One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data.
Image: Shutterstock. Greg Meland.
The Trump administration has fired at least 130 employees at the federal government’s foremost cybersecurity body — the Cybersecurity and Infrastructure Security Agency (CISA). Those dismissals reportedly included CISA staff dedicated to securing U.S. elections, and fighting misinformation and foreign influence operations.
Earlier this week, technologists with Elon Musk’s Department of Government Efficiency (DOGE) arrived at CISA and gained access to the agency’s email and networked files. Those DOGE staffers include Edward “Big Balls” Coristine, a 19-year-old former denizen of the “Com,” an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network.
The investigative journalist Jacob Silverman writes that Coristine is the grandson of Valery Martynov, a KGB double agent who spied for the United States. Silverman recounted how Martynov’s wife Natalya Martynova moved to the United States with her two children after her husband’s death.
“Her son became a Virginia police officer who sometimes posts comments on blogs about his historically famous father,” Silverman wrote. “Her daughter became a financial professional who married Charles Coristine, the proprietor of LesserEvil, a snack company. Among their children is a 19-year-old young man named Edward Coristine, who currently wields an unknown amount of power and authority over the inner-workings of our federal government.”
Another member of DOGE is Christopher Stanley, formerly senior director for security engineering at X and principal security engineer at Musk’s SpaceX. Stanley, 33, had a brush with celebrity on Twitter in 2015 when he leaked the user database for the DDoS-for-hire service LizardStresser, and soon faced threats of physical violence against his family.
My 2015 story on that leak did not name Stanley, but he exposed himself as the source by posting a video about it on his Youtube channel. A review of domain names registered by Stanley shows he went by the nickname “enKrypt,” and was the former owner of a pirated software and hacking forum called error33[.]net, as well as theC0re, a video game cheating community.
“A NATIONAL CYBERATTACK”
DOGE has been steadily gaining sensitive network access to federal agencies that hold a staggering amount of personal and financial information on Americans, including the Social Security Administration (SSA), the Department of Homeland Security, the Office of Personnel Management (OPM), and the Treasury Department.
Most recently, DOGE has sought broad access to systems at the Internal Revenue Service that contain the personal tax information on millions of Americans, including how much individuals earn and owe, property information, and even details related to child custody agreements. The New York Times reported Friday that the IRS had reached an agreement whereby a single DOGE employee — 25-year-old Gavin Kliger — will be allowed to see only anonymized taxpayer information.
The rapidity with which DOGE has rifled through one federal database after another in the name of unearthing “massive fraud” by government agencies has alarmed many security experts, who warned that DOGE’s actions bypassed essential safeguards and security measures.
“The most alarming aspect isn’t just the access being granted,” wrote Bruce Schneier and Davi Ottenheimer, referring to DOGE as a national cyberattack. “It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.”
Jacob Williams is a former hacker with the U.S. National Security Agency who now works as managing director of the cybersecurity firm Hunter Labs. Williams kicked a virtual hornet’s nest last week when he posted on LinkedIn that the network incursions by DOGE were “a bigger threat to U.S. federal government information systems than China.”
Williams said while he doesn’t believe anyone at DOGE would intentionally harm the integrity and availability of these systems, it’s widely reported (and not denied) that DOGE introduced code changes into multiple federal IT systems. These code changes, he maintained, are not following the normal process for vetting and review given to federal government IT systems.
“For those thinking ‘I’m glad they aren’t following the normal federal government IT processes, those are too burdensome’ I get where you’re coming from,” Williams wrote. “But another name for ‘red tape’ are ‘controls.’ If you’re comfortable bypassing controls for the advancement of your agenda, I have questions – mostly about whether you do this in your day job too. Please tag your employer letting them know your position when you comment that controls aren’t important (doubly so if you work in cybersecurity). All satire aside, if you’re comfortable abandoning controls for expediency, I implore you to decide where the line is that you won’t cross in that regard.”
