Developer at critical infrastructure firm outsourced job to China for a fraction of his six-figure salary, Verizon researcher finds.
Showing what can happen when companies don’t periodically review network logs, a software developer working for a large U.S. critical infrastructure company hired a Chinese firm to do his job so he could spend time surfing Reddit and watching cat videos.
Details of the 2012 incident, investigated by Verizon’s security services group, was recounted this week in a blog post by Verizon security researcher Andrew Valentine.
According to Valentine, Verizon was asked by the infrastructure company to investigate some strange activity in VPN logs for a network that was set up to let remote workers securely log into corporate networks.
Last May, the unidentified company’s IT security department started monitoring logs generated at their VPN concentrator and discovered an open and active VPN connection originating from Shenyang, China.
“This discovery greatly unnerved security personnel,” Valentine wrote. “They’re a U.S. critical infrastructure company, and it was an unauthorized VPN connection from China. The implications were severe and could not be overstated.”
[…]
