Do you fire an employee for not doing his job, or do you promote him for being brilliant?
That thought may have crossed the minds of supervisors at an unidentified American critical-infrastructure company mentioned on Verizon's computer-security blog Monday (Jan. 14).
An audit of the firm's server logs revealed an alarming amount of unexplained logins from China into the company's virtual private network.
It appeared that a Chinese hacker was breaking into the corporate network almost every day by using an employee's RSA key, a random-passcode-generating token.
But that specific employee, a software developer, was in the building every day sitting at his desk.
Had someone stolen his identity? Was this a result of the 2011 RSA hack that exposed the seed numbers for millions of passcode generators?
Fearing that millions of dollars in company secrets had been stolen by Chinese hackers, the company brought in Verizon investigators.
The team took a look at the employee's computer for evidence of malware infection. What they found amazed them.
The employee wasn't doing any work at all. He just surfed the Web and checked email all day.
Every week, he received an invoice — from China.
It turned out the employee, who was considered one of the best software developers in the company, had completely outsourced his job and was paying Chinese developers about one-fifth of his own six-figure salary.
He'd even sent the Chinese developers his passcode generator so they could log into the company's network on his behalf every day.
There was evidence he was pulling the same scam at other companies as well.
The Verizon blog posting didn't mention whether the man still worked at the company.