The DOGE website’s “wall of receipts” boasts that Musk and his team have saved the federal government more than $55 billion through staff reductions, lease cancellations and terminated contracts. But a team of reporters at The New York Times found the math that could back up those checks is marred with accounting errors, incorrect assumptions, outdated data and other mistakes.
For example, DOGE claimed it saved $8 billion in one contract, when the total amount was actually $8 million, The Times found.
“Some contracts the group claims credit for were double- or triple-counted,” reads a Times story with six bylines. “Another initially contained an error that inflated the totals by billions of dollars. While the DOGE team has surely cut some number of billions of dollars, its slapdash accounting adds to a pattern of recklessness by the group, which has recently gained access to sensitive government payment systems.”
So far, the DOGE website does not inspire confidence: We learned last week that the doge.gov administrators somehow left their database wide open, allowing someone to publish messages that ridiculed the site’s insecurity.
A screenshot of the DOGE website after it was defaced with the message: “These ‘experts’ left their database open – roro”
APPOINTMENTS
Trump’s efforts to grab federal agencies by their data has seen him replace career civil servants who refused to allow DOGE access to agency networks. CNN reports that Michelle King, acting commissioner of the Social Security Administration for more than 30 years, was shown the door after she denied DOGE access to sensitive information.
King was replaced by Leland Dudek, formerly a senior advisor in the SSA’s Office of Program Integrity. This week, Dudek posted a now-deleted message on LinkedIn acknowledging he had been placed on administrative leave for cooperating with DOGE.
“I confess,” Dudek wrote. “I bullied agency executives, shared executive contact information, and circumvented the chain of command to connect DOGE with the people who get stuff done. I confess. I asked where the fat was and is in our contracts so we can make the right tough choices.”
Dudek’s message on LinkedIn.
According to Wired, the National Institute of Standards and Technology (NIST) was also bracing this week for roughly 500 staffers to be fired, which could have serious impacts on NIST’s cybersecurity standards and software vulnerability tracking work.
“And cuts last week at the US Digital Service included the cybersecurity lead for the central Veterans Affairs portal, VA.gov, potentially leaving VA systems and data more vulnerable without someone in his role,” Wired’s Andy Greenberg and Lily Hay Newman wrote.
NextGov reports that Trump named the Department of Defense’s new chief information security officer: Katie Arrington, a former South Carolina state lawmaker who helped steer Pentagon cybersecurity contracting policy before being put on leave amid accusations that she disclosed classified data from a military intelligence agency.
NextGov notes that the National Security Agency suspended her clearance in 2021, although the exact reasons that led to the suspension and her subsequent leave were classified. Arrington argued that the suspension was a politically motivated effort to silence her.
Trump also appointed the former chief operating officer of the Republican National Committee as the new head of the Office of National Cyber Director. Sean Cairncross, who has no formal experience in technology or security, will be responsible for coordinating national cybersecurity policy, advising the president on cyber threats, and ensuring a unified federal response to emerging cyber-risks, Politico writes.
DarkReading reports that Cairncross would share responsibility for advising the president on cyber matters, along with the director of cyber at the White House National Security Council (NSC) — a group that advises the president on all matters security related, and not just cyber.
CONSUMER PROTECTION?
The president also ordered staffers at the Consumer Financial Protection Bureau (CFPB) to stop most work. Created by Congress in 2011 to be a clearinghouse of consumer complaints, the CFPB has sued some of the nation’s largest financial institutions for violating consumer protection laws.
The CFPB says its actions have put nearly $18 billion back in Americans’ pockets in the form of monetary compensation or canceled debts, and imposed $4 billion in civil money penalties against violators. The CFPB’s homepage has featured a “404: Page not found” error for weeks now.
Trump has appointed Russell Vought, the architect of the conservative policy playbook Project 2025, to be the CFPB’s acting director. Vought has publicly favored abolishing the agency, as has Elon Musk, whose efforts to remake X into a payments platform would otherwise be regulated by the CFPB.
