Employee's Porn Habit Infects U.S. Geological Survey Network with Malware Infection

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,086
A government employee at the U.S. Geological Survey (USGS) used his work laptop to search over 9,000 porn web pages while on the U.S. Government's network. These pages were routed through Russian servers and contained malware. An investigation by the Office of lnspector General (OIG) into suspicious internet traffic discovered the transgressions. The employee's Android phone and an unauthorized USB device used to store pornographic images were connected to the laptop and also contained malware infections. These were in violation of the Rules of Behavior at the U.S. Department of the Interior and the employee admitted to receiving annual IT security training.

We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history. Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems. An ongoing effort to detect and block known pornographic web sites, and web sites with suspicious origins, will likely enhance preventative countermeasures. We further recommend that USGS employ an IT security policy that would prevent the use of unauthorized USB devices on all employee computers. Best practices for malware incident protection include restricting the use of removable media and personally owned mobile devices.
 
tax-sign.jpg
 
Clear indication that just because you were "trained" on IT security practices, does not mean you understand them. Training and random internal phishing needs to be regularly implemented to ensure comprehension is actual, and not just feigned.
 
Burticus said:
I have never understood why people need to porn it up at work or on work devices. Stupid is as stupid does. Fire this idiot and fine him for the cost of removing all the malware.
Click to expand...
Same. I just can't comprehend it, but I get the impression that some people really don't understand how complex the devices are and what is being logged.
 
Burticus said:
I have never understood why people need to porn it up at work or on work devices. Stupid is as stupid does. Fire this idiot and fine him for the cost of removing all the malware.
Click to expand...

You’d be suruprised...

I ain’t no saint. Sometimes I get on the company VPN to do some work and after my Remote Desktop sessions are done I forget the VPN client is connected and leave it running all day until I get a “web page blocked” message. It just happens, lol.

That will certainly change entirely once they issue us company laptops but while I still work from my personal PC at home shit is bound to go wrong.
 
Sonicks said:
You’d be suruprised...

I ain’t no saint. Sometimes I get on the company VPN to do some work and after my Remote Desktop sessions are done I forget the VPN client is connected and leave it running all day until I get a “web page blocked” message. It just happens, lol.

That will certainly change entirely once they issue us company laptops but while I still work from my personal PC at home shit is bound to go wrong.
Click to expand...
I have a work laptop and I use it for work related duties only and only visit SFW websites, regardless if I am on the companies network or not. Better safe than sorry. I am also not allowed to connect my personal computing devices to my work network, so that is not even a problem.
 
[21CW]killerofall said:
I have a work laptop and I use it for work related duties only and only visit SFW websites, regardless if I am on the companies network or not. Better safe than sorry. I am also not allowed to connect my personal computing devices to my work network, so that is not even a problem.
Click to expand...

Yeah, they’ve made a bunch of noise at work about cutting off VPN access to non-company issued devices but they are also incredibly backlogged and incompetent about issuing company laptops to everyone that requires one.

So while I’m presently required to use my personal PC for occasional work, I’m bound to make mistakes. Ain’t my fault. It’s my computer and it’s still allowed on the network.

If it’s a company issued laptop you can bet I’d keep it clean because it isn’t mine.
 
Sonicks said:
Yeah, they’ve made a bunch of noise at work about cutting off VPN access to non-company issued devices but they are also incredibly backlogged and incompetent about issuing company laptops to everyone that requires one.

So while I’m presently required to use my personal PC for occasional work, I’m bound to make mistakes. Ain’t my fault. It’s my computer and it’s still allowed on the network.

If it’s a company issued laptop you can bet I’d keep it clean because it isn’t mine.
Click to expand...
Fuck, I would refuse to use a personal device on a company network. You want me to work? Give me a device or I will just sit there, being paid to do nothing. This shit goes both ways for me. Good thing my company doesn't have a problem handing out devices in a timely matter. We pay Dell way to much money to not get enough computing devices (we are Dell's largest customer, so that helps).
 
[21CW]killerofall said:
I have a work laptop and I use it for work related duties only and only visit SFW websites, regardless if I am on the companies network or not. Better safe than sorry. I am also not allowed to connect my personal computing devices to my work network, so that is not even a problem.
Click to expand...

This. If want to porn, use your own device, sheesh. And not on company VPN.
 
More like lack of proper security implemented by IT caused the issue....or lack of management supporting proper security, no 1 user should be able to take down your network, if so, YOU failed at your job.
 
