leads usually have 3 offshore developers under them, and they spend 40% of their time talking to offshore developers, 30% talking to onshore and 30% coding

Sounds totally bogus to me too.

That said, the whole Verizon site securityblog.verizonbusiness.com is down, not that one post.

I am trying to remember which webcomic had this happen in it. I THINK it was Dilbert, several years ago, but I am not sure. In the end, the guy ended up taking on a couple of different jobs at different places and outsourcing all the work to a team in China, paying them 10% of his pay, and living on 90% of his multiple salaries.

When I worked at the empire, I was told someone in our department had been fired for doing something very similar. I never spent any time verifying the story though.

I read it from this link, which indicated that they found the perp after noticing a Chinese address in their VPN access logs, and that this VPN token belonged to an employee who was sitting onsite at his desk at the time he was supposedly using his token.

Link is dead - more details on the BBC one though.

Two-bit developer wasn't smart enough to create a connection between his home and work (via VPN) and having his Chinese partner in crime do the work from his (the two-bit developer's) home network. Duh.

OY

Not so easy depending on the company's access policies and it still wouldn't fix the problem of the employee sitting at his desk when his token was being used for VPN access.

The Verizon blog is back online for me. Seems legit. Our IT department was laughing about this yesterday.