#Cyberattack Prevention | Explore Tumblr posts and blogs

mariacallous · 4 months ago

Text

In the span of just weeks, the U.S. government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the U.S. Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

Then, we learned that uncleared DOGE personnel had gained access to classified data from the U.S. Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

The systems that DOGE is accessing are not esoteric pieces of our nation’s infrastructure—they are the sinews of government.

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

What makes this situation unprecedented isn’t just the scope, but also the method of attack. Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks. The Chinese government’s 2015 breach of OPM was a significant U.S. security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process.

But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.

The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error.

These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.

The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data.

This is much more critical than the initial unauthorized access. These new servers have unknown capabilities and configurations, and there’s no evidence that this new code has gone through any rigorous security testing protocols. The AIs being trained are certainly not secure enough for this kind of data. All are ideal targets for any adversary, foreign or domestic, also seeking access to federal data.

There’s a reason why every modification—hardware or software—to these systems goes through a complex planning process and includes sophisticated access-control mechanisms. The national security crisis is that these systems are now much more vulnerable to dangerous attacks at the same time that the legitimate system administrators trained to protect them have been locked out.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

Now, the technical details of how these systems operate, their security protocols, and their vulnerabilities are now potentially exposed to unknown parties without any of the usual safeguards. Instead of having to breach heavily fortified digital walls, these parties can simply walk through doors that are being propped open—and then erase evidence of their actions.

The security implications span three critical areas.

First, system manipulation: External operators can now modify operations while also altering audit trails that would track their changes. Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure. Third, and most critically, is the issue of system control: These operators can alter core systems and authentication mechanisms while disabling the very tools designed to detect such changes. This is more than modifying operations; it is modifying the infrastructure that those operations use.

To address these vulnerabilities, three immediate steps are essential. First, unauthorized access must be revoked and proper authentication protocols restored. Next, comprehensive system monitoring and change management must be reinstated—which, given the difficulty of cleaning a compromised system, will likely require a complete system reset. Finally, thorough audits must be conducted of all system changes made during this period.

This is beyond politics—this is a matter of national security. Foreign national intelligence organizations will be quick to take advantage of both the chaos and the new insecurities to steal U.S. data and install backdoors to allow for future access.

Each day of continued unrestricted access makes the eventual recovery more difficult and increases the risk of irreversible damage to these critical systems. While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Assuming that anyone in the government still cares.

184 notes · View notes

yourreddancer · 5 months ago

Text

He should be arrested for violating our privacy. He was not vetted by congress and has no security clearance.

Contact your state’s attorney general and request help.

Can we ask the ACLU to file a class action suit? Who’s with me?

“Let’s get into the details. Musk’s staffers have been caught plugging external hard drives into federal agency systems and reportedly locking others out of private rooms to perform—who knows what actions. This behavior violates key cybersecurity laws under FISMA and NIST guidelines, which are designed to protect sensitive federal information. Here’s why this is a serious problem.

Federal systems are strictly regulated, allowing only approved devices to connect. Unauthorized external drives can introduce viruses, ransomware, or other harmful software that may compromise entire networks and disrupt essential operations. This puts system stability and continuity of services at risk, endangering critical infrastructure.

These devices could also be used to steal or damage critical information, including personal data for millions of Americans—such as Social Security recipients and taxpayers. Unauthorized access creates significant vulnerabilities, exposing sensitive data to the risk of cyberattacks. Such attacks could cripple vital services and compromise the privacy and safety of millions of people.

Additionally, federal agencies have strict access controls to prevent unauthorized data manipulation or theft. When unauthorized devices are connected, these protections are bypassed, allowing unauthorized users to potentially alter or extract sensitive data. This undermines system integrity and opens the door to both internal and external threats.

External drives also often lack essential security features, such as encryption and antivirus scanning, making them vulnerable to cybercriminal exploitation. These security gaps further increase the risk of data breaches and system compromise, which can have far-reaching consequences.

