A security check on a US company has reportedly revealed one of its staff was outsourcing his work to China.
据报道美国公司安全检查公司透露自己公司的一名员工把自己的工作外包给中国。
The software developer, in his 40s, is thought to have spent his workdays surfing the web, watching cat videos on YouTube and browsing Reddit and eBay.
这位软件开发人员,在他40多岁这段时光用工作日上网冲浪、观看YouTube视频、浏览Reddit和eBay网站。
He reportedly paid just a fifth of his six-figure salary to a company based in Shenyang to do his job.
据报道他仅向沈阳一家公司支付自己六位数年薪的五分之一,让这家公司做他的工作。
Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach.
运行员威瑞森说骗局曝光后,美国公司就该事件进行审计,怀疑存在一个安全漏洞。
According to Andrew Valentine, of Verizon, the infrastructure company requested the operator's risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.
去年应基础设施公司Verizon安德鲁·瓦伦丁要求,运行员风险评估团队调查其虚拟私人网路日志的一些反常活动。
"This organisation had been slowly moving toward a more telecommuting oriented workforce, and they had therefore started to allow their developers to work from home on certain days. In order to accomplish this, they'd set up a fairly standard VPN concentrator approximately two years prior to our receiving their call, " he was quoted as saying on an internet security website.
“这个组织逐渐侧重转向远程办公员工,因此,他们将来某天就开始允许开发人员在家工作了。为了实现在家工作这个目标,大约两年前就在电话中说,他们建立了一个相当标准的VPN集中控制器,”他引用互联网安全网站的说法。
The company had discovered the existence of an open and active VPN connection from Shenyang to the employee's workstation that went back months, Mr Valentine said.
该公司几个月前发现了从沈阳到员工工作站之间有一个开放而活跃的VPN连接,瓦伦丁说。
And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China.
然后呼吁Verizon进行调查,曾怀疑从公司到中国的路由机密信息使用恶意软件。
"Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China, " said Mr Valentine.
“集中调查自己员工,从中国启动并开通一个VPN连接来调查此人的机密信息,瓦伦丁说。
Further investigation of the employee's computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.
进一步调查了员工电脑发现了上百个PDF文档发票,都是沈阳承包商的发票,他补充道。
The employee, an "inoffensive and quiet" but talented man versed in several programming languages, "spent less than one fifth of his six-figure salary for a Chinese firm to do his job for him", Mr Valentine said.
这名员工通过这种“悄无声息且无冒犯性”的方式从事欺骗,不过他很有才华精通一些编程语言,“花了自己六位数薪水不到五分之一的钱让一家中国公司来做他的工作,瓦伦丁补充说。
"Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day, " he added.
“身份验证是没有问题的。他自己用联邦快递把他的RSA[安全]命令快递给中国这家第三方承包商,在工作日中国承包商就可以登录他的账号。这样似乎是他每天都在朝九晚五地工作着,”他补充道。
"Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50, 000 (£31, 270) annually."
“甚至有证据证明他在该地区跨多个公司都使用同一欺骗手段。总之,一年看起来他像是挣了几十万美元,每年只向中国咨询公司支付约50000美元(31270英镑)”。
The employee no longer worked at the firm, Mr Valentine said.
这名员工不在公司工作了,瓦伦丁说。
|