The New York Times recently published a useful graphic showing all of the government staffing changes, including the firing of several top officials, affecting agencies with federal investigations into or regulatory battles with Musk’s companies. Democrats on the House Judiciary Committee also have released a comprehensive account (PDF) of Musk’s various conflicts of interest.
Image: nytimes.com
As the Times notes, Musk and his companies have repeatedly failed to comply with federal reporting protocols aimed at protecting state secrets, and these failures have prompted at least three federal reviews. Those include an inquiry launched last year by the Defense Department’s Office of Inspector General. Four days after taking office, Trump fired the DoD inspector general along with 17 other inspectors general.
The Trump administration also shifted the enforcement priorities of the U.S. Securities and Exchange Commission (SEC) away from prosecuting misconduct in the cryptocurrency sector, reassigning lawyers and renaming the unit to focus more on “cyber and emerging technologies.”
Reuters reports that the former SEC chair Gary Gensler made fighting misconduct in a sector he termed the “wild west” a priority for the agency, targeting not only cryptocurrency fraudsters but also the large firms that facilitate trading such as Coinbase.
On Friday, Coinbase said the SEC planned to withdraw its lawsuit against the crypto exchange. Also on Friday, the cryptocurrency exchange Bybit announced on X that a cybersecurity breach led to the theft of more than $1.4 billion worth of cryptocurrencies — making it the largest crypto heist ever.
ORGANIZED CRIME AND CORRUPTION
On Feb. 10, Trump ordered executive branch agencies to stop enforcing the U.S. Foreign Corrupt Practices Act, which froze foreign bribery investigations, and even allows for “remedial actions” of past enforcement actions deemed “inappropriate.”
Trump’s action also disbanded the Kleptocracy Asset Recovery Initiative and KleptoCapture Task Force — units which proved their value in corruption cases and in seizing the assets of sanctioned Russian oligarchs — and diverted resources away from investigating white-collar crime.
That’s according to the independent Organized Crime and Corruption Reporting Project (OCCRP), an investigative journalism outlet that until very recently was funded in part by the U.S. Agency for International Development (USAID).
The OCCRP lost nearly a third of its funding and was forced to lay off 43 reporters and staff after Trump moved to shutter USAID and freeze its spending. NBC News reports the Trump administration plans to gut the agency and leave fewer than 300 staffers on the job out of the current 8,000 direct hires and contractors.
The Global Investigative Journalism Network wrote this week that the sudden hold on USAID foreign assistance funding has frozen an estimated $268 million in agreed grants for independent media and the free flow of information in more than 30 countries — including several under repressive regimes.
Elon Musk has called USAID “a criminal organization” without evidence, and promoted fringe theories on his social media platform X that the agency operated without oversight and was rife with fraud. Just months before the election, USAID’s Office of Inspector General announced an investigation into USAID’s oversight of Starlink satellite terminals provided to the government of Ukraine.
KrebsOnSecurity this week heard from a trusted source that all outgoing email from USAID now carries a notation of “sensitive but unclassified,” a designation that experts say could make it more difficult for journalists and others to obtain USAID email records under the Freedom of Information Act (FOIA). On Feb. 20, Fedscoop reported also hearing the same thing from multiple sources, noting that the added message cannot be seen by senders until after the email is sent.
FIVE BULLETS
On Feb. 18, Trump issued an executive order declaring that only the U.S. attorney general and the president can provide authoritative interpretations of the law for the executive branch, and that this authority extends to independent agencies operating under the executive branch.
Trump is arguing that Article II, Clause 1 of the Constitution vests this power with the president. However, jurist.org writes that Article II does not expressly state the president or any other person in the executive branch has the power to interpret laws.
“The article states that the president is required to ‘take care that the laws be faithfully executed,'” Juris noted. “Jurisdiction to interpret laws and determine constitutionality belongs to the judicial branch under Article III. The framers of the Constitution designed the separation of duties to prevent any single branch of government from becoming too powerful.”
