用户注册 登录
珍珠湾全球网 返回首页

新闻速递 http://mail.zhenzhubay.com/?91 [收藏] [复制] [分享] [RSS]

日志

美程序员雇中国人替自己上班

热度 5已有 15390 次阅读2013-1-17 12:21 |系统分类:转帖-科技| into, identified, 中国人, critical, critical, critical, critical, critical

一位年薪六位数(美元)的美国程序员雇佣了中国沈阳的程序员替自己上班干活,自己天天逍遥自在,上班就是看视频、非死不可。。

每天中国程序员登陆该美国程序员的系统,替其编写程序。该美国程序员因“工作”质量优秀、交活及时经常得到好评,被尊为最佳程序员。

后来公司发现有人从中国登陆,以为遭到黑客入侵,雇佣安全公司进行调查。安全公司大为震惊,因为这个公司登陆必须有一个随身携带的密码产生装置,而这个装置一直由美国员工带着,他人就坐在那里,对着屏幕。这怎么可能呢?经过各种分析也无法解释。

直到从这个美国程序员计算里发现了中国发来的账单。这才发现了其中的奥妙。

此人每年收入几十万美金,却只要付给中国人5万。

总的来说,这份工作给美国创造了几十万美金的GDP,给中国创造了5万的GDP。

美国网友们对此人纷纷表示赞赏,呵呵呵。

Outsourced: Employee Sends Own Job To China; Surfs Web

by Bill Chappell
January 16, 2013 3:00 PM

What began as a company's suspicion that its infrastructure was being hacked turned into a case of a worker outsourcing his own job to a Chinese consulting firm, according to reports that cite an investigation by Verizon's security team. The man was earning a six-figure salary.

The anonymous company, identified only as a critical infrastructure firm, asked Verizon's Web security personnel to look into data that showed its virtual private network was being accessed from China — even as the employee whose credentials were used to log in from overseas was sitting in the company's offices, using his computer.

As Emil Protalinski writes at The Next Web, the company's security measures included a coded fob which, the investigating team learned, a code developer had shipped to Shenyang, China, so that a company there could perform his assigned work.

And it turns out that the job done in China was above par — the employee's "code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building," according to the Verizon Security Blog.

It seems that Verizon has removed the page publishing this "case study" — either that, or it has merely become unavailable for some other reason. But a cached version of the story offers more details. The report, which assigns the inventive employee the fictitious name of "Bob," described him as a family guy in his 40s, with extensive software knowledge.

After they were called in to look for rogue software that allowed hackers to perfectly mimic an employee's log-in, and maintain an active and secure connection, the investigators instead found "hundreds of .pdf notices from a third party contractor/developer in (you guessed it) Shenyang, China."

The Verizon team even found that "Bob" kept a regular schedule at his office:

9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – Ebay time.
2:00 – ish p.m Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home

And as they learned, his schedule also included sending less than one-fifth of his salary to the Chinese firm. Verizon's investigators say the evidence they uncovered suggests "Bob" might have had similar arrangements at several companies.

"All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually," according to the Security Blog.

It is not yet clear whether "Bob" has read former kickboxer Tim Ferriss's book The 4-Hour Workweek, which explores ideas that include "Outsourcing Life" and "Disappearing Act: How to Escape the Office."

http://www.npr.org/blogs/thetwo-way/2013/01/16/169528579/outsourced-employee-sends-own-job-to-china-surfs-web



Case Study: Pro-active Log Review Might Be A Good Idea
Andrew Valentine
January 14th, 2013

With the New Year having arrived, it’s difficult not to reflect back on last year’s caseload. While the large-scale data breaches make the headlines and are widely discussed among security professionals, often the small and unknown cases are the ones that are remembered as being the most interesting from the investigators point of view. Every now and again a case comes along that, albeit small, still involves some unique attack vector – some clever and creative way that an attacker victimized an organization. It’s the unique one-offs, the ones that are different that often become the most memorable and most talked about amongst the investigators.

