A 25-Year-Old Is Writing Backdoors Into The Treasuryās $6 Trillion Payment System. What Could Possibly Go Wrong?
Just months after we learned Chinese hackers had compromised US telecom systems through government-mandated backdoors, an inexperienced developer from Muskās DOGE unit is pushing untested codā¦
www.techdirt.com
āJust months after we learned Chinese hackers had compromised US telecom systems through government-mandated backdoors, an inexperienced developer from Muskās DOGE unit is pushing untested code directly into the Treasuryās payment infrastructure ā a system that handles over $6 trillion in federal payments annually.
It seems reasonable to call it one of
the most dangerous cyberattacks on the US government.
ā¦ [In response to questions] Treasury
responded with reassurances: just āread onlyā access, they claimed, with no ability to interfere with payments
ā¦ But while Treasury was making these claims, both Wired and TPM revealed a far more alarming reality: a 25-year-old DOGE team member named Marko Elez (who had refused to give any of his brand new colleagues his last name) had been granted something far beyond āread onlyā access ā he had
full administrator privileges to the system. Thatās the keys to the kingdom (or, rather, the kingdomās payments).
ā¦
And Elezās qualifications for this extraordinary level of access to our nationās financial infrastructure? According to Wiredās reporting, a mere three and a half years of experience since graduating Rutgers, split between SpaceX and ExTwitterās Search AI team. Neither position involved anything remotely close to handling critical financial infrastructure or government payment systems.
But it gets worse. Josh Marshallās reporting at TPM reveals something that I can already hear developers howling about, even through the internet: Elez isnāt just looking at the code ā
heās pushing untested changes directly into production on a system that handles trillions in federal payments:
Iām told that Elez and possibly other DOGE operatives received full admin-level access on Friday, January 31st. The claim of āread onlyā access was either false from the start or later fell through. The DOGE team, which appears to be mainly or only Elez for the purposes of this project, has already made extensive changes to the code base for the payment system. They have not locked out the existing programmer/engineering staff but have rather leaned on them for assistance, which the staff appear to have painedly provided hoping to prevent as much damage as possible ā ādamageā in the sense not of preventing the intended changes but avoiding crashes or a system-wide breakdown caused by rapidly pushing new code into production with a limited knowledge of the system and its dependencies across the federal government.
Remember Treasuryās reassurance that no payments would be blocked? That appears to have been, at best, aspirational. At worst, deliberately misleading.
Marshallās sources indicate that the code changes have a very specific purpose: creating mechanisms to block payments while hiding the evidence. ā¦ā
