Date Issued
Report Number
17-0444
Report Type
Investigation
Component
U.S. Geological Survey
Description
The OIG investigated suspicious internet traffic discovered during an IT security audit of the computer network at the U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD. The audit found indications that a USGS employee’s computer was compromised and infected with malware. We sought to confirm how a compromise occurred.
We found that the employee knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware that downloaded to the employee’s Government laptop. The malware then exploited USGS’ system; it introduced additional malicious code, reduced the Department’s ability to monitor exploits, introduced a covert channel program, and automatically connected to malicious websites in Russia. We did not find evidence that the employee intentionally introduced the malware, nor was there evidence of data exfiltration. We issued a separate Management Advisory related to this investigation discussing vulnerabilities in USGS’ IT security posture.
The employee retired a day before his employment was to be terminated. We provided this report to the Director of the USGS.
Joint Report
No
Agency Wide
No
Questioned Costs
$0
Funds for Better Use
$0
Oversight Report File