Beyond Change Healthcare

The continued onslaught of cybersecurity attacks which if anything are only getting worse have impacted the healthcare system in dramatic fashion with the payment network brought down by the attack on Change Healthcare. Healthcare under Cyber Attack I keep hoping that we all get better at combatting these attempts to breach our data and that overall vigilance rises as we become more wary of…

View On WordPress

the last time something like this happened it was in 2010, with a McAfee virus protection update:

and guess who was Chief Technology Officer at the time? a guy called George Kurtz, who went on to become the founder and CEO of CrowdStrike 🙃

idk if people on tumblr know about this but a cybersecurity software called crowdstrike just did what is probably the single biggest fuck up in any sector in the past 10 years. it's monumentally bad. literally the most horror-inducing nightmare scenario for a tech company.

some info, crowdstrike is essentially an antivirus software for enterprises. which means normal laypeople cant really get it, they're for businesses and organisations and important stuff.

so, on a friday evening (it of course wasnt friday everywhere but it was friday evening in oceania which is where it first started causing damage due to europe and na being asleep), crowdstrike pushed out an update to their windows users that caused a bug.

before i get into what the bug is, know that friday evening is the worst possible time to do this because people are going home. the weekend is starting. offices dont have people in them. this is just one of many perfectly placed failures in the rube goldburg machine of crowdstrike. there's a reason friday is called 'dont push to live friday' or more to the point 'dont fuck it up friday'

so, at 3pm at friday, an update comes rolling into crowdstrike users which is automatically implemented. this update immediately causes the computer to blue screen of death. very very bad. but it's not simply a 'you need to restart' crash, because the computer then gets stuck into a boot loop.

this is the worst possible thing because, in a boot loop state, a computer is never really able to get to a point where it can do anything. like download a fix. so there is nothing crowdstrike can do to remedy this death update anymore. it is now left to the end users.

it was pretty quickly identified what the problem was. you had to boot it in safe mode, and a very small file needed to be deleted. or you could just rename crowdstrike to something else so windows never attempts to use it.

it's a fairly easy fix in the grand scheme of things, but the issue is that it is effecting enterprises. which can have a looooot of computers. in many different locations. so an IT person would need to manually fix hundreds of computers, sometimes in whole other cities and perhaps even other countries if theyre big enough.

another fuck up crowdstrike did was they did not stagger the update, so they could catch any mistakes before they wrecked havoc. (and also how how HOW do you not catch this before deploying it. this isn't a code oopsie this is a complete failure of quality ensurance that probably permeates the whole company to not realise their update was an instant kill). they rolled it out to everyone of their clients in the world at the same time.

and this seems pretty hilarious on the surface. i was havin a good chuckle as eftpos went down in the store i was working at, chaos was definitely ensuring lmao. im in aus, and banking was literally down nationwide.

but then you start hearing about the entire country's planes being grounded because the airport's computers are bricked. and hospitals having no computers anymore. emergency call centres crashing. and you realised that, wow. crowdstrike just killed people probably. this is literally the worst thing possible for a company like this to do.

crowdstrike was kinda on the come up too, they were starting to become a big name in the tech world as a new face. but that has definitely vanished now. to fuck up at this many places, is almost extremely impressive. its hard to even think of a comparable fuckup.

a friday evening simultaneous rollout boot loop is a phrase that haunts IT people in their darkest hours. it's the monster that drags people down into the swamp. it's the big bag in the horror movie. it's the end of the road. and for crowdstrike, that reaper of souls just knocked on their doorstep.

Slingshots for a Spider

I recently finished (didn't take the test, I was just stumbling through the course, open mouthed and scared) the ineffable WEB-300: Advanced Web Attacks and Exploitation, from the magnanimous OffSec, which is the preparation course for the Offensive Security Web Expert certification (OSWE). The image is a very cool digital black widow spider, which makes sense, because the course is teaching you how to be an attacker on 'the web'.

As scared as I am of spiders, I am enamored by this course. Enough to stare at it for two years then finally take it and complete it over one grueling year. It covers things like: Blind SQL Injection - setting things up in a program called Burpsuite, to repeatedly try sending various things, then clicking a button, and seeing how a website answers, whether it gives us info or errors (which is more info!)

Authentication Bypass Exploitation - skirting around the steps that websites use to make sure you are who you say you are, like taking a 'reset password' click of a button, knowing some admin's email, and getting a database to spit out the token so we can get to the website to reset the password before the admin.

and Server-Side Request Forgery - making a server (someone else's computer in charge of doing real work instead of messing around with a human) ask its connections and resources to get something for you.

