An employee at the U.S. Geological Survey (USGS) infected his agency’s network with Russian malware delivered via adult websites.
The Office of Inspector General initiated an investigation into suspicious internet traffic at the agency’s Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD when they found an employee visited some 9,000 pornographic webpages on the agency’s network, Matthew T. Elliott Assistant Inspector General for Investigations said in a letter to the USGS.
Many of these sites were routed through Russian servers and the malware infected the network when the employee downloaded these images to an unauthorized USB device and personal Android cell phone he eventually connected to a government-issued computer which subsequently infected the network.
The investigation also revealed two vulnerabilities in the USGS’ IT security posture which included website access and open USB ports.
“We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history,” Elliot said. “Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems.”
The Inspector General’s Office also recommended the agency ban the use of unauthorized USB devices on all employee computers.