When a U.S. "critical infrastructure" company found that someone from China was accessing its computer system during the workday, the company called in Verizon's Risk Team to help with the investigation, and what they found surprised everyone. The culprit was not some overseas hacker, but one of the company's very own programmers sitting right there at his desk every day, staring into his monitor.

Security personnel traced the data breach to the employee's VPN network, but at first the company refused to believe their employee could be involved. He was long-tenured, a "quiet family man" in his 40's,"someone you wouldn't look twice at in an elevator," said investigators. As Verizon's team took a closer look at the programmer's computer, they found more evidence: invoices from a third-party contractor in China for development services. The employee had been paying the Chinese firm $50,000 per year to log on using his credentials and do his job for him, while he collected five times that in salary and drew impeccable performance reviews for the work.

The employee's web browsing history showed that on a typical day he came in at 9 am, watched cat videos all morning, then took lunch at 11:30 am. From 1 pm on it was Ebay, Facebook and LinkedIn until 4:30 pm, when he would send management an email update telling them what he had been working on that day. Quitting time was 5 pm.

According to the Verizon team, there was even evidence to suggest the programmer had the same scam going across multiple companies in the area. The investigators' advice to employers? Routinely and aggressively monitor security logs. At least 85% of the time, information about data breaches can be discovered in those logs.

Verizon Risk Team Security Blog