US employee 'outsourced job to China'

Man with computer The employee spent a nine-to-five workday surfing the internet

Related Stories

A security check on a US company has reportedly revealed one of its staff was outsourcing his work to China.

The software developer, in his 40s, is thought to have spent his workdays surfing the web, watching cat videos on YouTube and browsing Reddit and eBay.

He reportedly paid just a fifth of his six-figure salary to a company based in Shenyang to do his job.

Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach.

According to Andrew Valentine, of Verizon, the infrastructure company requested the operator's risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.

"This organisation had been slowly moving toward a more telecommuting oriented workforce, and they had therefore started to allow their developers to work from home on certain days. In order to accomplish this, they'd set up a fairly standard VPN concentrator approximately two years prior to our receiving their call," he was quoted as saying on an internet security website.

The company had discovered the existence of an open and active VPN connection from Shenyang to the employee's workstation that went back months, Mr Valentine said.

And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China.

"Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China," said Mr Valentine.

Further investigation of the employee's computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.

The employee, an "inoffensive and quiet" but talented man versed in several programming languages, "spent less than one fifth of his six-figure salary for a Chinese firm to do his job for him", Mr Valentine said.

"Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day," he added.

"Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 (£31,270) annually."

The employee no longer worked at the firm, Mr Valentine said.

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

Skeleton 2

My friend with a robot skeleton

How he defied paralysis to walk again Read more...

Programmes

  • Click reporter Jen Copestake looks at a smart mirrorClick Watch

    From the mirror offering beauty advice to next gen robot vacuums - the connected home of the future

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.