Govt Employee Risked National Security With Heavy Porn Surfing

About three years ago, a United States computer network within the Department of the Interior was hit with a serious security breach that culminated in hackers stealing sensitive personal information on 22 million federal employees, in one of the largest cyber attacks that U.S. government networks have ever suffered, as the Federal News Network reported.

Last week, the Interior Department’s inspector general issued a report—an updated version of a report the IG produced earlier this year—showing that despite the catastrophic breach, the department’s computer security protocols were still riddled with holes.

In one significant instance, the IG investigated a high volume of “suspicious internet traffic” running through a computer network operated by the U.S. Geological Survey. The investigation found that the network was infected with malware, that is, “malicious software” that secretly downloads itself onto a users computer, often granting hackers access to that computer and the entire network connected to it.

The malware, according to the IG’s report, came from a single employee who had been habitually using his government issued computer to surf online porn sites—accessing about 9,000 separate pages. As AVN.com reported earlier this year, porn consumers need to take extra security precautions, because malware continues to permeate online porn web pages. In fact, almost half of all porn surfers have been exposed to a type of malware that automatically extracts small payments from a user’s bank account.

Much of the malware inadvertently downloaded by the employee, who no longer works at the department, came from Russian servers linked to the porn sites, the report said.

According to a summery of the IG report by the site NextGov.com, “Many of the prohibited pages were linked to Russian websites containing malware, which was ultimately downloaded to the employee’s computer and used to infiltrate USGS networks, auditors found. The investigation found the employee saved much of the pornographic material on an unauthorized USB drive and personal Android cellphone, both of which were connected to their computer against agency protocols.”

The agency also bars employees from accessing porn from their work computers, a provision that the employee had agreed to long before the security breach, NextGov reported. As part of the IG report’s recommendations, government agencies should take stronger measures to block porn sites as a “preventive countermeasure” against further malware infiltrations.

The IG’s report did not blame porn alone for the security breach, however, primarily laying responsibility at the foot of the Interior Department’s lax approach to cyber security, noting that the department’s “incident response program was not capable of detecting some of the most basic threats from inside the enterprise network. Without detecting these threats, the OCIO could not contain them in a timely manner, which left compromised systems on the network for months at a time.”

Photo By Nara.nra28 / Wikimedia Commons