Skip to content(if available)orjump to list(if available)

DOGE as a National Cyberattack

DOGE as a National Cyberattack

78 comments

·February 13, 2025
Visit

lores

Why this isn't front-page news in every Western country is the press' failure to understand technical matters, or perhaps the public's utter disinterest in unglamorous infrastructure. This is the US' own Sulla moment, an incident that will be quoted in future history books as the beginning of the end of the republic.

oropolo

Why isn't it front-page news on HN rather than being flagged? Is it just because Musk's "DOGE" is in the title? I think it's pretty significant that a number of agencies have handed root access to people who shouldn't have it and have made changes that could have significant unintended consequences. This is could end up being a case study in why you don't allow unfettered access even when ordered by the incoming regime (be it POTUS or CEO) because there be dragons and the new people don't know where they are yet.

cbovis

> Why isn't it front-page news on HN rather than being flagged? Is it just because Musk's "DOGE" is in the title?

Essentially yes. Certain users are flagging because they don't want any discussion related to DOGE on HN. See for example https://news.ycombinator.com/item?id=43036254.

oropolo

LOL... wow! I thought the "national cyberattack" and the root override/hijacking was far more relevant than the connection with the organization which shall not be named which is nominally led by he who shall not be named.

Namahanna

It's very sad and a stark commentary on the current state of Hacker News that a post by Bruce Schneier on cyber security is still flagged over an hour after it was posted.

ryandrake

The flagging system has good intentions, but seems like it was designed assuming good faith behavior from users. It does not appear to be resistant to partisan brigading.

DanAtC

This place is full of wannabe technofascists.

93po

His first sentence is:

> In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history

Which is a ridiculous level of hyperbole and just factually not even close to accurate. Solarwinds, the 2014 OPM breach, snowden leaks, chelsea manning leaks, the DNC email leak, moonlight maze - there's a massive list of real, consequential security incidents that are nowhere nearly as bad as Elon and whatever his dumb team are doing.

93po

There are so, so many posts on HN about this and they're getting flagged, I would guess, because people can see this content on literally any corporate news site or a million different subreddits, and there's not much value to it being on HN specifically, and the conversation around these topics is never interesting or productive. I flag it because for these reasons, and also I'm ridiculously tired of seeing 6 different posts about Trump and Elon every single day.

normalaccess

I would like to take this moment to point out that Obama created the framework that trump is using.

Here is a quote from NPR:

"The USDS launched in 2014 by the Obama administration in the aftermath of the botched rollout of HeathCare.gov as an office to boost the digital capabilities of the federal government. It has operated like a digital strike team of sorts, recruiting private sector experts in design and technology to work collaboratively with federal agencies on projects that make public-facing parts of the government more efficient, modern and user-friendly."

Link: https://www.npr.org/2025/01/29/nx-s1-5270893/doge-united-sta...

craftsman

The question is not whether it is good to have such a digital strike team.

The questions include: is the strike team in question being transparent, is it violating any laws, is it protecting data in the way the law requires, is the team composed of people who have been vetted at a level corresponding to the access they've been granted, are any of them potentially compromised or plausibly so, does anyone on the team have conflicts of interest, is there oversight and auditability of their actions?

The reason, I think, these are good questions is simply that these are things we should demand of our public servants, regardless of political affiliation.

ano-ther

The Obama initiative did not override security protocols though (what the article describes). It was basically installing modern IT management for the government.

lores

Yep. Sulla didn't come out of nowhere, marching on Rome was only possible because the Senate had been corrupt for a long time, and institutions had already started decaying - but it was the arson that put an end to any hope of restoring the house.

mikece

I wish I could up-vote that one 11 times: we don't get enough Sulla references in the world these days!

dmix

There's also multiple existing federal agencies that aggregate data across multiple federal agencies (OBM oversees federal data collecting https://strategy.data.gov/overview/, GSA also centralizes federal datasets, OPM collects gov wide workforce data, etc). Aggregating gov spending data in a similar way is not a totally alien idea or even a new one... even if the concerns on data security and transparency are valid.

gmoore

oh please.....how on earth can you assign any blame to OBAMA..

luke-stanley

There may be an error in Schneier's reasoning here: `They are also reportedly training AI software on all of this sensitive data.` Running inference isn't the same as training.

That said, I don't think this should be flagged, that seems counter free-speech. He's got plenty of other well voted articles here on HN, a lot of HN clearly value his insights. Disagreement would be better expressed as a comment rather than trying to make it go away.

qwertox

Just be aware of the Chesterton's fence principle [0]

> "Chesterton's fence" is the principle that reforms should not be made until the reasoning behind the existing state of affairs is understood.

