Federal investigators traced a malware infection at the U.S. Geological Survey (USGS) to an employee's habit of viewing adult content. On 17 October, the Office of Inspector General (OIG) submitted a report in which it revealed its discovery of suspicious internet traffic during an IT security audit of the USGS computer network. The OIG specifically found that malware had compromised and infected the computer of an USGS employee, whose name has been redacted. This led investigators to dig deeper to figure out what had happened. Here's what they found:
Our digital forensic examination revealed that [redacted] had an extensive history of visiting adult pornography websites. Many of the 9,000 web pages [redacted] visited routed through websites that originated in Russia and contained malware.
According to the OIG, the employee saved images from those websites to an unauthorized USB device and their personal Android device connected to their government-issued laptop. The malware subsequently compromised the laptop and "exploited the USGS' network." It also infected the Android device.
The OIG found that the employee had received required IT security training from USGS on an annual basis. They also confirmed that the employee had agreed to the Rules of Behavior upon several instances in the past. Summarizing its findings, the OIG concluded that two vulnerabilities, website access and open USB ports, had allowed the malware infection to occur. It specified that the USGS could address these weaknesses by deploying a security policy that prevents the use of unauthorized USB devices on all employee computers. It also advised the government entity to implement a blacklist of known rogue URLs, including those which resolve to adult websites, and to monitor employees' web usage histories. The OIG's guidance underscores some of the actions that organizations in the federal government should take to meet evolving compliance requirements and defend their networks against digital attackers. For comprehensive protection, these agencies should consider investing in a solution that combines system integrity monitoring and other foundational security controls. Learn how Tripwire can help.
