Employee Watching Porn At Work Infected US Government Agency's Network

from the inside-[hand]job dept

Watching porn at work is a federal government tradition. Federal employees from agencies like the EPA, SEC, and FCC have been caught watching porn enough times, a Congressional rep actually thought a new law was needed to stop it. The bill was redundant. All federal agencies forbid the use of work computers to watch porn but that hasn't stopped these stories from surfacing with disturbing frequency.

At a certain point, porn-watching at work endangers a person's job. At other points before that, it endangers the employer itself. Zack Whittaker of TechCrunch dug up a Dept. of the Interior Inspector General's report [PDF] indicating a porn-watching employee inadvertently tried to the take the agency down from the inside.

A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.

The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.

The official version -- with redactions -- provides a few more details. Loooooots of porn-watching going on here:

We found that [redacted] knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware. The malware was downloaded to [redacted's] Government laptop, which then exploited the USGS ' network. Our digital forensic examination revealed that- had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to [redacted's] Government-issued computer. We found that [redacted's] personal cell phone was also infected with malware.

Like everywhere else this has happened, the DOI expressly forbids the use of work computers for porn viewing. It also makes employees sign a form stating that they understand what's forbidden and what can happen to them if they violate these policies. It's apparently not much of a deterrent. The report doesn't say what happened to [redacted] -- only that this employee admitted they were familiar with the policies they violated.

DOI also forbids connecting personal devices to work computers. That policy isn't being enforced either, apparently. If the DOI isn't actively monitoring work computers for these two violations, it really can't lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: department of the interior, government, malware, porn


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Gary (profile), 1 Nov 2018 @ 11:41am

    Prawns

    Surprisingly there is more malware on the MSN homepage than most port sites these days. Apparently keeping a porn business running means keeping your customers safe.
    And yes, MSN is almost guaranteed to serve malicious code via the inline advertisements. Because Microsoft has no inventive to clean that up....

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 1 Nov 2018 @ 12:11pm

    He/She was just trying to learn how to fuck people like their .gov bosses do for a living... just one of the stages of being a federal employee.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 1 Nov 2018 @ 12:12pm

    network at the EROS Center

    Well, of course. Now, if he worked at the Chaste Center, this would be news. But Eros? That's just asking for it.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 1 Nov 2018 @ 12:37pm

    Silly Gubmint. Porn is for adults!

    link to this | view in thread ]

  5. icon
    desertskunk (profile), 1 Nov 2018 @ 12:54pm

    Re:

    Port at the Eros Center? Yeah, gotta go with nominative determinism on this one.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:03pm

    If the DOI isn't actively monitoring work computers for these two violations, it really can't lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.

    While the pornographic aspect of this makes for good headlines, it's not particularly relevant to the security threat. They could just as easily have been infected while reading geological news, if an attacker bought some ads on those sites, because the government mostly runs the same insecure software as everyone else. There's supposed to be a branch of the NSA that protects against stuff like this...

    link to this | view in thread ]

  7. This comment has been flagged by the community. Click here to show it
    identicon
    N Nocuous, 1 Nov 2018 @ 1:06pm

    Innocuous comment.

    Because Techdirt is apparently okaying each comment on the distracted driving story...

    link to this | view in thread ]

  8. This comment has been flagged by the community. Click here to show it
    identicon
    N Nocuous, 1 Nov 2018 @ 1:07pm

    Re: Innocuous comment.

    YUP. A dozen tries to comment there didn't get in, but no problem here, same browser session.

    link to this | view in thread ]

  9. identicon
    carlb, 1 Nov 2018 @ 1:09pm

    Re: EROS?

    Yes, the geologists only go to the EROS Centre to get their rocks off. :)

    link to this | view in thread ]

  10. This comment has been flagged by the community. Click here to show it
    identicon
    N Nocuous, 1 Nov 2018 @ 1:11pm

    Re: Re: Innocuous comment.

    Huh. Attempt to post all didn't through here, so it's the mighty Techdirt filter somehow... Don't see any likely banned words... And of course Techdirt is a black box. And of course some fanboy will imagine "black box" is "dog-whistle" code...

