A U.S. Interior Department network was infected with Russian malware because an employee downloaded 9,000 pages of pornography on his laptop, an Inspector General (IG) report reveals.
The IG investigation was launched when a routine internet security audit discovered “suspicious internet traffic” on a U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center network – from a Soviet Union IP address:
“The Office of Inspector General investigated suspicious internet traffic discovered during an IT security audit of the computer network at the U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD.
“The audit discovered a U.S. Department of the Interior (DOI) Domain Name Server (DNS) requesting a .SU (Soviet Union) IP address. Our initial log reviews indicated that an EROS employee’s laptop contained malware, some of which automatically connected to multiple servers for approximately 11 months, including sites hosting pornography and sites in the .RU (Russia) domain. Though the EROS Center houses classified information, we found no indication that classified material was released.”
The employee had downloaded more than 9,000 pages of pornography over a six-month period – which infected the network with the Russian malware - the IG probe discovered:
“Our investigation substantiated that the employee’s unauthorized activity introduced malware onto the network. The employee confessed to routinely visiting adult pornography websites for many years, using his USGS-issued laptop. The employee admitted that he knew it was wrong to view pornography on his Government computer.
“Our digital forensic examination revealed the employee’s extensive history of adult pornography surfing. We confirmed that between September 26, 2016 and March 13, 2017, the employee’s user profile accessed more than 9,000 web pages containing adult pornography. Most of those web pages contained multiple pornographic images per page.
“Many of those web pages routed through websites that originated in Russia and contain malware. Our analysis confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to the employee’s Government-issued computer.
“The digital forensic examination results also confirmed the presence of malware, which was introduced to the USGS network via the employee’s internet activity.”
Downloading 9,000 pages of pornography over a six-month period is equivalent to about 1,500 pages a month, or nearly 50 pages per day.
The employee (identified only as a GS-12 level worker) retired the day before he was to be fired, the IG report states:
“The employee retired from USGS on November 25, 2017, the day before his employment was to be terminated. We are providing this report to the Director of the USGS for any action deemed appropriate.”
GS-12 level federal workers earn between $73,375 and $95,388 a year, according to the U.S. Office of Personnel Management (OPM) pay scale for 2018.