Good lord, what a story. Wow!

Before clicking through to Schneier’s site I wondered if this might just be a compelling horror short story. But in the comments on his blog there’s also a link to a similar saga described on AAM from the employer POV.

Call me naive — this is a cost of a societal transition to remote work that I never envisioned. Thanks for sharing this.
posted by eirias at 4:52 AM on October 12, 2022 [2 favorites]

I just sent this to my whole HR team. Neat!
posted by phunniemee at 5:10 AM on October 12, 2022 [2 favorites]

Wow! This reminds me of this story from AskAManager: the new hire who showed up is not the same person we interviewed (contains multiple updates).
posted by Braeburn at 5:35 AM on October 12, 2022 [9 favorites]

Amateur, commit to the bit: "He also dressed like me, posed for photos matched to ones of me, told people he had done things that I'd done, and most scarily of all, copied my hand tattoos exactly,"
posted by Molesome at 5:44 AM on October 12, 2022 [6 favorites]

O.o
posted by rrrrrrrrrt at 5:46 AM on October 12, 2022 [2 favorites]

Always be yourself. Unless you can be Connor Tumbleson. Then always be Connor Tumbleson.

I saw this somewhere a few days ago and had to take some time to wrap my head around it. This is the best I can make of it. Does it make sense?

Guy is trying to do software development in North America with a bunch of cheap overseas developers who don't speak English. So he figures, okay, I'll hire, this white American native English speaking software guy, - say he's called Ted - to pretend to be my developers in the interview, and then the developers will actually go do the work in Sri Lanka or wherever they are. But then the light bulb goes off and he says, "Hey, if we're already showing the client Ted and saying he's my developers, why settle for just Ted? Why not just go all the way and say my developers are Connor Tumbleson? He has a great history on Git.hub, and he's handsome!"
posted by Naberius at 6:05 AM on October 12, 2022 [9 favorites]

Schemes, cons, and buy-offs. That's what the world is based on.
posted by jabah at 6:24 AM on October 12, 2022 [3 favorites]

I am sending this to my own company's HR office stat.
posted by EmpressCallipygos at 6:32 AM on October 12, 2022 [1 favorite]

There was a comment on Schneir about using this method to sneak spies (commercial or military into organizations), and someone replied that since the actual people snuck in only do low quality work can get caught quickly, it's probably just stealing money from the salary.

Still seems like a security breach if it's attempted by a competent organization.
posted by Nancy Lebovitz at 6:54 AM on October 12, 2022 [4 favorites]

This kind of thing can get really dangerous too. Here's a good recent article about how North Korea is using remote interviews in order to place their operatives where they can steal money (from banks, and crypto companies):
posted by Popular Ethics at 7:07 AM on October 12, 2022 [4 favorites]

It sounds like production for Nathan Fielder's new show just started.
posted by Drab_Parts at 7:55 AM on October 12, 2022 [6 favorites]

Whose embassy in Panama? Panama, as in Panama papers? I just found myself signed in to google in a thread right here today. I have never seen that before. It was on youtube. Solution, put down the phone, back away, turn off the desktop, go for a walk.
posted by Oyéah at 7:56 AM on October 12, 2022 [1 favorite]

This is wild. Interesting post.

I used to do freelance work for some very large advertising agencies. They had a big stable of people like me coming in and out all the time. Their HR departments were a revolving door of ~23 year old recent college graduates and my contacts changed constantly. Even the more superior people in the HR department would shuffle in and out. I often wondered about this kind of thing happening... could someone send a person who is sorta similar looking to an interview (or do the interview online)—then when hired—the other person just shows up and does the work? It probably happens, especially with so much WFH going on these days.
posted by SoberHighland at 8:38 AM on October 12, 2022 [1 favorite]

The only sense I can make of this is that it is a scam on the imposters themselves. Get some percentage of them hired and drawing a salary and then immediately threaten to expose them if they don't give you some significant chunk of their take-home. Maybe throw around the term "fraud" a bit for effect. Free money as long as they last and then on to the next batch...
posted by jim in austin at 9:03 AM on October 12, 2022 [3 favorites]

Oyeah: I'm sorry, I don't understand what you're referring to?
posted by EmpressCallipygos at 9:22 AM on October 12, 2022 [3 favorites]

The trick is to get yourself a serial killer stalker who actually wants and likes to do your job, so you can fake your death and keep cashing the checks, whilst anonymously sipping poolside mai tais in Hawaii.

You have your retirement plans, I have mine
posted by They sucked his brains out! at 9:41 AM on October 12, 2022 [5 favorites]

Background checks FTW?
posted by Chuffy at 10:30 AM on October 12, 2022 [2 favorites]

weekly spring meetings

And I can't even go as myself?
posted by riverlife at 10:36 AM on October 12, 2022 [1 favorite]

I thought it was a tiny bit strange since I'm a college junior having a hard time to land a SWE intern offer. But I took it, I knew what I was capable of.

This quote, especially the bolded part, leapt out at me. Thanks for sharing this article, which is both educational and entertaining.

