A computer programmer 'outsourced' his own job to China, according to security company Verizon.
The mid-40s software developer, named only as 'Bob' in the report by Verizon's Risk Team, paid programmers in China one-fifth of his salary, and spent his work days browsing the internet.
Analysis of his machine found invoices from a company in Shenyang, who had been paid to do his job for him.
The programmer spent his days browsing videos on YouTube, using social news site Reddit and using eBay and Facebook. He no longer works for the company.
"Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him," says Valentine.
[Related; Hit ebook authors offer tips on writing your own blockbuster]
"Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day," said Valentine.
"Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about fifty grand annually."
The programmer had sent an RSA token - a chip which allowed employees to log in securely to his work network - to a software consultancy in Shenyang, China.
He was only caught after security staff at his American employer called in Verizon fearing they had been targeted by hackers.
"This organization had started to allow their developers to work from home on certain days," said Andrew Valentine of Verizon.
"Central to the investigation was the employee himself, the person whose credentials had been used to initiate and maintain a VPN connection from China.
The employee was described as "inoffensive and quiet" and "someone you wouldn’t look at twice in an elevator."