CURRENT EVENTS - TAX DAY - April 19

[Duke Mu]

JFC. Many to most of the best molecular biologists are women today.

 

[Duke Mu]

Wait. I thought we were supposed to stop taking vaccines and use good nutrition. E. Coli and pesticides are good for you?

 

[nycfan]

Nearly 90% of Consumer Financial Protection Bureau cut as as Trump’s government downsizing continues​

Nearly 90% of Consumer Financial Protection Bureau cut as as Trump's government downsizing continues

The Consumer Financial Protection Bureau is being downsized by President Donald Trump. Roughly 1,500 employees will be cut from the CFPB, leaving around 200 people, according to an administration official who wasn’t authorized to disclose the figure publicly and spoke on condition of anonymity.

apnews.com

“… Roughly 1,500 employees will be cut from the CFPB, leaving around 200 people, according to an administration official who wasn’t authorized to disclose the figure publicly and spoke on condition of anonymity.

… Employees started receiving layoff notices on Thursday. Their access to agency systems, including email, ends on Friday evening.

“The Consumer Financial Protection Bureau identified your position being eliminated and your employment is subject to termination in accordance with reduction-in-force (RIF) procedures,” the emails said.

The CFPB was created after the 2008 financial crisis and subprime mortgage-lending scandal. The CFPB has been a top target of Elon Musk and his Department of Government Efficiency. Russell Vought, who runs the Office of Management and Budget, ordered the agency to stop nearly all of its work in February.…”

 

[nycfan]

Nearly 90% of Consumer Financial Protection Bureau cut as as Trump’s government downsizing continues​

Nearly 90% of Consumer Financial Protection Bureau cut as as Trump's government downsizing continues

The Consumer Financial Protection Bureau is being downsized by President Donald Trump. Roughly 1,500 employees will be cut from the CFPB, leaving around 200 people, according to an administration official who wasn’t authorized to disclose the figure publicly and spoke on condition of anonymity.

apnews.com

“… Roughly 1,500 employees will be cut from the CFPB, leaving around 200 people, according to an administration official who wasn’t authorized to disclose the figure publicly and spoke on condition of anonymity.

… Employees started receiving layoff notices on Thursday. Their access to agency systems, including email, ends on Friday evening.

“The Consumer Financial Protection Bureau identified your position being eliminated and your employment is subject to termination in accordance with reduction-in-force (RIF) procedures,” the emails said.

The CFPB was created after the 2008 financial crisis and subprime mortgage-lending scandal. The CFPB has been a top target of Elon Musk and his Department of Government Efficiency. Russell Vought, who runs the Office of Management and Budget, ordered the agency to stop nearly all of its work in February.…”

“… “To focus on tangible harms to consumers, the Bureau will shift resources away from enforcement and supervision that can be done by the States,” he wrote.

Problems with mortgages will be the top priority, while issues involving medical debt, student loans and digital payments will receive less attention, according to Paoletta. …”

 

[nycfan]

“… “To focus on tangible harms to consumers, the Bureau will shift resources away from enforcement and supervision that can be done by the States,” he wrote.

Problems with mortgages will be the top priority, while issues involving medical debt, student loans and digital payments will receive less attention, according to Paoletta. …”

 

[StrangePackage]

May be?

Jesus Christ people.

 

[nycfan]

 

[nycfan]

He must’ve had a flashback to 2020 gas prices …

 

[nycfan]

The building seems long overdue a redevelopment or at least a major renovation…

 

[nycfan]

 

[nycfan]

“White House officials are preparing executive orders that would strip some environmental nonprofits of their tax-exempt status, setting up a possible Earth Day strike against organizations seen as standing in the way of President Donald Trump’s push for more domestic oil, gas and coal production.

The effort, described by people familiar with the matter, comes alongside other administration moves to use the US tax code or government funding to single out groups that oppose the president’s agenda. It also follows years of scrutiny by congressional Republicans who have accused prominent green groups and other advocacy organizations of having ties to foreign governments and drawing funding from China.

