Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
A 25-Year-Old Is Writing Backdoors Into The Treasury's $6 Trillion Payment System. What Could Possibly Go Wrong? [View all]
A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
(Mis)Uses of Technology
from the let's-just-do-it-and-be-legends,-man dept
Wed, Feb 5th 2025 10:48am - Mike Masnick
Just months after we learned Chinese hackers had compromised US telecom systems through government-mandated backdoors, an inexperienced developer from Musk’s DOGE unit is pushing untested code directly into the Treasury’s payment infrastructure — a system that handles over $6 trillion in federal payments annually.
It seems reasonable to call it one of the most dangerous cyberattacks on the US government.
The Treasury Department wants us to believe everything is fine. When Senators Warren and Wyden — the ranking members of the Banking and Finance Committees — demanded answers about Musk’s team’s access to the payment system, Treasury responded with reassurances: just “read only” access, they claimed, with no ability to interfere with payments.
But while Treasury was making these claims, both Wired and TPM revealed a far more alarming reality: a 25-year-old DOGE team member named Marko Elez (who had refused to give any of his brand new colleagues his last name) had been granted something far beyond “read only” access — he had full administrator privileges to the system. That’s the keys to the kingdom (or, rather, the kingdom’s payments):
{snip}
(Mis)Uses of Technology
from the let's-just-do-it-and-be-legends,-man dept
Wed, Feb 5th 2025 10:48am - Mike Masnick
Just months after we learned Chinese hackers had compromised US telecom systems through government-mandated backdoors, an inexperienced developer from Musk’s DOGE unit is pushing untested code directly into the Treasury’s payment infrastructure — a system that handles over $6 trillion in federal payments annually.
It seems reasonable to call it one of the most dangerous cyberattacks on the US government.
The Treasury Department wants us to believe everything is fine. When Senators Warren and Wyden — the ranking members of the Banking and Finance Committees — demanded answers about Musk’s team’s access to the payment system, Treasury responded with reassurances: just “read only” access, they claimed, with no ability to interfere with payments.
Importantly, the ongoing review of Treasury’s systems is not resulting in the suspension or rejection of any payment instructions submitted to Treasury by other federal agencies across the government. In particular, the review at the Fiscal Service has not caused payments for obligations such as Social Security and Medicare to be delayed or re-routed. To be clear, the agency responsible for making the payment always drives the payment process. Currently, Treasury staff members working with Tom Krause, a Treasury employee, will have read-only access to the coded data of the Fiscal Service’s payment systems in order to continue this operational efficiency assessment. This is similar to the kind of access that Treasury provides to individuals reviewing Treasury systems, such as auditors, and that follows practices associated with protecting the integrity of the systems and business processes.
But while Treasury was making these claims, both Wired and TPM revealed a far more alarming reality: a 25-year-old DOGE team member named Marko Elez (who had refused to give any of his brand new colleagues his last name) had been granted something far beyond “read only” access — he had full administrator privileges to the system. That’s the keys to the kingdom (or, rather, the kingdom’s payments):
{snip}
4 replies
= new reply since forum marked as read
= new reply since forum marked as read