Malware infection at USGS was found to be related to employee's interest in adult websites
After discovering malware infection in the U.S Geological Survey computer network, researchers found that it was caused by a federal employee's habit of viewing adult content. According to the official report, the anonymous person used the work computer to visit more than 9000 pornographic websites. Many of them were Russian-based and contained malware which, after getting into the system, managed to spread thru the entire USGS network.
In addition to the infected network, an unnamed employee infected the Android phone. After downloading the pornographic content to the device, the suspect connected it to the computer which was government-issued and let the malware to the network.
The Office of Inspector General and the Assistant Inspector General for Investigations, Matthew T. Elliott, the one who implemented the audit, has recommended USGS enforcing strong policies about insecure domains and monitoring workers Internet activity. The inspector also stated that using unauthorized USB devices and personal phones should be restricted.
The report reads the following:
An ongoing effort to detect and block known pornographic websites, and websites with suspicious origins, will likely enhance preventive countermeasures.
We further recommend that USGS employ an IT security policy that would prevent the use of unauthorized USB devices on all employee computers.
Russian malware noticed due to suspicious Internet traffic
As the official report is stating, investigation on malware was started right after the suspicious Internet traffic was discovered from the specific computer that belongs to the unnamed employee. The device was found to be compromised, what led to malware attacks on the whole network of the U.S Geological Survey.
The official statement reads:
We found that – knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware. The malware was downloaded to – Government laptop, which then exploited the USGS ' network. Our digital forensic examination revealed that – had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages – visited routed through websites that originated in Russia and contained malware.
The investigation helped identify more vulnerabilities
The investigation has also revealed other vulnerabilities in the U.S Geological Survey IT sector. The main issues indicated by the investigators were open USB ports and website access. Additionally, the Office of Investigations noted that malware is developed with the goal of stealing confidential information and disabling computer systems.
The official statement was dedicated to William H. Werkheiser, Acting Director of U.S Geological Survey. At the end of this document, the Office of Inspector General asked USGS office to provide a response in 90 days regarding their plan for the future.
Further on their report, researchers gave recommendations for the institution as all of these events could have been avoided:
Common methods to prevent malware incidents involve a combination of employee training (Rules of Behavior) and access controls (hardware and software technologies).
This isn't the first time when federal employees have been found browsing malicious content in their workplace. Last year, TV news station reported about the issue with 100 federal workers who were watching pornography for an extended period during their workdays. Many employees admitted spending more than 6 hours a day viewing images and videos or even downloading adult content on their work devices.