Now I know what you're probably thinking: Holy cow, where to even start? If you're not thinking that, congratulations. If you are, I've the answer: Tools. No spider is eating flies without sensing, lurking, biting... this metaphor to say: No one's doing it by hand with no help.

So what tools are helpful? How do you know what's good, what's useful, what's a dime a dozen, what's only going to do part of what you want versus all of it...

Luckily the fan favorites are famous for a reason. Just about anything you'd need is already downloaded into Kali Linux, which is jam packed with much, much more than the average hacker even needs!

Tools are dependent on what you need to do. For this class we need to inspect web traffic, recover source code, analyze said code of source, and debug things remotely.

Inspecting web traffic covers SSL / TLS and HTTP. SSL is Secure Sockets Layer and TLS is Transport Layer Security. These are literally just protocols (rules! internet rules that really smart people spent a lot of time figuring out) that encrypts traffic (mixes and chops and surrounds your communication, to keep it safe and secure). HTTP is the hypertext transfer protocol, which is another set of rules that figures out how information is going to travel between devices, like computers, web servers, phones, etc.

But do you always follow the rules? Exactly. Even by accident, a lot can fall through the cracks or go wrong. Being able to see *exactly* what's happening is pivotal in *taking advantage* of what's not dotting the i's and crossing the t's.

Possibly the most famous tool for web hacking, and the obvious choice for inspecting web traffic, is Burp Suite. It gathers info, can pause in the middle of talking to websites and connections that usually happen behind the scenes in milliseconds, like manipulating HTTP requests. You can easily compare changes, decode, the list goes on.

Decompiling source code is the one where you could find a million things that all do very specific things. For example dnSpy can debug and edit .NET assemblies, like .exe or .dll files that usually *run*, and don't get cracked open and checked inside. At least not by a normal user. .NET binaries are easier to convert back to something readable because it uses runtime compiling, rather than compiling during assembly. All you have to do is de-compile. It's the difference between figuring out what's in a salad and what's in a baked loaf of bread. One's pretty easy to de-compile. The other, you'd probably not be able to guess, unless you already knew, that there are eggs in it! dnSpy decompiles assemblies so you can edit code, explore, and you can even add more features via dnSpy plugins.

Another type of code objects useful to analyze are Java ARchive or JAR files. Another decompiler that's good for JAR files is JD-GUI, which lets you inspect source code and Java class files so you can figure out how things work.

Analyzing source code is another act that can come with a lot of options. Data enters an application through a source. It's then used or it acts on its own in a 'sink'. We can either start at the sink (bottom-up approach) or with the sources (top-down approach). We could do a hybrid of these or even automate code analysis to snag low-hanging fruit and really balance between time, effort and quality. But when you have to just *look* at something with your *eyes*, most people choose VSCode. VSCode can download an incredible amount of plug ins, like remote ssh or kubernetes, it can push and pull to gitlab, examine hundreds of files with ease, search, search and replace... I could go on!

Last need is remote debugging, which really shows what an application is doing during runtime (when it's running!). Debugging can go step-by-step through huge amalgamations using breakpoints, which can continue through steps, step over a step, step INTO a step (because that step has a huge amalgamation of steps inside of it too, of course it does!), step out of that step, restart from the beginning or from a breakpoint, stop, or hot code replace. And the best part? VSCode does this too!

Remote debugging lets us debug a running process. All we need is access to the source code and debugger port on whatever remote system we happen to be working in.

Easy, right? Only a few tools and all the time in the world... WEB-300 was mostly whitebox application security, research, and learning chained attack methods. For example, you'd do three or seven steps, which incorporate two or four attacks, rather than just one. It's more realistic, as just one attack usually isn't enough to fell a giant. And here there be giants. Worry not: we've got some slingshots now.

The next step is seeing if we can get them to work!

