Slashdot Mirror

← Back to Stories (view on slashdot.org)

Civil Servant Watching Porn At Work Blamed For Government Malware Outbreak (techcrunch.com)

Posted by BeauHD on from the not-safe-for-work dept.

An anonymous reader quotes a report from TechCrunch: A U.S. government network was infected with malware thanks to one employee's "extensive history" of watching porn on his work computer, investigators have found. The audit, carried out by the U.S. Department of the Interior's inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and "exploited the USGS' network." Investigators found that many of the porn images were "subsequently saved to an unauthorized USB device and personal Android cell phone," which was connected to the employee's government-issued computer. Investigators found that his Android cell phone "was also infected with malware." The findings were made public in a report earlier this month but buried on the U.S. government's oversight website and went largely unreported.

4 of 180 comments (clear)

  1. Re:Not the only one at blame by lgw · · Score: 4, Insightful

    use secure operating systems

    Let me know when you find one. All browsers are vulnerable to something. Every OS has privilege excalation exploits and zero-days.

    Or were you just thinking "don't use Windows XP"? Yeah, I think everyone gets that now.

    so better to put the blame on a single user, who could just as easily have gotten the malware from an ad on a perfectly legitimate site. Fortunately, he was viewing porn (naked bodies entwined together! The most evil threat America has ever faced!) so it's easy to throw him to the wolves.

    Paid porn sites have damn good security, and are about the safest place on the web. The problem is the sites that come up when you google for porn (SEO malware sites), plus the ad networks used by free porn sites.

    To your point: an ad blocker would probably have prevented this, along with the default behavior of most browsers to block known malware sites.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  2. Re:Single Rogue Host by Opportunist · · Score: 4, Insightful

    Wanna bet that he will be? You need a scapegoat after something like that, after all, and he's neither a politician nor a CEO.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:Not the only one at blame by Bite+The+Pillow · · Score: 4, Insightful

    His manager, who didn't realize thus guy is spending a lot of time not working

    The network support, who didn't notice high band with use and try to figure if it was legit

    His coworkers who almost certainly knew he wasn't working

  4. Re:I bet by arth1 · · Score: 3, Insightful

    They talk about a blacklist of sites when they should be talking about a whitelist of allowed sites.

    While this sounds nice in theory, in practice it is very hard to implement in a way that works and doesn't just hinder work. The people who administer the whitelist are not going to know what is needed for every job function. Nor will they have the capacity to monitor every whitelisted object to ensure that it remains safe. (One of the whitelisted sites might start serving ads proxied through their server - ads which aren't safe.)
    And for the users, requesting sites being added to a whitelist as needed can delay entire teams for days on end. What do you mean, we cannot download the schematics for the microcontroller we just discovered a problem with until it's added to a whitelist? And when it delays a high level manager who needs to look at a web site of a potentially new supplier or customer, the whitelist system will be gone.