The executive order requires all agencies to submit to “performance standards and management objectives” to be established by the White House Office of Management and Budget, and to report periodically to the president.
Those performance metrics are already being requested: Employees at multiple federal agencies on Saturday reported receiving an email from the Office of Personnel Management ordering them to reply with a set of bullet points justifying their work for the past week.
“Please reply to this email with approx. 5 bullets of what you accomplished last week and cc your manager,” the notice read. “Please do not send any classified information, links, or attachments. Deadline is this Monday at 11:59 p.m. EST.”
An email sent by the OPM to more than two million federal employees late in the afternoon EST on Saturday, Feb. 22.
In a social media post Saturday, Musk said the directive came at the behest of President Trump, and that failure to respond would be taken as a resignation. Meanwhile, Bloomberg writes the Department of Justice has been urging employees to hold off replying out of concern doing so could trigger ethics violations. The National Treasury Employees Union also is advising its employees not to respond.
A legal battle over Trump’s latest executive order is bound to join more than 70 other lawsuits currently underway to halt the administration’s efforts to massively reduce the size of the federal workforce through layoffs, firings and attrition.
KING TRUMP?
On Feb. 15, the president posted on social media, “He who saves his Country does not violate any Law,” citing a quote often attributed to the French dictator Napoleon Bonaparte. Four days later, Trump referred to himself as “the king” on social media, while the White House nonchalantly posted an illustration of him wearing a crown.
Trump has been publicly musing about running for an unconstitutional third-term in office, a statement that some of his supporters dismiss as Trump just trying to rile his liberal critics. However, just days after Trump began his second term, Rep. Andy Ogles (R-Tenn.) introduced a bill to amend the Constitution so that Trump — and any other future president — can be elected to serve a third term.
This week at the Conservative Political Action Conference (CPAC), Rep. Ogles reportedly led a group of Trump supporters calling itself the “Third Term Project,” which is trying to gain support for the bill from GOP lawmakers. The event featured images of Trump depicted as Caesar.
A banner at the CPAC conference this week in support of The Third Term Project, a group of conservatives trying to gain support for a bill to amend the Constitution and allow Trump to run for a third term.
Russia continues to be among the world’s top exporters of cybercrime, narcotics, money laundering, human trafficking, disinformation, war and death, and yet the Trump administration has suddenly broken with the Western world in normalizing relations with Moscow.
This week President Trump stunned U.S. allies by repeating Kremlin talking points that Ukraine is somehow responsible for Russia’s invasion, and that Ukrainian President Volodymyr Zelensky is a “dictator.” The president repeated these lies even as his administration is demanding that Zelensky give the United States half of his country’s mineral wealth in exchange for a promise that Russia will cease its territorial aggression there.
President Trump’s servility toward an actual dictator — Russian President Vladimir Putin — does not bode well for efforts to improve the cybersecurity of U.S. federal IT networks, or the private sector systems on which the government is largely reliant. In addition, this administration’s baffling moves to alienate, antagonize and sideline our closest allies could make it more difficult for the United States to secure their ongoing cooperation in cybercrime investigations.
It’s also startling how closely DOGE’s approach so far hews to tactics typically employed by ransomware gangs: A group of 20-somethings with names like “Big Balls” shows up on a weekend and gains access to your servers, deletes data, locks out key staff, takes your website down, and prevents you from serving customers.
When the federal executive starts imitating ransomware playbooks against its own agencies while Congress largely gazes on in either bewilderment or amusement, we’re in four-alarm fire territory. At least in theory, one can negotiate with ransomware purveyors.
