Verizon’s security team did a write-up on a case they helped a company investigate which reads like a plot-line for “Office Space 2.” A programmer they nicknamed Bob privately outsourced his own job to China and spent his day surfing the Internet.
The guy was caught when the company noticed that their VPN server was being accessed frequently from China. Fearing malware or other espionage, they had forensic security professionals from Verizon investigate their systems.
The Verizon Security Blog isn’t responding (hence no link, but here’s the Google cache version), but here’s how they concluded the story:
As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day. Investigators checked his web browsing history, and that told the whole story.
A typical ‘work day’ for Bob looked like this:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – Ebay time.
2:00 – ish p.m Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home
Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually. The best part? Investigators had the opportunity to read through his performance reviews while working alongside HR. For the last several years in a row he received excellent remarks. His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building.
If you’re thinking “Office Space,” here’s the quote…
Bob Slydell: You see, what we’re actually trying to do here is, we’re trying to get a feel for how people spend their day at work… so, if you would, would you walk us through a typical day, for you?
Peter Gibbons: Yeah.
Bob Slydell: Great.
Peter Gibbons: Well, I generally come in at least fifteen minutes late, ah, I use the side door – that way Lumbergh can’t see me, heh heh – and, uh, after that I just sorta space out for about an hour.
Bob Porter: Da-uh? Space out?
Peter Gibbons: Yeah, I just stare at my desk; but it looks like I’m working. I do that for probably another hour after lunch, too. I’d say in a given week I probably only do about fifteen minutes of real, actual, work.
This guy’s plan was way better than the Superman III plan the guys in Office Space used to try to get back at the company.