In an Inspector General (IG) report released Nov. 20, the Department of the Interior got taken to task for allowing an employee to visit 9,000 pornographic websites in under seven months. This is the IG second report chastising the department for an employee viewing porn on agency time and technology.
While viewing porn at work likely hinders productivity, the IG’s real concern is cybersecurity.
In this instance, a U.S. Geological Survey (USGS) employee–who retired a day before he was to be terminated–knowingly used Federal computer systems to access unauthorized pornography websites. The IG found that those websites hosted malware, which downloaded to the employee’s government laptop. “The malware then exploited USGS’ system; it introduced additional malicious code, reduced the Department’s ability to monitor exploits, introduced a covert channel program, and automatically connected to malicious websites in Russia,” the report explained. However, the IG did not find evidence that the USGS employee intentionally downloaded malware, nor was there evidence of data exfiltration.
During the IG’s investigation, the employee confessed to “routinely visiting adult pornography websites for many years, using his USGS-issued laptop.” However, that activity went undetected. The IG confirmed that “between September 26, 2016 and March 13, 2017, the employee’s user profile accessed more than 9,000 web pages containing adult pornography…Many of those web pages routed through websites that originated in Russia and contain malware.”
Additionally, the IG discovered that the employee introduced unauthorized devices into USGS system because its analysis “confirmed that many of the pornographic images were subsequently saved to an unauthorized USB device and personal Android cell phone connected to the employee’s government-issued computer.”
The IG report noted that the Department of the Interior and USGS’ rules ban this type of behavior and they confirmed that the employee in question received required IT security training. Additionally, his computer had an acceptable use warning banner installed on his government laptop that “prompts the user to acknowledge the warning at the time of each login for the system to fully boot and become functional.”