It’s hard to know where to begin. This article appears to be more hand wringing about the potential for disaster that has not happened. During all the hacks and network intrusions, baloons flying over the entire continental US during the previous 4 years I never heard any indication that the government was being mismanaged from this website. Even though we had a sock puppet for a president and some of the strangest and most incompetent people in his cabinet, nothing! If the federal government was actually efficient Doge would not have turned up the waste and fraud they have found so far. As a nation, we are 36.5 TRILLION dollars in debt. This is not sustainable, even for the USA. This audit is just beginning and I suspect much worse will be uncovered.
I’m glad the “Doge Boys” are turning around their lives after making some youthful mistakes. I know very few people that did not screw up when they were younger, and we are all entitled to a 2nd chance. If these people continue to uncover fraud, theft, and recover billions of dollars they will be heros to the American tax payers. Please stop with the politics.
Time to grab the popcorn. Don’t say I didn’t warn you. ¯\_(ツ)_/¯
Where is mealy today? Not MIA I hope. This is your battle and you’re up my friend. Attack.
The cognitive dissonance emanating from you is absolutely insane
The cognitive dissonance coming from you is insane.
Yeah, because cybersecurity protections weren’t stripped back and the wealthiest man in the world, didn’t barge through every branch of the government illegally accessing, and lying about our government data and spending for the last 4 years.
There’s an already established office of government oversight for a reason, to make sure ACTUAL waste doesn’t happen, and Elon and some fake illegally established “government efficiency office” didn’t exist in Trump’s first term, even though Obama was president for 8 years preceding him. If you’re so concerned about waste, what changed between Obama’s and Biden’s presidential tenure? Why didn’t DOGE get established then? I expect a nuanced response with actual sources, but I don’t expect it.
Couldn’t agree more. Even though DOGE may be imperfect, it has long been desperately needed. When the opposition only has hand wringing, it shows they know in their hearts that there is so much waste that Americans have allowed to happen, and that people in power, have gotten away with. No more.
“May be imperfect”, did you even read the article? Or saw Trump & Doge and came to the comments to defend your “king”? LOL
Bravo. Thank you for bothering to say that. I couldn’t read the whole article, but was wondering if it covered the 51 who lost their security clearances and why.
I don’t think CISA has a clean record on preventing election fraud either.
I too just want to read cyber security news. I’ll bet this is the majority.
be careful, krebs might sperg and delete your comment for talking about the useless dept his unqualified family member was working in ripping off americans
This is Cybersecurity news.
The gutting of CISA over political grudges and Trump’s lies about 2020 is cybersecurity news.
The unlawful bypass of all established process to handover skads of extremely sensitive and private information to people with a track record of bad faith actions is the largest cybersecurity story of 2025 by far and it’s not even close.
It would be negligent to NOT talk about this. Krebs is doing the bare minimum here.
‘…the potential for disaster that has not happened.”
You know it hasn’t happened how?
Could not have said it better!
Here’s what your dear leader did today:
“The United States voted with Russia, North Korea, Belarus and 14 other Moscow-friendly countries Monday on a resolution condemning Russian aggression in Ukraine and calling for its occupied territory to be returned that passed overwhelmingly in the U.N. General Assembly on Monday.”
I’m guessing your jackboots are already spit-polished and shiny.
I see that you have decided to censor my replies. That is the work of a totalitarian with an agenda to hide. Nothing like shaping the commentary battlefield to give your crazed leftist worshipping brothers an edge. That’s okay. At least I know what you are about. Prior to commenting, I would never have known how unfair you are. Your lack of concern for free speech to push your leftist agenda has become clear. You own this propaganda blog so that may be your right, but it showcases how little integrity you have. Any one who comes to the same conclusion will now look at your writing as less than candid. I don’t care if you post this or not. The important thing is you will read it. Other left wing “journalists” like yourself are now getting their due. Some day maybe you will take the gloves off and do a full on Joy Reid. As a Obama once said, elections have consequences. I say deal with it!
Leo, I’ve allowed all kinds of inane comments on here, including many of yours, in case you hadn’t noticed.