Federal systems handle trillions of dollars in payments and manage personal data for millions of U.S. citizens. By bypassing cybersecurity laws and protocols, Musk’s staffers are putting these systems—and the public—at serious risk. This activity is illegal, reckless, and unacceptable. Immediate oversight and intervention are necessary to stop these violations!” ~ A N P S

225 notes · View notes

voltaspistol · 5 months ago

Text

alt text under cut

Alt National Park Service·

Let’s get into the details. Musk’s staffers have been caught plugging external hard drives into federal agency systems and reportedly locking others out of private rooms to perform—who knows what actions. This behavior violates key cybersecurity laws under FISMA and NIST guidelines, which are designed to protect sensitive federal information. Here’s why this is a serious problem.

#us politics #musk #elon musk #alt national park service

64 notes · View notes

metalheadsagainstfascism · 5 months ago

Text

#I hope you understand how serious this is

42 notes · View notes

cringywhitedragon · 1 year ago

Text

Heads up folks, NicoNicoDouga is currently down due to a large scale cyberattack

The attack happened on the 8th and the site is still down in terms of video streaming. Apparently there were reports of Ransomware being used during the attack.

The site is still “down” but the blog part is back up but from the report, videos and content posted are ok so do not fret. The site is still down as of this post (save for the blog) and it seems they are working their hardest to fix it and do damage control.

Here is a rough translation of their most recent post:

Report and apology regarding cyberattack on our services

As announced in Niconico Info dated June 8th, 2024, Dwango Co., Ltd. (Headquarters: Chuo-ku, Tokyo; President and CEO: Takeshi Natsuno) has been unable to use the entire Niconico service operated by our company since the early morning of June 8th. It has been confirmed that this outage was caused by a large-scale cyberattack, including ransomware, and we are currently temporarily suspending use of the service and conducting an investigation and response to fully grasp the extent of the damage and restore it.

After confirming the cyberattack, we immediately took emergency measures such as shutting down the relevant servers, and have set up a task force to fully clarify the damage, determine the cause, and restore the system. We would like to report the findings of the investigation to date and future responses as follows.

We sincerely apologize to our users and related parties for the great inconvenience and concern caused.

Response history>

Around 3:30 a.m. on June 8, a malfunction occurred that prevented all of our web services, including our "Nico Nico" and "N Preparatory School" services, from working properly. After an investigation, it was confirmed that the malfunction was caused by a cyber attack, including ransomware, at around 8 a.m. on the same day. A task force was set up on the same day, and in order to prevent the damage from spreading, we immediately cut off communication between servers in the data center provided by our group companies and shut down the servers, temporarily suspending the provision of our web services. In addition, since it was discovered that the attack had also extended to our internal network, we suspended the use of some of our internal business systems and prohibited access to the internal network.

As of June 14, we are currently investigating the extent of the damage and formulating recovery procedures, aiming for a gradual recovery.

June 8, 2024

We have begun an investigation into the malfunction that prevented all of our "Nico Nico" services from working properly and the failure of some of our internal systems.

We have confirmed that the cause of the failure was encryption by ransomware. "Nico Nico" services in general and some internal business systems suspended and servers were shut down

A task force was established

First report "Regarding the situation in which Nico Nico services are unavailable" was announced

June 9, 2024

Contacted the police and consulted with external specialist agencies

Kabukiza office was closed

KADOKAWA announced "Regarding the occurrence of failures on multiple KADOKAWA Group websites"

June 10, 2024

Reported to the Personal Information Protection Commission (first report)

Second report "Regarding the situation in which Nico Nico services are unavailable" was announced

June 12, 2024

Reported the occurrence of the failure to the Kanto Regional Financial Bureau (Financial Services Agency)

June 14, 2024

This announcement

This cyber attack by a third party was repeated even after it was discovered, and even after a server in the private cloud was shut down remotely, the third party was observed to be remotely starting the server and spreading the infection. Therefore, the power cables and communication cables of the servers were physically disconnected and blocked. As a result, all servers installed in the data centers provided by the group companies became unusable. In addition, to prevent further spread of infection, our employees are prohibited from coming to the Kabukiza office in principle, and our internal network and internal business systems have also been shut down.

