US Programmer Outsourced Coding to China, Watched Cat Videos
A company’s best programmer was a Chinese man working for a fifth of what lesser employees earned. Alas, one of those employees was getting paid the other four-fifths.
Globe and Mail (“How a ‘model’ employee got away with outsourcing his software job to China“):
Bob was his company’s best software developer, got glowing performance reviews and earned more than $250,000 a year.
Then one day last spring, Bob’s employer thought the company’s computer system had been attacked by a virus.
The ensuing forensic probe revealed that Bob’s software code had in fact been the handiwork of a Chinese subcontractor.
Bob was paying a Chinese firm about $50,000 a year to do his work, then spent the day surfing the web, watching cat videos and updating his Facebook page.
For the past two years, the firm, “a U.S. critical infrastructure company,” had increasingly been getting employees to telecommute or work from home.
To connect remotely to the company computer system, staffers needed a personal identification number, which changed at regular intervals. Employees were issued security tokens, small devices that updated them with the latest generated PIN.
Last spring, the company grew concerned about computer security breaches and asked its IT department to inspect more closely its remote-access logs, looking for unusual patterns of activity.
To their surprise, they saw that someone connected into their network every day from Shenyang, a city in the historical Manchurian north of China, near the Korean peninsula.
More interestingly, the Chinese intruder was logged in using Bob’s PIN and credentials, “yet the employee is right there, sitting at his desk, staring into his monitor,” Mr. Valentine wrote.
“Based on what information they had obtained, the company initially suspected some kind of unknown malware that was able [to] route traffic from a trusted internal connection to China, and then back. This was the only way they could intellectually resolve the authentication issue. What other explanation could there be?”
Verizon investigators were contacted. They inspected Bob’s workstation, trying to find whether he had unintentionally downloaded some Chinese computer malware.
Instead, the cyber-sleuths discovered hundreds of invoices from a software developer in Shenyang.
The investigation revealed that Bob had outsourced his job. To get around the changing PINs, he couriered his security tokens to the Shenyang subcontractor.
Looking at his web browsing history, investigators found that Bob spent his workday checking sites such as Reddit, Ebay, Facebook and LinkedIn and watching cat videos. Then he would type an e-mail at the end of the day to update management about his “work” and left at 5 p.m.
The Chinese contractor Bob picked did an excellent job.
“His code was clean, well-written, and submitted in a timely fashion,” Mr. Valentine noted. “Quarter after quarter, his performance review noted him as the best developer in the building.”
Bob, presumably, was fired. He may face fraud charges and be in violation of various laws, for all I know. But what do you want to bet that his company decides to outsource most of its coding to China from here on out?