Employee Watching Porn At Work Infected US Government Agency's Network
from the inside-[hand]job dept
Watching porn at work is a federal government tradition. Federal employees from agencies like the EPA, SEC, and FCC have been caught watching porn enough times, a Congressional rep actually thought a new law was needed to stop it. The bill was redundant. All federal agencies forbid the use of work computers to watch porn but that hasn’t stopped these stories from surfacing with disturbing frequency.
At a certain point, porn-watching at work endangers a person’s job. At other points before that, it endangers the employer itself. Zack Whittaker of TechCrunch dug up a Dept. of the Interior Inspector General’s report [PDF] indicating a porn-watching employee inadvertently tried to the take the agency down from the inside.
A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.
The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.
The official version — with redactions — provides a few more details. Loooooots of porn-watching going on here:
We found that [redacted] knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware. The malware was downloaded to [redacted’s] Government laptop, which then exploited the USGS ‘ network. Our digital forensic examination revealed that- had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to [redacted’s] Government-issued computer. We found that [redacted’s] personal cell phone was also infected with malware.
Like everywhere else this has happened, the DOI expressly forbids the use of work computers for porn viewing. It also makes employees sign a form stating that they understand what’s forbidden and what can happen to them if they violate these policies. It’s apparently not much of a deterrent. The report doesn’t say what happened to [redacted] — only that this employee admitted they were familiar with the policies they violated.
DOI also forbids connecting personal devices to work computers. That policy isn’t being enforced either, apparently. If the DOI isn’t actively monitoring work computers for these two violations, it really can’t lay all the blame for the malware infection on its unofficial porn hub. Proactive measures are far more useful than post-infection policy patches.
Filed Under: department of the interior, government, malware, porn
Comments on “Employee Watching Porn At Work Infected US Government Agency's Network”
Prawns
Surprisingly there is more malware on the MSN homepage than most port sites these days. Apparently keeping a porn business running means keeping your customers safe.
And yes, MSN is almost guaranteed to serve malicious code via the inline advertisements. Because Microsoft has no inventive to clean that up….
Re: Prawns
If Congress ever does pass a hack-back law, it’d be hilarious for MSN to be taken down by a hack-back because they served someone malware in an ad.
Re: Prawns
that is why having an ad blocker is a necessary evil.
Congress needs to crack down on advertisers who put malware in their ads.
He/She was just trying to learn how to fuck people like their .gov bosses do for a living… just one of the stages of being a federal employee.
Well, of course. Now, if he worked at the Chaste Center, this would be news. But Eros? That’s just asking for it.
Re: Re:
Port at the Eros Center? Yeah, gotta go with nominative determinism on this one.
Re: EROS?
Yes, the geologists only go to the EROS Centre to get their rocks off. 🙂
Re: Re: EROS?
Presumably EROS is full of "hard rock geologists" (as it’s known in the business).
Re: Re: EROS?
Which is unfortunate, because it leads them to take their cybersecurity for granite.
Silly Gubmint. Porn is for adults!
While the pornographic aspect of this makes for good headlines, it’s not particularly relevant to the security threat. They could just as easily have been infected while reading geological news, if an attacker bought some ads on those sites, because the government mostly runs the same insecure software as everyone else. There’s supposed to be a branch of the NSA that protects against stuff like this…
Re: Porn Ads
Porn site’s operators can’t be very picky with ads because so few companies want to be associated with porn. Other sites can be more discerning of the ads they put up.
Re: Re: Porn Ads
Are the ad networks how malware’s getting into porn sites? I might expect people are just hacking the sites, as can be done with most sites that lack dedicated network/security people. Major sites have those people, but even legitimate but obscure sites will not—like, say, scientists’ sites.
Re: Re:
According to Edward Snowden, the NSA wanted people to view porn -and kept detailed records of their viewing habits- so they could be blackmailed over it.
https://twitter.com/Snowden/status/927931508177997826
Re: Re: Re:
thats not really necessary any more.
Just get accused of CP and you are doomed. The government can find anything they want on your computers to put you in jail if they really want to.
I mean, do you expect a judge to take the governments side or your side when you tell them you are being framed? Good luck because it’s a guilty until proven innocent world. I don’t think it really has ever been anything but that.
