The study documents the scam of a developer, who is referred to as Bob. He worked at a "critical infrastructure" company in the U.S. and started outsourcing his work to China underneath his company's nose, and would only pay those people less than one fifth of his six-figure salary.
Here's how it was possible.
Bob's company had started letting employees work remotely from home on certain days, so it set up a VPN concentrator to facilitate that. The company implemented two-factor authentication for the connection, with the second factor being a physical, rotating token RSA key fob. So all Bob had to do was send the key over to China via FedEx.
What they ended up finding were hundreds of PDF invoices from a third-party contractor in Shenyang, China.
A look at his browsing history revealed what his typical work day consisted of:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos.
11:30 a.m. – Take lunch.
1:00 p.m. – Ebay time.
2:00ish p.m. – Facebook updates – LinkedIn.
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home.
So while workers in China were doing Bob's job for him, Bob was sitting back, relaxing, watching cat videos, and earning "several hundred thousand dollars" a year.
Can't decide if this guy's really, really smart or just a douchebag.