Security audit finds dev OUTSOURCED his JOB to China
A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.
The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with two-factor authentication so staff could work at home. The VPN traffic logs showed a regular series of logins to the company's main server from Shenyang, China, using the credentials of the firm's top programmer, "Bob".
"The company's IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob's desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator," said Verizon. "Yes, it is a bit of a convoluted theory, and like most convoluted theories, an incorrect one."
- Tue, 2013-05-07 11:21
- Fri, 2013-05-03 09:41
- Mon, 2013-04-15 04:55