According to the Verizon security blog released on the 14th, but now only available in a cache, an interesting security problem was uncovered last year at an unnamed critical infrastructure company in the US. The company only recently had started to actively monitor VPN connections for thier network on a daily basis. Upon doing so, they found a VPN connection from Shenyang, China. It was live and in use at the time of discovery.
The connection to the VPN required a rotating token RSA key fob. So how could this be. The credentials for the person to whom the fob was tied to was in the office and at his desk. So could this be an attack? A case of malware? The company was rightfully alarmed and turned to Verizon to help.
Well it was a security breach, but one which can be attributed to the employee. Seems this mid-40s “family man” and senior code developer had outsourced his job to Shenyang – and the fob? seems it was legit, only the employee had shipped it over to the outsourced company. Apparently the outsource coder was top notch. Only the work was attributed to the outsourcing employee whos performance review “noted him as the best developer in the building”.
The blog goes on to note that “evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually.”
So what did the employee do with his time? Verizon was able to help with that too.
- 9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
- 11:30 a.m. – Take lunch
- 1:00 p.m. – Ebay time.
- 2:00 – ish p.m Facebook updates – LinkedIn
- 4:30 p.m. – End of day update e-mail to management.
- 5:00 p.m. – Go home
Just when you think you have heard it all. A lesson in due diligence for network admins.
Recent Comments