Sophos Cloud Optix
The director of the US Pentagon’s Missile Defense Agency (MDA) has chided employees and contractors for using government computers to surf porn.
The MDA, an agency of 8,000 employees, develops, fields, and upgrades the country’s ground-and sea-based missile defense programs.
On July 27, Executive Director John James Jr. sent out a memo citing instances of workers accessing x-rated sites as well as emailing explicit images—usage that exposes the network to malware or malicious code.
Bloomberg News quotes the memo:
These actions are not only unprofessional, they reflect time taken away from designated duties, are in clear violation of federal and [Department of Defense] regulations, consume network resources and can compromise the security of the network though the introduction of malware or malicious code.
In the one-page memo, James wrote that in recent months government employees and contractors were detected engaging in inappropriate use of the MDA network.
MDA spokesman Rick Lehner told Bloomberg News that “less than a half-dozen” of the agency’s 8,000 employees had been caught accessing restricted sites or downloading inappropriate materials, caught by what he called a “highly advanced monitoring system to detect intrusions, access to inappropriate websites, viruses and malware downloads.”
There was “never any compromise” of the network, Lehner said, given that the monitoring system “worked as designed.”
James wrote that those found breaking the rules would face disciplinary action, which could include suspension and removal from federal service or MDA-sponsored contracts, given that they’d put their security clearances in jeopardy.
News outlets such as Wired are dubbing it the latest skirmish in an ongoing war on porn at the Pentagon.
More to the point, porn has been used to deliver malware payloads.
But so are lots of things: for example, removable storage devices.
One example was the case of keyloggers found on USB drives left in public libraries.
And as Sophos found when researchers bought 50 drives at a public auction, USB drives had a 66% chance of being infected with malware.
And so, too, at the other end of the surfing/morality spectrum, are religious sites notorious for inflicting malware payloads.
The MDA is far from the only organisation that has to deal with bored people and the potentially security-compromising shenanigans they can get up to on a network, be it surfing porn or religious sites.
Experts on PLC/SCADA systems used in US prisons told the audience at the SOURCE:Boston security conference in the spring about walking into the heart of networking control rooms in correctional facilities, only to find employees whiling away their time surfing Facebook from these highly sensitive industrial control systems.
Porn surfers might be wise to keep this pastime to the privacy of their own networks. Like all internet users, they should employ basic computer security precautions, such as:
- Using different passwords for every site,
- Using strong passwords , and
- Changing passwords after a site’s been breached,
- Vetting the security history of a given site.
Intercepting incoming missiles may be a sleepy, uneventful role for MDA workers. Perhaps it’s flat-out boring.
But if keeping the nation’s missile defense network clean of malware isn’t enough incentive to avoid salacious surfing, perhaps the prospect of getting fired might be.
After all, James didn’t mince words: MDA workers, they’re watching you.
boss yelling at employee and computer porn image courtesy of ShutterStock.
Surely any decent web filtering system should be able to deal with the worst of that? Sounds like they need to have some better controls in place on their systems rather than emailing the employees.
…especially if it was only a half dozen out of over 8000 employees…
It *detected* half a dozen; there's probably hundreds more who found ways around it! :o)
I am super serious. I think they should provide a secondary air-gapped network with terminal / thin-client type systems just for surfing porn. If the guys (and I'm sure it is guys) are bored with nothing to do, they are going to do it anyway. Give them a legit way to get it.
Well, you know the college I attended had a foolproof firewall that blocks ALL sites that aren't related to academic work.(video sites, social networks, game sites and even some news websites. Even proxies doesn't work there.
Whats stopping them?
Grammarian FYI: the term is "passtime" as in "passing time" not "past time", as in using a time machine.
Why put out a memo to the entire staff if only a half a dozen were at fault? To remind the others to keep behaving? In my line of work, if I were caught accessing porn, I'd be walked out of the building on the spot. I doubt these half-dozen will get much more than a slap on the wrist…
how stupid can someone be to access such sites when you work for the GOVERNMENT facepalm
If possible,they could just block internet access from those wok computers. Then all employees not just the half dozen would only be able to access the porn on their own computers & on their own time.
Right, quit wasting bandwidth. Play solitaire instead. Solves the boredom problem without risking the network.
People will always be people.
Gov needs to just block all non-essential websites
look ok it was close to impossible to bypass my schools filtering system
the filter was called netsweeper
and only the very newest proxies could 'maybe' work but even then, there was still all sorts of algorithms and heuristics.. that's why a really proper filtering system would work