• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Do Not Let Your Boss Catches You at working surfing SBF...

halsey02

Alfrescian (Inf)
Asset
Verizon Catches Dev Paying Chinese Workers To Do His Job So He Can Browse The Web

Killian Bell (3:10 am PDT, Jan 16th)

1280-asleep-at-desk

Verizon Wireless has helped a critical infrastructure company based in the United States catch one of its developers paying Chinese workers to do his job so that he could browse the Internet all day. “Bob” outsourced all of his work to China and paid the workers just a fraction of his six-figure salary so that he could spend his time on sites like Reddit, Facebook, LinkedIn, and eBay.

Verizon has revealed the fascinating story in a new case study.

Bob (not his real name) worked at the unnamed company for a relatively long period, earning “several hundred thousand dollars a year,” and he received excellent performance reviews. He was regarding the best developer in the building, according to Verizon; his code was clean and well-written, and submitted in a timely fashion.

The thing is, it wasn’t actually Bob’s code. You see, Bob sent all of his work to China and paid workers there to do it for him for “about fifty grand annually.” So what did Bob do while he was in the office? Well, Verizon has drawn up schedule for Bob’s typical working day — this is it:

9 a.m. — Arrive at work and surf Reddit for several hours, watching cat videos. or SBF
11:30 a.m. — Take lunch.
1 p.m. — Browse eBay.
2 p.m. — Browse Facebook and LinkedIn.
4:30 p.m. — Send an end of day email to management.
5 p.m. — Go home.

At this point, it’s worth pointing out that this story isn’t at all fabricated, and it’s not a joke. It comes straight from Verizon — via The Next Web — which has published this information not because it was a large-scale data breach, but because Bob’s scam had a “unique attack vector.”

This is the most fascinating part: Bob didn’t just pull this scam with this particular company; he reportedly had it going with several companies in the area. And he’d probably still be doing it today if he wasn’t caught “accidentally.”

Verizon’s security team received a request from the critical infrastructure company that asked for help in understanding anomalous activity it had discovered in its VPN logs. The company had found an open and active connection from Shenyang, China, which was using Bob’s credentials to access its network. The connection occurred almost every day, and often spanned the entire work day.

However, part of the company’s authentication was a rotating token RSA key fob — without that, a successful connection to its network could not be made. It had initially suspected that a malware program had found its way onto Bob’s computer, but when Verizon investigated it, it was discovered that the VPN connection from Shenyang was at least six months old, which is how far back the VPN logs went.

Unable to explain how an intruder could have gained access to the company’s system, Verizon decided to take a closer look at Bob, since it was his credentials that were being used. The carrier’s case study described him as an “inoffensive and quiet” family man who “you wouldn’t look at twice in an elevator.”

After taking a look at Bob’s computer, Verizon found hundreds of PDF invoices from a Chinese consulting firm in Shenyang that was being paid to do Bob’s work.

So how did the firm gain access to the network? Bob had his RSA token mailed all the way to China.

I must say, Bob’s scam is pretty ingenious. He’s clearly gone to great lengths just so that he can spend his entire working day browsing the web. What I can’t figure out is this: if Bob was clever enough to put the elaborate scheme together just so he didn’t have to do any work, why wasn’t he clever enough to store all of his invoices on a private computer?

Source Verizon
Via The Next Web

http://www.cultofandroid.com/21417/...rkers-to-do-his-job-so-he-can-browse-the-web/
 

laksaboy

Alfrescian (Inf)
Asset
All those who stole company time to surf on SBF should be sack.

LOL. When it's time to work, get serious at work.

When it's time to take a break, surfing the web is one of the options available.

And SBF is just one of the many sites.

Everything is legit, no 'stealing' necessary.
 

nato33

Alfrescian
Loyal
I understand from more IT savvy folks that if you surf the net using company network, they can identify who surf what site. But if you use your own wireless broadband etc, then they can't tell since there are no records in company's network. Is this correct?

Or are companies able to install software in your PC that can track the sites you visit and also your IM messages? is this already in practice and is this legal?
 

Kinana

Alfrescian
Loyal
I understand from more IT savvy folks that if you surf the net using company network, they can identify who surf what site. But if you use your own wireless broadband etc, then they can't tell since there are no records in company's network. Is this correct?

Or are companies able to install software in your PC that can track the sites you visit and also your IM messages? is this already in practice and is this legal?

Software that track employee surfing has been around for a very long time.
 

laksaboy

Alfrescian (Inf)
Asset
I understand from more IT savvy folks that if you surf the net using company network, they can identify who surf what site. But if you use your own wireless broadband etc, then they can't tell since there are no records in company's network. Is this correct?

Or are companies able to install software in your PC that can track the sites you visit and also your IM messages? is this already in practice and is this legal?

It all depends really. Every workplace has its own acceptable usage policy for computers. Some places are stricter than others (e.g. no instant messaging clients, no Youtube, no Facebook, no cloud storage sites, no removable storage media). Most companies have their own intranet and filtering firewall.

It also helps if the network admin is a lenient and friendly guy. :wink:

P.S: Speaking of IM, MSN (Messenger) is going to be terminated on 15 March 2013. Apparently, Microsoft is migrating its IM service to Skype. This will not be good for a lot of workplaces, unless they have some other collaboration instant chat client.
 
Top