The hapless dev left code running overnight that should have moved a single cent in and out of his test account. Instead, it machine-gunned $100 transfers in for hours. It tripped internal security but the temporarily rich kid had told his boss about it and could thus talk his way clear.
This sounds like a conspiracy theory because the evidence is ambiguous. Line up the circumstantial evidence and it's at least plausible. If TP-Link does have a corporate fondness for crap coders, how come the features visible to owners in everyday use work well, while invisible vulnerabilities are so common?
Chinese law compels all domestic companies to cooperate with state security in secret. There is already evidence of widespread Chinese infiltration of communication infrastructure with Salt Typhoon.
What if the bank-raiding routine hadn't been detected? Our hero would have come in to find a huge cash stash sitting there, a highly tempting proof of concept perhaps. Not coming clean would be malicious, but the code's the same whether he 'fessed up or not.
Collection
[
|
...
]