This summary by Cheryl Rofer is from a whistleblower who worked cybersecurity at the National Labor Relations Board and tangled with DOGE. There's a lot, but this is Rofer's summary:
Highlights (or lowlights):
- DOGE were given “tenant owner” privileges, which allowed them full control over NLRB’s cloud.
- They disabled logging tools so that their actions wouldn’t be logged.
- 10+ GB spike in outbound data.
- Within 15 minutes of DOGE accounts being created, attackers in Russia tried logging in using those new creds. Correct usernames and passwords.
The DOGE teams seem to use their “official” status to gain access to computers, but disabling logging tools suggests that they are not working for the federal government. If they were, logging would be part of the job. It’s been clear for some time that DOGE is taking a lot of sensitive data (our formerly private and personal data) for themselves. The Russian attack is a bit of a surprise; they also disabled some of the safeguards like two-factor login, so it could have been part of the continuing Russian attacks to hack government data. I will leave you to imagine other possibilities.
It's entirely possible that either DOGE is so disabling governmental security measures that Russia is able to hack into our personal information or that they are selling that information to Russia. Honestly, which is worse?
Meanwhile, Pete Hegseth continues to be an active security threat while serving as SecDef. Remember that this is just the shit that's come to light in the first 100 days of Trump 2.0.
No comments:
Post a Comment