American Programmer Outsources Job to China

 Pages 1 2 NEXT
 

American Programmer Outsources Job to China

image

A U.S. company got a shock when it discovered its systems were being accessed by someone in China.

Bob was the man you wouldn't suspect of any wrongdoing; 40s, nebbish, good at his job - one of the best programmers in the office, in fact - never complained, and always got a good review from management, who he emailed every day to update on his progress. Trouble was, that email was his only significant work contribution. Everything else was being done by the Chinese programmer to whom Bob had outsourced his job, at a fraction of his six figure salary.

The U.S. critical infrastructure company lucky enough to have Bob on its payroll first found out about the scam when it conducted a routine log review, trying to make sure its telecommuting employees were on the job. When it noticed an anomalous log-in apparently originating in China and using Bob's identity, its first thought was espionage, perhaps involving some sophisticated malware; all the more so because its log-in system was supposed to be highly secure, with two-factor authentication, utilizing a fob that Bob was supposed to have on his person.

Then it dug deeper, and discovered Bob's daily work routine consisted of:

9:00 a.m. - Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. - Take lunch
1:00 p.m. - Ebay time.
2:00 - ish p.m Facebook updates - LinkedIn
4:30 p.m. - End of day update e-mail to management.
5:00 p.m. - Go home

Alas, poor Bob. His web of secrets soon unraveled. That oh-so secure system with its fancy fob had been undone by FedEx, for Bob had simply mailed the doodad to his Chinese confederate. It turned out that this was not Bob's first time to the rodeo; evidence suggested that he'd been pulling the same trick elsewhere, raking in hundreds of thousands in fees while paying his subcontractor about fifty grand.

Nice work, if you can get it ...

Source: Verizon Security Blog

Permalink

Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

I don't THINK its illegal, just kind of immoral I suppose. The company wont be happy with him mailing his security thing to china though. Probably will get fired for 'compromising system security' or something like that.

It's the AMERICAN way. Should give this job creator a tax deduction, not crush his entrepreneurial spirit!

May not be illegal but, dependent on the firm and the contract, may be breaking some sort of Homeland Security protection or breaking his contract. Many companies have contracts that make it very easy to fire someone for reasons they don't need to explain. Also, if this were the US government...well, that would be pretty bad.

Also, didn't this story break more towards the beginning of the week? I know news is always "breaking" but I swear I read about this much earlier than today. Funny how living on the East Coast of the US means I get the same news stories I read hours earlier when the Pacific Coast firms wake up.

Yeah, saw this one on FB a little while ago.

damn, we have a new contender for the biggest prick in 2013.

now the company needs to fire him and hire the chinese programmer.

Bob can't seriously do his work AND surf the internet at the same time?
He must be horrible at multitasking.

I feel like I could make Online Proxy jokes all day long

Shame he didn't just have the guy access the system through VPN. Mighta kept his grift going a lot longer

image

That man has had balls. He should have had seven proxies.

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

as long as there were no NDA, or security clearance requirement for the position then he was breaking no laws, but if any of these were required then he technically voided his current contract at the point he started do this at his job (after that portion of the contract took effect in many cases immediately) then he could be responsible to reimburse the company on grounds of fraud all funds that were not spent doing the work (so everything he did not pay to his Chinese counterpart), and then damages to "confidential" company assets (similar to that of copyright infringement, but a lot bigger number)

gardian06:

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

as long as there were no NDA, or security clearance requirement for the position then he was breaking no laws, but if any of these were required then he technically voided his current contract at the point he started do this at his job (after that portion of the contract took effect in many cases immediately) then he could be responsible to reimburse the company on grounds of fraud all funds that were not spent doing the work (so everything he did not pay to his Chinese counterpart), and then damages to "confidential" company assets (similar to that of copyright infringement, but a lot bigger number)

A NDA is a contract, not a law. If you break one you can be sued for breaking a contract but you have broken no laws.

I have to say, that is fuckin' genius. As a guy who just narrowly averted (for an indeterminate amount of time) his company outsourcing his entire department, this is a lot better than the company doing it. His downfall was utterly stupid though. When workers log in remotely, even the most insecure of companies usually participate in IP tracking on some rudimentary level. It's just the most basic of security. Idiot should have taken some of that cash and payed for a proxy for the guy to log into.

...
Contact the Chinese guy with a job and a visa? He's obviously very good at it, willing to work cheap under bad conditions, and has none of those pesky morals that can ruin a good employee. A perfect replacement for Bob.

The only problem I see, from a company perspective, is the fact that he compromise security by FedExing his security token to the PRC. It's a pretty big problem, but I am surprised that this guy did not consider that his company was logging his and the contractor's activity.

As for the salary, consider that the US dollar is fairly strong abroad. That contractor was being paid FAR MORE than he would have been by any local employer. The contractor is the genius here.

AngryMongoose:
...
Contact the Chinese guy with a job and a visa? He's obviously very good at it, willing to work cheap under bad conditions, and has none of those pesky morals that can ruin a good employee. A perfect replacement for Bob.

The contractor probably has multiple contracts which bring him in plenty of revenue.

I might hire a Chinese person to make posts for me, I'll save so much time and be able to catch up on my sleep whilst appear to be an active member of various websites. Ror!

On other news, Escapist staff suddenly 300% more productive. Also, fluent in Mandarin.

http://www.youtube.com/watch?v=rYaZ57Bn4pQ

The Onion predict this years before.

This might open up the floodgates.
So much for the illusion that american programmers are better than the Chinese

If he achieved multiple coder of the months by using Chinese programmer,
What's the point of companies hiring locals anymore? Apparently they're not better than the cheap chinese or indian contractors

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

Maybe his company can sue for damages for breach of security.

