DOGE staff installed the terminal on the Eisenhower Executive Office Building roof in February 2025 without notifying White House communications or cybersecurity teams, ignoring their prior warnings [2]. The resulting "Starlink Guest" Wi-Fi used only a password—no usernames or two-factor authentication—unlike standard networks requiring full VPN tunneling and device logging.
This allowed devices to evade monitoring, transmit untracked data outside secure channels, and potentially enable leaks or hacks, as noted by former officials and experts like ex-NSA hacker Jake Williams. A confrontation ensued with Secret Service when DOGE accessed the roof unannounced [3].
[1] https://www.nytimes.com/2025/03/17/us/politics/elon-musk-sta...
[2] https://www.washingtonpost.com/technology/2025/06/07/starlin...
Pretty sure that was the point
Or Starlink uses an encryption scheme somewhere in the network only the big boys can break.
Justin Fox not being able to say what DEI is really tells you everything you need to know about how grants were cancelled.
Challenge it and they escalate.
What’s the solution?
These folks will push until the dam breaks. When it does, all will be washed away by wrath and fury.
If so, bravo. If not, whelp, let me know when you escape the reality distortion field and we can grab a beer.
Is there a term for this Jehovah’s Witness complex where being ignored is taken as a sign of one’s faith?
Why not? Shouldn't the public be allowed to learn who all the DOGE employees were? Federal employees are public record, are they not?
Their recruiters are all anonymous when they reach out as they do not provide their names. I constantly questioned to myself and them directly if they were legit even if their email address showed as RecruitingUSDS@doge.eop.gov (their public email address seen on USDS). The first recruiter I demanded a video call with and asked him to bob and weave his head (lol). He never gave me his last name (all his emails came from that public address and they signed their emails with first name only) but I found him on Linkedin. He was late 20s to late 30s. From there I was asked to do/turned in a case study and after the govt shutdown I was invited to interview with a DOGE employee whom then her email showed her full name. I didnt make it past her as there was another step in their process which is an in person interview at USDS's office or within another govt agency DOGE working at.
Who turned out not to exist.
Or when they put loshed that website full of their savings.
Which turned out not to exist.
Oh, wait.
That said there is a list by propublica: https://projects.propublica.org/elon-musk-doge-tracker/
Agency: "Social Security initially denied Borges’s allegations and said the data referenced in his complaint is stored in a secure environment walled-off from the internet."
Ah walled of the internet, so no one can get there and copy the data to a flashdrive. Move on, move on!
You can't make that up.
Unfortunately it seems quite believable. This is the same outfit that fired a bunch of people responsible for overseeing the US Nuclear Arsenal. [0] The combination of arrogance and stupidity was breathtaking.
[0] https://thebulletin.org/2025/04/doges-staff-firing-fiasco-at...
> copied to a flashdrive
Both of these cannot be true. A secure environment does not allow trivial data exfiltration over USB.
There's absolutely no way to guarantee that ever again.
You sound like the guys I know who work at banks, talking about all this policy, how secure they are.
I suspect the whistleblower is correct, but I don't think it's proven to the point where we can confidently state that "it happened." SSA isn't trying to dispute the method, they're trying to dispute the fundamental claim.
Paul Graham and Garry Tan were both big cheerleaders of DOGE, so, keep that in mind.
A shocking number of the biggest stories about DOGE over the past year were flagged here, probably including the stories about goons physically removing people.
Posts questioning this suppression/censorship were flagged.
Some people like to argue that since any story about Musk becomes toxic - for some reason - it 'makes sense' to flag every story about anything to with him. You know, like Israel, or US torture, or Assange, or Snowden, or Epstein, etc.
For we are but naive children here in the tech industry, and must have a safe space to discuss PCB specs and the meaning of 42 without too much 'current affairs', lest the site 'lose its focus'.
It's not like almost the entire top of the industry is neck-deep in collaboration with all this or anything, right?
... Anyway, if people here don't know much about DOGE, the massive flagging that's gone on here is probably a big factor as to why.