Re: Re: Re: Re:
You make it sound like judges are on the government payroll or something. Oh, wait…
Innocuous comment.
Because Techdirt is apparently okaying each comment on the distracted driving story…
Re: Innocuous comment.
YUP. A dozen tries to comment there didn’t get in, but no problem here, same browser session.
Re: Re: Innocuous comment.
Huh. Attempt to post all didn’t through here, so it’s the mighty Techdirt filter somehow… Don’t see any likely banned words… And of course Techdirt is a black box. And of course some fanboy will imagine "black box" is "dog-whistle" code…
Re: Re: Re: Innocuous comment.
…dude, why bother.
Re: Re: Re:2 Innocuous comment.
Because they are obsessed with the site and enjoy spinning wild and hilarious conspiracy theories to satisfy their martyr complex?
Re: Re: Innocuous comment.
Isn’t that the opposite of “okaying each comment”?
Re: Re: Truly, the best humor is the inadvertent kind
Admit to spamming a dozen comments.
Act surprised to be caught in the spam filter.
Re: Re: Re: Truly, the best humor is the inadvertent kind
Well, to be fair, the phrasing leaves it open to be (and I would suspect the more likely interpretation of what he’s saying is) that he tried to comment there once, it got filtered/blocked, he tried another 11 times with and/or without variations, every single one of them got blocked, then he tried here and it went through on the first try.
There might still be legitimate reasons for the comment in the other place being blocked, without invoking the “manual realtime moderation” model he seems to be assuming, but that’s at least not the same thing as “obviously, posting too many comments too quickly is going to result in them being blocked as probable spam”.
Re: Innocuous troll.
Maybe because you don’t know how to use a computer? Don’t know how to use the english language? Don’t know what Common Law ACTUALLY is??
Would you like to submit a ticket I’ll be glad to assist.
Re: Innocuous comment.
Want to know why regular posters here don’t trust the government with their data like you do, blue?
Because of dumb shit like this. And you defending it makes you culpable. Just like that third party infringement you like to bandy around so much.
'On this week's episode of 'People Who Have No Self-Control'...'
The only reason you should be looking at porn at work, never mind that much porn, is if it’s literally your job to do so.
Maybe you do graphic design for a porn studio, maybe you get paid to put people’s raunchy ideas into visual format, unless your job is to look at/create porn during work I really can’t think of any valid excuse to be checking that out while on the clock, and if you can’t keep it in your pants long enough to get home then working outside of your home is probably not for you.
Re: 'On this week's episode of 'People Who Have No Self-Control'...'
Probably the worst government agency to flout the "keep it in your pants" rule was the US Secret Service. But there was apparently little interest in viewing porn because they spent so much of their time consorting with in-the-flesh prostitutes.
Re: Re: 'On this week's episode of 'People Who Have No Self-Control'...'
Isn’t that how to make it to the top these days?
I wonder..
Anyone know what a LOCKED DOWN SYSTEM IS??
(if this was a laptop(LOL) whaty wasnt it encrypted? Protected?)
If this were a desktop..Does anyone understand WHY WE USE PROTECTION??
The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)
MANY, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..
Thru the net..
Or install them into a Local (PROTECTED)server to keep things CLEAN.
Anyone think OUR GOV. hasnt figured out how to protect THEIR SYSTEMS??
If the Corps have problems, THE GOV. is 20 years behind.. There are ways to fix this, BUT THEY KEEP FIRING THE TECH CZARS, that want to FIX THINGS..(or they Quit, because no one wants change)
Re: I wonder..
ECA, As alway I value your input but can’t decipher your posts.
Seriously – No insult intended, but the english translation is unbreakable – Sorry!!
Re: Re: I wonder..
Anyone know what a Locked down system isS??
(if this was a laptop(LOL) why wasn’t it encrypted? Protected?)
If this were a desktop..Does anyone understand Why we use protection??
The internet is Like the best looking hooker you have ever seen, and she will do anything/anyway you wish..And she is CHEAP.. (and yo better be wearing 2-3 condoms and take a sterilizing shower after)
Many, corps and agencies.. Let people play a few internet games and do other things to distract themselves, While working..
There are 2 ways to do this..Thru the net Or install them into a Local (PROTECTED)server to keep things Clean/protected.
