Nuclear regulators bypass federal firewalls, find ways to see porn - Washington Times
It’s become tougher to surf porn on government computers after scandals, but some workers at the Nuclear Regulatory Commission managed to find ways to bypass detection software and firewalls to get the illicit content, records show.
One contract employee watched, in his words, two “porn type” Netflix movies during “downtime” on his 12-hour shift at the commission’s office of information services, according to case records reviewed by The Washington Times.
Another employee repeatedly used the photo-sharing site Flickr to search for pornography while at the office.
And for years, a resident inspector at the agency scoured eBay looking for pornographic images.
The case memos don’t suggest as pervasive of a problem as the porn-surfing scandal that embroiled the Securities and Exchange Commission a few years ago. But the records indicate that the problem hasn’t been eliminated, either
Joseph McMillian, assistant inspector general for investigations, said agents hadn’t been tipped off to any broader problems when they opened the investigation.
“It wasn’t anything specific; it was just being proactive,” he said.
From May 2011 to September 2012, agents with the inspector general’s cybercrimes unit opened seven cases involving computer misuse, records show. Among the examples cited in a case memo, all involved pornography.
In one investigation, agents approached an employee about 100 explicit images and videos traced to his computer. The employee denied looking at the material, and what might have seemed like an excuse turned out to be true.
Investigators later learned that a co-worker filched that employee’s login credentials to search for porn using terms such as “busty women.”
The records reviewed by The Times contain redactions that make it impossible to determine the names or detailed job titles of employees or contractors caught perusing pornography.
The Nuclear Regulatory Commission is charged with overseeing the nation’s nuclear industry. Many of its 2,800 staff members work at the agency’s headquarters in suburban Maryland.
Mr. McMillian referred questions about discipline to the agency but said the inspector general’s office was satisfied with actions taken after the investigations.
In six cases that The Times inquired about, the agency proposed disciplinary penalties ranging from a three-day suspension to removal from the job, commission spokeswoman Holly Harrington said.
“When determining the appropriate penalty the NRC considers a number of factors, including but not limited to the nature and seriousness of the action and frequency of the action; the employee’s job level; the employee’s past disciplinary record; the employee’s work record, including length of service; and consistency with other like or similar cases,” she wrote in an email.
Ms. Harrington also noted that the commission prevents and detects computer misuse in several ways, including monitoring Web traffic and blocking “specific inappropriate sites based on reputation.”
The Nuclear Regulatory Commission is hardly the only agency to encounter the problem. In 2010, The Times reported on more than two dozen employees and contractors at the SEC whose porn-surfing habits were bared after an open-records request.
The ensuing publicity prompted one Colorado lawyer to file what turned out to be an unsuccessful federal lawsuit to pry loose the names of offending employees and contractors.
Also that year, Sen. Chuck Grassley, Iowa Republican, wrote to the National Science Foundation over concerns about porn-viewing inside that agency.
At the time, both agencies said they had tightened online monitoring and cracked down on the problem.
The Nuclear Regulatory Commission’s inspector general also plans to continue monitoring employees’ online habits.
Computer investigators at the agency participated in meetings held by cybercrime task forces looking into the issue of computer misuse by federal employees, case records show.
Meeting participants included the Secret Service’s electronic crimes task force, the Justice Department’s computer crime section and the High Technology Crimes Investigation Association.
In a September memo, an unidentified special agent for the Nuclear Regulatory Commission’s inspector general wrote that the investigation would be opened again this year