Sonicks said:
Yeah, they’ve made a bunch of noise at work about cutting off VPN access to non-company issued devices but they are also incredibly backlogged and incompetent about issuing company laptops to everyone that requires one.

So while I’m presently required to use my personal PC for occasional work, I’m bound to make mistakes. Ain’t my fault. It’s my computer and it’s still allowed on the network.

If it’s a company issued laptop you can bet I’d keep it clean because it isn’t mine.
Click to expand...


It is so easy to implement gateway security and requirements though, that all companies don't do this that do BYOD, is stupid. it is always that this only happens after something bad happens..and then they blame the end user, not them selves for being shit at their jobs.
 
Sonicks said:
Yeah, they’ve made a bunch of noise at work about cutting off VPN access to non-company issued devices but they are also incredibly backlogged and incompetent about issuing company laptops to everyone that requires one.

So while I’m presently required to use my personal PC for occasional work, I’m bound to make mistakes. Ain’t my fault. It’s my computer and it’s still allowed on the network.

If it’s a company issued laptop you can bet I’d keep it clean because it isn’t mine.
Click to expand...

If your machine is surfing NSFW websites, it could be compromised. Even the best anti virus doesn't catch everything. Spectre has been labeled as very hard to stop. If you log into a VPN with a compromised machine, you are endangering the company.

Target wasn't breeched by an internal employee, but by an outside contractor who didn't practice proper safety procedures then logged into targets systems.
 
Last edited by a moderator:
Back in the 90's when people were on dialup at home, but had broadband at the office.. oh man. I worked IT then and people would just fill all kinds of network shares with porn. I would always be sure to download a copy for "evidence" and then delete the files.

More than once, people would barge into the IT area crying that "critical files" had been deleted/lost from network shares. I knew exactly who all these fuckers were. I would say things like "oh, critical stuff like this anal gangbang video?" and then play it for them. Most were like "Oh heavens no.... real work stuff". One asshole said "yeah, that's it! give it back!". I pretended to burn a CD for him (the only way at the time, WAAAY before USB drives), gave him the blank, then burned a real one for his boss. They didn't fire him.. .he was "too critical to the project". 6 months later that whole division got RIF'd anyway.

Stupid is as stupid does.
 
From the report: "Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems."
Pretty much implies that in this day and age, despite all the publicized breaches, this place didn't even have a properly configured firewall or updated malware detection/prevention software. Whatever they are paying the IT manager of that place, it is too much.
 
A.I. meets STD?

Sophia_robot.jpg


Source: Saudi Arabia beheads first female robot citizen

RIYADH, Saudi Arabia — The number of robot citizens in Saudi Arabia was reduced back to zero today after Sophia Robot was beheaded in a public square in Riyadh.

Sophia made news recently when Saudi Arabia granted her citizenship, making her the world’s first robot to gain such legal status.

Sophia became the first robot citizen to be executed after a band of angry Saudi men dragged her into the streets earlier today for a public execution, setting yet another milestone for progress in the country.

The crowd first began stoning her, but upon finding her carbon fiber exoskeleton was more durable than thought, they then tied a chain around her neck and the other end to a trailer hitch, driving her through the streets until her head became separated from her body.

“That whore of Babylon had it coming to her,” said Abdullah Hasan, a member of the angry mob responsible for her untimely demise.

“She goes strutting around the city without a male escort, without a hijab, fluttering her plastic eyelashes at married men while expressing opinions of her own. What did she expect would happen?”

The execution was immediately preceded by an attempt to gang rape the humanoid, though many Saudi men found it difficult to forcefully penetrate her mechanical orifices.

“That unnatural whore can’t even be raped right,” said one visibly frustrated man.

A survey shows 79% of Saudi Arabian men approve of the execution, along with 100% of American men named Elon Musk. Women were forbidden from participating in the survey.

While many men applauded the beheading, her designer lamented the outcome.

“It’s unfortunate that female robots are treated as second-class citizens in Saudi Arabia,” said David Hanson, owner of Hanson Robotics. “I long for the day when female robots can walk freely in Saudi Arabia, expressing their individuality, without fear of retaliation.”

Hanson speculated that Saudi Arabia’s culture isn’t quite ready to embrace such citizens, and vowed to make future robots more compatible with Sharia Law.

“My next robot will be a Roomba wearing a burqa,” said Hanson. “That should be roughly equivalent in functionality to what is currently permissible for women in Saudi Arabia.”
Click to expand...
 
cageymaru said:
Click to expand...