Anyone think Our governemnt hasn’t figured out how to protect Their systemsS??
If the Corps have problems The Gov is over 20 years behind.. There are ways to fix this, But they keep firing the Tech Czars and Tech people that want to Fix things..(or they Quit, because no one wants change).
Who here thinks the IRS is up to the recent tech abilities? We have advertisers and credit agencies that can track Everyone of us.. but the Governemnt still has problems trying to get the corps to pay taxes.
9,000 pages? So… that’s, like, about a couple month’s worth of typical viewing (as in, not really all that much for the typical person who flits around willy-nilly from page to page to page).
With a few exceptions isn’t it against every organization’s policy to use the company’s Internet access for non-work-related purposes? That said, it’s probably true that the majority of employees do make personal use of the company’s Internet access (non-porn-related). Wasting taxpayer dollars makes it worse, but having such bad security on govt. networks and systems is just plain stupid (of the govt. agency/dept. in question).
The problem is malware-infected ads, and you don’t have to watch porn to get it. All office networks should block all ads at the router level, and all offices computers should have an ad blocker on them.
Re: Re:
Yes they should. But there is a big difference between should and working within the constraints of reality.
The government has smart people that can defend their networks and themselves. They are found in research labs and on classified projects. Also on classified systems more effort is taken to protect the system.
But the government is cheap, they won’t pay a very competitive rate to get the best and brightest to handle regular IT work. If you look on usajobs.gov you will find low paying positions. Good IT people stick to industry because they can easily make more money and avoid the bureaucratic red tape government employees must deal with.
Re: Re: Re:
Forgot to add you can see the difference between classified and unclassified in the regulations.
However it doesn’t matter how well you secure a network a user that doesn’t follow policy will find a way to compromise your network/system either through malice or stupidity.
Re: Re: Re:
Some government employees are smarter and some are dumber than others. Government managers tend to view the dumber ones as making for better underlings.
Re: Re:
The way to go is to have two networks. One Internet connected for whatever uses that might have in either government or company related work, and another non Internet connected network that does the companies or goverments business. Then, if something needs to be trasfered from one to the other an isolated machine that iterogates whateveris to be transfered and once deemed OK allows that transfer, possibly by moving it to a fourth machine that looks for the OK code before allowing it to be moved on. 100% reliable, probably not, but certainly a higher percentage that they currently have. The cost would not be a lot different than they currently have, but it would be more.
Not kink-shaming but what kind of esoteric stuff are you into that you have to go to shady Russian sites to get it? Most people can just go to Pornhub and get what they need…
Re: Re:
The filterwall probably was updated to block pornhub & not being the bestest and brightest just kept looking for places to feed the pron that were reachable.
I guess it just makes sense that government knows nothing about computer security when one looks at the lacking response to data breaches.
EROS Imaging
“…the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware…”
A) What are they imaging?
B) Is this real news or an onionesque parody?
Re: EROS Imaging
A) Lot and lots of porn apparently.
B) The former, serving as yet another example of the saying ‘fact is often stranger than fiction.’
Doesn't this guy have work to do?
Let’s back up a minute and look at the root cause. Why in the world is *anyone* looking at 9,000 pages on the internet, whether that’s porn or a news site?
If this guy is at an office, doesn’t he have work to do? Obviously, he doesn’t, so why doesn’t he have any work? And is he missing any project deadlines? What is his manager doing to make sure he actually gets his work done?
Does the agency need to fire the manager and his manager for not keeping a better eye on their employees?
Re: Doesn't this guy have work to do?
For all we know, he might have had a job which boiled down to “wait for someone to need service, then provide it”. That covers everything from “customer-service-desk representative” through “helpdesk phone technician” and “tollbooth attendant” to “back-office camera-watching security guard” (at least for cases where there’s rarely any traffic past the cameras), and probably quite a few other things along the way.
For someone in that position, browsing the Internet during the “wait” periods of your duty shift isn’t unreasonable, as long as you drop it and respond appropriately whenever something that matches your job responsibilities does come along. In the vast majority of such cases, however, that “not unreasonable” does not extend to browsing porn.
Any workplace network should have ad blockers on all their computers, so that if someone does get past the filters and watch porn, the ads still not be loaded.