Employee Watching Porn At Work Infected US Government Agency's Network

from the inside-[hand]job dept

Watching porn at work is a federal government tradition. Federal employees from agencies like the EPA, SEC, and FCC have been caught watching porn enough times, a Congressional rep actually thought a new law was needed to stop it. The bill was redundant. All federal agencies forbid the use of work computers to watch porn but that hasn’t stopped these stories from surfacing with disturbing frequency.

At a certain point, porn-watching at work endangers a person’s job. At other points before that, it endangers the employer itself. Zack Whittaker of TechCrunch dug up a Dept. of the Interior Inspector General’s report [PDF] indicating a porn-watching employee inadvertently tried to the take the agency down from the inside.

A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.

The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.

The official version — with redactions — provides a few more details. Loooooots of porn-watching going on here:

We found that [redacted] knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware. The malware was downloaded to [redacted’s] Government laptop, which then exploited the USGS ‘ network. Our digital forensic examination revealed that- had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to [redacted’s] Government-issued computer. We found that [redacted’s] personal cell phone was also infected with malware.

Like everywhere else this has happened, the DOI expressly forbids the use of work computers for porn viewing. It also makes employees sign a form stating that they understand what’s forbidden and what can happen to them if they violate these policies. It’s apparently not much of a deterrent. The report doesn’t say what happened to [redacted] — only that this employee admitted they were familiar with the policies they violated.

DOI also forbids connecting personal devices to work computers. That policy isn’t being enforced either, apparently. If the DOI isn’t actively monitoring work computers for these two violations, it really can’t lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Employee Watching Porn At Work Infected US Government Agency's Network”

Subscribe: RSS Leave a comment
45 Comments
Anonymous Coward says:

If the DOI isn’t actively monitoring work computers for these two violations, it really can’t lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.

While the pornographic aspect of this makes for good headlines, it’s not particularly relevant to the security threat. They could just as easily have been infected while reading geological news, if an attacker bought some ads on those sites, because the government mostly runs the same insecure software as everyone else. There’s supposed to be a branch of the NSA that protects against stuff like this…

Anonymous Coward says:

Re: Re: Re:

thats not really necessary any more.

Just get accused of CP and you are doomed. The government can find anything they want on your computers to put you in jail if they really want to.

I mean, do you expect a judge to take the governments side or your side when you tell them you are being framed? Good luck because it’s a guilty until proven innocent world. I don’t think it really has ever been anything but that.

The Wanderer (profile) says:

Re: Re: Re: Truly, the best humor is the inadvertent kind

Well, to be fair, the phrasing leaves it open to be (and I would suspect the more likely interpretation of what he’s saying is) that he tried to comment there once, it got filtered/blocked, he tried another 11 times with and/or without variations, every single one of them got blocked, then he tried here and it went through on the first try.

There might still be legitimate reasons for the comment in the other place being blocked, without invoking the “manual realtime moderation” model he seems to be assuming, but that’s at least not the same thing as “obviously, posting too many comments too quickly is going to result in them being blocked as probable spam”.

That One Guy (profile) says:

'On this week's episode of 'People Who Have No Self-Control'...'

The only reason you should be looking at porn at work, never mind that much porn, is if it’s literally your job to do so.

Maybe you do graphic design for a porn studio, maybe you get paid to put people’s raunchy ideas into visual format, unless your job is to look at/create porn during work I really can’t think of any valid excuse to be checking that out while on the clock, and if you can’t keep it in your pants long enough to get home then working outside of your home is probably not for you.

Anonymous Coward says:

Re: 'On this week's episode of 'People Who Have No Self-Control'...'

Probably the worst government agency to flout the "keep it in your pants" rule was the US Secret Service. But there was apparently little interest in viewing porn because they spent so much of their time consorting with in-the-flesh prostitutes.

ECA (profile) says:

I wonder..

Anyone know what a LOCKED DOWN SYSTEM IS??
(if this was a laptop(LOL) whaty wasnt it encrypted? Protected?)
If this were a desktop..Does anyone understand WHY WE USE PROTECTION??

