An employee of a US infrastructure company had outsourced his job to a Chinese company, and spent his days surfing the Internet at his workplace.
The incident came to light when the company called the security team of a company, Verizon, for reviewing a suspected security breach on its virtual private network (VPN) logs.
An employee of Verizon, Andrew Valentine, said that the breach was then traced to the employee''s workstation from Shenyang, China, that went months back, the BBC News reports.
Valentine said that the employee was able to run his scam easily due to the fact that his company had set up a efficient VPN concentrator two years prior the incident for a more telecommuting oriented workforce, and so started to allow their employees to work from home sometimes.
The scam, which was previously suspected to be malware sent from China for stealing confidential information, cost an amount less than a fifth of the employee''s six-figure salary which he paid to the Chinese company, according to Valentine.
A number of PDF documents of invoices from the Shenyang contractor were also found in the employee''s computer, Valentine added. According to Valentine, the employee, who appeared to be have a normal work-day, did not have authentication problems because he mailed his RSA(security) token to China so that the third-party contractor could log-in under his credentials during the workday.
Further investigation revealed that the employee had the same scam going on in a number of companies, letting him earn several hundred thousand dollars a year, Valentine said, adding that the employee has been fired from the company.