In addition to public cloud services, Niconico uses private cloud services built in data centers provided by KADOKAWA Group companies, to which our company belongs. One of these, a data center of a group company, was hit by a cyber attack, including ransomware, and a significant number of virtual machines were encrypted and became unavailable. As a result, the systems of all of our web services, including Niconico, were shut down.

The Niconico Video system, posted video data, and video distribution system were operated on the public cloud, so they were not affected. Niconico Live Broadcasting did not suffer any damage as the system itself was run on a public cloud, but the system that controls Niconico Live Broadcasting's video distribution is run on a private cloud of a group company, so it is possible that past time-shifted footage, etc. may not be available. We are also gradually checking the status of systems other than Niconico Douga and Niconico Live Broadcasting.

■ Services currently suspended

Niconico Family services such as Niconico Video, Niconico Live Broadcast, and Niconico Channel

Niconico account login on external services

Music monetization services

Dwango Ticket

Some functions of Dwango JP Store

N Preparatory School *Restored for students of N High School and S High School

Sending gifts for various projects

■ About Niconico-related programs

Until the end of July, official Niconico live broadcasts and channel live broadcasts using Niconico Live Broadcast and Niconico Channel will be suspended.

Considering that program production requires a preparation period and that Niconico Live Broadcast and Niconico Channel are monthly subscription services, we have decided to suspend live broadcasts on Niconico Live Broadcast until the end of July. Depending on the program, the broadcast may be postponed or broadcast on other services.

The date of resumption of Niconico services, including Niconico Live Broadcast and Niconico Channel, is currently undecided.

Niconico Channel Plus allows viewing of free content without logging in. Paid content viewing and commenting are not available.

■ About the new version "Nico Nico Douga (Re: Kari)" (read: nikoniko douga rikari)

While "Nico Nico" is suspended, as the first step, we will release a new version of "Nico Nico Douga (Re: Kari)" at 3:00 p.m. on June 14, 2024. Our development team voluntarily created this site in just three days, and it is a video community site with only basic functions such as video viewing and commenting, just like the early days of Niconico (2006). In consideration of the load on the service, only a selected portion of the videos posted on Niconico Video is available for viewing. The lineup is mainly popular videos from 2007, and you can watch them for free without an account.

■About the Niconico Manga app

We have already confirmed that many systems were not affected, and we are considering resuming the service with a reduced-function version that allows basic functions such as reading manga, commenting, and adding to favorites. We aim to restore the service by June 2024.

If any new facts become known in the future, we will report them on Niconico Info, Official X, our company website, etc. as they become available. We appreciate your understanding and cooperation.

Added 6/10]

Thank you for your continued patronage. This is the Niconico management team.

Due to the effects of a large-scale cyber attack, Niconico has been unavailable since the early morning of June 8th.

We sincerely apologize for the inconvenience.

As of 6:00 p.m. on June 10th, we are working to rebuild the entire Niconico system without being affected by the cyber attack, in parallel with an investigation to grasp the full extent of the damage.

We have received many inquiries from you, such as "Will premium membership fees and paid channel membership fees be charged during the service suspension period?" and "What will happen to the time shift deadline for live broadcasts?". We are currently in the process of investigating the impact, so we cannot answer your questions, but we will respond sincerely, so please wait for further information.

Our executive officer Shigetaka Kurita and CTO Keiichi Suzuki are scheduled to explain the expected time until recovery and the information learned from the investigation up to that point this week.

We will inform you again about this as soon as we are ready.

■ Services currently suspended

Niconico Family Services such as Niconico Video, Niconico Live Broadcast, Niconico Channel, etc.

Niconico Account Login on External Services

[Added 2024/06/10 18:00]

Gifts for various projects (due to the suspension of related systems)

■ Programs scheduled to be canceled/postponed (as of June 10)

Programs from June 10 to June 16

■ Current situation

In parallel with the recovery work, we are investigating the route of the attack and the possibility of information leakage.

No credit card information has been leaked (Niconico does not store credit card information on its own servers).

The official program "Monthly Niconico Info" scheduled for June 11 at 20:00 will be broadcast on YouTube and X at a reduced scale. During this program, we will verbally explain the current situation in an easy-to-understand manner. (※There is no prospect of providing additional information, such as detailed recovery dates, during this program.)