Useful links:

(PortSwigger Ltd., 2020), https://portswigger.net/burp/documentation

(DNN Corp., 2020), https://www.dnnsoftware.com/

(0xd4d, 2020), https://github.com/0xd4d/dnSpy

(ICSharpCode , 2020), https://github.com/icsharpcode/ILSpy

(MicroSoft, 2021), https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/command-line-building-with-csc-exe

(Wikipedia, 2021), https://en.wikipedia.org/wiki/Cross-reference

(Wikipedia, 2019), https://en.wikipedia.org/wiki/Breakpoint

(Oracle, 2020), https://docs.oracle.com/javase/tutorial/deployment/jar/manifestindex.html

(Wikipedia, 2021), https://en.wikipedia.org/wiki/Integrated_development_environment

(Microsoft, 2022), https://code.visualstudio.com/(Wikipedia, 2021), https://en.wikipedia.org/wiki/False_positives_and_false_negatives

(Oracle, 2021), https://docs.oracle.com/javase/8/docs/technotes/guides/jpda/conninv.html#Invocation

How Disrespect in Business—Like Ignoring Emails and Turning Down Networking—Can Lead to Cyber Attacks

Let’s get something straight right now: your crappy communication habits aren’t just annoying—they’re dangerous. That ignored email chain? It might be the reason your company gets ransomwared next month. That networking event you blew off because you were “too busy”? Could’ve been where you learned about the security vulnerability currently festering in your system. Disrespect in business isn’t…

Security Vulnerabilities in CAN, CANopen, and J1939 Networks: Risks and Mitigation Strategies

Explore key security vulnerabilities in CAN, CANopen, and J1939 networks. Learn the risks and discover effective mitigation strategies to protect your industrial and automotive systems.

Leveraging SolveForce and The Telecom Broker to Address Key Cybersecurity Risks

Introduction Recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA), alongside other global cybersecurity agencies, highlights significant vulnerabilities in telecommunications infrastructure exploited by malicious actors, such as state-sponsored cyber threats. The risks include unauthorized configuration changes, weak access controls, and insecure protocols. By…

NOSTR Snapback Hat @ 21rebel

Every Protocol Explained As FAST As Possible!

In this comprehensive video, we break down 100 essential networking protocols that every ethical hacker, cybersecurity enthusiast, and IT professional should know. From the foundational HTTP and HTTPS to advanced industrial protocols like MODBUS and DNP3, we've got you covered.

We'll explore:

Web Protocols: HTTP, HTTPS, FTP, SFTP Network Foundations: TCP/IP, UDP, ICMP, ARP Security Protocols: SSH, SSL/TLS, IPSec, Kerberos Email Protocols: SMTP, POP3, IMAP Remote Access: Telnet, RDP File Sharing: SMB/CIFS, NFS, AFP Routing Protocols: OSPF, RIP, BGP, EIGRP Wireless & IoT: MQTT, Z-Wave, Zigbee, Bluetooth, NFC Industrial Protocols: MODBUS, DNP3, BACnet Streaming Protocols: RTSP, RTP, SRTP Virtualization & Tunneling: GRE, MPLS, VXLAN, LISP And so much more!

Using simple explanations, relatable metaphors, and a touch of humor, we'll make these complex protocols easy to understand and remember.

Who is this video for?

Ethical Hackers & Penetration Testers Cybersecurity Students & Professionals Network Administrators & Engineers IT Enthusiasts & Tech Learners Why watch this video?

Enhance your cybersecurity knowledge Prepare for certifications and exams Stay updated with networking fundamentals Learn how different protocols can be vulnerable Get tips on securing your network infrastructure

ICMP, short for Internet Control Message Protocol, is utilized by network devices like routers to communicate error messages and operational status regarding the network's conditions. Network devices typically generate ICMP messages in response to errors, such as when a packet cannot be delivered to its destination or when a router needs to communicate that it is experiencing congestion.

Openscap: Open Source Vulnerability and Compliance Scanner

Openscap: Open Source Vulnerability and Compliance Scanner @vexpert #vmwarecommunities #100daysofhomelab #homelab #OpenSCAPintroduction #OpenSCAPscannerinstallation #SecurityContentAutomationProtocol #Linuxsecurity

Open-source security tools are not only cost-effective, they are also very powerful. OpenSCAP is a robust line of defense in achieving and maintaining system security compliance. It delivers many features, including for the community and enterprise businesses. Table of contentsWhat is OpenSCAP?Diving Deeper into the SCAP Security GuideCustomizing OpenSCAP with Your Own Content FilesOpenSCAP…

View On WordPress

wrong number

Ghost receives a text that leaves him absolutely reeling. OR the guy that you texted on accident is weirdly flirtatious and you're kind of into it?

1.1k words. lieutenant!Ghost x chef!reader (f). reader’s age unclear but 18+ (not a minor!!). divider by @plutism.

Unknown: SOS!!!!

