Presidential pardons were a crucial check on the power of the courts. The Constitution was written to curb excesses of 18th century England.
I'd say we didn't use them nearly enough. And now they're being used exclusively for crime. Yet another sound idea turned against us. There just isn't any way to govern a nation which has a majority in favor of destroying democracy.
It's kind of like Russians throwing their oligarchs out of windows and then saying it's suicide: everybody knows who did it, and there won't be consequences. That in itself sends a signal: 'we can do this, what are you going to do about it? Nothing.'
I feel like "Being detected, making it obvious and still no consequences" is the Russian playbook, if we look at previous instances. It seems to be on purpose as far as I can tell.
> Berulis found that on March 3 one of the DOGE accounts created an opaque, virtual environment known as a “container,” which can be used to build and run programs or scripts without revealing its activities to the rest of the world. Berulis said the container caught his attention because he polled his colleagues and found none of them had ever used containers within the NLRB network.
Not at all: it says DOGE appears to have created a container in a place where containers were never created by NLRB. Tell THAT to someone who doesn't know what Docker is, and it is less informative.
I think it sounds a bit off in the same way as "Linux, a computer program commonly used by hackers, was found on the suspect's machine" does, though not to that extent.
It's not saying anything technically untrue, and emphasising the aspects it does arguably makes sense within the context of what the concept is being brought up for, but it comes across as an odd framing for people familiar with the concept in general (using containers for standardization/scaling/etc.)
It's only odd for people in the middle segment of "just smart enough to understand why you want containers, not experienced enough to understand how they work"
We use them for standardization and scaling exactly because they are opaque. I personally believe the explanation shows a deep understanding of the technology, but also a good grasp of what matters politically.
If you installed linux in a network that didn't typically have linux machines, and then had no accountability to what was running on said machine... yes, that would be suspicious and of note.
My point isn't that it couldn't be of note, but rather that - even when relevant - the phrasing makes for a strange-sounding definition to people already familiar with containers/Linux in a general context (and people who weren't familiar with containers/Linux might come away with that lopsided impression of them, even while having an accurate impression of how they were relevant to the article).
I think it could potentially be improved with a more general/typical definition first ("Containers are self-contained environments that bundle all dependencies a piece of software needs to run and are commonly used to streamline deployment across different machines, but can also ...")
And this guys how you get $200 per hour consultant say "I'm on my 15th sprint, still trying to figure out how to transform a CSV using powershell. Maybe next week it will be done."
From the email shown in the photo, it seems like DOGE was trying to build and run a docker container using Integuru (YC W24) https://news.ycombinator.com/item?id=41983409 to scrape the system
I was wondering when Y Combinator affiliated companies were going to show up to help DOGE dismantle democracy, and it looks like we've found the first instance.
This is a smoking gun. I'm a little shocked at how little MSM coverage
this is getting and the moral gymnastics some commentators are
performing to lend a veneer of innocence to this. It's an incident on
par with 1950s Cambridge ring [0] and I cannot understand why an
investigation team from the Pentagon are not all over this kicking-in
doors and taking names?
At this point I wonder if it's fear. They were able to cover the Clinton story because they knew no harm would come to them - the government wouldn't prosecute the press. But these stories, under this government, is the sort of thing where it could end up on the wrong side of an unchecked tyrant who is increasingly vocal about their desire to ignore due process.
The media companies ate so well and grew so fat covering the rise of fascism they didn't think what would happen when it finally gained power.
It's not about your union stopping them from pulling you out of bed, it's about what happens after that. Rumeysa Ozturk, the student who was abducted in Massachusetts was a member of a union and her union immediately sprang into action. Part of the reason this was national news so quickly was because her union took to the streets.
I think a part of it is simply that the space is absolutely flooded and the public becomes almost numb to it: This administration is so absolutely rampant with criminality, constitution shredding, and just rank incompetence that reports of more of the same just doesn't trend. I mean, it's similar to the fact that Trump lies about everything constantly -- even the most meaningless facts like his height and weight -- and soon it just isn't noteworthy that he continues lying about everything constantly. When Trump is caught in an obvious lie, which is basically a daily occurrence, he doesn't apologize, he doubles down, and this is his super power, at least among his incredibly stupid fans and base.
"But her emails" was when Hillary using a private server was actually so exceptional it was like the singular thing. Trump's crew of misfits and clowns and self-dealing grifters have turned the government into a circus. They're all insider trading, launching shitcoins, turning the WH lawn into a pathetic infomercial while your commerce secretary -- Howard "Used Car Salesman" Lutnick -- is pushing stocks.
