• Facebook
  • Twitter
  • Subscribe
  • RSS

US Programmer Outsourced Coding to China, Watched Cat Videos

A company’s best programmer was a Chinese man working for a fifth of what lesser employees earned. Alas, one of those employees was getting paid the other four-fifths.

Globe and Mail (“How a ‘model’ employee got away with outsourcing his software job to China“):

Bob was his company’s best software developer, got glowing performance reviews and earned more than $250,000 a year.

Then one day last spring, Bob’s employer thought the company’s computer system had been attacked by a virus.

The ensuing forensic probe revealed that Bob’s software code had in fact been the handiwork of a Chinese subcontractor.

Bob was paying a Chinese firm about $50,000 a year to do his work, then spent the day surfing the web, watching cat videos and updating his Facebook page.


For the past two years, the firm, “a U.S. critical infrastructure company,” had increasingly been getting employees to telecommute or work from home.

To connect remotely to the company computer system, staffers needed a personal identification number, which changed at regular intervals. Employees were issued security tokens, small devices that updated them with the latest generated PIN.

Last spring, the company grew concerned about computer security breaches and asked its IT department to inspect more closely its remote-access logs, looking for unusual patterns of activity.

To their surprise, they saw that someone connected into their network every day from Shenyang, a city in the historical Manchurian north of China, near the Korean peninsula.

More interestingly, the Chinese intruder was logged in using Bob’s PIN and credentials, “yet the employee is right there, sitting at his desk, staring into his monitor,” Mr. Valentine wrote.

“Based on what information they had obtained, the company initially suspected some kind of unknown malware that was able [to] route traffic from a trusted internal connection to China, and then back. This was the only way they could intellectually resolve the authentication issue. What other explanation could there be?”

Verizon investigators were contacted. They inspected Bob’s workstation, trying to find whether he had unintentionally downloaded some Chinese computer malware.

Instead, the cyber-sleuths discovered hundreds of invoices from a software developer in Shenyang.

The investigation revealed that Bob had outsourced his job. To get around the changing PINs, he couriered his security tokens to the Shenyang subcontractor.

Looking at his web browsing history, investigators found that Bob spent his workday checking sites such as Reddit, Ebay, Facebook and LinkedIn and watching cat videos. Then he would type an e-mail at the end of the day to update management about his “work” and left at 5 p.m.

The Chinese contractor Bob picked did an excellent job.

“His code was clean, well-written, and submitted in a timely fashion,” Mr. Valentine noted. “Quarter after quarter, his performance review noted him as the best developer in the building.”

Bob, presumably, was fired. He may face fraud charges and be in violation of various laws, for all I know.  But what do you want to bet that his company decides to outsource most of its coding to China from here on out?

Related Posts:

About James Joyner
James Joyner is the publisher of Outside the Beltway, an associate professor of security studies at the Marine Corps Command and Staff College, and a nonresident senior fellow at the Atlantic Council. He's a former Army officer and Desert Storm vet. He earned a PhD in political science from The University of Alabama. Views expressed here are his own. Follow James on Twitter.


  1. wr says:

    Fired him? Why didn’t they make him CEO?

    Highly-rated. Helpful or Unhelpful: Thumb up 26 Thumb down 0

  2. Nikki says:

    Ok, you have to admire Bob’s ingenuity.

    Like or Dislike: Thumb up 9 Thumb down 0

  3. greg says:

    Now we know why Bob is always smiling 😉

    Like or Dislike: Thumb up 6 Thumb down 0

  4. Mikey says:

    Now THAT is “working smarter, not harder.”

    Like or Dislike: Thumb up 6 Thumb down 0

  5. Ben says:

    I’m pretty impressed.

    Like or Dislike: Thumb up 5 Thumb down 0

  6. walt moffett says:

    wonder if “Bob” is also known as “J.R.”.

    Like or Dislike: Thumb up 5 Thumb down 0

  7. Franklin says:

    “a U.S. critical infrastructure company,”

    This appears to be the main problem with his behavior.

    Like or Dislike: Thumb up 6 Thumb down 0

  8. OzarkHillbilly says:

    Bob, presumably, was fired.

    But if he had been the CEO of his company, he would have been given a multimillion $ performance bonus.

    Don’t tell me there isn’t class warfare in this country.

    Highly-rated. Helpful or Unhelpful: Thumb up 19 Thumb down 1

  9. CB says:

    Im not sure if this guy is an asshole or a genius.

    Like or Dislike: Thumb up 9 Thumb down 0

  10. jd says:

    The security breach he created makes him an a55h0le.

    Like or Dislike: Thumb up 5 Thumb down 2

  11. Franklin says:

    @CB: Im not sure if this guy is an asshole or a genius.

    Both, but the genius part is troubling. He’s smart enough to get himself all the free time in the world, and then dumb enough to spend it on Facebook.

    Like or Dislike: Thumb up 6 Thumb down 0

  12. Dave Schuler says:

    What’s the problem with this other than the security breach? I’m serious. Where’s the fraud? Based just on the information in the post, he showed up, stayed all day, and the work he was assigned got done promptly and well. What’s the problem?

    Let’s extend this a little farther. When a U. S. auto company has the engines for its small cars made in Japan or South Korea, are they engaging in fraud? Why or why not? If they say the cars are “Made in the U. S. A.” would that be actionable?

    Like or Dislike: Thumb up 2 Thumb down 0

  13. Franklin says:

    @Dave Schuler: That’s sort of the direction I was going with my first comment – it’s the security of a “U.S. critical infrastructure company” that is the main problem.

    We don’t many details, but I do also have a problem with lying about how you got the job done.

    Like or Dislike: Thumb up 1 Thumb down 0

  14. spark b says:


    There is always a fine line between the two.

    Like or Dislike: Thumb up 1 Thumb down 0

  15. grumpy realist says:

    @Dave Schuler: Actually, there are regulations indicating how much “foreign-produced” stuff can be in a product before it stops being domestically produced.

    Like or Dislike: Thumb up 0 Thumb down 0