That’s the only way I browse HN now because this place is clearly brigaded to bury certain topics.
- Terry Pratchett
However, the people of the USA voted for Trump. Twice.
I fear things have changed and Trump'ism is here to stay.
In practice, that has always been an ineffective threat against Presidents who are within days of leaving office anyway. And more importantly, the framers of the Constitution seemed to have entirely failed to imagine a party like today's Republicans who value strict personal loyalty to the President over every other principle of government.
We've certainly had some colorful presidents in the past, but the current president is engaged in a lot of blatantly impeachable behavior, and as far as I know, we've never had such a passive and complicit Congress before.
So many years of dealing with this administration, and people are still attempting to point our hypocrisy and hold people to standards with regard to principle, past statements, character, etc. None of it will work here.
Allowing China god mode access to U.S. telecommunications infrastructure versus one guy with a USB stick.
Biden's senior FBI officials and National Security Advisers admitted they didn't even have the logs to determine when or how they were breached, and the hack was via law enforcement portals.
Breathtaking incompetence. The 2024 election was completely compromised due to this security lapse, as both campaigns were wiretapped.
[1] https://www.pbs.org/newshour/show/chinese-hackers-have-infil...
https://openlibrary.org/works/OL1161327W/R%C3%A9flexions_sur...
otherwise... can't check from work, but perhaps anna's archive/slsk has you covered?
Real quote from a friend when this whole thing was going down.
https://xcancel.com/paulg/status/1888555241055948981
I guess this aged like Windows Me
It's a conspiracy theory - I don't have any real evidence to support it, but I tend to believe it.
I don’t believe anyone here if they say that is honestly a standard that they held through previous administrations.
I think there are plenty of ways to criticize Trump without abandoning my own principles.
If I was aware of any remotely comparable precedent in any recent administration, I would certainly criticize them for it. But the "DOGE" episode was so far beyond the pale that I can't think of anything else like it.
Interesting choice of words and application when discussing gripes against entire administrations.
It doesn't need to be, nor should we measure things against eachother by their ability to be used as an attack. We should measure this on it's own, based on what has happened.
In this case, an agency created by the President's Executive Order, that reports directly to the President made significant personnel and security access changes. There have been many security issues coming from that new personnel and department. If this doesn't fall on the administration, what does?
Are the people mad at ICE complaining that immigration was perhaps a little too lax under Biden’s admin, and possibly creating a situation where so many people felt inclined to vote for the Mass Deporations Guy?
Is there retroactive anger for Biden Admin? Note that I’m talking about a conservative voter’s right or wrong stance on the popular-at-the-time migrant caravans and not the actions of a specific person in a mid level position.
Not that I’ve seen, ymmv.
You can argue about whether immigration was a real problem or mostly fearmongering. In that case, any realistically achievable level of deportations under the previous administration would probably have been dismissed as insufficient anyway so the outcome would the same. But if policymakers deliberately loosen rules, they can be blamed for the consequences.
It is no different from weakening medicine purity standards and then acting surprised when people die. In that case, responsibility clearly falls on the people who made the policy too.
It may sound blunt, but assigning blame is a normal part of politics. Politicians are there to make decisions, and they should be praised or blamed for the results.
> This is a nation built on egg-breaking.
Is too capacious. The USA is a nation based on "these truths [that] are self-evident", and (as the federal oath puts it) protecting and defending the Constitution.
That's not to say that egg-breaking can't be great, but it a) isn't usually to be commended for its own sake, but rather when it's to some specific and important purpose, and b) the "eggs" broken are not those in the preceding paragraph.
I bet you said the same thing a year ago when people were warning about exactly this scenario.
Unless you get stack overflow first!
Instead, I have a steady and ever-growing list of real and vicious shit that the US has done, going back to its formation.
You can pretend that everyone is just outraged because of some flavor of the month. You can pretend you're okay with breaking eggs because you don't think they are your eggs.
But at the end of the day some of us really don't like this stuff because we pay attention and have a memory- if you don't, then that's something you should work on.