I don’t censor comments. There are certain words that if used in a comment will be automatically held for moderation. Other times, if a reader is posting a lot of comments in a row, those comments will get held in moderation also on suspicion of spam. Both require me to manually approve the comments. BTW, most of the comments that are still in moderation are going to stay there because they closely resemble this comment I’m replying to, only they are directed against other readers.
But I am going to censor your comments from now on, because the one thing I don’t tolerate is personal attacks (on anyone here), and you don’t have more right to comment here than you do anywhere else. It’s clear you don’t how to behave or treat others with respect.
I made one post when the article appeared, which got labeled as awaiting moderation. I guess the moderation was permanent.
“Yikes!”
As a legal immigrant came to the US about 39 years ago, I believe in maintaining an objective perspective when assessing political administrations. To ensure fairness, I intend to reserve judgment on the current administration until the completion of its four-year term in 2028. This approach aligns with the same courtesy I extended to the Biden administration during its tenure.
It is my observation that each administration possesses similar powers, which they leverage to advance their respective agendas. Consequently, it is not unexpected that the current administration, like its predecessor, will face legal challenges and scrutiny. In the spirit of impartiality, I will withhold my final assessment until the next election day, just as I did with the previous administration. Exercising fairness in today’s polarized climate can be challenging, yet I believe it is a worthwhile endeavor.
I greatly value the insights and perspectives shared on this collaboration board, as they contribute significantly to my decision-making process for upcoming Senate, House, and Presidential elections. The voice of the people was heard in 2020, and I respected the outcome; similarly, I accepted the results of the 2024 election. This, to me, exemplifies the essence of democracy.
Thank you Krebs of all your thoughtful contributions, which continue to inform and enrich this discussion.
Well said Ashraf, well said. As an Independent myself, I always refrain from passing judgement till the end of the current administration’s term.
If the CPAC plan succeeds, there will not be an end to this term.
People who use the term TDS are just using the “No True Scotsman” logical fallacy. Why don’t you drop that, and argue from the facts presented, instead of implying someone has a disorder to believe something opposite of you? That’s all you got?
The only “TDS” printed on this page is yours. Seek help.
At this rate, by next week Vladimir Putin will be appointed Acting Director of CISA
Tell me you’re a leftist without saying you”re a leftist.
This comment board is for discussions about IT security. Just dropping the typical comment that might be seen appropriate on Reddit or Youtube is not appropriate here.
The facts that Brian is reporting on are extremely disconcerting. If this was just about the odd government agency here and there, one might just go and frown but still hope for the best. As we are reading and hearing from multiple sources, that is not the case. Many US government agencies are actively under siege, and are effectively being shot to pieces without prior diagnosis.
The process alone shows the spirit and the intention. If the intention were to effectuate an actual improvement, it must follow the sequence 1) fact finding, 2) identifying options, 3) decision, 4) execution.
Here, we are seeing that the current administration is directly jumping to 3)+4), very clearly showing that their intention is NOT improvement, but inflicting damage without regard for the results or any collateral damage. There is no need to withhold an opinion until the next voting day as Mr. Dahdouh is suggesting above. The current approach taken by the current administration is apparently un-scientific and erratic. Granted, it is surely effective (as in “it will have effects”) and probably superficially will save spending. It will also damage hundreds of thousands of US lives and send thousands of former faithful public servants into homelessness.
My best wishes for all affected.
Brian, I am grateful for your continued reporting on these matters. It is thoughtful, and informative. Your voice is timely.
Thank you for another insightful and fact-filled article, Brian. I especially appreciate the links you provided to provide transparency for your research. You’ve been successfully shining a spotlight on bad actors in the cyberworld for a long time; your skills and experience have kept us informed. It’s been gratifying to see some of those actors stopped due to your actions and the actions of others who share their expertise. I look forward to your additional coverage and insights as you continue to watch these new developments.