After all, passing the workload and access details to someone in China is an easy breach of security and leaking company secrets.

At any rate they could certainly fire him and hire the Chinese guy instead.

God bless America!

CriticalMiss:
I might hire a Chinese person to make posts for me, I'll save so much time and be able to catch up on my sleep whilst appear to be an active member of various websites. Ror!

To see what that would be like, I took one of your previous posts and translated it into Chinese (traditional) on Google. Then I translated it back to English. Let's compare!

Wait, why was it difficult for Bioware to put gay relationships in to the game during development? They managed it with three Mass Effect games. True there were a (I'm assuming, having not played the game) relatively small number of potential sexy-time partners, but you're only going to need to change a few lines of dialogue provided every line doesn't begin 'Oh dearest husband-lover-man of mine, let's [insert activity here]'. And why not just make all of the romance options bisexual with a few here and there polarised one way or the other?

And as someone said earlier the partnerships in ME were kind of weak and didn't add a whole lot besides a horribly awkward cutscene as the pay off (and an achievement). I'd rather get on with the meat of the game rather than fanny around for a while without getting any benefit. At least wives in Skyrim make you a tasty packed lunch once in a while!

And so on, why is a BioWare game homosexual relationships in the development process it? They managed three Mass Effect games. Really a (I assume, have not played the game) to a relatively small number of potential partners sexy, but you only need to change a few lines of dialogue each line not yet started, 'Oh dearest of the husband's lover, [insert activity] ". Why not just let all the romantic Bisexual several polarization here and there one way or the other?

It is said that the partnership is kind of weak, and no increase in addition to a terrible embarrassment cutscene animation a lot to pay off (achievement). I prefer to let the meat of the game, rather than stern for a period of time, and did not get any benefits. At least the wife in the sky, so delicious packed lunches, once in a while!

Yeah, it's a cliche, but a damn good one. This is how I should probably post on The Escapist from now on.

This is kind of hilarious, and reminds me of this:

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

Illegal? No. Unethical? Yes.

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

Pretty sure this violates the terms of his employment contract, to say the least.

@retranslation: for some reason that's actually better than the original post

Dammit, I wish I had thought of that for my final projects last quarter... It would have made everything so much easier. D:

Also, this is freaking hilarious. XD

"The U.S. critical infrastructure company lucky enough to have Bob on its payroll"...

Just a note on the lawbreaking thing, there are laws regulating the security of critical infrastructure services. He can't have broken anything but his contract, but he CAN have caused his utility to have broken laws by his actions. It would depend on the utility type (not all are regulated), the function of the systems he had access to and what kind of access he had.

This story is not true. Like, at all.

2 1/2 hours of Reddit and cat videos? Then 2 1/2 hours of Facebook? Every day?! I'm calling fake; no one clever enough to outsource his job for this long would have enough brain cells required after that much time on reddit.

I think I'd rather learn to do the programming. Or hell at least install some PC games on that office computer to waste away the hours with. Spending that much time on those sites would drive me insane.

Talaris:
2 1/2 hours of Reddit and cat videos? Then 2 1/2 hours of Facebook? Every day?! I'm calling fake; no one clever enough to outsource his job for this long would have enough brain cells required after that much time on reddit.

I think I'd rather learn to do the programming. Or hell at least install some PC games on that office computer to waste away the hours with. Spending that much time on those sites would drive me insane.

If he played WoW a Chinese guy could outsource his gold farming work to him and the cycle is complete.

我剛聘請了一位飢餓的中國10歲寫我的文章。現在我可以了海盜的逃避現實的視頻和出售他們的錢整天!

White-Death:
我剛聘請了一位飢餓的中國10歲寫我的文章。現在我可以了海盜的逃避現實的視頻和出售他們的錢整天!

Get back to doing my work, you lazy bum! :P

...How is this newsworthy?

Oh, the controversy of SUBCONTRACTING and MIDDLEMEN. Such scandal!
But it's got CHINA and OUTSOURCING in the headline! I'm supposed to feel fearful and angry, right?

Caveat to the story - The Chinese contractor most likely employs 5-10 workers per daily task. I sincerely doubt it was ONE guy, especially in China.

juyunseen:

Hazzard:
Is this illegal or something? Because I can't think of any laws he was breaking, they hired him to do a job, he was being given the work willingly by someone else.

I don't THINK its illegal, just kind of immoral I suppose. The company wont be happy with him mailing his security thing to china though. Probably will get fired for 'compromising system security' or something like that.

No, It is VERY illegal.

See, he signed a contract stating that he would not give the "doodad" to anyone else. Then he committed fraud by claiming credit for the work.

He probably will not be prosecuted, but he will be fired. Maybe, possibly, be force to repay the company for the potential security breaches. Remember, even though the "contractor" did stay above board and not abuse his access privileges, the risk of it and the company not being able to protect itself from espionage, means that 'Bob' may have to pay significant restitution.

I would really like to see the rest of the story as to what happened to him.

On a similar topic. In the US Military, We used our ID cards (called C.A.C. cards Controlled Access Cards) to access ANY government computer. It had a Chip in it, and we put the whole card in the computer. It has our Security Clearance, Pin Number, Fingerprints (for the biometrics that the were planning on installing later), and all of our personnel file. We could be written up and fined several hundred dollars for misplacing or mishandling them.

HOLY SHIT. I JUST READ THE LINKED ARTICLE.

This is bigger then we thought.

They're a U.S. critical infrastructure company, and it was an unauthorized VPN connection from CHINA. The implications were severe and could not be overstated.

It could have been BAD infrastructure company means that this person had potential access to our infrastructure networks (power, water, nuclear power, ect). I mean what if the contractor was giving the system data to the Chinese government, or worse placing back-doors so they could access it later.

This will keep me up tonight.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here