If those people weren't granted unprecedented access to our data, there would be no whistle to blow. You can wait for the "investigation" to play out, the rest can see that obvious risks were ignored to benefit someone.
Again, there doesn't need to be evidence. The point is that a claim like this is clearly plausible and worth investigating because of political decisions this administration made. They took a non-political issue (access to social security data) and explicitly made it political. You don't get to later use those same politics as a protective shield for criticism.
> it maps perfectly onto an existing fear people were already primed for.
People were primed because of the repeated warning that experts were giving about the security of this data and carelessness in allowing access. You are helping to prove my point that the administration encouraged this by their own actions.
But, yeah: if you find that the steelman version of the opposing argument won't be borne out in reality that's a promising line of attack. You'll argument will be more likely to be effective, however, than if you attack the strongest rather than the weakest ("strawman") version of the case.
Which is usually a strawman tactic, and I agree both disrespectful and useless.
But... We will always respond to our own understanding of someone else's argument! That's inevitable, short of mind-reading. A habit of steel-manning the opposite case is a useful discipline for demonstrating respect - and, ideally, minimizing the necessity for clarification.
In practice, this means to make (to the best of your ability and understanding) an honest and accurate restatement of their case, and (if you see an opportunity - you won't always) a genuine suggestion that it would be stronger if it considered [x, y, z], before you attempt to refute it. You may not get it quite right, but you will have given your interlocuter a straightforward opportunity (as you say, conversationally) to clarify.
I think this is, given as I say that we're not able to inhabit anyone else's mind directly, the closest that we can rhetorically come to taking another's claim "at face value".
I think given the performance of DOGE, the wars, the executive orders, the epstein files, we can make a SMALL logical stretch here and assume, FOR THE MOMENT, that this happened.
The topic at hand was a whistleblower report, which would have serious ramifications if proven false. It isn't apples-to-apples.
[0] https://thehill.com/homenews/media/fox-news-donald-trump-dig...
I was for the admin based on claims of lawful immigration enforcement and keeping out of foreign wars. however, after inept efforts with immigration, doge and the Iran war I will not be for republicans again.
I'm not trying to be snarky but I am trying to take the opportunity to gauge how some folks are prioritizing these things when they vote.
During the previous time they were in power - these were mostly adhered to. Tariffs - again inept. They need to be targeted to keep allies close and wean off of Chinese dependence.
So all in all - most of the corruption didn’t exist during trumps first term.
And the twitter sewer is full of unsubstantiated rage bait and thinly veiled toxic innuendo. Musk knew exactly what he was doing when he used his direct control of a multi billion dollar communication network to influence the election.
I'm just glad some people are finally saying "hey, wait a minute..."
That is to say, there is no reason to extend this administration or anything DOGE-related the benefit of the doubt.
Now, your turn to answer the question.
It’s interesting (horrifying) to think of the implications actually. People wouldn’t buy this data directly, it’s too obviously illegally procured. But laundered through an LLM to provide “insights” without citation? That’s plausible deniability.
Zuck would be happy to take that data, and because he's worth a cool $350 billion, he'll do whatever the fuck he wants with that data, and we'll thank him by cutting his taxes.
You think Donald Trump would put him in jail?
Nobody wants to fuck with PII, platforms will blackball you in a second if they think you have sensitive data. If you haven't worked in adtech, be quiet and do even the most trivial research before spouting nonsense.
if you have, i won't take ethically-compromised advice from you.
slur me if you like.
Either way this data is definitely going to spread behind closed doors.
Banks
Sales/Marketing
Healthcare
Palantir
xAI
Any social security scammers
Etc.
See if Musk was in any way involved, or acted with such reckless disregard for known security standards that he could be civilly or criminally liable. Do the same as above for him.
The only way this stops is if consequences are introduced.
Did this joker take things from a computer that they weren't supposed to while in a state that has laws against that sort of thing? If so, have a local prosecutor build up a case, and arrest and charge them.
The Supremacy Clause should be tested in this way.
Anymore I have zero desire to keep any copy of work code or other data on any personal device. Nope, never gonna need it, don't want it, just a potential legal headache with no upside.
