118
DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier Than
(cyberintel.substack.com)
Oh dear god.
Between January 14 and February 8, servers belonging to Lawrence Livermore National Laboratory, Los Alamos National Laboratory, Thomas Jefferson National Accelerator Facility, and Fermi Accelerator National Laboratory have been found with Remote Desktop Protocol (RDP) services exposed to the public internet. This grants malicious actors the opportunity to hack into servers hosting sensitive nuclear research data, a golden egg for spy agencies across the globe.
Its FINE, ITS ALL FINE!
Alarmingly, a Department of Energy server allowed anonymous login with write access, raising the risk of hackers uploading malicious code or installing backdoors for persistent network access.
uh um, just a minor hiccup Mr. Musk, it'll all be patched up... as soon as... hrmm...
However, my investigation reveals that Inventry[.]ai may be one of the AI products in question, with multiple U.S. government IP addresses pointing to its REST API. This indicates a massive flow of government data being sent to the AI company’s servers.
Proof: 8 IP addresses on Amazon’s GovCloud now point to Inventry.ai’s REST API, indicating a massive firehose of data being sent to the AI company’s servers. The IP addresses are: 18.253.166.131, 182.30.117.29, 18.253.153.187, 182.30.154.252, 18.254.229.158, 18.253.160.247, 18.254.175.18, 18.254.191.201
This is a stunning breach of Americans’ privacy that likely breaks multiple federal laws, including the 1974 Privacy Act, the Federal Information Security Management Act, the E-Government Act, and the Computer Fraud and Abuse Act, among others.
You just give the AI direct access to what you want it to make secure, and then it just ... does that.
Right?
The Treasury Department’s Office of Inspector General’s Outlook Web login page is now publicly exposed. This allows attackers to attempt brute force password attacks. Once inside, hackers could exploit CVE-2024-21413 to send malicious emails that further compromise government systems. Another Treasury mail server is observed here.
Yeah ok so this is almost certainly the most serious cybersecurity... 'event', ever. At least of anything that's been publicized.
This is somehow even worse than the actual plot of the Manchurian Candidate.
In a sane world, everyone responsible for this would be fleeing out of the country with a Luigi Mangione esque manhunt going on for all of them.
... Its literally an inside job, but seemingly done by accident, and also seemingly done by people who will get away with it and be protected by those in power.
Words fail me at this point.
EDIT: I guess if DOE allows anonymous write access...
... we are all Q now.
Please stop the ride, stop the ride Mr Bones PLEASE.