The employee infected a government network, in addition to some devices
Cybersecurity and digital forensics researchers found that a US government network had been infected with malware by a civil servant and his “extensive background” of pornography consumption on his office computer.
An audit conducted by the US Department of the Interior’s inspector general found that a US Geological Service (USGS) network at the Earth Resource Observation and Science Center (EROS), an installation of satellite images in South Dakota, was infected with malware after an unidentified employee visited thousands of pornographic sites hosting the malicious content, which was downloaded and installed on his job laptop, thanks to which it extended to the USGS network”.
Digital forensics investigators discovered that many of the pornographic images were subsequently stored in an unauthorized USB device and on a personal cell phone with an Android operative system”, which was connected to the computer owned by the US government. In addition to the USGS network, the employee’s phone in question was also infected with malware.
These findings were made public in a security report at the beginning of October, but were largely unnoticed, receiving almost no dissemination by the government.
“It is already undesirable that, at this stage, a government-controlled agency should remind its officials that it is forbidden to access this kind of content at work, especially on a government-owned computer”, considered the inspector general in charge of the investigation. The inspector general did not mention the measures that will be taken against the employee.
“The US Department of the Interior’s digital forensics team has identified two vulnerabilities in the USGS IT Security guidelines: access to websites and open USB ports”, the security report says.
There’s a positive side in this incident. “The EROS Center, which controls and archives images of the earth’s surface, does not operate any classified network”, said a spokesman of the inspector general of the Department in a statement, discarding any significant malicious activity against the networks of the government. The spokesman did not specify what type of malware was identified, only mentioning that “the malware found helps to enable data leaking and is also associated with some variants of ransomware”.
Digital forensics experts from the International Institute of Cyber Security consider that the best measure is for the USGS to impose a “blacklist” policy on unauthorized websites, as well as regularly monitor the web usage history of the employees. It is also recommended that the agency set limits on its USB-use policy, restricting employees to the use of removable media on government devices.
The USGS is in the process of evaluating new policies to strengthen the security of its networks.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.