I had some dreams. They were clouds in my coffee. Clouds in my coffee.
171 stories
·
2 followers

DOGE as a National Cyberattack

3 Comments and 9 Shares

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

Then, we learned that uncleared DOGE personnel had gained access to classified data from the US Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

 

The systems that DOGE is accessing are not esoteric pieces of our nation’s infrastructure—they are the sinews of government.

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

What makes this situation unprecedented isn’t just the scope, but also the method of attack. Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks. The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process.

But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.

The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error. These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.

The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data.

This is much more critical than the initial unauthorized access. These new servers have unknown capabilities and configurations, and there’s no evidence that this new code has gone through any rigorous security testing protocols. The AIs being trained are certainly not secure enough for this kind of data. All are ideal targets for any adversary, foreign or domestic, also seeking access to federal data.

There’s a reason why every modification—hardware or software—to these systems goes through a complex planning process and includes sophisticated access-control mechanisms. The national security crisis is that these systems are now much more vulnerable to dangerous attacks at the same time that the legitimate system administrators trained to protect them have been locked out.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

Now, the technical details of how these systems operate, their security protocols, and their vulnerabilities are now potentially exposed to unknown parties without any of the usual safeguards. Instead of having to breach heavily fortified digital walls, these parties Β can simply walk through doors that are being propped open—and then erase evidence of their actions.

 

The security implications span three critical areas.

First, system manipulation: External operators can now modify operations while also altering audit trails that would track their changes. Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure. Third, and most critically, is the issue of system control: These operators can alter core systems and authentication mechanisms while disabling the very tools designed to detect such changes. This is more than modifying operations; it is modifying the infrastructure that those operations use.

To address these vulnerabilities, three immediate steps are essential. First, unauthorized access must be revoked and proper authentication protocols restored. Next, comprehensive system monitoring and change management must be reinstated—which, given the difficulty of cleaning a compromised system, will likely require a complete system reset. Finally, thorough audits must be conducted of all system changes made during this period.

This is beyond politics—this is a matter of national security. Foreign national intelligence organizations will be quick to take advantage of both the chaos and the new insecurities to steal US data and install backdoors to allow for future access.

Each day of continued unrestricted access makes the eventual recovery more difficult and increases the risk of irreversible damage to these critical systems. While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Assuming that anyone in the government still cares.

This essay was written with Davi Ottenheimer, and originally appeared in Foreign Policy.

Read the whole story
putnawa
48 days ago
reply
Seattle, WA, USA
Share this story
Delete
3 public comments
fxer
46 days ago
reply
Well as long as there isn’t a private email server involved
Bend, Oregon
44 days ago
Learn how to invest in stocks! Invest $160 and get $6,200 In 2Hours without sending money to anyone DM ME HOW via! nute WhatsApp number:+1(332)252-4701 Text No:+1 (703) 879-8125 WhatsApp link below πŸ‘‡ πŸ‘‡πŸ‘‡πŸ‘‡ https://wa.me/message/7L7D2AETIXNUD1
josephwebster
47 days ago
reply
Heil Elon
Denver, CO, USA
44 days ago
Learn how to invest in stocks! Invest $160 and get $6,200 In 2Hours without sending money to anyone DM ME HOW via! nute WhatsApp number:+1(332)252-4701 Text No:+1 (703) 879-8125 WhatsApp link below πŸ‘‡ πŸ‘‡πŸ‘‡πŸ‘‡ https://wa.me/message/7L7D2AETIXNUD1
GaryBIshop
48 days ago
reply
The people have spoken, this is what they want. Enjoy!

How to Study Consistently For Cyber Security: How I Continuously Learn Cyber Security Skills & Tools

1 Share
πŸ’» My Cyber Security Career Resources: https://withsandra.square.site/ πŸ“” My Cyber Security Course: https://your-cybersecurity-journey.teachable.com/ πŸ‘― Join our Discord :D - https://discord.gg/2YZUVbbpr9 πŸ‘©β€πŸ’» Support the Channel on Patreon: https:/ …
Read the whole story
putnawa
850 days ago
reply
Seattle, WA, USA
Share this story
Delete

Meltdown and Spectre

6 Comments and 26 Shares
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.
Read the whole story
putnawa
2644 days ago
reply
Seattle, WA, USA
Share this story
Delete
6 public comments
warej
2638 days ago
reply
Do we just suck at computers? ;)
reconbot
2642 days ago
reply
hammer boom
New York City
taddevries
2642 days ago
reply
Perfect!!!!!!
letssurf
2643 days ago
reply
Awesome
Northampton, UK
cjheinz
2643 days ago
reply
Install updates. By all means.
Lexington, KY; Naples, FL
alt_text_bot
2644 days ago
reply
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.

Ex-Seattle officer fired over golf-club arrest to get $105K in back pay

1 Comment

Cynthia Whitlatch, an 18-year police veteran, appealed her firing for biased and overly aggressive policing over the July 2014 arrest of William Wingate, now 72, on Seattle’s Capitol Hill.
Read the whole story
putnawa
2771 days ago
reply
This is disappointing.
Seattle, WA, USA
Share this story
Delete

Identity Politics Are Tearing America Apart

1 Share
Political leaders should focus on the common good. Floodwaters and rotting bridges don’t discriminate.

Read the whole story
putnawa
2771 days ago
reply
Seattle, WA, USA
Share this story
Delete

Genetic Testing Results

3 Comments and 11 Shares
That's very exciting! The bad news is that it's a risk factor for a lot of things.
Read the whole story
putnawa
2872 days ago
reply
Seattle, WA, USA
Share this story
Delete
3 public comments
JimB
2867 days ago
reply
And I thought I was unique
jprodgers
2872 days ago
reply
Heh, i just got my 23andMe reports today, so excellent timing on this one.
Somerville, MA
alt_text_bot
2872 days ago
reply
That's very exciting! The bad news is that it's a risk factor for a lot of things.
reconbot
2872 days ago
<3
bodly
2871 days ago
The mortality rate approaches 100%.
Next Page of Stories