By now you may have heard the story of an American software developer who scammed several companies by forwarding a fraction of his six-figure salary to a Chinese company that was doing his work for him while he sat in his office surfing Reddit and watching cat videos.
The unidentified man, nicknamed "Developer Bob," was caught by a team of misconduct investigators at Verizon Enterprise Solutions that was asked by one of Bob's employers to review "anomalous activity" in its records — namely, the remote login of an unknown user from Shenyang, China.
In order to access the company's data, an employee would need to use a physical key card, so the fact that someone in China was using Bob's credentials while he was sat in his US office raised a natural suspicion.
Sure enough, the Verizon investigation turned up hundreds of invoices sent to Bob from a contractor in Shenyang, and the rest of the pieces soon fell into place.
Bob, a model employee by all accounts, was paying the Chinese firm $50,000 out of a salary of several hundred thousand dollars across multiple companies to code on his behalf.
Meanwhile, Bob would spend his day on online shopping and Facebook status updates.
"His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building," said Andrew Valentine, head of the Verizon team that busted Bob.
Valentine said that if he was even cleverer, he would have set up a server at home, or somewhere else off-site, for the Chinese consulting firm to access. Then he could proxy their traffic, making it appear that the traffic was coming from his home.
"That would have been a smarter way to go about it," he added. "But yes, either way, pretty clever."