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:19pm

    Re: Re: EROS?

    Presumably EROS is full of "hard rock geologists" (as it's known in the business).

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:19pm

    Re: Re: Innocuous comment.

    Isn't that the opposite of "okaying each comment"?

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:21pm

    Re: Re: Re: Innocuous comment.

    ...dude, why bother.

    link to this | view in thread ]

  14. icon
    That One Guy (profile), 1 Nov 2018 @ 1:21pm

    Truly, the best humor is the inadvertent kind

    Admit to spamming a dozen comments.

    Act surprised to be caught in the spam filter.

    link to this | view in thread ]

  15. icon
    Madd the Sane (profile), 1 Nov 2018 @ 1:22pm

    Porn Ads

    Porn site's operators can't be very picky with ads because so few companies want to be associated with porn. Other sites can be more discerning of the ads they put up.

    link to this | view in thread ]

  16. icon
    That One Guy (profile), 1 Nov 2018 @ 1:23pm

    Re: Re: Re: Re: Innocuous comment.

    Because they are obsessed with the site and enjoy spinning wild and hilarious conspiracy theories to satisfy their martyr complex?

    link to this | view in thread ]

  17. icon
    That One Guy (profile), 1 Nov 2018 @ 1:28pm

    'On this week's episode of 'People Who Have No Self-Control'...'

    The only reason you should be looking at porn at work, never mind that much porn, is if it's literally your job to do so.

    Maybe you do graphic design for a porn studio, maybe you get paid to put people's raunchy ideas into visual format, unless your job is to look at/create porn during work I really can't think of any valid excuse to be checking that out while on the clock, and if you can't keep it in your pants long enough to get home then working outside of your home is probably not for you.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:30pm

    Re:

    "There's supposed to be a branch of the NSA that protects against stuff like this"

    According to Edward Snowden, the NSA wanted people to view porn -and kept detailed records of their viewing habits- so they could be blackmailed over it.

    https://twitter.com/Snowden/status/927931508177997826

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:33pm

    Re: Re:

    thats not really necessary any more.

    Just get accused of CP and you are doomed. The government can find anything they want on your computers to put you in jail if they really want to.

    I mean, do you expect a judge to take the governments side or your side when you tell them you are being framed? Good luck because it's a guilty until proven innocent world. I don't think it really has ever been anything but that.

    link to this | view in thread ]

  20. icon
    Bergman (profile), 1 Nov 2018 @ 1:36pm

    Re: Prawns

    If Congress ever does pass a hack-back law, it'd be hilarious for MSN to be taken down by a hack-back because they served someone malware in an ad.

    link to this | view in thread ]

  21. icon
    ECA (profile), 1 Nov 2018 @ 1:41pm

    I wonder..

    Anyone know what a LOCKED DOWN SYSTEM IS??
    (if this was a laptop(LOL) whaty wasnt it encrypted? Protected?)
    If this were a desktop..Does anyone understand WHY WE USE PROTECTION??

    The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)

    MANY, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
    There are 2 ways to do this..
    Thru the net..
    Or install them into a Local (PROTECTED)server to keep things CLEAN.

    Anyone think OUR GOV. hasnt figured out how to protect THEIR SYSTEMS??
    If the Corps have problems, THE GOV. is 20 years behind.. There are ways to fix this, BUT THEY KEEP FIRING THE TECH CZARS, that want to FIX THINGS..(or they Quit, because no one wants change)

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 1 Nov 2018 @ 1:43pm

    Re: 'On this week's episode of 'People Who Have No Self-Control'...'

    Probably the worst government agency to flout the "keep it in your pants" rule was the US Secret Service. But there was apparently little interest in viewing porn because they spent so much of their time consorting with in-the-flesh prostitutes.

    link to this | view in thread ]

  23. identicon
    Glenn, 1 Nov 2018 @ 2:12pm

    9,000 pages? So... that's, like, about a couple month's worth of typical viewing (as in, not really all that much for the typical person who flits around willy-nilly from page to page to page).

    With a few exceptions isn't it against every organization's policy to use the company's Internet access for non-work-related purposes? That said, it's probably true that the majority of employees do make personal use of the company's Internet access (non-porn-related). Wasting taxpayer dollars makes it worse, but having such bad security on govt. networks and systems is just plain stupid (of the govt. agency/dept. in question).