There will be coverage, but it has little point. The information network in America is Centre, left and centre right orgs, and then there is the Hermetically sealed Fox and related ecosystem.
So even if 2/3rds of America decide this is too much, they aren’t sufficient to shift what is covered in the idea economy and the political economy.
I just found out there’s even a book that did the ground work to make this case, in 2018. (Network propaganda.)
This is the prime reason I recommend all democracies look beyond their current leaders and grapple with the structural issues caused by capture of the media ecosystem.
Do note - this isn’t an issue of bias. There’s a protectionist economy on the right, where reality is whatever storyline they need to share.
It's just docker containers. As a technical person I was confused reading that at least 3 times until I made the mental connection that it's docker containers. So yes you are right it's made to sound more opaque and nefarious than one would normally assume in our field. If they have a policy that says we can't run docker containers in network A or zone B then just say so but don't lie to make it sound like Russia Hackers. That's the kind of shit that makes fence sitters and reasonable people across the isle not trust your motives.
Anywho, this whole "opaque" or "untrusted" code running in a VM is the same lingo that big corporates use to gatekeep newer technologies that bypass traditional processes. E.g. "oh sorry you can't test locally because you need to use our officially licensed and expensive Oracle DB instance. Oh and BTW, you can't use the free container image that Oracle provides free of charge. It's running 'untrusted' code in our network." and endless variations of that.
I mean, just, Devil's Advocate, but it kind of was the consensus will of the people that voted. And we live in a democracy, so the people who didn't vote don't count.
That's the beautiful thing about democracy, you get exactly the government that you deserve.
Now I think about it, that can also be the terrifying thing about democracy as well, but you get the idea.
You deserve no better, nor any worse, than what you have.
This is a common refrain but logically empty. It implies, for example, that the minority deserves any hypothetical persecution by the majority simply for being fewer in number at the ballot box. Failing to convince the majority that your rights matter doesn't mean you deserve to be punished.
Hell no. A country in which the Citizens United decision is in effect is extremely less democratic than a country without such a corrupting influence in play.
"Now I think about it..." work on that some more going forward. The country is complicated and Democracy has grades. We're getting an F at the moment.
There are democratic procedures by which the people can go about changing citizens United. You apparently believe those procedures are not part of democracy, but they are.
That the people won’t take the decision, and implement the process to change citizens united, is the fault of the people, not of the democracy. Democracy simply provides the procedures. You make the decisions.
For instance, a lot of right wing people spent a lot of time stacking the court to do away with roe v wade. Democracy provided that possibility through procedures it put in place. That’s only one way to do away with citizens united. There are others. None of which you choose to avail yourself of. How is that the democracy’s fault?
When many people use the word "democracy" today, they're not referring to a system of government where laws reflect the will of the people as determined by votes. They're talking about Democracy, a civic religion where the rules match their own personal beliefs and the current-year beliefs of their class.
So in a Democracy, if the people vote for something different, that's anti-Democratic, and non-democratic methods may be required to fix Democracy.
Perhaps you'd like to put some more words in my mouth.
When I say Democracy, I mean a form of government in which political power is primarily seated within the common mass of people, as opposed to political power being with those who bribe, cheat, scheme, lie and bribe some more to achieve more political power than their fellow citizen. This tension puts democracy on a gradient, one which I believe is currently and firmly seated in corporate command of political power. I recommend you go read Democracy Incorporated to add a little more clarity and contrast to your world view.
If you think the way Roe v. Wade was killed reflects democracy in action, I don't think we will ever see eye to eye. "Democracy provided that possibility," no Democracy as we implement it failed to resist the authoritarian attack built on broken oaths. Did you and I watch the same confirmation hearings? That wasn't democracy.
Next I suspect you'll try to tell me the Brooks Brothers riot was also "democratic procedures."
Consider gerrymandering. It literally makes some votes count for less than others. Yet the only recourse is the courts, and if the courts are stacked, it means that minority elected by padding their votes in this manner can retain control despite will of the majority.
Ah yes, "democracy", voting once every 4 or 5 years and accepting whatever the government does because "we voted for them"... while disregarding 49% of the population (+ people who changed their mind) just "because". Some people have a really limited conception of democracy... You're electing representatives, not Lords and Kings lmao.
You're just a few steps away from a russian version of democracy if you define it so loosely in the first place
If enough people believe it, then you failed in your democratic duty to create an educational system that produces citizens able to separate fact from non fact. Relevance from irrelevance. And so on.
In a democracy, the educational system is a democratic practice. A civic duty. We could have changed our educational system to be better, we didn’t. That’s on us. We could change it now. We won’t. That’s a choice. A democratic choice.
The practice of democracy is not solely about voting. There are many democratic choices we make every day that concert to give us the government we deserve.