[0] https://en.wikipedia.org/wiki/G._K._Chesterton#Chesterton's_...

AnonC

The concerns he points out — especially about hostile or enemy nations and actors getting a better chance to gather data and understand how to subvert or attach the country — seem valid.

There is a difference between elected officials doing stupid or insecure things vs. unelected people being able to do this without any checks and balances.

(Off topic: I’m upvoting this post to counter the flagging that seems to be going on for all posts on this topic. I respect Bruce Schneier and his opinions on several things.)

lukev

Even elected officials are not allowed to do stupid or insecure things! I seem to remember something about a quite famous incident involving a private email server.

Which boggles the mind when you compare it to what's going on right now.

SpaceNoodled

They're only disallowed so far as there are consequences for their actions.

dmix

> There is a difference between elected officials doing stupid or insecure things vs. unelected people being able to do this without any checks and balances.

Isn't the Treasury dept and most of the federal employees with access to this data unelected as well? They are appointed or hired as government officials and civil servants.

CompoundEyes

Corporations are the unoffical 4th branch of government. If the stock market tanks they’ll be gone like that snaps fingers. The campaign donations and lobbyist spigot will turn off for these politicians, panic and leadership will change. I know Citizens United allows for dark money to flow in from anywhere to prop up their campaigns indefinitely but not enough to offset a tanked stock market due to lack of trust in the US dollar and markets.

EnergyAmy

We need separation of corporation and state enshrined in the Constitution, if it's not too late.

yks

If the nation survives this insanity, the software will have to be rewritten from scratch, otherwise it is impossible to know which actors, both foreign and domestic, have the knowledge of the systems.

bronzejaguar

God willing, the administrative state will be brought to its knees by the duly elected public officials meant to keep it in check.

ryandvm

Republicans are their own best argument against big government.

lenerdenator

The behavior will continue until a consequence is assigned.

EDIT:

I should add, this consequence should be legislative or legal in nature.

oneplane

I wonder how that would work out. It's a bit of an inverse-Ouroboros where the people that are the government keep saying they are 'doing something about the government' without realising that that's them. Maybe they see themselves as something that is not the government, but the whole race they took part in was the race to get elected for government work.

At some point, enough destruction will have happened where the tools for useful government functionality no longer exist in usable capacity.

dandanua

I tell you more. They don't just consider themselves as a government, they don't consider themselves as humans either. They want to be a different kind of species, they want to be above humans, just like humans are above the cattle. And in some sense they are, if so many people were stupid enough to get them elected.

dariusj18

There's a reason Musk brought in younglings to do the illegal stuff. To ignorant to know that in a few years they will be in jail.

lenerdenator

Will they be?

The last ten years have been an exercise in "they will be in jail" without any one of import actually going to jail.

Hell, not many have even been arrested.

SpaceNoodled

A bunch of insurrectionists were in jail, but then something happened and the inmates are now running the asylum.

kombine

Trump's admin already said that they will defy court rulings.

bamboozled

Why would there be consequences? The majority of voting Americans wanted this to happen. Let's not pretend this wasn't the likely conclusion and voters were solely focused on the price of eggs.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

It's really hard to imagine this whole coup isn't some type of Russian / Chinese attack on the western world at this stage. It's too unbelievably good for them to just be a coincidence.

cglace

People were worried about the economy and inflation. To say that most voters wanted to dismantle the government is a bit of a stretch.

I remember all the posters here expressing their belief that Doge would do nothing and was just an advisory role.

rs186

I agree, but I lament how voters quickly forget the chaos from the first Trump administration, and how much they didn't care about the DOGE agenda. They think they voted for a lower inflation (which is a very questionable premise by itself), but they didn't realize they were voting for the whole package. I definitely wasn't surprised, and American people deserve this.

Hopefully the voters come to their mind in the next election, and hope it's not too late.

bamboozled

Which is weird because by the numbers, the economy was doing wonderfully. Maybe you meant to say. People were told an economy prophecy and believed it ?

Even during campaigning the republicans literally warned people their vision would incur economy hardships but that it would be worth it in the long run.

I get the frustration that the price of daily goods was too high but the incumbents did present an actual feasible plan to deal with it. So I’m not really sure it was about “the economy”.

Anyway everything outlined in this article seemed pretty likely to happen, they literally told people their plans ?

