At first I thought this was one of those IT urban legends, like the “disappearing warehouse” story, but according to Verizon’s IT security risk team, it’s all true.
A few weeks ago, Verizon wrote on its IT security blog that it was asked to perform a security assessment for a U.S.-based client after the latter was “startled” to discover a live “open and active VPN [virtual private network] connection from Shenyang, China!”
What made the client thoroughly worried about this surprisingly open communication port to China was first that it was a U.S. critical infrastructure company; second, it had two-factor authentication for its VPN connection, which had obviously been breached and, third, “the developer [given the pseudonym “Bob”] whose credentials were being used was sitting at his desk in the office.”
In other words, “the VPN logs showed [the developer] logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor.”
via IEEE Spectrum
February 1, 2013