Seems that this scam requires a certain kind of, er, confidence, from at least some if not most of the participants.

My non-profit has done some hiring recently and I learned from the first interview team that my insistence on doing the second interview in-person cost us an initially promising candidate. I was not particularly sorry about that, and I'm even less sorry now.
posted by rpfields at 10:43 AM on October 12, 2022 [5 favorites]

I don't have any supporting links handy, but I have definitely seen cases of "fake" remote workers where the scam is they get hired on their rep and credentials and then farm out most or all of the work to third parties that will do the work for pennies and dimes on the dollar and effectively act as a sort of defacto broker/manager like some kind of weird cancerous barnacle or a small company within a company.

And with the way a lot of this gig and remote dev/tech work and how common copy-paste SaaS resale channels are these days this is probably a lot more common than we think it is. There are a large number of "get rich quick!" books that are basically manuals about how to do this, like the Audible book scams where you just hire cheap ghost writers, voice actors and cover designers and you slap the ingredients together to harvest the sales.

If you had some basic chops you could pretty easily land a really well compensated job at a major company, farm out the work to gig workers in bits and pieces and pocket the difference while doing as little real work as possible.

Further, you could conceivably work multiple jobs like this and be taking in multiple salaries from multiple companies while keeping a stable of on-call gig workers to do the actual bits of coding (or copy-pasting borrowed code!) and funneling that work to those different companies from the same group of gig workers.

Which honestly isn't topologically that different than the way a lot of legitimate companies operate in these days of late stage capitalism and so forth.

This is - obviously - a total nightmare for IT security, IP protection and asset management and more when you start getting into things like unvetted access to IT infrastructure and data and code submissions and more.

And I'm not even a close to a netsec professional but I could think of a number of ways to circumvent remote work validation schemes, starting with something as simple as running your own VPN and servers to funnel the work and access through so it all comes from valid and verified IP numbers on through to more complicated security attacks like cloning hardware security dongles or RFID badges.

But at larger companies it seems like you could definitely skate by with third party gig economy work from various domains be it dev, UI/UX, graphics and basically any kind of product or asset development suitable for WFH/remote work and collect however many pay periods from multiple companies before you got caught.

I have definitely thought a little about running a scheme or scam like this, but unfortunately for my wallet I have ethics and the whole thing sounds exhausting and real work with a lot of extra steps to maintain that kind of web of lies and act as manager.
posted by loquacious at 12:40 PM on October 12, 2022 [7 favorites]

I've been interviewing candidates from India lately over remote calls. We've encountered:
a) People ending the call as soon as we ask them to turn on their camera,
b) People quickly googling answers for every technical question we ask,
b) People being fed answers by someone off-screen,
c) People flapping their mouth while someone off-screen actually talks. This last one has happened twice! The first time we only caught it because the person who was pretending to talk sneezed.
posted by Eddie Mars at 12:53 PM on October 12, 2022 [40 favorites]

If you had some basic chops you could pretty easily land a really well compensated job at a major company, farm out the work to gig workers in bits and pieces and pocket the difference while doing as little real work as possible.

Anyone else remember the programmer who outsourced his own job to China? I had to go looking, but my memory served me correct.

Given that the result of this was him being labelled "the best developer in the building" with his "clean, well-written code", it's almost silly they fired him. Sure, sure, security implications and all that, but it got the job done.

The best part is this :
"The Verizon investigation suggested Bob’s entrepreneurial outsourcing spirit stretched across several companies in his area – netting him several hundred thousand dollars a year as he paid out about $50,000 a year to his China-based ghost writers, according to hundreds of PDF invoices also discovered on his work computer."

If this isn't specifically illegal (is it? I genuinely don't know. it's not identity fraud at any rate), I would not at all be surprised if "Bob" just moved on to the next company and might still be at it today, if he hasn't retired to watch cat videos on the beach.
posted by revmitcz at 12:55 PM on October 12, 2022 [3 favorites]

That jumped out at me too, someone who can't get an internship but had what it takes to be senior. Though when you've been around the block you do learn that senior is often more a function of time than ability.
posted by lkc at 1:42 PM on October 12, 2022 [3 favorites]

We have two positions opening up, and I have no idea how we're going to handle things. In the before times, we did phone screenings, and then in person interviews. We haven't been in the office for over 2 years, and actually cleaned out our offices 5 months ago. We theoretically have new space in a different building, with lots of shiny conference rooms, but there's no telling when that space will be ready.
And once we hire someone, training will be an issue. We could require them to work in the office for the first month or so, while different people come in to train and supervise them, but we have no space, and probably won't for a month or so.
posted by Spike Glee at 2:07 PM on October 12, 2022 [2 favorites]

Then there is poaching sensitive tech, wounding industrial competition, leaking processes, or gathering info. Subbing out a paycheck six ways and yet doing nothing, until they lose the lucrative gig and then it starts over again only with the competition.
posted by Oyéah at 11:47 AM on October 16, 2022 [1 favorite]