Viruses show outbreak of porn use on feds’ computers
For two hours a day, a General Services Administration employee visited dating websites, scoured the Internet for pornography and even maintained a user account at an X-rated social networking site.
Ultimately, a computer virus from a porn site infected the employee’s email, sending a mass message to everyone in the account’s GSA address book titled “check out my pictures,” according to records obtained through the Freedom of Information Act.
The case shows how porn in the federal workplace poses a security risk, giving computer viruses inroads to attack government servers. Records obtained by The Washington Times through the Freedom of Information Act show that the Environmental Protection Agency is hardly the only agency with a porn problem.
Last week, congressional lawmakers heard about an EPA official, still employed, who spent up to six hours a day looking at porn.
The GSA, the Treasury Department, the Postal Service, the Nuclear Regulatory Commission and other agencies also have had employees investigated in recent years. Porn scandals also have hit the National Science Foundation, the Securities and Exchange Commission and the Pentagon.
“It’s a big problem everywhere,” said Sharon Nelson, president of Sensei Enterprises Inc., a computer forensics firm.
She noted that the same issues appear in the private sector.
“We have actually done audits of particular individuals where the individual was so valuable that people didn’t want to fire them, but yet they can’t stop looking at pornography,” she said, referring to an unidentified private-sector client.
The risk for the government is that many free porn sites secretly sell the ability to spread malware, Ms. Nelson said.
“Many of them are run by cybercriminals who are less interested in pornography than spreading the malware,” she said. “If they give away free porn and they can inject malware, they can make a lot more money from the information they derive.”
John Simek, a computer forensics analyst who also works at Sensei, said a basic technique to block pornography in the workplace bans certain sites, but using a proxy server is an easy way to circumvent the technique.
In any organization with thousands of employees, workplace porn is a risk. Even a lone case can tarnish the reputation of a large agency.
“How much pornography would it take for an EPA employee to lose their job?” an incredulous Rep. Darrell E. Issa, California Republican and chairman of the House Committee on Oversight and Government Reform, asked an EPA deputy last week during a hearing into agency misconduct.
The details were startling. An unidentified employee, at the GS-14 pay band earning up to $138,000 a year in Washington based on locality pay, had about 7,000 pornographic images on his work computer. He was even watching porn when an agent showed up at his desk to interview him, according to the EPA’s office of inspector general.
Similar cases have surfaced elsewhere across government.
Five of the 17 computer misuse investigations closed by the Treasury Department’s inspector general since 2012 involved porn surfing, according to records obtained by The Times, which reported on several cases in March. One U.S. Mint employee who spent up to three hours a day looking up porn managed to keep his job after a 45-day suspension.
An employee at the Bureau of Public Debt, who looked at porn 13,224 times during a 14-month span, told investigators that he didn’t have enough work to do.
A Nebraska postmaster was removed from the job in 2012 after nearly a decade of daily porn viewing at work, bypassing firewalls that prevent access to porn sites by using the “adults only” section of eBay, according to records recently provided by the Postal Service’s office of inspector general.
In another GSA case, an employee turned in a broken laptop that revealed extensive porn viewing, according to a case memo from the GSA’s inspector general. Told by investigators that “pornographic websites are known to cause viruses that can crash hard drives,” the GSA employee didn’t think that was the problem.
In November, The Times reported on seven porn cases involving contractors or employees investigated by the Nuclear Regulatory Commission’s watchdog. Agency officials said they meted out disciplinary sanctions ranging from a three-day suspension to removal from the job.
The Veterans Affairs office of inspector general disclosed in its latest semiannual report to Congress the case of a former contract employee at two clinics in New Mexico who is serving a more than six-year prison sentence after storing child porn on VA-issued computers.
The Pentagon came under scrutiny in 2010 after The Boston Globe reported on numerous cases of military officials and contractors who downloaded pornography, including some who were not prosecuted.
That same year, The Times first reported on more than two dozen cases of workplace porn involving contractors and employees at the Securities and Exchange Commission. Later, the agency was sued and forced to go to court to keep the names of offenders sealed.
In several cases obtained by The Times, subjects told investigators that they did their work but often had free time.
Of the GSA employee whose email account was compromised, investigators noted that the subject “sometimes became bored during these long hours at the computer and would often use the computer for personal use to pass the time.”