… On Thursday, the president suggested that the White House could go further by revoking the tax-exempt status of other organizations, saying his administration will soon be “making some statements” about groups that are “so rich, so strong, and then they go so bad.”

The president specifically invoked the nonprofit watchdog group Citizens for Responsibility and Ethics in Washington, saying “the only charity they have is going after Donald Trump.” Separately, congressional Republicans in a hearing last year singled out Code Pink, the League of Conservation Voters and the Natural Resources Defense Council for scrutiny.

Any attempt to revoke tax-exempt status for prominent green groups would likely draw legal challenges, and it is unclear the effort would survive a court battle. …”

Trump Officials Weigh Earth Day Move Against Green Groups

White House officials are preparing executive orders that would strip some environmental nonprofits of their tax-exempt status, setting up a possible Earth Day strike against organizations seen as standing in the way of President Donald Trump’s push for more domestic oil, gas and coal production.

www.bloomberg.com

 

[nycfan]

“White House officials are preparing executive orders that would strip some environmental nonprofits of their tax-exempt status, setting up a possible Earth Day strike against organizations seen as standing in the way of President Donald Trump’s push for more domestic oil, gas and coal production.

The effort, described by people familiar with the matter, comes alongside other administration moves to use the US tax code or government funding to single out groups that oppose the president’s agenda. It also follows years of scrutiny by congressional Republicans who have accused prominent green groups and other advocacy organizations of having ties to foreign governments and drawing funding from China.

… On Thursday, the president suggested that the White House could go further by revoking the tax-exempt status of other organizations, saying his administration will soon be “making some statements” about groups that are “so rich, so strong, and then they go so bad.”

The president specifically invoked the nonprofit watchdog group Citizens for Responsibility and Ethics in Washington, saying “the only charity they have is going after Donald Trump.” Separately, congressional Republicans in a hearing last year singled out Code Pink, the League of Conservation Voters and the Natural Resources Defense Council for scrutiny.

Any attempt to revoke tax-exempt status for prominent green groups would likely draw legal challenges, and it is unclear the effort would survive a court battle. …”

Trump Officials Weigh Earth Day Move Against Green Groups

White House officials are preparing executive orders that would strip some environmental nonprofits of their tax-exempt status, setting up a possible Earth Day strike against organizations seen as standing in the way of President Donald Trump’s push for more domestic oil, gas and coal production.

www.bloomberg.com

“… An executive order singling out environmental groups could be among initiatives being readied for Earth Day next Tuesday, people familiar with the matter said. The timing and direction of the orders could change as different parts of the administration debate details.

…Nonprofit groups and philanthropies have been preparing for confrontations.

“Philanthropy has a strong view that the storm is coming their way,” said Scott Curran, the chief executive officer of Beyond Advisers, a social impact consultancy. Curran said he’s been working with organizations, especially those that have drawn opposition in the past, since last year to shore up their governance and compliance in preparation for increased scrutiny.”

 

[nycfan]

“… But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.

Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do. …”

 

[nycfan]

“… But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.

Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do. …”

“…
Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.

The whistleblower's account is corroborated by internal documentation and was reviewed by 11 technical experts across other government agencies and the private sector. In total, NPR spoke to over 30 sources across the government, the private sector, the labor movement, cybersecurity and law enforcement who spoke to their own concerns about how DOGE and the Trump administration might be handling sensitive data, and the implications for its exposure. Much of the following account comes from the whistleblower's official disclosure and interviews with NPR.

"I can't attest to what their end goal was or what they're doing with the data," said the whistleblower, Daniel Berulis, in an interview with NPR. "But I can tell you that the bits of the puzzle that I can quantify are scary. ... This is a very bad picture we're looking at." …”

 

[nycfan]

“…
Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.

The whistleblower's account is corroborated by internal documentation and was reviewed by 11 technical experts across other government agencies and the private sector. In total, NPR spoke to over 30 sources across the government, the private sector, the labor movement, cybersecurity and law enforcement who spoke to their own concerns about how DOGE and the Trump administration might be handling sensitive data, and the implications for its exposure. Much of the following account comes from the whistleblower's official disclosure and interviews with NPR.