I have to agree. I was in the Army for 24 years and I saw sooooo much waste and abuse of funding. I’ve been wanting something like this to happen for at least 30 years. I wouldn’t care if it was from a Democratic lead administration or a Republican lead administration…the Federal government needs to be audited and it’s finally being done. Thank goodness.
My brother was Army 20 years and now federal civilian employee and said the SAME EXACT THING. I have been a municipal and county LE officer for 28 years and an Army Reservist for 8 years. I could not believe the waste I saw firsthand in the DRMO program…
Brian, great article. Thanks for your continued reporting.
Could you please stop with the politics and go back to security related news? Thank you.
If this is not security related, there is no reason to bother. Public agencies that are tasked with IT security are actively being damaged, defunded, stripped of their purpose. It is very clear what this will lead to – a massive rise in IT crime and foreign influence, and the resources required to combat them will be much sparser than before. This is all about IT security.
exactly! well said!
I notice your critics have not found a factual error.
THIS ! Sad for critics because Krebs relies on facts and the maga crowd only believes the spewing lies from donald.
I can’t believe how stupid half of the American population is. A good example is the first comment. I left the US about 3 years ago and I’m definitely not missing the current sh*t show.
Thanks for reporting on the mayhem, Brian. It’s sad to watch from afar that the country is being destroyed by the ruzzian paid assets. I bet that this is just the beginning and the orange turd with the musk rat are not going to leave office in 4 years. The events of Jan 6 have clearly showed it.
Nice win Mr. Pootin!
To be precise, the 130 staffers fired at CISA were provisional employees, about 1/3 of the total, from throughout the agency, according to a friend who is still there. The election protection activities were stopped, but the employees working on them were not targeted, AFAIK, unless they were provisional. But more cuts are imminent and they should have their resumes up to date.
Take notes on everything that is happening. In the end it will all be weighed and measured
but by who?.. that is the real question…
A very concerning read. Cybersecurity and consumer protections should be strengthening, not weakening, especially with the increasing threats we face today. Cutting back on these protections could leave individuals and businesses more vulnerable to cyberattacks and fraud. It will be interesting (and worrying) to see how these changes play out in practice. Thanks for shedding light on this important issue!
Caesar was assassinated by a group of senators on the Ides of March, so, what are they trying to imply?
It’s con man ‘best practice’ to distract chumps with one hand while running the con with the other hand. To me, all of this Administration’s activities to date seem like ‘the distraction’. Is anyone looking for the real con? Follow the money.
Something something a certain Trump 1.0 tax break for the wealthy expiring in 2025 something something…
Something had to be done and although not perfect or fair to everyone, in the end it will be better for the US and the World. One thing we should all celebrate is hopefully all the US Taxpayer Funds to terrorist orgs who are involved in cybercrime (the purpose of this site) will dry up.
This is enlightening and based on facts, not political leanings. I am grateful that you shared this, Brian. If anyone thinks that this is a political post, then obviously you didn’t read it. This is a threat to our country and constitution. It’s frightening. THANK you for sharing this. People: PAY ATTENTION. Trump and Musk are not politicians. Politicians serve the people who elect them. Trump and Musk serve themselves. They are power-hungry mad men.
Mr. Krebs, I used to visit the blog on a daily basis to find security news and tips not found elsewhere. Now the comments have turned into a pissing contest based on the commenters arguing/debating politics and not cyber security.
thank you, Mr. Krebs,
appreciate all you do to document the destruction.
it is evident to any reasonable person what is going on.
Nero is fiddling while Rome burns.
The enablers, apologists, and trolls, will strive to lace poison into the mix,
flood the zone, obfuscate, prevaricate, and otherwise attack any efforts
to frankly and calmly observe their smoke and mirrors deception.