Such a case came about in 2012. The scenario was as follows. We received a request from a US-based company asking for our help in understanding some anomalous activity that they were witnessing in their VPN logs. This organization had been slowly moving toward a more telecommuting oriented workforce, and they had therefore started to allow their developers to work from home on certain days. In order to accomplish this, they’d set up a fairly standard VPN concentrator approximately two years prior to our receiving their call. In early May 2012, after reading the 2012 DBIR, their IT security department decided that they should start actively monitoring logs being generated at the VPN concentrator. (As illustrated within our DBIR statistics, continual and pro-active log review happens basically never – only about 8% of breaches in 2011 were discovered by internal log review). So, they began scrutinizing daily VPN connections into their environment. What they found startled and surprised them: an open and active VPN connection from Shenyang, China! As in, this connection was LIVE when they discovered it.

Besides the obvious, this discovery greatly unnerved security personnel for three main reasons:

They’re a U.S. critical infrastructure company, and it was an unauthorized VPN connection from CHINA. The implications were severe and could not be overstated.
The company implemented two-factor authentication for these VPN connection. The second factor being a rotating token RSA key fob. If this security mechanism had been negotiated by an attacker, again, the implications were alarming.
The developer whose credentials were being used was sitting at his desk in the office.

Plainly stated, the VPN logs showed him logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor. Shortly after making this discovery, they contacted our group for assistance. Based on what information they had obtained, the company initially suspected some kind of unknown malware that was able route traffic from a trusted internal connection to China, and then back. This was the only way they could intellectually resolve the authentication issue. What other explanation could there be?

Our investigators spent the initial hours with the victim working to facilitate a thorough understanding of their network topology, segmentation, authentication, log collection and correlation and so on. One red flag that was immediately apparent to investigators was that this odd VPN connection from Shenyang was not new by any means. Unfortunately, available VPN logs only went back 6 months, but they showed almost daily connections from Shenyang, and occasionally these connections spanned the entire workday. In other words, not only were the intruders in the company’s environment on a frequent basis, but such had been the case for some time.

Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China.

Employee profile –mid-40’s software developer versed in C, C++, perl, java, Ruby, php, python, etc. Relatively long tenure with the company, family man, inoffensive and quiet. Someone you wouldn’t look at twice in an elevator. For the sake of case study, let’s call him “Bob.”

The company’s IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob’s desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator. Yes, it is a bit of a convoluted theory, and like most convoluted theories, an incorrect one.

As just a very basic investigative measure, once investigators acquired a forensic image of Bob’s desktop workstation, we worked to carve as many recoverable files out of unallocated disk space as possible. This would help to identify whether there had been malicious software on the system that may have been deleted. It would also serve to illustrate Bob’s work habits and potentially reveal anything he inadvertently downloaded onto his system. What we found surprised us – hundreds of .pdf invoices from a third party contractor/developer in (you guessed it) Shenyang, China.

As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day. Investigators checked his web browsing history, and that told the whole story.

A typical ‘work day’ for Bob looked like this:

9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos

11:30 a.m. – Take lunch

1:00 p.m. – Ebay time.

2:00 – ish p.m Facebook updates – LinkedIn

4:30 p.m. – End of day update e-mail to management.

5:00 p.m. – Go home

Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually. The best part? Investigators had the opportunity to read through his performance reviews while working alongside HR. For the last several years in a row he received excellent remarks. His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building.

This entry was posted on Monday, January 14th, 2013 at 2:46 pm and is filed under Editorial. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Comments

This is nearly unbelievable. Is he overpayed or are the chinese underpayed? Crazy story indeed.
Posted by: Stephan Schielke on January 15th, 2013 at 9:39 pm

“Quarter after quarter, his performance review noted him as the best developer in the building.”

