Post New

https://heathercoxrichardson.substack.com/p/februa...

HCR - Feb 5th

Shortly after 1:00 this morning, Vittoria Elliott, Dhruv Mehrotra, Leah Feiger, and Tim Marchman of Wired reported that, according to three of their sources, “[a] 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies [SpaceX and X], has direct access to Treasury Department systems responsible for nearly all payments made by the US government.”

According to the reporters, Elez apparently has the privileges to write code on the programs at the Bureau of Fiscal Service that control more than 20% of the U.S. economy, including government payments of veterans’ benefits, Social Security benefits, and veterans’ pay. The admin privileges he has typically permit a user “to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.”

“If you would have asked me a week ago” if an outsider could’ve been given access to a government server, one federal IT worker told the Wired reporters, “I'd have told you that this kind of thing would never in a million years happen. But now, who the f*ck knows."

The reporters note that control of the Bureau of Fiscal Service computers could enable someone to cut off monies to specific agencies or even individuals. “Will DOGE cut funding to programs approved by Congress that Donald Trump decides he doesn’t like?” asked Senator Chuck Schumer (D-NY) yesterday. “What about cancer research? Food banks? School lunches? Veterans aid? Literacy programs? Small business loans?”

Josh Marshall of Talking Points Memo reported that his sources said that Elez and possibly others got full admin access to the Treasury computers on Friday, January 31, and that he—or they—have “already made extensive changes to the code base for the payment system.” They are leaning on existing staff in the agency for help, which those workers have provided reluctantly in hopes of keeping the entire system from crashing. Marshall reports those staffers are “freaking out.” The system is due to undergo a migration to another system this weekend; how the changes will interact with that long-planned migration is unclear.

The changes, Marshall’s sources tell him, “all seem to relate to creating new paths to block payments and possibly leave less visibility into what has been blocked.”

Both Wired and the New York Times reported yesterday that Musk’s team intends to cut government workers and to use artificial intelligence, or AI, to make budget cuts and to find waste and abuse in the federal government.

Today Jason Koebler, Joseph Cox, and Emanuel Maiberg of 404 Media reported that they had obtained the audio of a meeting held Monday by Thomas Shedd for government technology workers. Shedd is a former Musk employee at Tesla who is now leading the General Services Administration’s Technology Transformation Services (TTS), the team that is recoding the government programs.

At the meeting, Shedd told government workers that “things are going to get intense” as his team creates “AI coding agents” to write software that would, for example, change the way logging into the government systems works. Currently, that software cannot access any information about individuals; as the reporters note, login.gov currently assures users that it “does not affect or have any information related to the specific agency you are trying to access.”

But Shedd said they were working through how to change that login “to further identify individuals and detect and prevent fraud.”

When a government employee pointed out that the Privacy Act makes it illegal for agencies to share personal information without consent, Shedd appeared unfazed by the idea they were trying something illegal. “The idea would be that folks would give consent to help with the login flow, but again, that's an example of something that we have a vision, that needs [to be] worked on, and needs clarified. And if we hit a roadblock, then we hit a roadblock. But we still should push forward and see what we can do.”

A government employee told Koebler, Cox, and Maiberg that using AI coding agents is a major security risk. “Government software is concerned with things like foreign adversaries attempting to insert backdoors into government code. With code generated by AI, it seems possible that security vulnerabilities could be introduced unintentionally. Or could be introduced intentionally via an AI-related exploit that creates obfuscated code that includes vulnerabilities that might expose the data of American citizens or of national security importance.”…

Heather Cox Richardson's Letters from an American are also available at her substack or on your podcast app.
https://heathercoxrichardson.substack.com/podcast
Here's the link to it on Apple Podcasts.
https://podcasts.apple.com/us/podcast/letters-from...

“[a] 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies [SpaceX and X], has direct access to Treasury Department systems responsible for nearly all payments made by the US government.”

OK, CIA, got a black site ready? We need a clandestine rendition. The subjects need to be waterboarded to find out exactly what they've done. Leave behind subtle clues that point to - who is it today? Canada - that's it - blame Canada.

"Shortly after 1:00 this morning, Vittoria Elliott, Dhruv Mehrotra, Leah Feiger, and Tim Marchman of Wired reported that, according to three of their sources, “[a] 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies [SpaceX and X], has direct access to Treasury Department systems responsible for nearly all payments made by the US government.”

According to the reporters, Elez apparently has the privileges to write code on the programs at the Bureau of Fiscal Service that control more than 20% of the U.S. economy, including government payments of veterans’ benefits, Social Security benefits, and veterans’ pay. The admin privileges he has typically permit a user “to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.”

Remember, Elon Musk has extensive ties to China and has often done stuff at the behest of the Chinese government. Tesla makes a lot of money because of its plant in China. Back in December when the whole bipartisan deal to not shut the government down collapsed because of Musk. One of the results was that sections about sanctions and reporting by companies that do business in China was removed from the final bill that passed.

Did the eye-rolling work?

According to the reporters, Elez apparently has the privileges to write code on the programs at the Bureau of Fiscal Service that control more than 20% of the U.S. economy, including government payments of veterans’ benefits, Social Security benefits, and veterans’ pay. The admin privileges he has typically permit a user “to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.” - from H.C.R.

Wait, didn't Trump and Leavitt assure us that DOGE only has read access? The MSM better grill the hell out of them for this. "Rewriting code and deleting critical files" certainly isn't read-only access.

Wait, didn't Trump and Leavitt assure us that DOGE only has read access? The MSM better grill the hell out of them for this. "Rewriting code and deleting critical files" certainly isn't read-only access.

