<
https://medium.com/@violetblue/americas-unfolding-cybersecurity-catastrophe-22ac481cdb9c>
"The ongoing incursions into America’s sensitive and critical federal
government databases, networks, financial systems, and code repositories are
likely the most significant breach of a nation state’s cyber sovereignty in
history. America has a national security and cybersecurity crisis on its hands
that transcends impact beyond the U.S.: it is staring down a future in which it
will no longer be trusted for intelligence sharing by any of its fellow Five
Eyes nations.
Every United States government and DoD security standard has been circumvented
by not a nation-state threat — but by a domestic adversary.
The payment system at the U.S. Treasury Department has been taken over and
private citizens — Elon Musk’s Department Of Government Efficiency — have admin
privileges. Extensive and untested changes have been pushed into the Treasury’s
code base to create backdoors into critical payment controls. The GSA has been
taken over by the same operatives, Musk’s acolytes; they also seized control of
USAID to dismantle it, classified information has been accessed, its employees
have been harassed, locked out, and threatened, its website and DNS records
have been wiped. Its new head, Pete Marocco, was identified as a January 6
rioter who participated in the attempted insurrection.
The same operatives have taken control of the OPM and installed a private
server on its network to seize federal workers’ data, intercept communications
and pose as government officials to send unencrypted mail to over two million
government workers (creating unsecured comm channels subsequently barraged with
spam, and very likely malware). It has been used to access employee PII,
deactivate staff emails, send and store unencrypted data, and lock government
workers out of systems. Combined with the server’s after-the-fact privacy
impact assessment, we can expect that no standardized authentication and
monitoring schemes are in place.
In cybersecurity terms, DOGE is “insider threat,” APT (Advanced Persistent
Threat), and domestic adversary combined. One that we can be sure has wildly
varying levels of cybersecurity competency and security hygiene.
Initial impressions would have us believe the DOGE assault on government
systems is being done by clownish pimply-faced kids who are merely opportunists
for whom computer security is merely an afterthought. Yet we can see this was a
planned operation. These threat actors are more like what an infosec colleague
described as “those Nazi red team assholes who go to DEF CON.” But they are
also skids — “script kiddies.” For example, DOGE’s Edward Coristine was fired
from enterprise security firm Path, a provider of DDoS prevention services, for
sharing company information. Afterward Coristine bragged on Discord claiming he
had backdoor access to Path’s systems and openly asked where to find a
readymade L7 tool — used for Layer 7 DDoS attacks."
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
