[ISN] Developer outsources work to China so he can watch cat videos (and gets caught)

http://venturebeat.com/2013/01/16/developer-outsources-work-cat-videos/ By Ricardo Bilton venturebeat.com January 16, 2013 “Bob” is an unassuming, 40-ish software developer with a big secret: He really likes cat videos. But Bob had a problem: He has to work, and the American economy doesn’t exactly brim with jobs that pay you to watch cat videos all day. So Bob hatched a plan: Aiming to get the best of both worlds, Bob outsourced his work to a Chinese developer. The plan was simple, brilliant, and completely water-tight: Not only was Bob able to do whatever he wanted while at “work” (like read Reddit and surf eBay), but he also made hundreds of thousands of dollars in the process. What could possibly go wrong.? A lot, it seems. According to a blog post by the Verizon Business Security team, Bob’s antics raised a lot of red flags at his employer, which, as a “U.S. critical infrastructure company” saw the traffic coming from China and expected the worst. Charged with the task of investigating the case, the security team quickly discovered Bob’s plan, which involved routing VPN traffic to his Chinese contractor and passing off the resulting work as his own. Worse, Bob had even shipped the contractor his RSA security token, which enabled the contractor to bypass the two-factor security measures implemented by Bob’s employer. (In case you were curious, the entire post is a case study in why companies should be more proactive about checking their traffic logs for unusual network activity.) […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org