"Monthly Niconico Info" can be viewed at the following URL. YouTube → https://www.youtube.com/@niconico_news X (formerly Twitter) → https://x.com/nico_nico_info

The latest information will be posted on Niconico Info and the official X (formerly Twitter).

We deeply apologize for the inconvenience caused to users and content providers who regularly enjoy our videos and live broadcasts. We ask for your understanding and cooperation until the issue is resolved.

Published on 6/8]

Thank you for your continued patronage. This is the Niconico management team.

Currently, Niconico is under a large-scale cyber attack, and in order to minimize the impact, we have temporarily suspended our services.

We are accelerating our investigation and taking measures, but we cannot begin recovery until we are confident that we have completely eliminated the effects of the cyber attack and our safety has been confirmed. We do not expect to be able to restore services at least this weekend.

We sincerely apologize for the inconvenience.

We will inform you of the latest situation again on Monday (June 10, 2024).

■ Suspended services

Niconico family services such as Niconico Video, Niconico Live Broadcast, and Niconico Channel

Niconico account login on external services

■ Current situation

In parallel with the recovery work, we are investigating the route of the attack and the possibility of information leakage.

No credit card information has been confirmed to have been leaked (Niconico does not store credit card information on its own servers).

Future information will be announced on Niconico Info and Official X (formerly Twitter) as it becomes available.

We deeply apologize to all users who were looking forward to the video posts and live broadcasts scheduled for this weekend. We ask for your understanding and cooperation until the response is complete.

#news #internet #translation #nico nico douga #cyber attack #cyber security #hatsune miku #niconico #japan #please spread #please reblog this

101 notes · View notes

reality-detective · 7 months ago

Text

United Healthcare, specifically through its subsidiary ‘Change Healthcare’, experienced significant ransomware attacks in 2024. Here's a summary based on the available information:

Cyberattack Details: Change Healthcare, a unit of UnitedHealth Group's Optum division, was hit by a ransomware attack on February 21, 2024. The attack was attributed to a Russian-speaking ransomware gang known as ALPHV or Blackcat. This group claimed to have stolen over six terabytes of sensitive data, including medical records.

The Impact: The attack led to widespread disruptions in the U.S. healthcare system, affecting pharmacies, hospitals, and other medical providers by preventing them from processing claims and receiving payments. This caused significant operational and financial chaos.

Financial Impact: The immediate aftermath of the attack was reported to cost UnitedHealth around $872 million in the first quarter, not including potential ransom payments. However, the total financial impact was projected to be between $1.3 billion and $1.6 billion for the year.

Ransom Payment: There were reports and confirmations that UnitedHealth paid a ransom of $22 million in Bitcoin to the attackers, with the aim of protecting patient data from being disclosed.

Data Breach: The breach potentially compromised the personal and health information of over 100 million individuals, making it one of the largest breaches in healthcare history.

Investigations and Response: The U.S. Department of Health and Human Services launched an investigation due to the magnitude of the incident. UnitedHealth has been working with law enforcement and cybersecurity experts to investigate the breach and restore systems. They've also provided temporary funding assistance to affected healthcare providers. 🤔

#pay attention #educate yourselves #educate yourself #reeducate yourselves #knowledge is power #reeducate yourself #think about it #think for yourselves #think for yourself #do your homework #do research #do some research #do your own research #ask yourself questions #question everything #government corruption #evil lives here #news

29 notes · View notes

whumpster-fire · 7 months ago

Text

Just to be clear, when I say "weaponized incompetence," I mean I practice it as a martial art. The central philosophy is to seek to emulate the mindless yet highly inconvenient chaos of nature: with practice and meditation, you can reach an unenlightened state of non-cognition where you can be so oblivious and inept that your thoughtless actions result in the downfall of enemies you aren't even aware of through a series of wacky coincidences.

For example, the simple act of neglecting to clean up a puddle of water in front of the cash register can create a slipping hazard that can foil a future robbery by causing the thief to lose his balance and stumble into the non-strategically overloaded shelves that will then collapse on him. Likewise, haphazard organization of critical files and inability to follow naming conventions can thwart a cyberattack by preventing a hacker from finding the data they want to steal.

