this post was submitted on 09 May 2025

159 points (97.6% liked)

Cybersecurity

7161 readers

293 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

159

DOGE software engineer’s computer infected by info-stealing malware (arstechnica.com)

submitted 10 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

16 comments fedilink hide all child comments

top 16 comments

sorted by: hot top controversial new old

[–] jaybone@lemmy.zip 3 points 3 hours ago

More antics from Big Balls and the Geek Squad.

[–] nothingcorporate@lemmy.today 14 points 6 hours ago

Bro needs to stop using Limewire.

[–] IllNess@infosec.pub 62 points 10 hours ago

“At this point it's difficult not to suspect their awful 0pSec is a choice, and that there are specific people (*ahem* *cough cough* the Russians *cough*) to whom they're leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda,” one critic wrote on Mastodon.

Yup. All according to plan.

[–] pinball_wizard@lemmy.zip 64 points 10 hours ago* (last edited 10 hours ago) (2 children)

Those of us in technology already knew this was the skillset DOGE was hiring. There was earlier evidence of low technical competence, such as misconfigured email servers.

This seems particularly bad:

“I have no way of knowing exactly when Schutt's computer was hacked, or how many times,” Lee wrote. “I don't know nearly enough about the origins of these stealer log datasets. He might have gotten hacked years ago and the stealer log datasets were just published recently. But he also might have gotten hacked within the last few months.”

Edit: Oops. I just noticed I'm commenting in a Cybersecurity Lemmy. Y'all already knew this. I guess I'll leave it for others who might (also) wander in from All.

[–] Cheradenine@sh.itjust.works 39 points 10 hours ago (2 children)

No need for oops, this isn't my profession, but I'm interested. I see it in Local.

I'm always happy to learn more from professionals in their field.

[–] jaybone@lemmy.zip 4 points 3 hours ago

Yeah this hit the “all” feed. Also I don’t think I’ve seen a community referred to as a Lemmy. I like it. It’s somewhat Reddit analogous. I’ve been trying to call them coms.

[–] thisbenzingring@lemmy.sdf.org 12 points 9 hours ago

knowledge is power

learn from the mistakes of others :)

[–] IllNess@infosec.pub 18 points 8 hours ago

You should comment if you want to. Not everyone that follows this community are professionals in tech. And even if pros are reading your comment, they might not know what's going on politically.

[–] DerArzt@lemmy.world 4 points 8 hours ago

you are trying to steal that which I have rightfully kidnapped

Or something

[–] SplashJackson@lemmy.ca 3 points 8 hours ago

Lol noob

[+] sylver_dragon@lemmy.world -9 points 8 hours ago (2 children)

I'm no fan of the folks at DOGE; but, I feel this bit is important to highlight:

the presence of an individual’s credentials in such logs isn’t automatically an indication that the individual himself was compromised or used a weak password. In many cases, such data is exposed through database compromises that hit the service provider. The steady stream of published credentials for Schutt, however, is a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

I know that my own credentials show up in the HaveIBeenPwned database quite a few times. I've had the same email address going on three decades now and have been signed up to a lot of services which got breached. The result is that you can find my personal email address and the associated password for whatever service got popped. Does that mean my own security is bad and/or my credentials for anything else are compromised? No, because I use complex, unique passwords everywhere. Yes, if you dig through the data, you can find my username and password for Dungeons and Dragons Online. And that will net you fuck all, because that was the only place I used that password.

Honestly, this article is more an embarrassment to the person who wrote it than the person it's about. Anyone who has had the same email address for any significant length of time and has used it to sign up to internet based services has probably had their credentials for some of those sites compromised. Sure, the OpSec and practices of folks in DOGE have been terrible, but all we know is that this user has had their credentials from other sites and services dumped, just like every other victim of such breaches. That's not news, nor does it reflect on the victims of those breaches. This is just a sad attempt at a hit piece, which only shows the author's lack of ability to find anything interesting to write about.

[–] Telorand@reddthat.com 11 points 6 hours ago (1 children)

I understand your desire to be charitable or tempered, but this isn't some random schmuck who made an oopsie and reused a password from a previous database hack.

This idiot has his dumb fingers in vital government systems, and the fact that he didn't clean up his security profile before wreaking havoc says a lot about his ability to do his job safely. Thus, I think it is justified to point out the fact that he's stupid and can't get his security together, and your charitability is wasted on someone like him.

[–] sylver_dragon@lemmy.world 2 points 3 hours ago (1 children)

I understand your desire to be charitable or tempered, but this isn’t some random schmuck who made an oopsie and reused a password from a previous database hack.

And nothing we know shows that he did that. Sure, he could have, and maybe he is that bad at security. The whole article is based on the supposition that he is reusing passwords. With no proof provided. If there's some evidence, then sure burn the witch. Otherwise, it's just baseless supposition.

This idiot has his dumb fingers in vital government systems, and the fact that he didn’t clean up his security profile before wreaking havoc says a lot about his ability to do his job safely.

There isn't anything he could have done about past breaches. As I said, my email is still in the HaveIBeenPwned database, not because I didn't clean up anything, but because I can't clean up anything. Once those creds have been published, they stay published forever. The only thing you can do is rotate any affected passwords and move on with life.

And yes, the obvious failures on the DOGE website do speak to poor coding practices. I wouldn't hire the guy to code anything, but I still think the article is just over the top muck raking trying to turn breached credentials into a story which really isn't there.

[–] Telorand@reddthat.com 3 points 3 hours ago

When was the last time you heard about a vibe coder with unfettered access to government systems getting hacked? Probably never, because the government used to try its best to ensure security policy was followed. But Trump and Elon come along, and all of a sudden, secure info is leaked everywhere.

I understand your desire to remain skeptical and demand evidence, I do, but I think you're just throwing your pearls before swine at the end of the day in doing so.

[–] can@sh.itjust.works 8 points 7 hours ago (1 children)

In the event, however, that Schutt used the same or similar credentials in systems or machines during his work at CISA and DOGE, attackers may already have been able to access sensitive information he’s privy to. And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point.

I don't trust that they have as good password practices as you.

[–] sylver_dragon@lemmy.world 2 points 3 hours ago

Fair enough, but absent any evidence that password reuse is leading to a problem, the article is trying to claim that him being the victim of previous breaches is somehow a failure of security on his part. That's just dumb. Maye he did reuse passwords and that's going to cause problems. But, absent any evidence of it, the whole article just comes off as yellow journalism, at best.