The Navy’s probe into a former Naval War College provost not only substantiated allegations he misused government resources and violated Navy policy when he emailed a pornographic link to staff in 2020, it also rejected his contention that the link sent from his account was due to a hack, malware or other cyber nefariousness.
Dr. Lewis M. Duncan was put on leave after the July 2020 incident and retired from the post-graduate college in February 2021, according to college officials.
He did not respond to requests for comment submitted via phone numbers and emails listed in a public database.
Duncan sent the pornographic link to staffers on July 21 in an email that was supposed to refer them to an online survey.
In the early stages of the COVID pandemic, when everyone was working from home, Duncan logged onto the college’s network via a family computer due to a shortage of government computers, according to the Naval inspector general report obtained by Navy Times via a Freedom of Information Act records request.
RELATED
Duncan sent an apology email a few hours later, according to the NAVIG, and later blamed the porn link on “severe risk malware” in a follow-up email.
While Duncan asserted that cyber chicanery caused the pornographic link to be sent, NAVIG investigators did not find that defense credible, according to the report.
In August 2020, investigators met with a Naval Criminal Investigative Service cyber-security expert and relayed how Duncan “claimed a virus infiltrated his e-mail and changed a URL he had placed in the e-mail and replaced it with a URL leading to a pornographic webpage after he sent the e-mail.”
The cyber expert responded the same day and told investigators that “it is highly unlikely that malware is the cause of a URL to a porn site being posted in the body of a government e-mail,” according to the report.
The NCIS expert suggested NAVIG staff ask Duncan which antivirus software he used to identify the malware, which would be saved in the computer’s antivirus logs.
But investigators were unable to examine any viruses or malware on Duncan’s computer “because he had taken it to a local office supply store to wipe its data prior to our interview,” the NAVIG investigation states.
“We rejected the subject’s defense that the inclusion of the pornographic URL in his email was the result of a hack or malware on his personal computer,” the report states. “We did not find his defense credible.”
In a response to the investigation’s tentative conclusions, Duncan wrote that his actions regarding the computer “were both reasonable and completely consistent with how most non-expert computer users would have responded under the circumstances, and fully compliant with advice being given me at the time.”
NAVIG investigators wrote in response that, “when a subject acts to destroy evidence, it is an indication that, were evidence to remain intact, the evidence would not be favorable to him.”
“His decision to scrub the computer not only removed that potential, but also made it impossible to prove with absolute certainty that he, not a virus or hacker, added the pornographic URL to the email,” investigators wrote.
Duncan joined the war college in 2015 as the provost, dean of faculty and chief operating officer.
“The U.S. Naval War College leadership continues to reinforce training on the professional and ethical use of government resources and personal computers for official business, especially while teleworking,” college spokesman Cmdr Gary Ross said in an email to Navy Times. “All personnel are warned and understand that government email and information technology resources are for official use only and they should carefully review all official electronic communications before sending.”
Geoff is the managing editor of Military Times, but he still loves writing stories. He covered Iraq and Afghanistan extensively and was a reporter at the Chicago Tribune. He welcomes any and all kinds of tips at geoffz@militarytimes.com.