Ghost immediately goes deathly still, eyes zeroing in on the text message notification that blinks across his phone before disappearing.

Having a SAS issued phone means that his phone number should be impossible to find. He doesn’t receive spam texts or calls and the few people who have his number know better than to bother him when he’s on paperwork duty. Which means that something is not right.

His phone buzzes again, and he feels his gut churn sourly.

Unknown: (1 attachment)

He doesn’t have time to think, he just braces himself for the worst. A photo of Johnny bleeding out with a gunshot wound? Coordinates to a location where Gaz is being held hostage? 

He’s already reaching for his kit in case he needs to jump on a helo when the attachment, an image, finally opens up.

The breath that was suspended in his chest slowly releases like a deflated balloon as he tries to make sense of the carnage on his phone screen. Yet, it isn’t one of his squadmates that’s crying out for help. Rather, it’s an image of a Cornish hen that’s been burnt to an absolute charred crisp. 

His mind is racing at a speed that he can’t quite process, his eyes methodically scanning the photo for any clues or hidden messages in the image. 

Yet, even to his trained eye, the image is perfectly normal. The background of the photo is a standard flat kitchen, slightly disorganized with cooking materials and ingredients scattered about. Your feet are visible in the corner of the photo, you’re wearing a pair of girly pajama shorts and bunny slippers.

His brows scrunch together in confusion, thoroughly perplexed and slightly annoyed at the mental gymnastics that he is undertaking to try to make sense of these messages.

Ghost: Who are you?

Your reply is instant, confirming his suspicion that you have truly somehow managed to message him by accident.

Unknown: It’s (♥︎), your classmate from culinary school!

Ghost glances at the image again, brows scrunching in disbelief that you are training to become a chef considering the charred and blackened state of the bird.

Ghost: Wrong number.

Unknown: Ah, how embarrassing. So sorry to disturb you! I must have jotted down my classmate’s number incorrectly during class. Have a lovely rest of your evening! 

That’s that then.

He sighs and sets his phone on his worn desk, glancing back at the mountain of paperwork that awaits him. He’s several hours away from finishing up, and Price will absolutely have his head if doesn't get it all done.

Yet, for reasons he isn't willing to unpack, the image of your bare legs tucked into those ridiculously fuzzy bunny slippers lingers in the back of his mind. His fist twitches, annoyed with himself for getting so hot and bothered over a mere glimpse of bare ankle.

You’re just another nameless, faceless muppet in the void of the digital age. Even responding back to your text message is probably a breach of security protocol that could land him in another hour long cybersecurity training seminar if he isn't careful.

So Ghost isn’t sure why he bothers picking up his phone and typing a message at all, but his thumb hits send before he can ponder it any further.

Ghost: Chicken seems a bit burnt.

Being the asshole that he is, Ghost can’t help but chuckle wryly at his own joke. He figures you’ll probably ignore his message. Maybe you’ll even take offence to it and block his number. So when his phone instantly buzzes with a response, his interest is fully captured.

Unknown: You think? I worried it might be a bit underdone.

The corner of his mouth twitches upward beneath his mask.

Ghost: I could be wrong. You’re the chef after all.

Unknown: Well, there’s plenty to go around if you fancy charcoals and mash.

He's fully smiling now, embarrassingly chuffed that you're playing along.

Ghost: You asking me on a date?

Unknown: Depends. Are you a serial killer?

Ghost: Depends on your definition of a serial killer.

It’s silent after that and Ghost can’t help the kernel of disappointment that takes root in his chest. Easygoing banter is far and few between for the lieutenant who has spent the last 48 hours trying to make sense of the mountain of paperwork that piled up on his desk during his last mission. He was enjoying this exchange with you far more than he cares to admit, and several minutes pass with no response before he glumly locks his phone and returns his attention to his desk.

A full day passes and Ghost accepts that he has scared you off.

Yet he can’t blame you. He knows full well that there are loads of creeps and nut jobs on the Internet who could take advantage of you. And even so, you’d be better off messaging any one of those weirdos rather than him. Because, after all, he’s ... who he is.

Three days later, Ghost is seven kilometers into his evening jog around the training field when his phone buzzes again unexpectedly. His eye twitches but he doesn’t check it right away, chiding himself for the persistent flare of hope in his gut that refuses to be extinguished. He’s been pathetically rushing to his phone with every notification he receives since your last text message came through and feeling disappointed every time it isn’t you.

