Bruce Schneier Davi Ottenheimer have written a tremendous piece for Foreign Policy that everyone should read called "DOGE is Hacking America." It clearly explains why what DOGE is doing has to be stopped, and what's at stake here.
https://foreignpolicy.com/2025/02/11/doge-cyberattack-united-states-treasury/
I used to subscribe to FP but then found it came with my Apple News subscription. But I realize not everyone has that, so:
https://archive.ph/lSHkJ
Here's an excerpt:
"But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.
The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.
This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error.
These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.
The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data."
Paul Cantrell
Dr Andrew A. Adams #FBPE 🔶
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.