"I can't attest to what their end goal was or what they're doing with the data," said the whistleblower, Daniel Berulis, in an interview with NPR. "But I can tell you that the bits of the puzzle that I can quantify are scary. ... This is a very bad picture we're looking at." …”

“… Across the government, 11 sources directly familiar with internal operations in federal agencies and in Congress told NPR that they share Berulis' concerns, and some have seen other evidence that DOGE is exfiltrating sensitive data for unknown reasons.

…Berulis says he was told by colleagues that DOGE employees demanded the highest level of access, what are called "tenant owner level" accounts inside the independent agency's computer systems, with essentially unrestricted permission to read, copy and alter data, according to Berulis' disclosure.

When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, the IT staffers were told to stay out of DOGE's way, the disclosure continues.

… About a week after arriving, the DOGE engineers had left the NLRB and deleted their accounts, according to Berulis' disclosure to Congress.




“… Regardless, that kind of spike is extremely unusual, Berulis explained, because data almost never directly leaves from the NLRB's databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, and there's only one noticeable spike of data going out. He also confirmed that no one at the NLRB had been saving backup files that week or migrating data for any projects. …”

 

[nycfan]

“… Across the government, 11 sources directly familiar with internal operations in federal agencies and in Congress told NPR that they share Berulis' concerns, and some have seen other evidence that DOGE is exfiltrating sensitive data for unknown reasons.

…Berulis says he was told by colleagues that DOGE employees demanded the highest level of access, what are called "tenant owner level" accounts inside the independent agency's computer systems, with essentially unrestricted permission to read, copy and alter data, according to Berulis' disclosure.

When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, the IT staffers were told to stay out of DOGE's way, the disclosure continues.

… About a week after arriving, the DOGE engineers had left the NLRB and deleted their accounts, according to Berulis' disclosure to Congress.




“… Regardless, that kind of spike is extremely unusual, Berulis explained, because data almost never directly leaves from the NLRB's databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, and there's only one noticeable spike of data going out. He also confirmed that no one at the NLRB had been saving backup files that week or migrating data for any projects. …”

“… They eventually launched a formal breach investigation, according to the disclosure, and prepared a request for assistance from the Cybersecurity and Infrastructure Security Agency (CISA). However, those efforts were disrupted without an explanation, Berulis said. That was deeply troubling to Berulis, who felt he needed help to try to get to the bottom of what happened and determine what new vulnerabilities might be exploited as a result.

In the days after Berulis and his colleagues prepared a request for CISA's help investigating the breach, Berulis found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information and overhead pictures of him walking his dog, according to the cover letter attached to his official disclosure. It's unclear who sent it, but the letter made specific reference to his decision to report the breach. Law enforcement is investigating the letter.

… Unknown users also gave themselves a high-level access key, what's called a SAS token, meaning "shared access signature," to access storage accounts, before deleting it. Berulis said there was no way to track what they did with it.

Someone had disabled controls that would prevent insecure or unauthorized mobile devices from logging on to the system without the proper security settings. There was an interface exposed to the public internet, potentially allowing malicious actors access to the NLRB's systems. Internal alerting and monitoring systems were found to be manually turned off. Multifactor authentication was disabled.

… Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected. He came to that conclusion, outlined in his disclosure, after he saw a traffic spike in DNS requests parallel to the data being exfiltrated, a spike 1,000 times the normal number of requests.

When someone uses this kind of technique, they set up a domain name that pings the target system with questions or queries. But they configure the compromised server so that it answers those DNS queries by sending out packets of data, allowing the attacker to steal information that has been broken down into smaller chunks.

… There are multiple ongoing cases involving Musk and the NLRB. For one, after a group of former SpaceX employees lodged a complaint with the NLRB, lawyers representing SpaceX, some of whom were recently hired into government jobs, filed suit against the NLRB.They argued that the agency's structure is unconstitutional.

