10/30/18, “How’d this government agency get infected with malware? 9,000 pages of porn.” Washington Post, Michael Brice-Saddler
“A federal employee infected a U.S. government network with malware after viewing more than 9,000 pornographic webpages at work, according to an inspector general’s report.
The
report, published Oct. 17, shows that the employee’s actions were
discovered during a security audit of the computer network at the U.S.
Geological Survey. The employee had an “extensive history
of visiting adult pornography websites” on a work computer, many of
which were Russian and contained malware that spread to the USGS
network.
The USGS is a government agency that performs analysis of the country’s landscape and seeks to recognize hazards that may threaten natural resources.
The employee, who was not named in the report, saved many of the pornographic images onto an unauthorized USB device and a personal cellphone – which was also found to contain malware. The Android phone was connected to the employee’s government-issued computer, according to the report.
Now, the Office of Inspector General is recommending that the USGS enforce a “strong blacklist policy” of “rogue” web domains and more closely monitor its employees’ internet usage.
“An ongoing effort to detect and block known pornographic websites, and websites with suspicious origins, will likely enhance preventive countermeasures,” the report reads. The inspector general also suggested that the USGS enact a security policy that would restrict usage of unauthorized USB devices and personally owned mobile devices.
The USGS is part of the U.S. Interior Department, which specifically prohibits employees from using government systems to view pornography, according to the report. Employees are also asked to “refrain from connecting personal devices, such as USB drives and cellphones, to Government-issued computers or networks.”
The employee had previously signed a statement indicating understanding of these rules, according to the report. Nancy DiPaolo, external affairs director at Interior’s inspector general’s office, told Nextgov that the employee no longer works for the USGS.”
Published by Washington Post.
The USGS is a government agency that performs analysis of the country’s landscape and seeks to recognize hazards that may threaten natural resources.
The employee, who was not named in the report, saved many of the pornographic images onto an unauthorized USB device and a personal cellphone – which was also found to contain malware. The Android phone was connected to the employee’s government-issued computer, according to the report.
Now, the Office of Inspector General is recommending that the USGS enforce a “strong blacklist policy” of “rogue” web domains and more closely monitor its employees’ internet usage.
“An ongoing effort to detect and block known pornographic websites, and websites with suspicious origins, will likely enhance preventive countermeasures,” the report reads. The inspector general also suggested that the USGS enact a security policy that would restrict usage of unauthorized USB devices and personally owned mobile devices.
The USGS is part of the U.S. Interior Department, which specifically prohibits employees from using government systems to view pornography, according to the report. Employees are also asked to “refrain from connecting personal devices, such as USB drives and cellphones, to Government-issued computers or networks.”
The employee had previously signed a statement indicating understanding of these rules, according to the report. Nancy DiPaolo, external affairs director at Interior’s inspector general’s office, told Nextgov that the employee no longer works for the USGS.”
Published by Washington Post.
Added: BBC article
10/30/18, “Porn-loving US official spreads malware to government network,” BBC
“The porn habit of an employee at the US Geological Survey (USGS) led to a government network becoming infected with malware, an official report has revealed.
The employee, who has not been named, had “an extensive history of visiting adult pornography websites”.
Investigators found malware on many of the 9,000 pages he or she accessed.
The US Office of the Inspector General has recommended that the USGS blacklist “rogue” websites.
“Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorised USB device and personal Android cell phone,” the report explained.
As well as government computers, the employee’s personal mobile was also found to be infected.
USB risk
Reports of the case were picked up by news site TechCrunch, which confirmed that the Earth Resources Observation and Science Center (Eros) does not maintain any classified networks.
The site also reported that the malware in question was designed to steal data from infected computers and was “associated” with ransomware attacks.
USGS employees are advised not to connect USB devices or mobile phones to government computers – though USB connections are not disabled.
An IT policy that prevents USB use should be implemented, the US Department of the Interior suggested.”
.................