A software developer was busted for outsourcing his job to a programmer in China while he surfed the Web at work.
The case was described by Andrew Valentine, a principal with Verizon Enterprise Solutions, who published a blog post about the incident.
"We've seen plenty of employee misconduct cases, but not typically like this," Valentine told ABC News of his consulting caseload, which includes large scale data breach events.
Valentine's team was contacted by another company based in the U.S. for assistance over "anomalous activity" it noticed in records of employees logging remotely into the company's IT system.
Verizon Enterprise Solutions is not releasing the name of the company or the employee.
The company's security team eventually found that someone was logging in from Shenyang, China with the American employee's credentials -- while that employee was staring at a computer monitor in his U.S. office.
In his blog, Valentine described the employee as being in his mid-40s with a "relatively long tenure with the company, family man, inoffensive and quiet. Someone you wouldn't look at twice in an elevator."
A search of the employee's computer found hundreds of PDF invoices from a third party contractor/developer from Shenyang.
Eventually, it was discovered that the employee had outsourced his own job to a Chinese consulting firm, paying about $50,000 to the firm out of his salary of several hundred thousand dollars.
Once on-site, Valentine said it took about two days for investigators to collect relevant evidence and put all the pieces together.
In the blog, Valentine wrote that according to his Web browsing history, "a typical 'work day'" for the employee looked like the following:
9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos
11:30 a.m. – Take lunch
1:00 p.m. – EBay time.
2:00 – ish p.m. - Facebook updates – LinkedIn
4:30 p.m. – End of day update e-mail to management.
5:00 p.m. – Go home
The employee had sent his company log-in key through FedEx to China so that the third-party contractor could log in under his credentials during his workday.
The "best part" of the story is that "for the last several years in a row he received excellent remarks" in his performance review, Valentine wrote in the blog.
"His code was clean, well written, and submitted in a timely fashion. Quarter after quarter, his performance review noted him as the best developer in the building."
Valentine said the employee was terminated for violating internal company policy.
"The employee denied everything at first, but then changed his story once we produced the invoices that were recovered from deleted disk space," Valentine told ABC News.
"Honestly? I thought it was pretty clever. I think he took a calculated risk by knowingly violating company policy, for sure -- but it was clever."
Valentine said that if he was even cleverer, he would have set up a server at home, or somewhere else off-site, for the Chinese consulting firm to access. Then he could proxy their traffic, making it appear that the traffic was coming from his home.
"That would have been a smarter way to go about it. But yes, either way, pretty clever," Valentine said.