… "DOGE is, whether they admit it or not, headed by somebody who is the subject of active investigation and prosecution of cases. It is incredibly troubling," she said.

Musk's company xAI could also benefit from sucking up all the data DOGE has collected to train its algorithms. Cybersecurity experts like Bruce Schneier, a well-known cryptographer and adjunct lecturer at the Harvard Kennedy School, have pointed to this concern at length in interviews and written pieces….”

 

[nycfan]

“… They eventually launched a formal breach investigation, according to the disclosure, and prepared a request for assistance from the Cybersecurity and Infrastructure Security Agency (CISA). However, those efforts were disrupted without an explanation, Berulis said. That was deeply troubling to Berulis, who felt he needed help to try to get to the bottom of what happened and determine what new vulnerabilities might be exploited as a result.

In the days after Berulis and his colleagues prepared a request for CISA's help investigating the breach, Berulis found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information and overhead pictures of him walking his dog, according to the cover letter attached to his official disclosure. It's unclear who sent it, but the letter made specific reference to his decision to report the breach. Law enforcement is investigating the letter.

… Unknown users also gave themselves a high-level access key, what's called a SAS token, meaning "shared access signature," to access storage accounts, before deleting it. Berulis said there was no way to track what they did with it.

Someone had disabled controls that would prevent insecure or unauthorized mobile devices from logging on to the system without the proper security settings. There was an interface exposed to the public internet, potentially allowing malicious actors access to the NLRB's systems. Internal alerting and monitoring systems were found to be manually turned off. Multifactor authentication was disabled.

… Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected. He came to that conclusion, outlined in his disclosure, after he saw a traffic spike in DNS requests parallel to the data being exfiltrated, a spike 1,000 times the normal number of requests.

When someone uses this kind of technique, they set up a domain name that pings the target system with questions or queries. But they configure the compromised server so that it answers those DNS queries by sending out packets of data, allowing the attacker to steal information that has been broken down into smaller chunks.

… There are multiple ongoing cases involving Musk and the NLRB. For one, after a group of former SpaceX employees lodged a complaint with the NLRB, lawyers representing SpaceX, some of whom were recently hired into government jobs, filed suit against the NLRB.They argued that the agency's structure is unconstitutional.

… "DOGE is, whether they admit it or not, headed by somebody who is the subject of active investigation and prosecution of cases. It is incredibly troubling," she said.

Musk's company xAI could also benefit from sucking up all the data DOGE has collected to train its algorithms. Cybersecurity experts like Bruce Schneier, a well-known cryptographer and adjunct lecturer at the Harvard Kennedy School, have pointed to this concern at length in interviews and written pieces….”

“… Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. The attempts were "near real-time," according to the disclosure. Those attempts were blocked, but they were especially alarming.

Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.

While it's possible the user was disguising their location, it's highly unlikely they'd appear to be coming from Russia if they wanted to avoid suspicion, cybersecurity experts interviewed by NPR explained.

On their own, a few failed login attempts from a Russian IP address aren't a smoking gun, those cybersecurity experts interviewed by NPR said. But given the overall picture of activity, it's a concerning sign that foreign adversaries may already be searching for ways into government systems that DOGE engineers may have left exposed.

"When you move fast and break stuff, the opportunity to ride the coattails of authorized access is ridiculously easy to achieve," said Handorf. What he means is that if DOGE engineers left access points to the network open, it would be very easy for spies or criminals to break in and steal data behind DOGE.

He said he could also see foreign adversaries trying to recruit or pay DOGE team members for access to sensitive data. "It would not surprise me if DOGE is accidentally compromised."

… The NLRB isn't alone in those concerns.

In over a dozen lawsuits in federal courts around the country, judges have demanded that DOGE explain why it needs such expansive access to sensitive data on Americans, from Social Security records to private medical records and tax information. But the Trump administration has been unable to give consistent and clear answers, largely dismissing cybersecurity and privacy concerns….”