Elvis has left the building.
Posted by: JoeThePimpernel on January 15th, 2013 at 9:45 pm

So, we’re saying Bob’s activity here was frowned upon? Cause I’m betting no one explicitly mentioned this to him in the interview.
Posted by: James on January 15th, 2013 at 10:09 pm

Pretty cool idea apart from the whole scary critical infrastructure component. Would this be more acceptable (and maybe even encouraged) if there were an NDA in place and the company dealt with comicbooks instead of critical infrastructure?
Posted by: Bob on January 15th, 2013 at 10:26 pm

Sounds like someone read “The 4 Hour Work Week” and decided to try it out…
Posted by: Tony on January 15th, 2013 at 11:25 pm

Sounds like a “4-Hour Workweek” success story.
Posted by: mark zero on January 15th, 2013 at 11:39 pm

Sooo… where’s the problem? He improved his personal profit and the quality and efficiency of his work, obviously. And all that by using standard business practices – get money to do the job, then pay someone else less to actually do it.
This guy is an american hero and deserves a medal. I’d even go so far to call him a modern times Tom Sawyer, but since the chinese didn’t pay HIM to do his work, that’s just a little bit too far off.
Posted by: Unterdosis on January 15th, 2013 at 11:47 pm

ha ha ha smart guy hope they gave him a raise
Posted by: emk on January 16th, 2013 at 12:23 am

The worst part is his job meant something to the country. The best part we actuallu got the best out of China for cheap!
Posted by: neil m on January 16th, 2013 at 12:41 am

So this may have gone unnoticed for longer if the Chinese had come through a locally hosted VPS instead of making a direct connection?
Posted by: Paul on January 16th, 2013 at 1:49 am

Bob should have proxied the contractor’s connection through his home’s network.
Posted by: Djilali on January 16th, 2013 at 1:52 am

Gerät Job Bob!
Posted by: Peter Schmitz on January 16th, 2013 at 1:58 am

Surely that guy has to be promoted to manage a division that outsources sw dev to China. It’s the thing he is obviously very good at.
Posted by: Alice on January 16th, 2013 at 3:13 am

Sounds like they hired a lazy person to do a tech job. Perfect job because, according to Bill Gates, that is exactly what you want to do. “http://www.goodreads.com/quotes/568877-i-choose-a-lazy-person-to-do-a-hard-job” In typical fashion for tech people, he figured out the easiest way to do his job(s). Why is this news? It’s innovative, I’ll give him that. Sounds like he should be a high level manager instead of coding for a living. Maybe this is a clear example why most average people don’t understand tech people.
Posted by: anon coward on January 16th, 2013 at 3:22 am

So…. what was the name of the Chinese firm he was contracting with? They didn’t happen to list a phone number?
Posted by: Tyler on January 16th, 2013 at 3:41 am

So he managed a multi project setup, are able to communicate the requirements to remote “team members”, deals with different time zone, deliver in time, with good quality … Sounds like he was just in the wrong position.
Posted by: ThoMo on January 16th, 2013 at 3:43 am

http://webcache.googleusercontent.com/search?q=cache:http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/


路过

鸡蛋
1

鲜花

支持

雷人

难过

搞笑

刚表态过的朋友 (1 人)

 

发表评论 评论 (7 个评论)

回复 蓝天绿地 2013-1-17 13:09
想得开,脑子灵!
回复 xinsheng 2013-1-17 22:20
有领导风范。
回复 温和宝 2013-1-18 01:50
不知道这个员工后来怎样了,能不能继续这样混下去值得怀疑。
回复 ojx111 2013-1-18 04:37
温和宝: 不知道这个员工后来怎样了,能不能继续这样混下去值得怀疑。
He was fired.
回复 人間的盒子 2013-1-18 06:59
温和宝: 不知道这个员工后来怎样了,能不能继续这样混下去值得怀疑。
新闻说他被开除了
回复 温和宝 2013-1-18 07:38
人間的盒子: 新闻说他被开除了
这样的员工应该开除。不过这样的人比较适合当老板。
回复 人間的盒子 2013-1-18 08:04
温和宝: 这样的员工应该开除。不过这样的人比较适合当老板。
说不定是直接把对方雇用了(好像是家公司)

facelist

您需要登录后才可以评论 登录 | 用户注册

Archiver|手机版|珍珠湾全球网

GMT+8, 2024-11-13 12:24 , Processed in 0.028357 second(s), 8 queries , Apc On.

Powered by Discuz! X2.5

回顶部