[reposted from stoweboyd.com, originally written in 2013.]

Share

There was a brief flurry in the intertubes this week when Emil Protalinski broke a story titled “Verizon finds US developer outsourced his job to China so he could surf Reddit and watch cat videos.” It appears that the programmer was discovered because he’d sent his RSA token — the one that generates a password to log in to the VPN — and people in China were logging in:

From Andrew Valentine’s “Case Study: Pro-active Log Review Might Be A Good Idea“:

Besides the obvious, this discovery greatly unnerved security personnel for three main reasons:

• They’re a U.S. critical infrastructure company, and it was an unauthorized VPN connection from CHINA. The implications were severe and could not be overstated.

• The company implemented two-factor authentication for these VPN connection. The second factor being a rotating token RSA key fob. If this security mechanism had been negotiated by an attacker, again, the implications were alarming.

• The developer whose credentials were being used was sitting at his desk in the office.

Plainly stated, the VPN logs showed him logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor.

And looking deeper, it discovered that the mid-40ish programmer, ‘Bob,’ had been spending his day watching cat videos.

A typical ‘work day’ for Bob looked like this:

9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos

11:30 a.m. – Take lunch

1:00 p.m. – Ebay time.

2:00 – ish p.m Facebook updates – LinkedIn

4:30 p.m. – End of day update e-mail to management.

5:00 p.m. – Go home