Notices by BrianKrebs (briankrebs@infosec.exchange), page 4

It's not an accident that DOGE has taken over the U.S. Digital Service. The president wants to grab all the federal agencies by their data. Now they're doing it with the GSA's 18F.

This is from the executive director of the 18F, the digital services agency within the General Services Administration (GSA) that develops open-source tools to improve digital services across the federal government.

"I am the Executive Director of 18F and 18F’s longest running employee- I have been at 18F for 10 years. You may not have heard of us, but last night proved that we are powerful. The way the administration ran to get rid of us under the cover of night and shut us down without warning proves that they were scared. They are too afraid to even speak to us.

We, like our many allies, had the “radical” idea that the government should be responsive to the needs of real people. We assembled amazing teams of technology professionals from different specialities who could work together and learn from each other. We shared what we learned with everybody.

I saw, time and time again, where we stood up for partners who were getting taken advantage of by vendors, or just needed help turning a vision into reality. We could make a simple website or a complicated system, we would do what we needed to best serve the mission and the public. We didn’t upsell anyone, we tried to teach our partners how to do what we did. I see them still prospering years after working with us.

We have proven methods that could be replicated, so we helped even more people through guides and writing. Those people are still going. And I am cheering them on.

We were living proof that the talking points of this administration were false. Government services can be efficient. You can work with agencies as they are now and work with them to better manage their services.

This made us a target. People who own skyscrapers are afraid of 100 people who made websites better. Not because of the latest tech fad, but because we proved that the government can be fixed, the government can be made better and the government can work for the people."

https://fedscoop.com/gsa-shutters-18f-possibly-leaving-agencies-in-the-lurch/

Uh...WTF happened to cancer.gov (National Cancer Institute)

Hope this is only temporary. WTAF?

Listen up. I didn't want to say this earlier b/c maybe it wasn't obvious to them, but the Russian conspiracy that is now in charge of our executive branch is also in control over the .gov DNS zone file. The entire thing.

IDK what this means for .gov content indexed on sites like archive.org. According to their rules, the domain administrator can request and get the redaction of all content within that domain.

Consider this: Russian state media (TASS) was in the fracking Oval Office to report on the shameful performance by President Trump yesterday. Reuters and the Associated Press were banned. But Russia's main state-sponsored news mouthpiece was fully present.

First off: What a giant security failure. Again, shows that this White House is completely ignoring anything related to security clearances. President Trump on Day 1 in Term II declared the security clearance process was too onerous and that anyone so deputized by the White House counsel could have access to the most secret information there is.

This is the best thing I've seen all day. Go ski in Russia, Mr. I Did Not Have Sectional Relations with that Couch.

I've been looking at the background of Branden Spikes, the senior member of DOGE who is director of IT over at X (his OG email is b@x.com).

Prior to joining up with Musk, Spikes ran a company called Spikes Browser, which tried to create a sandboxed browser environment. I met Branden in DC in 2013, and I actually used Spikes for a short while.

It seems that Branden used to be married to a woman named Natalia Haldeman (she went by Natalia Spikes then). Records published by ProPublica show that Ms. Haldeman is the CEO of a nonprofit called the California Russia Foundation.

https://projects.propublica.org/nonprofits/organizations/452775704

https://unicourt.com/case/ca-la2-branden-spikes-vs-natalia-haldeman-855382?init_S=c_relc#dockets

When I search in the breach tracking service Constella Intelligence for spikes.com, I find tons of Yandex profiles for people in Russia who have spikes.com email addresses (all phonenumbers@spikes.com).

Going to keep poking at this.

Trump actually said this yesterday: "raw earth." Which I guess is him confusing "rare earth" materials,. which aren't really in the offering, and raw materials, which may well be.

“As you know, our country doesn’t have a lot of raw earth,” said Trump. “What we do have is protected from the environmentalists … but it can be unprotected.”

A chilling observation that's been kinda overlooked in the mayhem generated by the cowardly ambush at the White House yesterday. From a reader on LinkedIn:

How bad are things in the White House right now?

The Associated Press and Reuters weren’t allowed in the Oval Office to cover the spectacle yesterday.

You know who was?

The *Russian state-owned news agency, TASS, which was live streaming the ambush directly to Putin*.

https://www.linkedin.com/feed/update/urn🇱🇮activity:7301581747899539517/

NextGov writes that the General Services Administration deleted 18F, a government tech consultancy that helps other agencies with their technology, early Saturday morning.

"The office has been deemed “non-critical,” Thomas Shedd, director of GSA’s Technology Transformation Services, emailed staff at 1am. The agency’s acting head, Stephen Ehikian, told GSA staff Monday that the agency, which works across the government on tech, procurement and real estate, would be conducting a reduction in force.

Other GSA offices “have already or will be impacted” as part of GSA’s layoffs being done under the direction of the White House, wrote Shedd.

