This week, the Internet was captivated by a story of how a US developer outsourced his job to China so he could surf Reddit and watch cat videos. The unnamed man, referred to simply as Bob, working for the unnamed US-based critical infrastructure company, has been called everything from lazy to clever.
Yet the truth of the matter is the developer was terminated for violating internal company policy. Now the man who caught him has revealed how Bob could have been even smarter and significantly reduced his chances of getting caught.
The whole story came out courtesy of a Verizon case study by the company’s security team. In an interview with ABC, Andrew Valentine, head of the Verizon team that figured out the scheme, explained what happened in the aftermath of the investigation and what Bob could have done differently:
“The employee denied everything at first, but then changed his story once we produced the invoices that were recovered from deleted disk space,” Valentine told ABC News. “Honestly? I thought it was pretty clever. I think he took a calculated risk by knowingly violating company policy, for sure — but it was clever.”
Valentine said that if he was even cleverer, he would have set up a server at home, or somewhere else off-site, for the Chinese consulting firm to access. Then he could proxy their traffic, making it appear that the traffic was coming from his home. “That would have been a smarter way to go about it. But yes, either way, pretty clever,” Valentine said.
Yes, using a proxy would have been smart. Unless his employer went digging, he or she probably would not have noticed that Bob’s online activity was coming from his house even when he was in his office. Even then, it would have been better than seeing VPN logs full of activity from Shenyang, China.
If you missed the original story, read our previous coverage here: Verizon finds US developer outsourced his job to China so he could surf Reddit and watch cat videos
Image credit: Ahmed Al-Shukaili