It’s only when his phone buzzes again that he decides to bite the bullet and check who's texting him.

He’s fully expecting it to be another stupid meme from Soap in the 141 group chat. Which is why he skids to a stop, heart suddenly pounding in his chest, at the sight of a message from your phone number (which he has memorized at this point).

It’s his trigger finger that flies to open your message, eyes fixed intensely, almost nervously, on the pixelated screen of his outdated phone.

You’ve sent him a photo of a sausage roll, a proper sausage roll, that’s cooling on a wire rack in your kitchen. He's already salivating at the sight of the juicy blend of ground meat packed neatly and precisely into a flaky case of golden pastry, as well as the sliver of your bare thigh that's showing in the edge of the photo.

He assumes that you’ve accidentally messaged him again instead of your classmate until he sees the message beneath the image.

Unknown: Just wanted you to know that I’ve been testing some other recipes for our date. 

Unknown: Thoughts on my sausage rolls?

Ghost doesn’t even realize that he’s grinning like a madman until his face starts to twitch uncomfortably. He hasn’t smiled so hard in months, maybe even years, and the mechanics of beaming like a lovesick idiot have almost been forgotten by his stiff facial muscles.

He responds immediately, almost afraid that you might slip through his gloved fingers again if he is even a second too late.

Ghost: That’ll do.

(thoughts on part 2 from reader pov? i want them to talk on the phone and see ghost be all cute n awkward TT)

China hacked Verizon, AT&T and Lumen using the FBI’s backdoor

On OCTOBER 23 at 7PM, I'll be in DECATUR, presenting my novel THE BEZZLE at EAGLE EYE BOOKS.

State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=C5ywbp&reflink=desktopwebshare_permalink

In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Prior to CALEA, telecoms operators were often at pains to design their networks to resist infiltration and interception. Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.

Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies. Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.

Telcos weren't the only opponents of CALEA, of course. Security experts – those who weren't hoping to cash in on government pork, anyways – warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.

These experts were – then as now – dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance in order to keep the nation safe, and who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"

NERD HARDER! has been the answer ever since CALEA – and related Clinton-era initiatives, like the failed Clipper Chip program, which would have put a spy chip in every computer, and, eventually, every phone and gadget:

https://en.wikipedia.org/wiki/Clipper_chip

America may have invented NERD HARDER! but plenty of other countries have taken up the cause. The all-time champion is former Australian Prime Minister Malcolm Turnbull, who, when informed that the laws of mathematics dictate that it is impossible to make an encryption scheme that only protects good secrets and not bad ones, replied, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia":

https://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/

CALEA forced a redesign of the foundational, physical layer of the internet. Thankfully, encryption at the protocol layer – in the programs we use – partially counters this deliberately introduced brittleness in the security of all our communications. CALEA can be used to intercept your communications, but mostly what an attacker gets is "metadata" ("so-and-so sent a message of X bytes to such and such") because the data is scrambled and they can't unscramble it, because cryptography actually works, unlike back doors. Of course, that's why governments in the EU, the US, the UK and all over the world are still trying to ban working encryption, insisting that the back doors they'll install will only let the good guys in:

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

Any back door can be exploited by your adversaries. The Chinese sponsored hacking group know as Salt Typhoon intercepted the communications of hundreds of millions of American residents, businesses, and institutions. From that position, they could do NSA-style metadata-analysis, malware injection, and interception of unencrypted traffic. And they didn't have to hack anything, because the US government insists that all networking gear ship pre-hacked so that cops can get into it.

This isn't even the first time that CALEA back doors have been exploited by a hostile foreign power as a matter of geopolitical skullduggery. In 2004-2005, Greece's telecommunications were under mass surveillance by US spy agencies who wiretapped Greek officials, all the way up to the Prime Minister, in order to mess with the Greek Olympic bid:

https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305

This is a wild story in so many ways. For one thing, CALEA isn't law in Greece! You can totally sell working, secure networking gear in Greece, and in many other countries around the world where they have not passed a stupid CALEA-style law. However the US telecoms market is so fucking huge that all the manufacturers build CALEA back doors into their gear, no matter where it's destined for. So the US has effectively exported this deliberate insecurity to the whole planet – and used it to screw around with Olympic bids, the most penny-ante bullshit imaginable.

Now Chinese-sponsored hackers with cool names like "Salt Typhoon" are traipsing around inside US telecoms infrastructure, using the back doors the FBI insisted would be safe.

Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/10/07/foreseeable-outcomes/#calea

Image: Kris Duda, modified https://www.flickr.com/photos/ahorcado/5433669707/

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/

He should be arrested for violating our privacy. He was not vetted by congress and has no security clearance.

Contact your state’s attorney general and request help.

Can we ask the ACLU to file a class action suit? Who’s with me?

“Let’s get into the details. Musk’s staffers have been caught plugging external hard drives into federal agency systems and reportedly locking others out of private rooms to perform—who knows what actions. This behavior violates key cybersecurity laws under FISMA and NIST guidelines, which are designed to protect sensitive federal information. Here’s why this is a serious problem.

Federal systems are strictly regulated, allowing only approved devices to connect. Unauthorized external drives can introduce viruses, ransomware, or other harmful software that may compromise entire networks and disrupt essential operations. This puts system stability and continuity of services at risk, endangering critical infrastructure.

These devices could also be used to steal or damage critical information, including personal data for millions of Americans—such as Social Security recipients and taxpayers. Unauthorized access creates significant vulnerabilities, exposing sensitive data to the risk of cyberattacks. Such attacks could cripple vital services and compromise the privacy and safety of millions of people.

Additionally, federal agencies have strict access controls to prevent unauthorized data manipulation or theft. When unauthorized devices are connected, these protections are bypassed, allowing unauthorized users to potentially alter or extract sensitive data. This undermines system integrity and opens the door to both internal and external threats.

External drives also often lack essential security features, such as encryption and antivirus scanning, making them vulnerable to cybercriminal exploitation. These security gaps further increase the risk of data breaches and system compromise, which can have far-reaching consequences.

Federal systems handle trillions of dollars in payments and manage personal data for millions of U.S. citizens. By bypassing cybersecurity laws and protocols, Musk’s staffers are putting these systems—and the public—at serious risk. This activity is illegal, reckless, and unacceptable. Immediate oversight and intervention are necessary to stop these violations!” ~ A N P S

Alt National Park Service

We apologize for the length of this post, but we felt it was important to share the full details with you.

In early March, a group of Musk-affiliated staffers from the so-called Department of Government Efficiency (DOGE) arrived at the National Labor Relations Board (NLRB), the federal agency responsible for protecting workers’ rights and handling union disputes. They claimed their mission was to improve efficiency and cut costs. But what followed raised serious alarms inside the agency and revealed a dangerous abuse of power and access.

Once DOGE engineers were granted access to the NLRB’s systems, internal IT staff quickly realized something was wrong. Normally, any user given access to sensitive government systems is monitored closely. But when IT staff suggested tracking DOGE activity—standard cybersecurity protocol—they were told to back off. Soon after, DOGE installed a virtual system inside the agency’s servers that operated in secret. This system left no logs, no trace of its activity, and was removed without a record of what had been done.

Then, large amounts of data began disappearing from the system. This wasn’t routine data—it included sensitive information on union strategies, ongoing legal cases, corporate secrets, and even personal details of workers and officials. None of it had anything to do with cutting costs or improving efficiency. It simply wasn’t supposed to leave the NLRB under any circumstance.

Almost immediately after DOGE accounts were created, login attempts began—from a Russian IP address. These weren’t random hacks. Whoever it was had the correct usernames and passwords. The timing was so fast it suggested that credentials had either been stolen, leaked, or shared. Security experts later said that if someone wanted to hide their tracks, they wouldn’t make themselves look like they were logging in from Russia. This wasn’t just sloppy—it was bold, calculated, and criminal.

One of the NLRB’s IT staffers documented everything and submitted a formal disclosure to Congress and other oversight bodies. But instead of being protected, he was targeted. A threatening note was taped to his door, revealing private information and overhead drone photos of him walking his dog. The message was clear: stay silent. He didn’t. He went public.

This isn’t just a cybersecurity issue—it’s a coordinated effort to infiltrate government agencies, bypass legal safeguards, and harvest data that can be used for political, corporate, or personal leverage. With Elon Musk directing DOGE, it’s hard not to see the motive: access to union files, employee records, and legal disputes that could benefit his companies and silence critics. This same playbook appears to be unfolding across multiple federal agencies, with DOGE operatives gaining quiet access to sensitive systems and extracting vast amounts of data without oversight.

The truth is, DOGE was never about making government more efficient. It was about taking control of it from the inside. What happened at the NLRB is not an isolated incident—it’s a warning of what happens when billionaires are handed unchecked power inside public institutions.