← Back to context

Comment by acdha

8 months ago

This part is really damning: a real efficiency audit might need a lot of access to look for signs of hidden activity, but they’d never need to hide traces of what they did:

> Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do.

The subsequent message about Russian activity could be a coincidence–Internet background noise-but given how these are not very technically skilled and are moving very fast in systems they don’t understand, I’d be completely unsurprised to learn that they unintentionally left something exposed or that one of them has been compromised.

70 comments

acdha

Reply
throw0101c  8 months ago

> This part is really damning: a real efficiency audit

There were already people auditing departments, but they got fired early on:

* https://en.wikipedia.org/wiki/Inspector_general#United_State...

* https://en.wikipedia.org/wiki/2025_dismissals_of_inspectors_...

There's even an entire agency devoted to auditing:

* https://en.wikipedia.org/wiki/Government_Accountability_Offi...

Trying to find efficiency by bringing in the private sector is not a new thing:

* https://en.wikipedia.org/wiki/Grace_Commission

* https://en.wikipedia.org/wiki/Brownlow_Committee

* https://en.wikipedia.org/wiki/Hoover_Commission

* https://en.wikipedia.org/wiki/National_Partnership_for_Reinv...

Aurornis  8 months ago

> The subsequent message about Russian activity could be a coincidence–Internet background noise

These weren't random login attempts. It says the Russian login attempts had the correct login credentials of newly created accounts.

If the article is correct, the accounts were created and then shortly afterward the correct credentials were used to attempt a login from a Russian source.

That's a huge issue if true. Could be that someone's laptop is compromised.

  • acdha  8 months ago

    It certainly needs a full investigation but I don’t want to presume the results. It wouldn’t be the first time some tool reported a wildly incorrect location for an IP address and the focus should be on DOGE breaking a number of federal laws and doing things which no legitimate auditor ever needs to do.

    • lostlogin  8 months ago

      The login attempt was made by someone 115 years old, receiving social security payments and living in Russia.

  • jmcgough  8 months ago

    > That's a huge issue if true. Could be that someone's laptop is compromised.

    Or perhaps someone got invited to the wrong group chat again.

  • not_kurt_godel  8 months ago

    Is it really a compromise if the opps (or should I say: "opps") are deliberately welcomed in with open arms? Granting Russians access here wouldn't even crack the top 10 gifts this administration has given to Putin in the last month.

avs733  8 months ago

>A real efficiency audit might need a lot of access to look for signs of hidden activity, but they’d never need to hide traces of what they did

In fact I would imagine they would do exactly the opposite because they would look at the mere ability to hide what they did as an audit finding.

  • Terr_  8 months ago

    "The new bank-manager has hired some friends of his to improve the security of the bank vault."

    "We already have an audit from last year, we just need the funding to improv--"

    "Oh, and they want to turn off all the security cameras next weekend. You'll know it's them because they'll be wearing masks."

    "Sir, we have a responsibility to our customers, we can't ju--"

    "Do it or you're fired."

    • avs733  8 months ago

      monday morning:

      manager: "the auditors found all of our money missing"

      ::silence::

      manager: "they are clearly doing an amazing job, and you are all fired for allowing such fraud waste and abuse"

z3c0  8 months ago

The use of DNS tunneling and skirting logs makes my head spin. Even if justification of exfiltrating 10GB of sensitive data could be made, there's widely available means of doing so that aren't the methods of state-sponsored hackers and the like.

  • codedokode  8 months ago

    "DNS tunneling" (abnormal number of DNS requests) actually might be caused by a software that doesn't use DNS cache. I was once banned by 8.8.8.8 (Google's DNS server) for sending too many requests because youtube-dl was making a DNS request for each tiny segment of a video (and there were thousands of them).

    Well, maybe one shouldn't be using Google DNS server when violating ToU to download Google's video.

    • z3c0  8 months ago

      But an abnormal number of DNS requests AND recorded outbound data totaling 10GB, with no other obvious indication of a less-subversive means of data transfer? I'd be very surprised if youtube-dl could come close to even 10MB of DNS requests at its chattiest

tjpnz  8 months ago

Everything's going to have to be replaced and it's going to be hugely expensive. But that's not going to happen until at least 2029 - plenty of time for bad actors to get settled in and cause real damage.

  • c-linkage  8 months ago

    [flagged]

    • geoka9  8 months ago

      Oh, there will be elections. After all, even USSR and Russia had/have elections of all kinds.

    • setsewerd  8 months ago

      Out of curiosity, since you appear to be very certain of this, what are you doing personally to deal with this? Are you leaving the country, moving into the hills, building a bunker, etc? I don't mean to sound antagonistic or anything, I genuinely would like to know.

      6 replies →

    • johnnyanmac  8 months ago

      Legit inquiry, do you think Trump will last to 2028? I personally don't, but it can go all sorts of ways.

      As an aside, I also consider a civil war as "not making it". Having to wage war on the people you lead is fundamentally a failure of all systems.

      11 replies →

jmyeet  8 months ago

So NLRB handles confidential complaints. The complainant's idenity might be kept confidential. Exact details may be kept confidential.

Why aren't we to believe that this is Elon Musk going after anyone filing a complaint to the NLRB (from X, Twitter or SpaceX) or, worse yet (from Elon's POV), anyone potentially organizing any unionization effort?

There's absolutely no reason DOGE should have access to this information. There's absolutely no reason their activity, such as what information they accessed, should be hidden.

tomaskafka  8 months ago

It appears that “appearing dumb and clumsy while opening the doors for enemies” is a plausibly deniable mode of whole Trump’s administration.

chrisweekly  8 months ago

"Interviewed by NPR" -- ok we can stop right there. Remember, they're dangerous enemies of the state, along with PBS and Fred Rogers.

  • acdha  8 months ago

    Sarcasm isn’t appropriate for something this serious.

    • mindslight  8 months ago

      Sarcasm isn't the problem per se. But it's very important to remember Poe's law, and to avoid adding to the noise. If what you're going to say is just a parody of something a Kool-aid drinking anti-American destructionist might say, there's no need.

      9 replies →

    • bjoli  8 months ago

      I think it is. These people need to know we find them ridiculous. We should not, however, understate the danger of what they are doing.

      3 replies →