A network-wide infection of Russian malware at the U.S. Geological Survey was traced back to a single employee’s viewing of pornographic content on the job.
In a study released by the U.S. Department of the Interior, the department’s security audit of “suspicious internet traffic” at a USGS facility in South Dakota was traced back to an unnamed employee with “an extensive history of visiting adult pornography websites” on a government-issued laptop, many of which were routed through Russia and contained malware. The malware itself then propagated to other computers on the USGS network.
The employee also downloaded some of the content to a USB drive and his cell phone, both of which were also infected with malware.
The U.S. Department of the Interior has rules in place forbidding visiting or distributing pornography, as well as from connecting USB drives and cell phones from government systems, and requires annual IT training for employees to sign statements to abide by its requirements, but in this instance had little in the way of countermeasures to prevent employees from doing so.
As part of this incident, the Office of Inspector General has recommended that the USGS more actively block adult websites and prevent usage of unauthorized USB devices.