An investigation into “suspicious internet traffic” conducted by the Office of Inspector General at the US Geological Survey’s Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD, revealed an employees had used US government internet infrastructure to access some 9,000 adult websites, the agency announced in a report.
Some of the websites redirected to Russian pages infected with malware, compromising the agency’s computer system as the malware spread across the entire network, reads a Management Advisory report to USGS from Matthew T. Elliott, Assistant Inspector General for Investigations. Digital forensics found the employee downloaded images onto a USB device and a personal smart phone, then connected the compromised devices to his work computer.
Two vulnerabilities were identified in the system’s security that involved web-site access and open USB ports. To head off malware in the future, the US Department of the Interior made a number of recommendations, including employee training and blocking illegal activities on government networks, particularly adult content, and prohibiting the use of USBs.
“We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history,” Elliot said. “Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems.”