Here's another example. Let's say I am carrying a long, thin object such as a board or a ladder over my shoulder, and you approach me from behind with the intention of robbing me at gunpoint or knifepoint. I have already prepared for such an encounter by wearing headphones so I do not hear you coming until you have already gotten too close, dooming you. You begin to demand my money. I hear a noise and rapidly turn around, thus striking you with the board and knocking you to the ground. I look around, only at eye level, and do not look down. Seeing no one, I shrug and turn around again, just in time for you to rise and be hit with the board a second time, causing you to stumble off the curb, dropping your weapon down a storm drain. I continue on my way, victorious.

In conclusion, I would like the feedback on my performance review to reflect the numerous invaluable contributions I have made to this business's security, most of which I cannot list because I do not know I have done them.

#shitpost #weaponized incompetence #martial arts #I am become corporate

13 notes · View notes

girlactionfigure · 6 months ago

Text

‼️ MOSSAD CHIEF RECOMMENDS ATTACKING IRAN IN RESPONSE TO HOUTHI THREATS; AL-JOULANI CLAIMS SYRIA'S LIBERATION PREVENTED WORLD WAR III AND ELIMINATED A REGIONAL THREAT

🔴 Mossad chief David Barnea advocated for a direct attack on Iran following Houthi aggression. During political discussions, he emphasized, "We have to move forward. If we only attack the Houthis, it will not help," as reported by Israeli Channel 13.

⚠️ The IDF is bracing for a significant cyberattack that could target its database containing details of all military vehicles. According to Walla News, the attack is expected to focus on stealing data and possibly disabling systems used in these vehicles.

⚠️ The Israeli security establishment is considering issuing a travel warning for Israelis planning to visit Egypt during Hanukkah due to concerns over potential Iranian attacks targeting Israelis.

A message has been sent to Egypt urging increased security measures to address these threats.

🔹 IDF have entered the city of Al-Baath in southern Syria, situated along the Damascus–Quneitra road in the Quneitra Governorate. The operation began with dismantling earthen barriers on the city's outskirts.

Following their entry, IDF troops initiated searches across various sites and homes. A two-hour ultimatum has been issued for residents to surrender any weapons in their possession, according to a report by Sputnik.

🔹 "The liberation of Syria saved the region from World War III and eliminated a major threat to the region," stated Al-Joulani. He emphasized that militias in Syria posed a significant danger to neighboring countries. Additionally, he accused the ousted Syrian government of assassinating prominent figures, including Kamal Jumblatt, Bachir Gemayel, and Rafik Hariri.

🔹 The new Syrian government has recently decided to prohibit all Iranian planes, including civilian aircraft, from flying over its airspace. This move is expected to significantly hinder Hezbollah's ability to restore its military capabilities, according to Walla.

❗ Israeli Defense Minister Israel Katz issued a stern warning regarding Hezbollah's activities in southern Lebanon, declaring: "We will not allow Hezbollah to return to the villages of southern Lebanon and re-establish its infrastructure. If Hezbollah does not withdraw beyond the Litani and tries to violate the ceasefire, we will crush its head."

🔹 The Yemeni Armed Forces, aligned with the Houthis, claimed responsibility for downing a U.S. Navy F-18 fighter jet. In their statement, the Houthis said, "The American F-18 was shot down because of us, and we managed to thwart the American-British attack."

The U.S. countered the claim, attributing the incident to friendly fire, but tensions remain high as both sides assert differing accounts of the event

#Israel #October 7 #HamasMassacre #Israel/HamasWar #IDF #Gaza #Palestinians #Realtime Israel #Hezbollah #Lebanon #🎗️

13 notes · View notes

mariacallous · 5 months ago

Text

A young technologist known online as “Big Balls,” who works for Elon Musk's so-called Department of Government Efficiency (DOGE), has access to sensitive US government systems. But his professional and online history call into question whether he would pass the background check typically required to obtain security clearances, security experts tell WIRED.

