Viruses show out­break of porn use on feds’ com­put­ers

The Washington Times Weekly - - National - BY JIM MCELHATTON

For two hours a day, a Gen­eral Ser­vices Ad­min­is­tra­tion em­ployee vis­ited dat­ing web­sites, scoured the In­ter­net for pornog­ra­phy and even main­tained a user ac­count at an X-rated so­cial net­work­ing site.

Ul­ti­mately, a com­puter virus from a porn site in­fected the em­ployee’s email, send­ing a mass mes­sage to ev­ery­one in the ac­count’s GSA ad­dress book ti­tled “check out my pic­tures,” ac­cord­ing to records ob­tained through the Free­dom of In­for­ma­tion Act.

The case shows how porn in the federal workplace poses a se­cu­rity risk, giv­ing com­puter viruses in­roads to at­tack govern­ment servers. Records ob­tained by The Wash­ing­ton Times through the Free­dom of In­for­ma­tion Act show that the En­vi­ron­men­tal Pro­tec­tion Agency is hardly the only agency with a porn prob­lem.

Last week, con­gres­sional law­mak­ers heard about an EPA of­fi­cial, still em­ployed, who spent up to six hours a day look­ing at porn.

The GSA, the Trea­sury Depart­ment, the Postal Ser­vice, the Nu­clear Reg­u­la­tory Com­mis­sion and other agencies also have had em­ploy­ees in­ves­ti­gated in re­cent years. Porn scan­dals also have hit the Na­tional Sci­ence Foun­da­tion, the Se­cu­ri­ties and Ex­change Com­mis­sion and the Pen­tagon.

“It’s a big prob­lem every­where,” said Sharon Nel­son, pres­i­dent of Sen­sei En­ter­prises Inc., a com­puter foren­sics firm.

She noted that the same is­sues ap­pear in the pri­vate sec­tor.

“We have ac­tu­ally done au­dits of par­tic­u­lar in­di­vid­u­als where the in­di­vid­ual was so valu­able that people didn’t want to fire them, but yet they can’t stop look­ing at pornog­ra­phy,” she said, re­fer­ring to an uniden­ti­fied pri­vate-sec­tor client.

The risk for the govern­ment is that many free porn sites se­cretly sell the abil­ity to spread mal­ware, Ms. Nel­son said.

“Many of them are run by cy­ber­crim­i­nals who are less in­ter­ested in pornog­ra­phy than spread­ing the mal­ware,” she said. “If they give away free porn and they can in­ject mal­ware, they can make a lot more money from the in­for­ma­tion they de­rive.”

John Simek, a com­puter foren­sics an­a­lyst who also works at Sen­sei, said a ba­sic tech­nique to block pornog­ra­phy in the workplace bans cer­tain sites, but us­ing a proxy server is an easy way to cir­cum­vent the tech­nique.

In any or­ga­ni­za­tion with thou­sands of em­ploy­ees, workplace porn is a risk. Even a lone case can tar­nish the rep­u­ta­tion of a large agency.

“How much pornog­ra­phy would it take for an EPA em­ployee to lose their job?” an in­cred­u­lous Rep. Dar­rell E. Issa, Cal­i­for­nia Repub­li­can and chair­man of the House Com­mit­tee on Over­sight and Govern­ment Re­form, asked an EPA deputy last week dur­ing a hear­ing into agency mis­con­duct.

The de­tails were star­tling. An uniden­ti­fied em­ployee, at the GS-14 pay band earn­ing up to $138,000 a year in Wash­ing­ton based on lo­cal­ity pay, had about 7,000 porno­graphic im­ages on his work com­puter. He was even watch­ing porn when an agent showed up at his desk to in­ter­view him, ac­cord­ing to the EPA’s of­fice of in­spec­tor gen­eral.

Sim­i­lar cases have sur­faced else­where across govern­ment.

Five of the 17 com­puter mis­use in­ves­ti­ga­tions closed by the Trea­sury Depart­ment’s in­spec­tor gen­eral since 2012 in­volved porn surf­ing, ac­cord­ing to records ob­tained by The Times, which re­ported on sev­eral cases in March. One U.S. Mint em­ployee who spent up to three hours a day look­ing up porn man­aged to keep his job af­ter a 45-day sus­pen­sion.

An em­ployee at the Bureau of Pub­lic Debt, who looked at porn 13,224 times dur­ing a 14-month span, told in­ves­ti­ga­tors that he didn’t have enough work to do.

A Ne­braska post­mas­ter was re­moved from the job in 2012 af­ter nearly a decade of daily porn view­ing at work, by­pass­ing fire­walls that pre­vent ac­cess to porn sites by us­ing the “adults only” sec­tion of eBay, ac­cord­ing to records re­cently pro­vided by the Postal Ser­vice’s of­fice of in­spec­tor gen­eral.

In an­other GSA case, an em­ployee turned in a bro­ken lap­top that re­vealed ex­ten­sive porn view­ing, ac­cord­ing to a case memo from the GSA’s in­spec­tor gen­eral. Told by in­ves­ti­ga­tors that “porno­graphic web­sites are known to cause viruses that can crash hard drives,” the GSA em­ployee didn’t think that was the prob­lem.

In Novem­ber, The Times re­ported on seven porn cases in­volv­ing con­trac­tors or em­ploy­ees in­ves­ti­gated by the Nu­clear Reg­u­la­tory Com­mis­sion’s watch­dog. Agency of­fi­cials said they meted out dis­ci­plinary sanc­tions rang­ing from a three-day sus­pen­sion to re­moval from the job.

The Vet­er­ans Af­fairs of­fice of in­spec­tor gen­eral dis­closed in its lat­est semi­an­nual re­port to Congress the case of a for­mer con­tract em­ployee at two clin­ics in New Mex­ico who is serv­ing a more than six-year prison sen­tence af­ter stor­ing child porn on VA-is­sued com­put­ers.

The Pen­tagon came un­der scru­tiny in 2010 af­ter The Bos­ton Globe re­ported on nu­mer­ous cases of mil­i­tary of­fi­cials and con­trac­tors who down­loaded pornog­ra­phy, in­clud­ing some who were not pros­e­cuted.

That same year, The Times first re­ported on more than two dozen cases of workplace porn in­volv­ing con­trac­tors and em­ploy­ees at the Se­cu­ri­ties and Ex­change Com­mis­sion. Later, the agency was sued and forced to go to court to keep the names of of­fend­ers sealed.

In sev­eral cases ob­tained by The Times, sub­jects told in­ves­ti­ga­tors that they did their work but of­ten had free time.

Of the GSA em­ployee whose email ac­count was com­pro­mised, in­ves­ti­ga­tors noted that the sub­ject “some­times be­came bored dur­ing these long hours at the com­puter and would of­ten use the com­puter for per­sonal use to pass the time.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.