BluSyn

The split of opinion on this in tech circles is quite surprising.

No agency would voluntarily modernize systems, which would inevitably reduce head count and put half of them out of jobs. This has been a on-going fight for 30 years. Every politician who previously tried to modernize agencies failed due to intense internal resistance.

Everyone in tech clearly fell on the modernization side. This is what many of us wanted since the 90s. Finally happening. In real time. Headed by one of the greatest tech disrupters since probably Edison. Now they act like the sky is falling?

I can’t find any steel-man argument against DOGE. No modernization plan proposed the traditional way through committees, consultants, contractors, has worked or will EVER work. You have to rip off the bandaid the hard way.

Only explanation I have for those opposing this is some combination of personality derangement spread by nefarious interests, financial incentive, or some crazy model of the world that glorifies bureaucratic power as some fundamental right enshrined in constitution.

Imagine being on the side of the Empire and trying to stop the rebels as they infiltrate the Death Star.

cowfriend

I respect that you have been a HN member since 2016, making it unlikely that this is a troll account.

However, your views read like propaganda.

The "internal resistance" you refer to is simply people trying to follow the law, while being constantly whipsawed by changing political winds. We see similar stories here on HN about work in large corporations. What do you think it is like in an org with 2.2 MILLION employees, where their actions have the power of government behind them often including access to extremely sensitive information?

HN talked about leaking any Youtuber's contact information for 10K, with suggestions that Google should better protect people's data.

HN frequently talks about the dangers of non-accountability for police. Would you like that same non-accountabilty spread to all aspects of the Federal government? (if so, merry christmas because now you have it)

If you cannot find any steel-man arguments against DOGE, may I suggest that you read the remainder of this HN article?

claar

Why would you even suspect this is a troll account? These are clearly genuinely held opinions, stated plainly and without the normal wild rhetoric I typically hear in comments in such threads, yet you read it as propaganda.

This is why I flag all articles on DOGE/etc, because genuine conversation is assumed to be in bad faith.

Expecting someone to read an article having an obvious propaganda hit-piece title like "DOGE as a National Cyberattack" is silly.

Would you read an article titled "technology is the mark of the beast" and take your time to debate its merits?

I personally hold the belief that DOGE and president Trump are acting in good-faith to keep his campaign promises as best as they're able, in a messy and tumultuous environment.

At the same time, I have a lot of empathy for the great number of people that are afraid and hurting right now for a multitude of reasons. People are facing food/job/business insecurity, genuine threats to various core ideological beliefs, an environment of fear and uncertainty for many affected people, threats to the desired direction of our laws and societal moral compass, etc. I hurt for those affected, and I do what I can within my spheres of influence to help.

I don't see why we can't have an honest conversation with each other without assuming that the other is operating in bad-faith. I think BOTH sides should stop using propaganda, and start LISTENING to each other, that eventually we might determine paths forward together without cancelling each other.

lores

"To save the village, we had to destroy it" comes to mind. Except the nuking irradiated the whole country, too.

acdha

> No agency would voluntarily modernize systems, which would inevitably reduce head count and put half of them out of jobs.

What facts are you basing this on? Have you worked at one of those agencies? Do you have reason the believe that the many agencies whose senior leadership have asked Congress to fund modernization programs were being disingenuous?

If not, consider that the people who told you this were not acting in good faith and had motives other than government efficiency.

throw0101c

A related article: "Treasury was warned DOGE access to payments marked an ‘insider threat’"

> The assessment, done by the contractor Booz Allen Hamilton, came before Treasury tapped an ally of Elon Musk to oversee the sensitive payment system.

* https://archive.is/https://www.washingtonpost.com/national-s...

"A US Treasury Threat Intelligence Analysis Designates DOGE Staff as ‘Insider Threat’":

* https://www.wired.com/story/treasury-bfs-doge-insider-threat...

The report was later walked back:

> The government contractor Booz Allen Hamilton on Friday night said it had dismissed a subcontractor who prepared a draft report saying that Elon Musk’s Department of Government Efficiency access to the Treasury’s payment system poses an “unprecedented insider threat risk” and should be suspended immediately.

* https://archive.is/https://www.bloomberg.com/news/articles/2...

ChrisArchitect

Syndicated from FP

Earlier: https://news.ycombinator.com/item?id=43021873

lolc

What is really sad to read in this whole debacle is all the nihilists who think that the US government "should burn". These people are largely ignorant of all the ways their government works for them. One could say the government has been working too well, much like vaccines.