The employee - known as "Bob", was rumbled after the firm brought in Verizon's Risk Team, amid concerns its networks were being breached by Chinese hackers, Net Security reports.
The traffic logs for Bob - the firm's top programmer - saw regular logins to the firm's Shenyang China server.
In a case study outlined by the team, Verizon said: "The company's IT personnel were sure that the issue had to do with some kind of zero day malware that was able to initiate VPN connections from Bob's desktop workstation via external proxy and then route that VPN traffic to China, only to be routed back to their concentrator.
"Yes, it is a bit of a convoluted theory, and like most convoluted theories, an incorrect one."
Further examination of Bob's online activity revealed he had posted his authentication tokens to the software consultancy firm he had hired in Shenyang.
- 9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos.
- 11:30 a.m. – Take lunch.
- 1:00 p.m. – Ebay time.
- 2:00 – ish p.m Facebook updates – LinkedIn.
- 4:30 p.m. – End of day update e-mail to management.
- 5:00 p.m. – Go home.
Unsurprisingly, Bob no longer works for the firm.