- The Washington Times - Sunday, May 11, 2014

For two hours a day, a General Services Administration employee visited dating websites, scoured the Internet for pornography and even maintained a user account at an X-rated social networking site.

Ultimately, a computer virus from a porn site infected the employee’s email, sending a mass message to everyone in the account’s GSA address book titled “check out my pictures,” according to records obtained through the Freedom of Information Act.

The case shows how porn in the federal workplace poses a security risk, giving computer viruses inroads to attack government servers. Records obtained by The Washington Times through the Freedom of Information Act show that the Environmental Protection Agency is hardly the only agency with a porn problem.


SEE ALSO: Ex-FBI official: Intel agencies don’t share cyber threats that endanger companies


Last week, congressional lawmakers heard about an EPA official, still employed, who spent up to six hours a day looking at porn.

The GSA, the Treasury Department, the Postal Service, the Nuclear Regulatory Commission and other agencies also have had employees investigated in recent years. Porn scandals also have hit the National Science Foundation, the Securities and Exchange Commission and the Pentagon.

"How much pornography would it take for an EPA employee to lose their job?" an incredulous Rep. Darrell E. Issa, California Republican and chairman of the House Committee on Oversight and Government Reform, asked an EPA deputy last week during a hearing into agency misconduct. (associated press)
“How much pornography would it take for an EPA employee to lose ... more >

“It’s a big problem everywhere,” said Sharon Nelson, president of Sensei Enterprises Inc., a computer forensics firm.

She noted that the same issues appear in the private sector.

“We have actually done audits of particular individuals where the individual was so valuable that people didn’t want to fire them, but yet they can’t stop looking at pornography,” she said, referring to an unidentified private-sector client.

The risk for the government is that many free porn sites secretly sell the ability to spread malware, Ms. Nelson said.

“Many of them are run by cybercriminals who are less interested in pornography than spreading the malware,” she said. “If they give away free porn and they can inject malware, they can make a lot more money from the information they derive.”

John Simek, a computer forensics analyst who also works at Sensei, said a basic technique to block pornography in the workplace bans certain sites, but using a proxy server is an easy way to circumvent the technique.

In any organization with thousands of employees, workplace porn is a risk. Even a lone case can tarnish the reputation of a large agency.

“How much pornography would it take for an EPA employee to lose their job?” an incredulous Rep. Darrell E. Issa, California Republican and chairman of the House Committee on Oversight and Government Reform, asked an EPA deputy last week during a hearing into agency misconduct.

The details were startling. An unidentified employee, at the GS-14 pay band earning up to $138,000 a year in Washington based on locality pay, had about 7,000 pornographic images on his work computer. He was even watching porn when an agent showed up at his desk to interview him, according to the EPA’s office of inspector general.

Similar cases have surfaced elsewhere across government.

Story Continues →