The operatives working for Elon Musk are the authorities in the U.S. government department, including an agency responsible for managing data on millions of federal employees and a system responsible for paying $6 trillion to Americans. It has gained unprecedented access to the range.
Over the past two weeks, the group of representatives for masks (the presidential advisory committee within the Trump administration known as government efficiency, or DOGE) has been the best federal division despite questions about security clearance, cybersecurity practices. and managed the dataset. and the legality of mask activities.
Whether it’s a feat or a coup (which depends entirely on your perspective), the mask business and small groups of peers, mostly young, private sector employees (many have no previous government experience) Now, it manages the most sensitive data of the federal government, which is held in millions of Americans and in some cases in the country’s closest allies.
Access by the Musk’s Doge team represents the most known compromise in federal data held by individual groups of individuals, and is out of their way.
Doge has given little details about the ongoing activity. The task is left to the media who report a breakdown of suspicious cybersecurity practices and long-standing cybersecurity norms that put government sensitive data at risk from being accessed by malicious actors.
Much of Doge’s work is circumventing surveillance and transparency, leaving public questions about whether cybersecurity and privacy practices are being followed. It is unclear whether Doge staff are following procedures to prevent this data from being accessed by others, or whether other steps have been taken to protect sensitive data about Americans.
So far, evidence suggests that security is not the best in the mind.
For example, Doge staff reportedly used personal Gmail accounts to access government calls, and a newly filed lawsuit by a federal whistleblower would not have made Doge violated federal privacy laws. It claims to have ordered the authorized email server to be connected to the government network.
Whether Doge’s staff is a bad actor or not is missing some of the points. The act of sinking, spying or ignorance can produce the same optimal outcome: exposure or loss of a country’s sensitive data set.
For now, it’s worth seeing how we came here.
Suspicious security clearance
As Doge took over the division and took over a huge store of American data, career staff and US lawmakers are shocked to continue seeking answers from the Trump administration.
Musk’s efforts to manage the country’s data stores are personally wary of cybersecurity experts, some of which are governments dedicated to ensuring the most sensitive systems and data of Americans. I’ve spent my career.
Questions remain about what level of security clearance Doge staff has and whether interim security clearances will give them the authority to request access to restricted federal systems. Back at the office, Trump signed an executive order, allowing administrators to review little or no security clearances that tentatively distinguished from individuals for security clearances that were classified as “top secret.”
The confusion over Doge’s staff clearance has led to a brief conflict among several career staff in the federal sector these days. According to the Associated Press, the U.S. International Development Agency (USAID) has taken senior officials on leave after getting in the way of DOGE staff and getting in the way of protecting confidential information. Doge then gained access to USAID classified facilities.
Doge adviser Katie Miller said in X’s post that Doge never accessed “without proper security clearance,” but details of the team’s clearance remain unspecified.
Several senior Senate Selection Committee members on Intelligence News said Wednesday that they are still looking for answers about Doge and what clearance their members have.
“Information about who was officially hired under Doge, whether Doge runs it, how Doge reviews and monitors staff and representatives, and who was officially hired under Doge. “It’s not provided. And American personal information,” the senator wrote.
Doge’s government acquisition
Within a week after President Trump’s inauguration (and his executive order established Doge), Musk staff began infiltrating various federal agencies. From tax refunds to social security checks, the government has The first was the US Treasury Department’s sensitive payment system, which includes personal information from millions of Americans who received payments.
Doge also has access to the Department of Personnel Management, the government’s human resources department, which includes a database of personal information for all federal workers, and USAJOBS, which has data on applicants who apply for federal jobs. .
OPM officials said there was no monitoring or access to the system for mask teams. “It creates true cybersecurity and hacking implications,” they told Reuters.
Doge’s activities led to widespread opposition from some Republicans.
Sen. Ron Wyden (D-OR), the Senate Finance Committee’s most senior Democrat, has said that, given the conflict of interest to widespread business operations in China, has made it possible to access masks’ sensitive federal payment systems national security. It was called a security risk. A senior Democrat group later said in a letter to the Treasury that Doge’s access to sensitive government data “may surround national security.”
A post with former Republican strategist Stuart Stevens from Blueski, called the Treasury System Acquisition, “the most important data leak in cyber history” and “enable social security information for individuals in data businesses.” “I’ve done it,” he added.
The Treasury has defended the move to grant access to the department’s sensitive payment system, and in a non-critical response to democratic lawmakers that Musk’s Doge team has access to the Treasury banks of personal information about Americans I’ve checked. The letter confirms that Tom Krause, CEO of Cloud Software Group, which owns Citrix and several other technology companies, is currently an employee of the Department of Treasury. Krause has not returned a request for comment.
Doge subsequently gained access to multiple sensitive internal systems from the Ministry of Education, including a dataset containing personal information about millions of students registered with financial aid. Doge staff also requested a “access to everything” system for small business managers, including contracts, payments and HR information.
Musk’s team also reportedly has access to payment systems within the U.S. Department of Health and Human Services and access data from US agencies that manage Medicare and Medicaid. Doge also has access to the National Oceanic and Atmospheric Administration (NOAA) human resources system and plans to access the Department of Transportation system.
Domestic and global impact
There are immense security risks that arise from granting access to the US government’s internal data core.
To list just a few of the things that could be wrong, accessing a government network from unauthorized malware will compromise other devices on the federal network, and whether they are classified or not, they are sensitive. High government information theft is possible. Additionally, if you are incorrectly making personal information errors about devices or cloud environments that do not meet the standards of government’s top security specifications, or use the most powerful security controls, your data is at risk of further compromise or leakage.
These are not unlikely scenarios. These types of violations always occur.
Last year alone, we saw some of the biggest data breaches in history. It was caused by malicious access gained through personal devices by company employees. . Compromising team credentials or access, or improper handling of sensitive databases, can result in irreparable loss, theft, or misplacement of sensitive government data.
Perhaps the most troublesome is Doge, whose activities operate outside of public scrutiny.
Officials and lawmakers who are tasked with oversight of the government are reportedly not having insight into which data Doges are accessible within the government, or what its cybersecurity control or protection is. Experts in departments who have spent much of their careers protecting access to data stored in these systems are raiding the most sensitive datasets as individuals with little or no government experience. Can be.
Techdirt’s technology and privacy lawyer Cathy Gellis writes that Musk and his Doge team under the US federal hacking law known as the Computer Fraud and Abuse Act, which covers access to federal systems without proper permission. He argues that there is a high possibility that he will be “personally responsible.” . The court must ultimately determine Doge’s activities as “unauthorized access,” and therefore illegal, Gellis writes.
There is also the question of how US state governments respond to compromises in residents’ data at the federal level. US states have data breach laws that require the protection of citizens’ data, even if the federal government does not. It has not yet been seen whether Musk’s team’s access to the federal system will cause legal action from the state.
The access also ties with the US and its diplomatic allies on the unstable ground. Allies may not want to share intelligence news with the US government if they believe that information can leak and spill into the public domain as a result of the collapse of cybersecurity practices aimed at protecting confidential information. yeah.
In fact, the consequences of Doge’s continued access to federal departments and datasets may not be known for some time.
Contact Signal at +1 646-755-8849 and Zack Whittaker on WhatsApp. You can also securely share documents with TechCrunch via SecureDrop.
Source link
