A Volatile Combination: Online Pornography and Government Computers

Remember the federal employee whose web surfing habits infected his agency’s network with malware? A new IG report has more details of how it all happened.

It turns out there are more details behind the investigation of the federal employee who infected his agency’s computer network with malware by viewing pornography on his government computer. As Paul Harvey used to say, “Here’s the rest of the story.”

The story takes place at the U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD where an unnamed federal employee singlehandedly infected the agency’s network with malware.

Something’s Not Right

According to the revised report released by the Department of Interior (DOI) Inspector General, suspicious network traffic was discovered when a DOI server was making requests to a .su (Soviet Union) IP address, apparently coming from an EROS laptop with malware, some of which automatically connected to multiple servers for approximately 11 months, including sites hosting pornography and sites in the .ru (Russia) domain. This was particularly disconcerting because the agency houses classified information, but the good news is that the investigators found no evidence that classified material was leaked in the process.

The IG described what its investigation subsequently revealed:

We confirmed that between September 26, 2016 and March 13, 2017, the employee’s user profile accessed more than 9,000 web pages containing adult pornography. Most of those web pages contained multiple pornographic images per page. Many of those web pages routed through websites that originated in Russia and contain malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to the employee’s Government-issued computer.

This activity is what caused the malware to get onto the agency’s network. The employee’s personal cell phone that he connected to the computer was also infected with malware, although the IG said about the cell phone, “[W]e could not determine whether that occurred through his downloading of unauthorized images from his work computer, or from another source, such as his home computer.”

The employee admitted that he routinely accessed pornography websites on his government laptop for many years. But good news: the IG report noted that the employee also admitted he knew it was wrong to do so.

More good news: it likely wasn’t intentional. The IG report added, “[W]e found no evidence that the employee intended to infect Government systems with malware, or that he knew it was there, either through the website downloads or the connection of unauthorized USB devices.”

The Now Former Federal Employee

The IG report stated that the employee broke at least two agency rules: using DOI systems for illegal or inappropriate activities, explicitly including the viewing or distribution of pornography (Rule 6) and refraining from connecting personal devices, such as USB drives and cell phones, to Government-issued computers or networks (Rule 9).

According to the report, the employee retired from USGS on November 25, 2017, one day before he was scheduled to be fired.

DOI IG: IT Security Incident at USGS Facility

About the Author

Ian Smith is one of the co-founders of FedSmith.com. He has over 20 years of combined experience in media and government services, having worked at two government contracting firms and an online news and web development company prior to his current role at FedSmith.