I read the same thing HCR did, that they have access to code, while other sources are claiming read only. I have no idea. But we could be compromised and not know it.

I read the same thing HCR did, that they have access to code, while other sources are claiming read only

Sigh. Tell me you don’t work anywhere near tech without telling me you don’t work anywhere near tech.

One can have…wait for it…read only access to code bases.

Would anyone care to guess why that might be a thing?

One can have…wait for it…read only access to code bases.

Pointless remark. I think everyone understood me.

Pointless remark. I think everyone understood me.

Yup. And that's the amusing thing.

One can have…wait for it…read only access to code bases.

Why would they need access to the code at all? I thought they wanted to look at the payment data, not the code.

Wired

25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies, has direct access to Treasury Department systems responsible for nearly all payments made by the US government, three sources tell WIRED.
Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: the Payment Automation Manager and Secure Payment System at the Bureau of the Fiscal Service (BFS). Housed on a secure mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy.
Despite reporting that suggests that Musk’s so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to. continued

https://archive.is/OAbib

Why would they need access to the code at all? I thought they wanted to look at the payment data, not the code.

I have a feeling that Musk intends to copy the data and code base to one of his own servers and his programmers will rewrite the code with new rules and priorities in order to replace the entire system. That's what I'd do.

Then they can still say: see, we only read the original data and code, which will be technically true.

"I read the same thing HCR did, that they have access to code, while other sources are claiming read only"

"Sigh. Tell me you don’t work anywhere near tech without telling me you don’t work anywhere near tech.

One can have…wait for it…read only access to code bases." - Dope

Sigh. More reading comprehension and projection problems for Dope. Yes, what you describe is read only access. Everyone knows that. Congrats on stating the obvious while ignoring the part that should be problematic to anyone who works in tech. What was described was access at the highest levels. Access that would allow them to change things. It also said that they had access to the actual servers. What they described was more than just read access to code bases. If you actually knew anything about tech, you would know why server access is problematic. Did you not comprehend that part or are you just ignoring it?

"Pointless remark. I think everyone understood me." - Lambo.

Obviously Dope didn't understand you. Maybe you should use crayon for him.

Why would they need access to the code at all?

How do you know the payments are being routed properly and there wasn't some kind of programmatic error?
How do you know how robust the code is?

You folks are thinking in terms of 1st Order The Bad Orange Man Is Doing Bad Things Because Reasons. What you're forgetting is that there are other objectives:

https://apnews.com/article/china-hacking-treasury-...

China has been stealing data left and right from the US government for years.

WASHINGTON (AP) — Chinese hackers remotely accessed several U.S. Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said Monday.

So, yes.

You're godd@mned right that somebody ought to be looking at Treasury's source code.

Despite reporting that suggests that Musk’s so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to. continued

Tell me you don't know anything about code bases without telling me you don't know anything about code bases.

"Why would they need access to the code at all? I thought they wanted to look at the payment data, not the code." - ptheland

There is absolutely no legitimate reason for DOGE to look at the code base. Zero. DOGE isn't supposed to be the IT Programming Department. They are supposed to be looking at spending.

However, there are lots of illegitimate reasons for them to access the code. One example, if they wanted to copy it and modify the copy, and later when everyone is distracted elsewhere and all of the guardrails and whistleblowers are gone, the modified code could be put into use. Another example would be if you want to give a copy of the code to China or North Korea so they could better figure out how to hack into the system.

I would love to see Dope spin himself into a pretzel trying to explain why DOGE would need server and code base access. There is literally no legitimate reason for them to need it. None. There is only shady reasons for them to have this access. Anyone who knows even a little bit about IT and had half a brain would know this.

There's real, substantial risks to young cowboys who don't know their cyberazz from their hat in on systems that need proper safeguarding from sophisticated state actors.

These clowns are possibly plugging in unscanned, unprotected servers, or moving data outside of enclaves, or sending who knows what to their random gmail account, and basically doing China or Iran or whoever's work for them.

It doesn't matter if you have three doors to your house that are dead bolted with a good lock, with Ring cameras, if some clown waltzes up and strong-arms their way to installing another door. Now your security is shot to hell, because others will use that door, because the clown has at best like, a Home Depot discount Kwik Set lock on that door, and left the key with their weed.

CIA shares new employee names through unclassified email

https://thehill.com/policy/national-security/51291...

John Ratliffe is a real winner, here. So busy trying to get information requested of him by DOGE that he sent the list of CIA recent hires in an unclassified email.

Perhaps he’s actually smarter than that. In which case he is malicious

either way, I’m pretty sure Chinese signal intelligence was there to hoover it up.

only 1 metric needed to vet the smarts of musk's whiz kids and HR flunkies :
full immunity, in writing and witnessed (which should not be a problem given the pride in displaying the trump scrawl).

I assure you they're in absolutely all these outside actors' hardware now. And anyone who was a TikTok devotee. And whatever their free junk AI is (a damn fine honeypot, that thing).

And whatever their free junk AI is (a damn fine honeypot, that thing).

Why did Trump decide to throw Congress overboard as regards TicToc? Perhaps you have some thoughts……

And why did all those China is spying on us tictok hawks suddenly lose their tongues on the matter?

You know why.

I'm going to go to med school. There's a great market for the addaspinetomy surgery in DC.

I'm going to go to med school. There's a great market for the addaspinetomy surgery in DC.

You should do well specializing in that surgery.

Just don’t add the “addadictomy” to your repertoire or the ‘pubs will throw you in jail.

Post New

US Policy FAQ

---

Contact Shrewd'm
Contact the developer of these message boards.