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 1 Nov 2018 @ 2:23pm

    Re: Porn Ads

    Are the ad networks how malware's getting into porn sites? I might expect people are just hacking the sites, as can be done with most sites that lack dedicated network/security people. Major sites have those people, but even legitimate but obscure sites will not—like, say, scientists' sites.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 1 Nov 2018 @ 2:40pm

    The problem is malware-infected ads, and you don't have to watch porn to get it. All office networks should block all ads at the router level, and all offices computers should have an ad blocker on them.

    link to this | view in thread ]

  26. identicon
    bob, 1 Nov 2018 @ 2:57pm

    Re:

    Yes they should. But there is a big difference between should and working within the constraints of reality.

    The government has smart people that can defend their networks and themselves. They are found in research labs and on classified projects. Also on classified systems more effort is taken to protect the system.

    But the government is cheap, they won't pay a very competitive rate to get the best and brightest to handle regular IT work. If you look on usajobs.gov you will find low paying positions. Good IT people stick to industry because they can easily make more money and avoid the bureaucratic red tape government employees must deal with.

    link to this | view in thread ]

  27. identicon
    bob, 1 Nov 2018 @ 3:05pm

    Re: Re:

    Forgot to add you can see the difference between classified and unclassified in the regulations.

    However it doesn't matter how well you secure a network a user that doesn't follow policy will find a way to compromise your network/system either through malice or stupidity.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 1 Nov 2018 @ 3:11pm

    Re: Re: Re:

    I mean, do you expect a judge to take the governments side or your side when you tell them you are being framed? Good luck because it's a guilty until proven innocent world.

    You make it sound like judges are on the government payroll or something. Oh, wait...

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 1 Nov 2018 @ 3:15pm

    Re: Re: 'On this week's episode of 'People Who Have No Self-Control'...'

    But there was apparently little interest in viewing porn because they spent so much of their time consorting with in-the-flesh prostitutes.

    Isn't that how to make it to the top these days?

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 1 Nov 2018 @ 3:22pm

    Re: Re:

    But the government is cheap, they won't pay a very competitive rate to get the best and brightest to handle regular IT work.

    Some government employees are smarter and some are dumber than others. Government managers tend to view the dumber ones as making for better underlings.

    link to this | view in thread ]

  31. icon
    Kaelis (profile), 1 Nov 2018 @ 4:37pm

    Not kink-shaming but what kind of esoteric stuff are you into that you have to go to shady Russian sites to get it? Most people can just go to Pornhub and get what they need...

    link to this | view in thread ]

  32. icon
    That Anonymous Coward (profile), 1 Nov 2018 @ 4:55pm

    Re:

    The filterwall probably was updated to block pornhub & not being the bestest and brightest just kept looking for places to feed the pron that were reachable.

    I guess it just makes sense that government knows nothing about computer security when one looks at the lacking response to data breaches.

    link to this | view in thread ]

  33. icon
    Anonymous Anonymous Coward (profile), 1 Nov 2018 @ 5:23pm

    Re:

    The way to go is to have two networks. One Internet connected for whatever uses that might have in either government or company related work, and another non Internet connected network that does the companies or goverments business. Then, if something needs to be trasfered from one to the other an isolated machine that iterogates whateveris to be transfered and once deemed OK allows that transfer, possibly by moving it to a fourth machine that looks for the OK code before allowing it to be moved on. 100% reliable, probably not, but certainly a higher percentage that they currently have. The cost would not be a lot different than they currently have, but it would be more.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 1 Nov 2018 @ 6:28pm

    Re: I wonder..

    ECA, As alway I value your input but can't decipher your posts.
    Seriously - No insult intended, but the english translation is unbreakable - Sorry!!

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 1 Nov 2018 @ 6:31pm

    Re: Innocuous troll.

    Maybe because you don't know how to use a computer? Don't know how to use the english language? Don't know what Common Law ACTUALLY is??

    Would you like to submit a ticket I'll be glad to assist.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 1 Nov 2018 @ 7:58pm

    Re: Innocuous comment.