The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)

MANY, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..
Thru the net..
Or install them into a Local (PROTECTED)server to keep things CLEAN.

Anyone think OUR GOV. hasnt figured out how to protect THEIR SYSTEMS??
If the Corps have problems, THE GOV. is 20 years behind.. There are ways to fix this, BUT THEY KEEP FIRING THE TECH CZARS, that want to FIX THINGS..(or they Quit, because no one wants change)

ECA (profile) says:

Re: Re: I wonder..

Anyone know what a Locked down system isS??
(if this was a laptop(LOL) why wasn’t it encrypted? Protected?)
If this were a desktop..Does anyone understand Why we use protection??

The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)

Many, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..Thru the net Or install them into a Local (PROTECTED)server to keep things Clean/protected.

Anyone think Our governemnt hasn’t figured out how to protect Their systemsS??
If the Corps have problems The Gov is over 20 years behind.. There are ways to fix this, But they keep firing the Tech Czars and Tech people that want to Fix things..(or they Quit, because no one wants change).

Who here thinks the IRS is up to the recent tech abilities? We have advertisers and credit agencies that can track Everyone of us.. but the Governemnt still has problems trying to get the corps to pay taxes.

Glenn says:

9,000 pages? So… that’s, like, about a couple month’s worth of typical viewing (as in, not really all that much for the typical person who flits around willy-nilly from page to page to page).

With a few exceptions isn’t it against every organization’s policy to use the company’s Internet access for non-work-related purposes? That said, it’s probably true that the majority of employees do make personal use of the company’s Internet access (non-porn-related). Wasting taxpayer dollars makes it worse, but having such bad security on govt. networks and systems is just plain stupid (of the govt. agency/dept. in question).

bob says:

Re: Re:

Yes they should. But there is a big difference between should and working within the constraints of reality.

The government has smart people that can defend their networks and themselves. They are found in research labs and on classified projects. Also on classified systems more effort is taken to protect the system.

But the government is cheap, they won’t pay a very competitive rate to get the best and brightest to handle regular IT work. If you look on usajobs.gov you will find low paying positions. Good IT people stick to industry because they can easily make more money and avoid the bureaucratic red tape government employees must deal with.

Anonymous Anonymous Coward (profile) says:

Re: Re:

The way to go is to have two networks. One Internet connected for whatever uses that might have in either government or company related work, and another non Internet connected network that does the companies or goverments business. Then, if something needs to be trasfered from one to the other an isolated machine that iterogates whateveris to be transfered and once deemed OK allows that transfer, possibly by moving it to a fourth machine that looks for the OK code before allowing it to be moved on. 100% reliable, probably not, but certainly a higher percentage that they currently have. The cost would not be a lot different than they currently have, but it would be more.

John85851 (profile) says:

Doesn't this guy have work to do?

Let’s back up a minute and look at the root cause. Why in the world is *anyone* looking at 9,000 pages on the internet, whether that’s porn or a news site?
If this guy is at an office, doesn’t he have work to do? Obviously, he doesn’t, so why doesn’t he have any work? And is he missing any project deadlines? What is his manager doing to make sure he actually gets his work done?
Does the agency need to fire the manager and his manager for not keeping a better eye on their employees?

The Wanderer (profile) says:

Re: Doesn't this guy have work to do?

For all we know, he might have had a job which boiled down to “wait for someone to need service, then provide it”. That covers everything from “customer-service-desk representative” through “helpdesk phone technician” and “tollbooth attendant” to “back-office camera-watching security guard” (at least for cases where there’s rarely any traffic past the cameras), and probably quite a few other things along the way.

For someone in that position, browsing the Internet during the “wait” periods of your duty shift isn’t unreasonable, as long as you drop it and respond appropriately whenever something that matches your job responsibilities does come along. In the vast majority of such cases, however, that “not unreasonable” does not extend to browsing porn.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...