But when I was younger? I could totally imagine getting a big juicy dataset like that and wanting a copy for myself. It'd make me feel special, having information no one else had.
I don’t think there’s a risk that it will influence a rare person in power to enforce the rules to go lighter. I just think it encourages people to be less reckless with hoarding data who might otherwise put themselves in danger.
"secure" eh?
Outside of strip searches upon arrival and leaving I'm not sure how you could eliminate that risk.
Same. I won't even have Teams or Authenticator on my phone unlike most others here (though wrt Teams, that is at least as much about not wanting work to bother me as it is about the danger of data seepage). I need the authenticator to do the job, but I have an old factory-reset phone that has that (and, just in case, Teams) on it.
> But when I was younger? I could totally imagine getting a big juicy dataset like that and wanting a copy for myself.
I'm pretty sure I never would have done. I've always resisted knowing credentials and personal information that aren't mine (so if anything untoward happens with/using that information there is no way it can be my fault/doing, as well as the less selfish reasons) despite people falling over themselves to do things like tell me their passwords & such when they were wanting some for of tech support.
But I think there is a different attitude to data risk in that age group today. They've grown up in a world where very little is really private, and every app and its dog has wanted their contact details and other information (and all too often information about their friends & family), do the idea that data is a free-for-all is dangerously normalised in their heads.
I find older people are similarly very lax with their own data, in fact often being rather too trusting of others generally, but not so much with other peoples. There are a lot more people who are appropriately careful (or even paranoid) in their 30s/40s/50s (I'm late 40s myself) - I think we are lucky to be in the middle, being exposed to information dangers enough to not have that “naivety or age” and not desensitised by having lax information security pushed at us from an early age.
Counterpoint from a UK/EU perspective.....
Anybody new being onboarded is given (company compulsory) GDPR training if their role involves any handling or processing of personal data whatsoever. Data security and privacy is being treated quite seriously here; though unfortunately not seriously enough IMO.
I'm not doing anything wrong! It's not like I'm selling it! I'm just showing off the cool data no one else has! I'm saving the day, probably, by letting us solve a problem with my cool data that would be impossible otherwise.
I had access to insane amounts of highly sensitive data as an early 20-y/o and never once felt inclined to share it or brag about it with anyone.
Hiring processes around these roles should distinguish between past-me and past-you.
Like, any system will fail if too many of its members don't care about maintaining it, but you're going to hire the wrong person from time to time.
It's important to design your systems to minimize access, both in terms of not allowing everyone access to everything and to only allow people as much access as then need to do their jobs, to require multiple people to sign off on temporary access grants, to create audit trails and to actually audit them and have consequences for violating the rules.
(Which, in this case, DOGE purposefully dismantled.)
It doesn't just protect the data from nefarious villains, it also protects young idiots from themselves, who don't realize you can cause harm just by being curious.
I'm proposing that we both have systems to mitigate insider risk and we try to avoid hiring ideologically motivated and ethically compromised goobers to highly sensitive government jobs.
And I'm proposing that we don't write this off as, "welp he's a kid!"
At DOGE, those somebodies were a bunch of red-piled barely adults that worshiped Musk.
But:
1) That's why we have traditionally had the safeguards that we have had, to protect against this sort of crime, and
2) The allegation in this case is that he later approached coworkers to do something with this data, even if they ultimately didn't help him do it. So it doesn't appear to be hoarding just for the sake of it here.
Oh, wait. No I would never have done that. That's just insane.
A broken logic. Of course the people who you would have stolen the data from, had it. A question pops up, though... what's in your possession you should not be in the possession of.
In the DOGE case, they specifically broke all the controls that existed to manage insider risk and keep people from making copies like this, but (especially 20-30 years ago) I've been on plenty of networks that just had no concept of insider risk and everything was just open for anyone to access (or protected by shared passwords everyone knew).
Is there a reference or citation for this? I didn't see in the article.
Oh no no no no no, not once, not ever.
