A United States Geological Survey employee allegedly infected the scientific agency’s networks with malware after visiting thousands of porn websites on their government-issued laptop. According to a report released this month from the Office of Inspector General, many of those sites had malware.
The report, released on October 17, details the IG’s investigation into “suspicious internet traffic” found in an audit of the Earth Resources Observation and Science Center satellite imaging facility, which is a department of the USGS. Of the approximately 9,000 web pages the employee visited, the memorandum says, many were from Russia and contained malware. The employee, whose name was redacted in the report, also allegedly had “an extensive history” of visiting these types of sites, and saved many of the explicit images to a USB drive and their personal Android phone, which was linked to their work computer. The IG also discovered that their cell phone contained malware, according to the report.
According to U.S. Department of Interior rules, employees can’t use work systems to watch or share porn and are also not supposed to connect personal devices to work devices or networks. The employee allegedly said that he had been given the yearly IT security training and agreed to the U.S. Department of the Interior’s IT Rules of Behavior “several years” before the inspector general’s findings. In other words, dude should have known better.
OIG External Affairs Director Nancy DiPaolo told Nextgov that the employee is no longer employed at the scientific agency.
To prevent further incidents like the one described in the report, the IG’s office recommends USGS “enforce a strong blacklist policy” that would block “rogue” websites on the government-owned computers. “An ongoing effort to detect and block known pornographic web sites, and web sites with suspicious origins, will likely enhance preventative countermeasures,” the report reads.
This isn’t the first scandal involving the federal government and unauthorized explicit content. In March of this year, Gizmodo found that a bug on the Amber Alert site—which is run by the U.S. Justice Department—was redirecting people to porn sites. And more insidiously, in January of this year, it was discovered that a number of IP addresses linked to government offices—including the U.S. Senate, the Navy, and the Executive Office of the President—were associated with active users on a revenge porn site.
Based on what we know from the IG report, the USGS incident seems far less nefarious as using revenge porn sites and perhaps less upsetting than the redirect bug on a website dedicated to finding missing children. But it’s a model example of how ill-advised web surfing on a government-issued computer (read: watching porn at work) can fuck up an entire agency’s network.