DOGE Website Hacked
Outsourcing efficiency.
404’s Jason Koebler (“Anyone Can Push Updates to the DOGE.gov Website“):
The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”
Doge.gov was hastily deployed after Elon Musk told reporters Tuesday that his Department of Government Efficiency is “trying to be as transparent as possible. In fact, our actions—we post our actions to the DOGE handle on X, and to the DOGE website.” At the time, DOGE was an essentially blank webpage. It was built out further Wednesday and Thursday, and now shows a mirror of the @DOGE X account posts, as well as various stats about the U.S. government’s federal workforce.
Two different web development experts who asked to remain anonymous because they were probing a federal website told 404 Media that doge.gov is seemingly built on a Cloudflare Pages site that is not currently hosted on government servers. The database it is pulling from can be and has been written to by third parties, and will show up on the live website.
Both sources told 404 Media that they noticed Doge.gov is pulling from a Cloudflare Pages website, where the code that runs it is actually deployed.
I seem to recall a kerfuffle a few years back about conducting government business on a private website but the details escape me at the moment.
Yeah, but that time it wasn’t weaponization of the law against a political opponent, so unlike felony fraud in service of pornstar payments lawfare it was unforgivable.
“I am shocked and appalled,” she said deadpan.
Like the rest of you, I am shocked to discover that unvetted, patronage-appointed 18 to 24-year-old “tech geniuses” might not be the best at info-sec and cyber security. Remember these are also the folks who we know were cloning secure servers and getting read/write access to secured PII for the majority of registered people living in the country.
But hey, what are those boring, move slowly and securely skillz compared to they’re well-established excellence in… checks notes… edge lord racist shit posting and weaponizing Dunning Kruger.
I’m sure these 19-26 year olds took care to ensure that none of, say, the Treasury’s systems were exposed, along with any problems surrounding setting up a separate email server so that Elon/DOGE could send his copy + paste “fork in the road” email.
I am so, so surprised that a slapdash website set up in haste to drive traffic to a flailing social media platform owned by (checks notes) Elon Musk has security problems. /s
This is the problem with hiring conmen, they aren’t real big on the details.
All of those MAGA cult members who have been poo-pooing Elmo’s lack of security clearance can STFU, now, thank you.
Who would’ve thought such a crap government website would be built by a con artist whose Tesla Swasticars spontaneously combust?
Our banking and Social Security data is definitely in good hands with Musk’s unqualified, unvetted DOGE kids.
@Daryl:
“All of those MAGA cult members who have been poo-pooing Elmo’s lack of security clearance can STFU, now, thank you.”
They can, but they won’t.
Musk and his flying monkeys moved fast and already broke their own website.
Washington Post has a piece up that details who ~30 or so of the DOGE employees are.
Apparently, trashing the US government is a part-time gig:
Almost none of them have any governmental experience listed.
More at the link.
These godd@mn idiots:
Elon Musk’s DOGE Posts Classified Data On Its New Website
@Jen: A few years back my cubemate inadvertantly created a classified powerpoint slide using unclassified information he researched on the internet. He had his computer taken away for about 3 weeks. These guys should have their badges, access CACs, and everything else taken away. And forced to watch old Jeff and Tina cyber awareness videos for a couple of days.
@Jen: Well, in this instance Trump can lawfully (if foolishly) say that he has declassified it, and it is probably good enough. I’m curious about what will actually happen, though, and how it all plays out.
@Jen:
The link states the nazi in chief did not know the National Reconnaissance Office is an inteligene agency, even though XpaceS has contracts with that agency.
So, if he didn’t know, he’s too ignorant to do this kind of work. and if he did know, he’s too much of a moron.
But he’s a fascist who kisses the orange ass and gives nazi salutes. So, in MAGAt eyes he must be better than Jesus.
@Kathy:
Let’s face it, the whole operation has gone to the DOGeS.
I’ll show myself out.
@Jay L Gischer: Oh, I know. But the fact that it happened is a problem, and it’s exactly what I had suspected would happen at some point. These coding kiddies do not know the laws nor do they understand what they are looking at. And the next idiotic slip-up could be far more damaging (assuming foreign intel agencies haven’t already figured a way into our now-unprotected systems and are just taking whatever they want).
@Jen: Yeah, these particular geeks were picked for their quality of not caring about rules, but breaking as many rules as possible to get the job done.
I’ve had conversations with people around, “it isn’t enough to be smart, experience counts for something”. No 20-year-old believes that, though. Not until you start tossing them around the mat against their will (without injuring them, I hasten to add).
@CSK:
I’ve yet to decide whether the name of that department is meant to insult dogs or Venetian rulers.
Polish proverb:
“When you employ clowns, you should expect a circus.”
Entirely predictable things happen as was entirely predictable.
Tweenager coders are useful little creatures, as long as more experienced folks are around to compel them not to monkey about with live critical systems.
On pain of pain.
“Can I haz root, canni, canni?”
NO. Buggeroff!
@Jay L Gischer:
Oh, minor sprains, bruises and contusions are eminently educational.
@Kathy:
Given the oligarchic nature of the Venetian Republic, DOGE is really quite chuckleworthy, in an “oh well, might as well laugh as we slide into insanity” sense.
@Kathy:
I wonder about that as well. Given that Trump hates dogs, and has never heard of a doge, I would guess the former.
“Finding fraud” appears to be cover BS. They simply want to slash and burn under the aegis of “finding fraud”. Firing all the IGs is to make themselves the sole determiner of fraud, “truth”, and all that jazz, so it figures they would not look to secure their web-site. Having it structured so any one of their Whiz Kidz can post anything they think might be outrageous on it contributes to flooding the zone and was probably the first priority.