    Want to know why regular posters here don't trust the government with their data like you do, blue?

    Because of dumb shit like this. And you defending it makes you culpable. Just like that third party infringement you like to bandy around so much.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 2 Nov 2018 @ 1:21am

    EROS Imaging

    "...the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware..."

    A) What are they imaging?
    B) Is this real news or an onionesque parody?

    link to this | view in thread ]

  38. icon
    That One Guy (profile), 2 Nov 2018 @ 1:29am

    Re: EROS Imaging

    A) Lot and lots of porn apparently.
    B) The former, serving as yet another example of the saying 'fact is often stranger than fiction.'

    link to this | view in thread ]

  39. identicon
    Bruce C., 2 Nov 2018 @ 5:35am

    Re: Re: EROS?

    Which is unfortunate, because it leads them to take their cybersecurity for granite.

    link to this | view in thread ]

  40. icon
    The Wanderer (profile), 2 Nov 2018 @ 8:36am

    Re: Truly, the best humor is the inadvertent kind

    Well, to be fair, the phrasing leaves it open to be (and I would suspect the more likely interpretation of what he's saying is) that he tried to comment there once, it got filtered/blocked, he tried another 11 times with and/or without variations, every single one of them got blocked, then he tried here and it went through on the first try.

    There might still be legitimate reasons for the comment in the other place being blocked, without invoking the "manual realtime moderation" model he seems to be assuming, but that's at least not the same thing as "obviously, posting too many comments too quickly is going to result in them being blocked as probable spam".

    link to this | view in thread ]

  41. icon
    ECA (profile), 2 Nov 2018 @ 12:55pm

    Re: Re: I wonder..

    Anyone know what a Locked down system isS??
    (if this was a laptop(LOL) why wasn't it encrypted? Protected?)
    If this were a desktop..Does anyone understand Why we use protection??

    The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)

    Many, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
    There are 2 ways to do this..Thru the net Or install them into a Local (PROTECTED)server to keep things Clean/protected.

    Anyone think Our governemnt hasn't figured out how to protect Their systemsS??
    If the Corps have problems The Gov is over 20 years behind.. There are ways to fix this, But they keep firing the Tech Czars and Tech people that want to Fix things..(or they Quit, because no one wants change).

    Who here thinks the IRS is up to the recent tech abilities? We have advertisers and credit agencies that can track Everyone of us.. but the Governemnt still has problems trying to get the corps to pay taxes.

    link to this | view in thread ]

  42. icon
    John85851 (profile), 2 Nov 2018 @ 1:03pm

    Doesn't this guy have work to do?

    Let's back up a minute and look at the root cause. Why in the world is *anyone* looking at 9,000 pages on the internet, whether that's porn or a news site?
    If this guy is at an office, doesn't he have work to do? Obviously, he doesn't, so why doesn't he have any work? And is he missing any project deadlines? What is his manager doing to make sure he actually gets his work done?
    Does the agency need to fire the manager and his manager for not keeping a better eye on their employees?

    link to this | view in thread ]

  43. icon
    The Wanderer (profile), 2 Nov 2018 @ 6:15pm

    Re: Doesn't this guy have work to do?

    For all we know, he might have had a job which boiled down to "wait for someone to need service, then provide it". That covers everything from "customer-service-desk representative" through "helpdesk phone technician" and "tollbooth attendant" to "back-office camera-watching security guard" (at least for cases where there's rarely any traffic past the cameras), and probably quite a few other things along the way.

    For someone in that position, browsing the Internet during the "wait" periods of your duty shift isn't unreasonable, as long as you drop it and respond appropriately whenever something that matches your job responsibilities does come along. In the vast majority of such cases, however, that "not unreasonable" does not extend to browsing porn.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 2 Nov 2018 @ 6:23pm

    Any workplace network should have ad blockers on all their computers, so that if someone does get past the filters and watch porn, the ads still not be loaded.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 2 Nov 2018 @ 6:26pm

    Re: Prawns

    that is why having an ad blocker is a necessary evil.

    Congress needs to crack down on advertisers who put malware in their ads.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.