Employee Watching Porn At Work Infected US Government Agency's Network
from the inside-[hand]job dept
Watching porn at work is a federal government tradition. Federal employees from agencies like the EPA, SEC, and FCC have been caught watching porn enough times, a Congressional rep actually thought a new law was needed to stop it. The bill was redundant. All federal agencies forbid the use of work computers to watch porn but that hasn't stopped these stories from surfacing with disturbing frequency.
At a certain point, porn-watching at work endangers a person's job. At other points before that, it endangers the employer itself. Zack Whittaker of TechCrunch dug up a Dept. of the Interior Inspector General's report [PDF] indicating a porn-watching employee inadvertently tried to the take the agency down from the inside.
A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.
The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.
The official version -- with redactions -- provides a few more details. Loooooots of porn-watching going on here:
We found that [redacted] knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware. The malware was downloaded to [redacted's] Government laptop, which then exploited the USGS ' network. Our digital forensic examination revealed that- had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to [redacted's] Government-issued computer. We found that [redacted's] personal cell phone was also infected with malware.
Like everywhere else this has happened, the DOI expressly forbids the use of work computers for porn viewing. It also makes employees sign a form stating that they understand what's forbidden and what can happen to them if they violate these policies. It's apparently not much of a deterrent. The report doesn't say what happened to [redacted] -- only that this employee admitted they were familiar with the policies they violated.
DOI also forbids connecting personal devices to work computers. That policy isn't being enforced either, apparently. If the DOI isn't actively monitoring work computers for these two violations, it really can't lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: department of the interior, government, malware, porn
Reader Comments
Subscribe: RSS
View by: Time | Thread
Prawns
And yes, MSN is almost guaranteed to serve malicious code via the inline advertisements. Because Microsoft has no inventive to clean that up....
[ link to this | view in chronology ]
Re: Prawns
[ link to this | view in chronology ]
Re: Prawns
Congress needs to crack down on advertisers who put malware in their ads.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Well, of course. Now, if he worked at the Chaste Center, this would be news. But Eros? That's just asking for it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: EROS?
[ link to this | view in chronology ]
Re: Re: EROS?
Presumably EROS is full of "hard rock geologists" (as it's known in the business).
[ link to this | view in chronology ]
Re: Re: EROS?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
While the pornographic aspect of this makes for good headlines, it's not particularly relevant to the security threat. They could just as easily have been infected while reading geological news, if an attacker bought some ads on those sites, because the government mostly runs the same insecure software as everyone else. There's supposed to be a branch of the NSA that protects against stuff like this...
[ link to this | view in chronology ]
Porn Ads
[ link to this | view in chronology ]
Re: Porn Ads
[ link to this | view in chronology ]
Re:
According to Edward Snowden, the NSA wanted people to view porn -and kept detailed records of their viewing habits- so they could be blackmailed over it.
https://twitter.com/Snowden/status/927931508177997826
[ link to this | view in chronology ]
Re: Re:
Just get accused of CP and you are doomed. The government can find anything they want on your computers to put you in jail if they really want to.
I mean, do you expect a judge to take the governments side or your side when you tell them you are being framed? Good luck because it's a guilty until proven innocent world. I don't think it really has ever been anything but that.
[ link to this | view in chronology ]
Re: Re: Re:
You make it sound like judges are on the government payroll or something. Oh, wait...
[ link to this | view in chronology ]
Innocuous comment.
[ link to this | view in chronology ]
Re: Innocuous comment.
[ link to this | view in chronology ]
Re: Re: Innocuous comment.
Huh. Attempt to post all didn't through here, so it's the mighty Techdirt filter somehow... Don't see any likely banned words... And of course Techdirt is a black box. And of course some fanboy will imagine "black box" is "dog-whistle" code...
[ link to this | view in chronology ]
Re: Re: Re: Innocuous comment.
...dude, why bother.
[ link to this | view in chronology ]
Re: Re: Re: Re: Innocuous comment.
[ link to this | view in chronology ]
Re: Re: Innocuous comment.
[ link to this | view in chronology ]
Truly, the best humor is the inadvertent kind
Act surprised to be caught in the spam filter.
[ link to this | view in chronology ]
Re: Truly, the best humor is the inadvertent kind
There might still be legitimate reasons for the comment in the other place being blocked, without invoking the "manual realtime moderation" model he seems to be assuming, but that's at least not the same thing as "obviously, posting too many comments too quickly is going to result in them being blocked as probable spam".
[ link to this | view in chronology ]
Re: Innocuous troll.
Would you like to submit a ticket I'll be glad to assist.
[ link to this | view in chronology ]
Re: Innocuous comment.
