Security audit finds dev OUTSOURCED his JOB to China to goof off at work
A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.
The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with two-factor authentication so staff could work at home. The VPN traffic logs showed a regular series of logins to the company's main server from Shenyang, China, using the credentials of the firm's top programmer, "Bob".
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump