The agency’s inspector general traced the malicious software to a single unnamed USGS employee, who reportedly used a government-issued computer to visit some 9,000 adult video sites, according to a report published on October 17.
Many of the prohibited pages were linked to Russian websites containing malware, which was ultimately downloaded to the employee’s computer and used to infiltrate USGS networks, auditors found. The investigation found the employee saved much of the pornographic material on an unauthorized USB drive and personal Android cellphone, both of which were connected to their computer against agency protocols. The employee’s cell phone was also infected with malware.
“Our digital forensic examination revealed that [the employee] had an extensive history of visiting adult pornography websites” that hosted malware, the IG wrote. “The malware was downloaded to [the employee’s] government laptop, which then exploited the USGS’ network.”
The department’s rules of behaviour explicitly prohibit employees from using government networks for viewing pornography and other inappropriate activities, and the IG found the employee had agreed to these rules “several years prior to detection.” The employee no longer works at the agency, OIG External Affairs Director Nancy DiPaolo told Nextgov.
Auditors recommended USGS more closely monitor employees’ web browsing and enforce blacklists of prohibited websites. They said proactively identifying and blocking adult websites “will likely enhance preventative countermeasures.”
They also advised the agency to strengthen its IT security policies to stop employees from connecting personal devices to government computers, which could propagate malware on federal networks. USGS guidelines currently prohibit employees from doing so, but the agency hasn’t disabled such connections on government-issued devices.