“The 18F Office has been identified as part of this phase of GSA’s Reduction in Force (RIF) as non-critical,” wrote Shedd.

“This decision was made with explicit direction from the top levels of leadership within both the Administration and GSA,” he continued. “There are no other TTS programs impacted at this time, however we anticipate more change in the future.”

The team was founded the same year as the U.S. Digital Service, which has since been transformed into Elon Musk’s DOGE.

Musk has said that he wants to fix the government’s at-times antiquated technology — which featured prominently in the executive order creating the DOGE, too — but legacy staffers at USDS who’ve been working on government tech problems have also been fired or quit in protest.

The billionaire wrote on his social media platform X that 18F and TTS had been “deleted” weeks ago, re-posting another account that called the 18F a “far left government computer office” and pointed to its work on the IRS’ free tax filing system, Direct File.

https://www.nextgov.com/people/2025/03/gsa-eliminates-18f/403400/?oref=ng-home-top-story

Security experts warned Friday about a widespread zero day vulnerability, tentatively dubbed "CVE-2025-TRUMP," that threatens to let Russia backdoor....well, everything.

I really feel for anyone who has a fantastic security vulnerability to disclose anytime soon. Because it pales in comparison to the clear and present danger presented by our current Commander in Chief.

We are so getting cut out of intel sharing agreements by our allies over this. I mean, if they have a brain. Anyone with intel training 101 (that isn't Israel) will conclude that the US cannot be a trusted intel sharing partner anymore.

I'm completely apoplectic about this. U.S. offensive cyber operations against Russia should never ever stop unless and until Putin is gone and something resembling a non-threatening superpower takes over.

If we were serious about pushing Moscow to make *any* concessions in a cessation to its aggression in Ukraine, we would INCREASE by 10x or more the offensive actions against cybercrime operations that are Russian state sponsored or state-tolerated.

How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more.

Martin Matishak over at The Record writes that the former Fox news host turned Defense Secretary Pete Hegseth last week ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions.

"Hegseth gave the instruction to Cyber Command chief Gen. Timothy Haugh, who then informed the organization's outgoing director of operations, Marine Corps Maj. Gen. Ryan Heritage, of the new guidance, according to these people, who spoke on the condition of anonymity because of the matter’s sensitivity."

"The order does not apply to the National Security Agency, which Haugh also leads, or its signals intelligence work targeting Russia, the sources said."

"While the full scope of Hegseth’s directive to the command remains unclear, it is more evidence of the White House’s efforts to normalize ties with Moscow after the U.S. and international allies worked to isolate the Kremlin over its 2022 invasion of Ukraine."

https://therecord.media/hegseth-orders-cyber-command-stand-down-russia-planning

Okay, if Cloudflare says the President is a Russian asset, I'm out.

Honestly, I don't know how Zelenksy didn't punch the cheetoh that whole time. That man has remarkable restraint.

I have never been so embarrassed for our country. What a thug. "World War III," he says over and over, echoing Putin's sabre rattling throughout his invasion. Even sitting in the White House, Trump is echoing the Kremlin line.

What's even more despicable is that the spineless, gutless GOP will say nothing about this indefensible show of gutlessness and cowardice by their leader. Imagine that: Being afraid of cowards makes you one.

Hey, cool! I was quoted in a WSJ story today about tax-related ID theft. I'm told this link should work w/out the paywall, in case you wanted to know more about how to get an IP PIN to prevent crooks from claiming a tax return in your name.

https://www.wsj.com/personal-finance/taxes/tax-identity-theft-ip-pin-irs-ab021643?st=oWLJHp&reflink=desktopwebshare_permalink

Yes, this still happens to ~500,000 people a year. It doesn't matter if you are owed a refund or not, and most people only find out someone has already filed in their name when the victim goes to file their return and it gets rejected as already filed.

I'm trying to understand why one of the worst bulletproof hosting providers out there today -- Russia-based Prospero OOO -- is now getting transit to the larger internet via the antivirus and security firm Kaspersky Lab?

https://www.cidr-report.org/cgi-bin/as-report?as=AS200593

Prospero (AS200593) has been tied to multiple bulletproof hosting providers advertising on Russian cybercrime forums that say they will ignore all abuse complaints. It operates an insane amount of phishing domains at any given time, and it's been connected with ransomware C2s and distribution of ransom-adjacent malware operations like SocGholish and GootLoader. But don't take my word for it. Have a look at just the recent stuff:

https://urlscan.io/search/#page.asn%3Aas200593

https://www.virustotal.com/gui/search/as200593

https://www.intrinsec.com/prospero-proton66-tracing-uncovering-the-links-between-bulletproof-networks/

I understand that Kaspersky Lab (AS209030) provides DDoS protection as one of its services, and its networks do indeed seem to include several large banks (Alfa Bank, and the Russian police, e.g.). But if that's really what this is, that's almost worse than Kaspersky just letting these providers transit their network.