Edward Coristine, a 19-year-old high school graduate, established at least five different companies in the last four years, with entities registered in Connecticut, Delaware, and the United Kingdom, most of which were not listed on his now-deleted LinkedIn profile. Coristine also briefly worked in 2022 at Path Network, a network monitoring firm known for hiring reformed black-hat hackers. Someone using a Telegram handle tied to Coristine also solicited a cyberattack-for-hire service later that year.

Coristine did not respond to multiple requests for comment.

One of the companies Coristine founded, Tesla.Sexy LLC, was set up in 2021, when he would have been around 16 years old. Coristine is listed as the founder and CEO of the company, according to business records reviewed by WIRED.

Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market.While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.

"Foreign connections, whether it's foreign contacts with friends or domain names registered in foreign countries, would be flagged by any agency during the security investigation process," Joseph Shelzi, a former US Army intelligence officer who held security clearance for a decade and managed the security clearance of other units under his command, tells WIRED.

A longtime former US intelligence analyst, who requested anonymity to speak on sensitive topics, agrees. “There's little chance that he could have passed a background check for privileged access to government systems,” they allege.

Another domain under Coristine’s control is faster.pw. The website is currently inactive, but an archived version from October 25, 2022 shows content in Chinese that stated the service helped provide “multiple encrypted cross-border networks.”

Prior to joining DOGE, Coristine worked for several months of 2024 at Elon Musk’s Neuralink brain implant startup, and, as WIRED previously reported, is now listed in Office of Personnel Management records as an “expert” at that agency, which oversees personnel matters for the federal government. Employees of the General Services Administration say he also joined calls where they were made to justify their jobs and to review code they’ve written.

Other elements of Coristine’s personal record reviewed by WIRED, government security experts say, would also raise questions about obtaining security clearances necessary to access privileged government data. These same experts further wonder about the vetting process for DOGE staff—and, given Coristine’s history, whether he underwent any such background check.

The White House did not immediately respond to questions about what level of clearance, if any, Corisitine has, and if so, how it was granted.

At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn resume. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.

“If I was doing the background investigation on him, I would probably have recommended against hiring him for the work he’s doing,” says EJ Hilbert, a former FBI agent who also briefly served as the CEO of Path Network prior to Coristine’s employment there. “I’m not opposed to the idea of cleaning up the government. But I am questioning the people that are doing it.”

Potential concerns about Coristine extend beyond his work history. Archived Telegram messages shared with WIRED show that, in November 2022, a person using the handle “JoeyCrafter” posted to a Telegram channel focused on so-called distributed denial of service, or DDOS, cyberattacks that bombard victim sites with junk traffic to knock them offline. In his messages, JoeyCrafter—which records from Discord, Telegram, and the networking protocol BGP indicate was a handle used by Coristine—writes that he’s “looking for a capable, powerful and reliable L7” that accepts Bitcoin payments. That line, in the context of a DDOS-for-hire Telegram channel, suggests he was looking for someone who could carry out a layer 7 attack, a certain form of DDOS. A DDOS-for-hire service with the name Dstat.cc was seized in a multi-national law enforcement operation last year.

The JoeyCrafter Telegram account had previously used the name “Rivage,” a name linked to Coristine on Discord and at Path, according to Path internal communications shared with WIRED. Both the Rivage Discord and Telegram accounts at times promoted Coristine’s DiamondCDN startup. It’s not clear whether the JoeyCrafter message was followed by an actual DDOS attack. (In the internal messages among Path staff, a question is asked about Rivage, at which point an individual clarifies they are speaking about "Edward".)

"It does depend on which government agency is sponsoring your security clearance request, but everything that you've just mentioned would absolutely raise red flags during the investigative process," Shelzi, the former US Army intelligence officer says. He adds that a secret security clearance could be completed in as little as 50 days while a top secret security clearance could take anywhere from 90 days to a year to complete.

Coristine’s online history, including a LinkedIn account where he calls himself Big Balls, has disappeared recently. He also previously used an account on X with the username @edwardbigballer. The account had a bio that read: “Technology. Arsenal. Golden State Warriors. Space Travel.”

Prior to using the @edwardbigballer username, Coristine was linked to an account featuring the screenname “Steven French” featuring a picture of what appears to be Humpty Dumpty smoking a cigar. In multiple posts from 2020 and 2021, the account can be seen responding to posts from Musk. Coristine’s X account is currently set to private.

