top US security officials are exposed through public apps, chats and data leaks. A tech aide on a US government efficiency team is linked to a cyber crime group and US defense contractor is fined 4.6 million for failing to meet cybersecurity requirements. This is cybersecurity today.
I'm your host, Jim Love. A new investigation revealed that personal information belonging to senior US security officials, including active phone numbers, email addresses, and linked social accounts, is easily accessible online raising concerns about national security and digital hygiene at the highest levels of government, according to Der Spiegel, the contact details of Trump aligned figures such as National Security Advisor Mike Walz, former Fox host, Pete Hegseth, and Director of
National Intelligence, Tulsi Gabbard, appeared in commercial data broker databases and previous breach dumps. Many of these phone numbers and email addresses are still active and linked to WhatsApp, signal, Dropbox, LinkedIn, Instagram, and even fitness tracking apps. But the exposure doesn't stop its static.
Data Wired reported that Mike Waltz's Venmo account was left public revealing a network of 328 friends that included White House chief of Staff Susie Wiles and National Security Council Official Walker Barrett. While no transactions were visible, experts warned that access to social graphs alone can aid intelligence mapping and targeting by hostile actors. These lapses have prompted calls for a review of personal cybersecurity practices among government officials.
Despite repeated warnings, many continue to use unsecured platforms or fail to lock down accounts that link directly to sensitive national security roles. The revelations follow an earlier controversy in which the same group of officials used a Signal group chat to coordinate potential airstrikes in Yemen. That chat inadvertently. Included the Atlantic Editor Jeffrey Goldberg, underscoring how even encrypted tools can introduce risks if misused.
A US defense contractor, Morse Corp, has agreed to pay $4.6 million to settle allegations of failing to meet cybersecurity requirements in its military contracts, and knowingly submitting false claims for payment . Based in Massachusetts, Morse Corp specializes in developing guidance and navigation technology for military vehicles. The company's cybersecurity shortcomings were brought to light through a whistleblower lawsuit filed by its former head of security under the False Claims Act.
federal Prosecutors outlined several cybersecurity failures by Morse, including Since 2018, Morse utilized a third party email hosting provider without ensuring the vendor met the Federal Risk and Authorization Management Program or FedRAMP moderate baseline as required in their contracts. Additionally, the contractor failed to confirm the email provider adhered to the Pentagon Rules for incident reporting, malware handling at forensic analysis and media preservation.
Morse neglected to fully implement all required National Institute of Standards and Technology or NIST cybersecurity controls, including measures critical to preventing network exploitation, or the exfiltration of controlled defense information. And in January, 2021, Morse reported a compliance score of 1 0 4 out of one 10 for its implementation of NIST Special publication 800 dash 1 71 Security controls.
However, a third party cybersecurity consultant later assessed the company's score at negative 1 42 indicating significant non-compliance as part of the settlement. Morse will pay 4.6 million but does not admit liability. The resolution underscores the government's commitment to enforcing cybersecurity standards among defense contractors to protect sensitive military information.
This case highlights the critical importance of stringent cybersecurity practices and accurate compliance reporting within the defense industry, and it serves as a cautionary tale for contractors about the potential legal and financial repercussions of failing to adhere to mandated cybersecurity protocols.
And finally, a 19-year-old staffer working on the US Department of Government Efficiency or Doge has been linked to a cyber crime ring accused of hacking, harassment, and theft according to a Reuters investigation, Edward Coine known online by the Alias Big Balls. Previously operated a tech company that supported the cybercrime group. eGodly Digital records show that Coristine's Company Diamond CDN, provided hosting and DDoS protection services to e godley's leak site
dataleak.Fun from late 2022 into mid 2023 In February, 2023, the group publicly credited Diamond CDN for its support on Telegram, thanking the service for helping keep their operations online. egodly has claimed responsibility for SIM swapping attacks, infiltrating law enforcement email accounts, and coordinating harassment campaigns.
In one case, the group allegedly published personal information belonging To an FBI agent and attempted a swatting attack, a hoax emergency call designed to trigger a heavily armed police response. While not all claims have been independently verified, a retired FBI agent confirmed the group's involvement. Coristine's ties to egodly have raised serious concerns due to his recent advisory roles with the State Department and the cybersecurity and infrastructure security agency CISA.
The proximity of someone with ties to a known cyber criminal group to US government networks is deeply troubling. Said Nitin Natarajan, former Deputy director of CISA. In the Reuters report, neither Coristine nor Doge representatives have responded to press requests for comment. The State Department and CISA have also declined to clarify co dean's current access or involvement in government operations.
Now, I wanna take a second to say, I don't wanna pick on some 19-year-old kid who's done some stupid things. God knows. When I was 19, I probably did a lot of stupid things too, But this kid has no business working in highly secured environments. the real problem is not the kid, It's that there are no adults in the room when it comes to US Government security. That's our show. The show is not political.
We're about security, but I couldn't say that these weren't the biggest stories in cybersecurity today. always interested in your opinion. Contact me at [email protected] Or leave a comment under the YouTube video. I'm your host, Jim Love. Thanks for listening.