 

[nycfan]

“… Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. The attempts were "near real-time," according to the disclosure. Those attempts were blocked, but they were especially alarming.

Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.

While it's possible the user was disguising their location, it's highly unlikely they'd appear to be coming from Russia if they wanted to avoid suspicion, cybersecurity experts interviewed by NPR explained.

On their own, a few failed login attempts from a Russian IP address aren't a smoking gun, those cybersecurity experts interviewed by NPR said. But given the overall picture of activity, it's a concerning sign that foreign adversaries may already be searching for ways into government systems that DOGE engineers may have left exposed.

"When you move fast and break stuff, the opportunity to ride the coattails of authorized access is ridiculously easy to achieve," said Handorf. What he means is that if DOGE engineers left access points to the network open, it would be very easy for spies or criminals to break in and steal data behind DOGE.

He said he could also see foreign adversaries trying to recruit or pay DOGE team members for access to sensitive data. "It would not surprise me if DOGE is accidentally compromised."

… The NLRB isn't alone in those concerns.

In over a dozen lawsuits in federal courts around the country, judges have demanded that DOGE explain why it needs such expansive access to sensitive data on Americans, from Social Security records to private medical records and tax information. But the Trump administration has been unable to give consistent and clear answers, largely dismissing cybersecurity and privacy concerns….”

“… Meanwhile, in a letter published on March 13 on Federal News Network, 46 former senior officials from the General Services Administration, one of the government agencies hardest hit by DOGE's cost-cutting efforts and that oversees nearly all federal buildings and purchasing, wrote that they believed "highly-sensitive IT systems are being put at risk and sensitive information is being downloaded to unknown, unvetted external sources in clear violation of privacy and data-protection rules."

… Trump issued an executive order urging increased data sharing "by eliminating information silos" in what's seen by experts like McClanahan as an attempt to give DOGE engineers further top cover in accessing and amalgamating sensitive federal data, despite laws concerning privacy and cybersecurity.

…
Berulis had a simple request for the DOGE engineers: "Be transparent. If you have nothing to hide, don't delete logs, don't be covert. ... Be open, because that's what efficiency is really about. If this is all a huge misunderstanding, then just prove it. Put it out there. That's all I'm asking."

But ultimately, if the systems that DOGE accesses are left insecure, it might not matter if its intentions are honorable, he concluded.

"This could just be the start of the operation. ... They still haven't crossed that boundary where they're plugged into every federal system out there," he continued. "So maybe there is still time."“

 

[nycfan]

 

[nycfan]

How Corey Lewandowski Became Kristi Noem’s Gatekeeper at DHS​

Trump’s former campaign chief is working as her de facto chief of staff despite White House concerns about their relationship​

https://www.wsj.com/politics/policy/how-corey-lewandowski-became-kristi-noems-gatekeeper-at-dhs-6c08d996

“… agency staff and Trump allies say he [Lewandowski] has used his close relationship with Noem to wield power—though he has no formal role at the agency. He has emerged as a gatekeeper for Noem, counseling her during her travels to meet with world leaders, weighing in on personnel decisions and advising on DHS contracts.

Lewandowski is serving as a special government employee, a status under federal ethics laws that permits private-sector employees to work inside the government without having to relinquish their outside salaries or investments. He is often the only person who accompanies her to meetings, according to people familiar with the department.

… Though Lewandowski had initially wanted to serve as Noem’s chief of staff, President Trump and his top advisers were uncomfortable with Lewandowski in that role, owing to tabloid reports of a romantic relationship between Lewandowski and Noem over the years, according to people familiar with the president’s thinking.

… Nearly three months into the administration, Noem’s chief of staff role remains vacant, and Lewandowski has established himself as a constant presence by the secretary’s side. …”

[The article also notes that Lewendowski promoted Noem as Trump’s VP and then for DHS, and that many on Trump’s team were surprised a decision was so suddenly made when Trump announced Noem as DHS Secretary]