I wonder what they think of themselves in their rare and quiet moments
when they may look into the mirror at their lying eyes, when they may
chance to ask themselves how they became such corrupt individuals,
such willing tools of chaos, and if they ever feel the emptiness of their
hollow souls. I am not a paragon of anything, but it’s pretty clear that
anyone who posts negativity, sly innuendos, subtle or not so subtle
attacks, is not interested in adding to a positive dialogue or discussing
real events dispassionately, but only indulging an infantile penchant
to sow discord instead of sowing light and air. Man’s dark side is an
easy place to get lost in. We will all reap what we sow.
Take notes on everything that is happening. In the end it will all be weighed and measured
but by who
Nah Big Balls is a good dude.
The level of naivete by some posters on here is quite amazing. They find no fault with the previous administration’s 4 years of advanced stupidity, and are convinced that a reduction in, and overhaul of procedures, CISA, and accountability, is an attempt to aid Russia – even though all was weaponized to support leftist politics. The truth will eventually come out, it always does. The challenge will be for the deceived to see beyond their own bias. In the meantime, the increasing unemployment status of thousands of federal government employees paid exorbitant salaries for doing nothing of value is benefiting the US. It is not a coincidence that many of the same jobs in the private sector pay significantly less. It is not a coincidence that government grows itself to perpetuate its existence. We have over 2 million people employed by the federal government and it continued to grow year after year until this year when an honest effort to get this monster under control was started. It is long past the time for a reduction in government staffing. Private corporations do this all the time because over the years they become inefficient. Government is not immune to waste, fraud, and corruption. I am looking forward to the elimination of several more useless federal agencies. The more the merrier.
Brian, great wrap-up, keep it up. thank you.
I feel like you could start a MAGA Dating sim right here in these comment threads…
Yet another liberal biased article by Brian Krebs. So sad to see Krebs on Security sink to such lows with these leftist articles. Where was Krebs on Security the past 4 years when the political party in charge was running the country into the ground? Nothing but crickets. Coming after these audits in the name of security is just another angle the left is using to try to stop the purge of fraud, misuse of taxpayer funds, and bureaucratic bloat. A lot of people have a lot to hide and they are getting desperate to try and not lose their free ride.
More comments from readers who have nothing to say about the facts in the story, which are pretty abhorrent on their face.
What’s sad, Donny, is that you sell IT consulting services, and apparently see no issues here. Make sure you tell customers where you stand on the way this administration is handling federal data.
Brian,
thanks for highlighting the security risks associated with the slash and burn approach to finding and fixing fraud in government systems. I think the most surprising of the intrusions into the highly secure systems was “that DOGE introduced code changes into multiple federal IT systems”. Those on this post, that actually work on the IT security of these systems, know that any code change must be documented, tested, reviewed and approved by a senior security and operations team before it can go live. This applies to even emergency changes because a quick fix can itself cause additional risks. This would be against all the current government cybersecurity security policies.
I challenge the IT teams at SpaceX or Tesla to support such unsupervised “poking around” and changing operational versions of their systems. This approach is an insult to professional cybersecurity practices for political showmanship.
Tom
I can’t believe the supporters of Agent Krasnov here, who are presumably looking to know about cybersecurity.
Mu$k was denied a security clearance. NOT ONE of his kids has a security clearance, which means what they’ve been doing is as illegal as it can be. No, the President can’t magically wave his wand and give them clearance, nor has he ever even claimed to have done so. None of them has sworn the Oath.
I worked for 10 years, before I retired in ’19, as a contractor at the NIH. I had a POT – position of trust – clearance as a sr. Linux sysadmin. Hell, my response to the Nazi Mu$k’s email would have been: I have been carrying out my duties as instructed. I may not respond further, as that would be violating all security protocols.
Oh, and for the supporters, he has found *zero* major fraud and abuse, and is now spending about $10/week (or was that per day) for his team. And has federal contracts (are any of you familiar with the phrase “conflict of interest”). Big Balls… a hacker wannabe, and no, none of them were “youthful mistakes but learned better”, because they’ll still kids.
Thanks muchly for the summary of all the misdeeds, Brian.