Investigation of IT Security Incident at USGS Facility

The OIG investigated suspicious internet traffic discovered during an IT security audit of the computer network at the U.S. Geological Survey (USGS), Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD. The audit found indications that a USGS employee’s computer was compromised and infected with malware. We sought to confirm how a compromise occurred. We found that the employee knowingly used U.S. Government computer systems to access unauthorized internet web pages. We also found that those unauthorized pages hosted malware that downloaded to the employee’s Government laptop. The malware then exploited USGS’ system; it introduced additional malicious code, reduced the Department’s ability to monitor exploits, introduced a covert channel program, and automatically connected to malicious websites in Russia. We did not find evidence that the employee intentionally introduced the malware, nor was there evidence of data exfiltration. We issued a separate Management Advisory related to this investigation discussing vulnerabilities in USGS’ IT security posture. The employee retired a day before his employment was to be terminated. We provided this report to the Director of the USGS.