There are many benefits to outsourcing work to out of US, but this is by far the most brilliant of them all. A person living in the US, hired a Chinese firm to do his day job while he would be on Reddit and eBay. He would pay the Chinese firm just 1/5th of his six figure salary and get his work done. Interestingly, he wasn’t just working in one company, but several local companies.
To accomplish this he sent his RSA card via Fedex to the Chinese firm and let them do the work. The fraud was uncovered when there was a security breach audit and investigation of his computer revealed invoices from the Chinese company.
According to Andrew Valentine, of Verizon, the infrastructure company requested the operator’s risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.
“This organisation had been slowly moving toward a more telecommuting oriented workforce, and they had therefore started to allow their developers to work from home on certain days. In order to accomplish this, they’d set up a fairly standard VPN concentrator approximately two years prior to our receiving their call,” he was quoted as saying on an internet security website.
The company had discovered the existence of an open and active VPN connection from Shenyang to the employee’s workstation that went back months, Mr Valentine said.
And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China.
“Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China,” said Mr Valentine.
Further investigation of the employee’s computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.
The employee, an “inoffensive and quiet” but talented man versed in several programming languages, “spent less than one fifth of his six-figure salary for a Chinese firm to do his job for him”, Mr Valentine said.
“Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day,” he added.
“Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 (£31,270) annually.”