If you're an American, or more broadly, a human connected to the internet, you've probably heard of DOGE by now. Not the joke cryptocurrency based on a Shiba Inu dog meme. No, this is the other DOGE, the new Department of Government Efficiency co-led by Musk following the recent 2024 Presidential election results.
This rapid push for access to critical federal computer systems, including the US Treasury's vast payment network, by the new Department of Government Efficiency quickly raised alarms. Experts and government officials voiced serious cybersecurity concerns, pointing to specific risks such as the potential for payments to be held up for political reasons, severe privacy breaches exposing sensitive taxpayer data like Social Security numbers and bank information, and overall vulnerability for systems millions rely on for government funds.
Now, a recent report from journalist Micah Lee has highlighted a specific incident fueling those exact worries. Login credentials belonging to Kyle Schutt, a software engineer working simultaneously for both the federal government's Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Government Efficiency (DOGE), have appeared in multiple public leaks of data compiled by info-stealer malware.
Stealer malware operates by infecting a computer, often sneaking in through malicious downloads or phishing links. Once on the system, it logs everything the user types, capturing usernames, passwords, and other sensitive data entered into browsers or applications, then beams this data back to the attacker. This data is sometimes later compiled into publicly released "stealer logs." Lee notes that, separately from these stealer logs, a search for Schutt's personal email address shows it has appeared in a significant number of other leaks – specifically, 51 data breaches and 5 "pastes" tracked by breach notification services over the years, including breaches of services like Adobe in 2013 and LinkedIn in 2016 which exposed millions of users. While appearing in service breaches is relatively common these days, having your login details appear in stealer logs is different and far more concerning; it means the infection happened directly on a device you were using, capturing data as you typed it in.
The implications here are significant, given Schutt's access through both his roles. As a CISA employee, he likely holds sensitive knowledge about the security state of critical US networks and government systems. As a DOGE software engineer, Drop Site News reported that he gained access to FEMA's "core financial management system" in February. If credentials used on compromised devices were also used for his government work at either CISA or DOGE, it raises alarming possibilities for data theft or unauthorized system access within these federal systems.
Critics see this incident as further proof of questionable operational security practices within the nascent Department of Government Efficiency. Recall how Elon Musk's significant political involvement, becoming a major donor and ally of political figures, has stirred debate about potential conflicts of interest between his extensive government contracts and his new government role. Now, the Department he helps lead is seeing employee credentials appear in malware logs, lending weight to critiques like this one published on Mastodon:
At this point it's difficult not to suspect their awful 0pSec is a choice, and that there are specific people (*ahem* *cough cough* the Russians *cough*) to whom they're leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda.
On a related note, the Wall Street Journal recently reported that Tesla was looking to replace him as CEO. Musk publicly slammed the report, stating on X that the WSJ was "lying about Tesla looking for a new CEO" and that the article was "deliberately false." Tesla's chair also refuted the claim.
Source: Ars Technica
12 Comments - Add comment