Because of dumb shit like this. And you defending it makes you culpable. Just like that third party infringement you like to bandy around so much.
[ link to this | view in chronology ]
'On this week's episode of 'People Who Have No Self-Control'...'
The only reason you should be looking at porn at work, never mind that much porn, is if it's literally your job to do so.
Maybe you do graphic design for a porn studio, maybe you get paid to put people's raunchy ideas into visual format, unless your job is to look at/create porn during work I really can't think of any valid excuse to be checking that out while on the clock, and if you can't keep it in your pants long enough to get home then working outside of your home is probably not for you.
[ link to this | view in chronology ]
Re: 'On this week's episode of 'People Who Have No Self-Control'...'
Probably the worst government agency to flout the "keep it in your pants" rule was the US Secret Service. But there was apparently little interest in viewing porn because they spent so much of their time consorting with in-the-flesh prostitutes.
[ link to this | view in chronology ]
Re: Re: 'On this week's episode of 'People Who Have No Self-Control'...'
Isn't that how to make it to the top these days?
[ link to this | view in chronology ]
I wonder..
(if this was a laptop(LOL) whaty wasnt it encrypted? Protected?)
If this were a desktop..Does anyone understand WHY WE USE PROTECTION??
The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)
MANY, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..
Thru the net..
Or install them into a Local (PROTECTED)server to keep things CLEAN.
Anyone think OUR GOV. hasnt figured out how to protect THEIR SYSTEMS??
If the Corps have problems, THE GOV. is 20 years behind.. There are ways to fix this, BUT THEY KEEP FIRING THE TECH CZARS, that want to FIX THINGS..(or they Quit, because no one wants change)
[ link to this | view in chronology ]
Re: I wonder..
Seriously - No insult intended, but the english translation is unbreakable - Sorry!!
[ link to this | view in chronology ]
Re: Re: I wonder..
(if this was a laptop(LOL) why wasn't it encrypted? Protected?)
If this were a desktop..Does anyone understand Why we use protection??
The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)
Many, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..Thru the net Or install them into a Local (PROTECTED)server to keep things Clean/protected.
Anyone think Our governemnt hasn't figured out how to protect Their systemsS??
If the Corps have problems The Gov is over 20 years behind.. There are ways to fix this, But they keep firing the Tech Czars and Tech people that want to Fix things..(or they Quit, because no one wants change).
Who here thinks the IRS is up to the recent tech abilities? We have advertisers and credit agencies that can track Everyone of us.. but the Governemnt still has problems trying to get the corps to pay taxes.
[ link to this | view in chronology ]
With a few exceptions isn't it against every organization's policy to use the company's Internet access for non-work-related purposes? That said, it's probably true that the majority of employees do make personal use of the company's Internet access (non-porn-related). Wasting taxpayer dollars makes it worse, but having such bad security on govt. networks and systems is just plain stupid (of the govt. agency/dept. in question).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The government has smart people that can defend their networks and themselves. They are found in research labs and on classified projects. Also on classified systems more effort is taken to protect the system.
But the government is cheap, they won't pay a very competitive rate to get the best and brightest to handle regular IT work. If you look on usajobs.gov you will find low paying positions. Good IT people stick to industry because they can easily make more money and avoid the bureaucratic red tape government employees must deal with.
[ link to this | view in chronology ]
Re: Re:
However it doesn't matter how well you secure a network a user that doesn't follow policy will find a way to compromise your network/system either through malice or stupidity.
[ link to this | view in chronology ]
Re: Re:
Some government employees are smarter and some are dumber than others. Government managers tend to view the dumber ones as making for better underlings.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I guess it just makes sense that government knows nothing about computer security when one looks at the lacking response to data breaches.
[ link to this | view in chronology ]
EROS Imaging
A) What are they imaging?
B) Is this real news or an onionesque parody?
[ link to this | view in chronology ]
Re: EROS Imaging
B) The former, serving as yet another example of the saying 'fact is often stranger than fiction.'
[ link to this | view in chronology ]
Doesn't this guy have work to do?
If this guy is at an office, doesn't he have work to do? Obviously, he doesn't, so why doesn't he have any work? And is he missing any project deadlines? What is his manager doing to make sure he actually gets his work done?
Does the agency need to fire the manager and his manager for not keeping a better eye on their employees?
[ link to this | view in chronology ]
Re: Doesn't this guy have work to do?
For someone in that position, browsing the Internet during the "wait" periods of your duty shift isn't unreasonable, as long as you drop it and respond appropriately whenever something that matches your job responsibilities does come along. In the vast majority of such cases, however, that "not unreasonable" does not extend to browsing porn.
[ link to this | view in chronology ]
[ link to this | view in chronology ]