Insider attack; Unauthorized use of user privileges; Unauthorized use of employer’s data

Other Critical Infrastructure // China; U.S.

An employee at a U.S. critical infrastructure company shipped his credential token to a firm located in Japan and paid the foreign company to login as himself and do his job during the workday. “The VPN logs showed him logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor.” The U.S. employee, dubbed Bob, “had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him.” A typical ‘workday’ for Bob looked like this: 9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos 11:30 a.m. – Take lunch 1:00 p.m. – Ebay time. 2:00 – ish p.m Facebook updates – LinkedIn 4:30 p.m. – End of day update e-mail to management. 5:00 p.m. – Go home “It looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually. . . Quarter after quarter, his performance review noted him as the best developer in the building.”