Security aside, I guess this begs the question of whether or not a company hires you to do work, or hires you to get work done. In all honestly, sometimes I think work is a completely ridiculous notion. I always think the 5-day work week is a ridiculous notion. Some day I imagine that people will look back at us with pity.
You bring up a good point. I think this simply depends on the type of work being asked of a person. I work repairing electronics. Sure, that's something that could be sent out for someone else to work on. But if we are to be more effective, we'll do the repair in an hour and have a quicker turnaround resulting in a happier customer and ultimately more profit. Now, if a person has to get some report done for a company based on analyzing statistics or what have you, is that really something a person has to do during a work day or can it be done as soon as a person has the time?
I work in IT infrastructure and stories like this scare me. I mean kudos to this guy for making some bank and what not, but he'll probably never work in the field again. He gave some random firm of people he'd never met his login, password, and RSA token. I mean, what if this guy worked for your bank? Or your healthcare provider? Or the firm he outsourced to put backend/door code into an application that eventually went production in this company? Highly unethical. I get the argument that companies outsource all the time, but it's different when they make a conscious decision to outsource, and put the proper policies and checks and balances in place to do so. Some random guy doing it on the side and hiding it is a huge security risk.
I'm not sure I completely get what you're saying. Is giving out all of that information potentially detrimental to other people within the company?
It's possibly detrimental to the company and to the customers. Essentially, he's a developer, and with that comes certain access to various internal code testing and QA environments, and if it's a smaller company maybe even production (though most devs don't get that access). The company hired him, and trusted him, and he most likely signed a network usage policy stating that HE would be the only person to use his login credentials and RSA token, and that sharing them with anyone else is considered a violation of that policy. They hired him, and background checked him, before deciding to trust him with that access and him alone. Simply giving that access even to another co-worker sitting next to you is a huge no no in the IT world when you have that kind of power on the network, giving it to a third party he's never met in China is like the worst case scenario. He essentially took that trust the company gave to him, and then made a personal decision that he could trust some firm in China to not hack their network, not put backdoors in their production code, and not do anything malicious. He didn't really damage any co-workers most likely, but it's possible his manager would also get fired over something like this for being unaware of it. Mostly the threat is to the company and the customer, depending on industry this could be not that big of a deal or a big deal. Completely depends on what type of data his applications were handling.
Oh wow, that is incredibly serious. I wonder if this happens more often than we hear about.
I just got back from a class in which we were discussing American history and we were talking about slaves and it got me thinking. Isn't using slaves simply outsourcing but on a more local scale?
Right I may have been going out too far on a limb with that one. Regardless, like you said the implementation is roughly the same. Having someone else do your work because you don't want to and it'd save you money.