Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says

solarseven/Shutterstock.com

Government auditors traced a malware infection back to a single porn-watching employee within the U.S. Geological Survey.

An Interior Department watchdog recommended the U.S. Geological Survey ratchet up internet security protocols after discovering its networks had been infected with malware from pornography sites.

The agency’s inspector general traced the malicious software to a single unnamed USGS employee, who reportedly used a government-issued computer to visit some 9,000 adult video sites, according to a report published Oct. 17.

Many of the prohibited pages were linked to Russian websites containing malware, which was ultimately downloaded to the employee’s computer and used to infiltrate USGS networks, auditors found. The investigation found the employee saved much of the pornographic material on an unauthorized USB drive and personal Android cellphone, both of which were connected to their computer against agency protocols.

The employee’s cell phone was also infected with malware.

“Our digital forensic examination revealed that [the employee] had an extensive history of visiting adult pornography websites” that hosted malware, the IG wrote. “The malware was downloaded to [the employee’s] government laptop, which then exploited the USGS’ network.”

The department’s rules of behavior explicitly prohibit employees from using government networks for viewing pornography and other inappropriate activities, and the IG found the employee had agreed to these rules “several years prior to detection.” The employee no longer works at the agency, OIG External Affairs Director Nancy DiPaolo told Nextgov.

Auditors recommended USGS more closely monitor employees’ web browsing and enforce blacklists of prohibited websites. They said proactively identifying and blocking adult websites “will likely enhance preventative countermeasures.”

They also advised the agency to strengthen its IT security policies to stop employees from connecting personal devices to government computers, which could propagate malware on federal networks. USGS guidelines currently prohibit employees from doing so, but the agency hasn’t disabled such connections on government-issued devices.

This isn’t the first time federal employees have been caught browsing explicit content at the workplace.

Over the last 15 years, similar scandals have enveloped the Environmental Protection Agency, Securities and Exchange Commission and IRS. Last year, a D.C.-area news network uncovered “egregious on-the-job pornography viewing” at a dozen federal agencies and national security officials have reportedly found an “unbelievable” amount of child pornography on government devices.

The problem is so prevalent that Rep. Mark Meadows, R-N.C., has introduced legislation banning pornography at federal agencies three different times.