Davi Ottenheimer, a longtime security operations and compliance manager, says many factors about Coristine’s employment history and online footprint could raise questions about his ability to obtain security clearance.

“Limited real work experience is a risk,” says Ottenheimer, as an example. “Plus his handle is literally Big Balls.”

27 notes · View notes

darkmaga-returns · 2 months ago

Text

Today’s book is:

Destined For War: Can America and China Escape Thucydides's Trap? by Graham Allison

China and the United States are heading toward a war neither wants. The reason is Thucydides’s Trap: when a rising power threatens to displace a ruling one, violence is the likeliest result. Over the past five hundred years, these conditions have occurred sixteen times; war broke out in twelve. At the time of publication, an unstoppable China approached an immovable America, and both Xi Jinping and Donald Trump promised to make their countries “great again,” the seventeenth case was looking grim—it still is. A trade conflict, cyberattack, Korean crisis, or accident at sea could easily spark a major war. In Destined for War, eminent Harvard scholar Graham Allison masterfully blends history and current events to explain the timeless machinery of Thucydides’s Trap—and to explore the painful steps that might prevent disaster today.

You can buy the book here (Amazon link).

5 notes · View notes

sixstringphonic · 5 months ago

Text

DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers

Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.

February 6th 2025 - via WIRED

Edward Coristine, a 19-year-old high school graduate, established at least five different companies in the last four years, with entities registered in Connecticut, Delaware, and the United Kingdom, most of which were not listed on his now-deleted LinkedIn profile. Coristine also briefly worked in 2022 at Path Network, a network monitoring firm known for hiring reformed blackhat hackers. Someone using a Telegram handle tied to Coristine also solicited a cyberattack-for-hire service later that year.

Coristine did not respond to multiple requests for comment.

Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.

The White House did not immediately respond to questions about what level of clearance, if any, Corisitine has and, if so, how it was granted.

At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn résumé. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.

Potential concerns about Coristine extend beyond his work history. Archived Telegram messages shared with WIRED show that, in November 2022, a person using the handle “JoeyCrafter” posted to a Telegram channel focused on so-called distributed denial of service (DDoS) cyberattacks that bombard victim sites with junk traffic to knock them offline. In his messages, JoeyCrafter—which records from Discord, Telegram, and the networking protocol BGP indicate was a handle used by Coristine—writes that he’s “looking for a capable, powerful and reliable L7” that accepts bitcoin payments. That line, in the context of a DDoS-for-hire Telegram channel, suggests he was looking for someone who could carry out a layer-7 attack, a certain form of DDoS. A DDoS-for-hire service with the name Dstat.cc was seized in a multinational law enforcement operation last year.

The JoeyCrafter Telegram account had previously used the name “Rivage,” a name linked to Coristine on Discord and at Path, according to Path internal communications shared with WIRED. Both the Rivage Discord and Telegram accounts at times promoted Coristine’s DiamondCDN startup. It’s not clear whether the JoeyCrafter message was followed by an actual DDoS attack. (In the internal messages among Path staff, a question is asked about Rivage, at which point an individual clarifies they are speaking about “Edward.”)

"It does depend on which government agency is sponsoring your security clearance request, but everything that you've just mentioned would absolutely raise red flags during the investigative process," says Shelzi, the former US Army intelligence officer. He adds that a secret security clearance could be completed in as little as 50 days, while a top-secret security clearance could take anywhere from 90 days to a year to complete.

Prior to using the @edwardbigballer username, Coristine was linked to an account featuring the screen name “Steven French” featuring a picture of what appears to be Humpty Dumpty smoking a cigar. In multiple posts from 2020 and 2021, the account can be seen responding to posts from Musk. Coristine’s X account is currently set to private.

“Limited real work experience is a risk,” says Ottenheimer, as an example. “Plus his handle is literally Big Balls.”

#the worst timeline #american politics #us politics #this is insane #DOGE #United States S.O.S.#Edward Coristine #edwardbigballer #tesla.sexy #stop the simulation

6 notes · View notes