But look around the network, see what file shares are world readable, maybe see if there's any FTPs or Telnet servers with no username/password (or at least, no password stronger than "guest")? That's just being curious. And if I see any interesting files, and I make a copy to look at later, that's not a crime, is it?
I'd like to think my younger self, if he'd been hired at the SSA or somewhere similar, would see the difference between "the personal data of hundreds of millions of people" and the networks I actually had access to at the time. I know I wouldn't be trying to sell the data or trying to otherwise leverage it for financial gain, but I don't really have such a high opinion of my younger self's judgement that I would completely rule out making a copy for objectively dumb reasons.
I have a sinking suspicion this engineer won't see the inside of a jail cell.
But why? The only conclusion I can come to is "stealing elections". I'll include this partial list I made of Republican voter suppression efforts going back decades [1].
I believe out there someone is collecting all this data into an AI model to predict how people will vote, something that Cambridge Analytica was a toy version of. But it goes beyond how people will vote but whether they will vote. Likewise, data will be constructed to strike off people from voter rolls if the system believes they won't vote how you want. We've seen efforts like this where similar-sounding names of felons in other states are used to strike off people from voter rolls. And that's a real problem because people might not know they're no longer registered to vote and in some states you have to register 30 or more days before the election.
There is essentially infinite money available to fund Republicans stealing elections because it results in public funding cuts to give even more tax breaks to billionaires.
You can't directly use the SSA databsae obviously so any effort must be small enough to not draw attention, involve part or all of the computing done overseas to avoid legal scrutiny and/or "washing" that data through data provider services. I would bet if you started exhaustively looking at various companies in or adjacent to these spaces, you'd find some pretty dodgy stuff.
https://www.onthewing.org/user/Bonhoeffer%20-%20Theory%20of%...
Nobody should have permission to query 70M Americans, it's a huge security flaw for the average citizen. But Pentagon has been doing this for a while a la Snowden, and the average american doesn't seem to be worried. With Snowden becoming a menace rather than a hero.
Once private government data from Americans starts being heavily used to mess up elections, or even worse, persecute people with a different opinion than the ruling party...
Americans will finally wake up that GDPR doesn't stiffle innovation, but rather protect its citizens from an evil actors.
But it may be too late, like when NSDAP started chasing jews and migrants. There was nothing they could do other than to flee to survive.
Yet here on HN, what have we been arguing about? Big tech. Google and Meta have been allowed to become boogeymen in this community out of all proportion to the actual threat they posed[1].
While the actual boogeyman stealing our data to exploit in the market? It was us.
[1] I mean, lets be honest, while everyone has abstract complaints the truth is that they've actually been remarkably benign stewards of our data over the past 20 years. Much, much, MUCH more responsible than the glibertarian dude in the cubicle next to you, as it turns out.
Since the beginning of DOGE, it has not been especially bold to predict:
- DOGE will cost more than it saves. The seminal errors, mistaking $ millions for $ billions, world-write permissions on their Drupal site, etc. convinced us that we can't expect deliberate professionalism.
- The very first whistleblower, out of NTSB, convinced us that exfiltration was the goal. This is within the top 5 whistleblower stories here. The critical detail was their instruction that access logs be scrubbed.
- And the general public smelled it, too. No one doubts that threats against Tesla dealerships were civil libertarian radicals, not recently-fired USAID bean counters.
- When Peter Theil's FBI handler, Johnathan Buma, went whistleblower a few months into DOGE, it wasn't about Theil. He saw a Russian active measure influencing Musk's inner circle. One of Kash Patel's first acts as FBI director was to order Buma arrested.
So, the commentary worrying about "big tech" was commentary within Y Combinator's sphere.
Is it genuinely your opinion that that activity (just look at all the equivocation!) constitutes a risk at the same level as alleged by the linked article?
This is exactly what I'm talking about. HN has a tunnel vision disease on this subject. "Yes yes, DOGE bros stole the SSA database, but let's please talk about how awful Google is." It's clinical at this point.
i'm not saying it's not like these big tech firms don't have their hands legally tied by NSA letters, but that's entirely divorced from whether i trust them to steward my data.