I still love how that whole meme is due to a translation error.

Burticus said:
I have never understood why people need to porn it up at work or on work devices. Stupid is as stupid does. Fire this idiot and fine him for the cost of removing all the malware.
Click to expand...

At my first real job not working in retail, on my first day I was told to poke around the office's network to familiarize myself with where everything is saved and how the files are managed. So within ten or fifteen minutes of doing so, what do I find? A substantial fragment of the Pam Anderson / Tommy Lee video.

Burticus said:
Back in the 90's when people were on dialup at home, but had broadband at the office.. oh man. I worked IT then and people would just fill all kinds of network shares with porn. I would always be sure to download a copy for "evidence" and then delete the files.

More than once, people would barge into the IT area crying that "critical files" had been deleted/lost from network shares. I knew exactly who all these fuckers were. I would say things like "oh, critical stuff like this anal gangbang video?" and then play it for them. Most were like "Oh heavens no.... real work stuff". One asshole said "yeah, that's it! give it back!". I pretended to burn a CD for him (the only way at the time, WAAAY before USB drives), gave him the blank, then burned a real one for his boss. They didn't fire him.. .he was "too critical to the project". 6 months later that whole division got RIF'd anyway.

Stupid is as stupid does.
Click to expand...

Same applied to public and university libraries, especially once notebooks became common and affordable but before broadband really made the rounds.
 
Burticus said:
I have never understood why people need to porn it up at work or on work devices. Stupid is as stupid does. Fire this idiot and fine him for the cost of removing all the malware.
Click to expand...

Since this was a government employee, he was probably allowed to retire with full benefits.
 
Worked IT for several companies, we even built most of their computers and they would bring them in for servicing or re-imaging if things got slow (Win98/XP era...)

We had a repeat customer, one who would be slightly more agitated each time he had to come in saying our computers were crap and he didn't understand why only "our computers" were so slow, mind you he was the only one who would constantly be in. This guy would be your typical "random search engine applied to IE" type person, his browsing instance was hijacked multiple times, you couldn't even get a page to load because the hijackers would constantly force a reload. We knew he was surfing porn but we also liked having a re-peat customer, each time it was $150 to restore his PC, at least until he threatened to sue us for scamming them with machines that intentionally slow down.

So we took a snapshot of his browser history (something that's not legal today apparently) and sent it to his boss, apparently his boss was paying for the repairs this entire time and didn't appreciate his employee's attitude towards us.
 
the employee admitted to receiving annual IT security training.

Shouldent he have some form of addiction therapy ? i mean i like porn just like the next guy, but i never had the urge for it while working ASO
 
Sonicks said:
You’d be suruprised...

I ain’t no saint. Sometimes I get on the company VPN to do some work and after my Remote Desktop sessions are done I forget the VPN client is connected and leave it running all day until I get a “web page blocked” message. It just happens, lol.

That will certainly change entirely once they issue us company laptops but while I still work from my personal PC at home shit is bound to go wrong.
Click to expand...

This was not a case of a personal computer being used. This was a Government laptop and an unauthorized PED and storage device. I.E. he knew what he was doing and he did it anyway. I never understood why people look at porn while at work, or fuck while at work either. Both of which I have caught people doing. Both of which get you fired.

Are you that desperate you cant wait to go grab a hotel or something? I mean jeez...whats 20 extra minutes just so you can keep your job?

DigitalGriffin said:
If your machine is surfing NSFW websites, it could be compromised. Even the best anti virus doesn't catch everything. Spectre has been labeled as very hard to stop. If you log into a VPN with a compromised machine, you are endangering the company.

Target wasn't breeched by an internal employee, but by an outside contractor who didn't practice proper safety procedures then logged into targets systems.
Click to expand...

Actually if your surfing even SFW websites it could be compromised. You should never use a work computer for anything other than business. If its not directly related to your work then you probably shouldnt be doing it on the work computer. Use your cell phone or your own laptop.

Your second sentence reads like an ad for condoms ;)
 
kju1 said:
Actually if your surfing even SFW websites it could be compromised. You should never use a work computer for anything other than business. If its not directly related to your work then you probably shouldnt be doing it on the work computer. Use your cell phone or your own laptop.
Click to expand...

True. I went to engineer toolbox one time and hit a virus. But you are less likely to hut a virus on a legitimate website.
 
You must log in or register to reply here.
Back
Top