I’m sorry but in 2025 that type of thinking feels extremely naive. There is an education issue, but that’s such a detail compared to the level of propaganda, misinformation. People have been groomed by entire networks of misinformation for such a long time. It’s a complete take over of the democratic system, by nefarious actors, to their own benefit. Doing so fully in the open
Democracy is about how the people (demos) in a state or other community coexist by negotiating their individual and collective needs and priorities. Reducing it down to "you didn't vote so you don't count", or worse still, "you voted for the losing side so you don't count" is a gross distortion. Its not just about the vote, its what happens after that.
> That's the beautiful thing about democracy, you get exactly the government that you deserve.
This makes no sense. There isn't something out there that renders a singular judgement on what people deserve. There's only us.
Maybe in a perfectly functioning democracy, but the U.S. has been actively separating policy from politics maybe for my entire lifetime. Just for starters:
* The two-party system dominates the process, and actively excludes 3rd parties. Look into changing requirements for debate participation.
* The Democratic party argued in court that they have no obligation to use a "fair" primary to select candidates. This was in response to a lawsuit from donors claiming the party mislead them by tipping the scales against Bernie Sanders in 2016.
* Gerrymandering continues to enable parties to win large majorities in state legislatures while losing the popular vote at the state level.
* Many of our current troubles have been caused by the Supreme Court, which is not democratically elected.
* The Electoral College and Senate apportionment continue to give more power to voters in low-population states.
Everything you’ve listed here was a choice made ultimately via the process of following democratic procedures. Everything you listed can also be undone via democratic procedure. That we don’t use this democratic procedures to undo these structural impediments to fairness is a choice. A democratic choice that we make.
How, exactly, are our choices suddenly the fault of the democratic system?
Are you arguing that since voters elect representatives, voters are ultimately responsible for everything those representatives do, even if it is contrary to the interests and desires of those who voted for them? If the process is flawed, are the results not also flawed? Unless we started with a perfect system, and voters clearly chose to make it less perfect. That doesn't match the history I know.
No, it wasn't. It was what about half voted for. There was no consensus. Consensus means general agreement, not a small majority.
That they're elected by majority (never mind the indirections) is a key reason why it is important that the executive is not allowed to wield too much power unilaterally.
(And a key reason why the executive in most countries have far less power than a US president...)
America doesn't live in a Democracy, it lives in a bipartisan and increasingly sectarian dissolution of Democracy originally based on gerrymandering, now based on establishing Unitary executive theory through force.
Red Team/Blue Team isn't Democracy, its Oligarchy with extra steps - self-evident by the recent actions of an ultra-wealthy elite to shape political decision-making in ways that increase their wealth.
You need only look as far as the inauguration of 47 to be slapped in the face by the audacity of it - flanked by the Railway Barons of Silicon Valley - Elon Musk, Jeff Bezos and Mark Zuckerberg - and bolstered by Tim Cook, Sam Altman, and Bernard Arnault.
The Fair Representation Act - which would solve a plethora of issues in one act - served to establish independent redistricting commissions in all states to prevent gerrymandering, whilst simultaneously introducing the proportional STV system of elections like we have in Ireland
Cybersecurity is not my main field but this sounds beyond suspicious.
> Berulis [...] and his colleagues grew even more alarmed when they noticed nearly two dozen login attempts from a Russian Internet address (83.149.30,186) that presented valid login credentials for a DOGE employee account — one that had been created just minutes earlier. Berulis said those attempts were all blocked thanks to rules in place that prohibit logins from non-U.S. locations.
> “Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating,” Berulis wrote. “There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.”
Somehow each paragraph reveals something even worse than the last.
> Berulis [...] and the associate CIO were informed that “instructions had come down to drop the US-CERT reporting and investigation and we were directed not to move forward or create an official report.” Berulis said it was at this point he decided to go public with his findings.
Russian IPs are used, because russia won't help the american authorities with investigations. If I was an american and hacking into <whatever american thing>, I'd use russian IPs too.
Which is fine for the attacker here. All they need is to hit the login endpoint from an IP that's geolocated to the US. They don't mind if it's possible to trace it to their Russian IP. And that's roughly all that the VPN service sees. I explicitly mentioned Monero because I believe that when used properly, it wouldn't add any extra information.
Auth providers (like Okta for example) often do the geo-blocking at level 7 -- because if you know the login being used, you can then lock the account that is being accessed from a blocked region.
If you block outright an adversary has reason to try another IP. If you allow the attempt then show a standard "login failed" page they have less information to go on.
So the default behavior of a Fortigate is to allow you to apply an access policy to the VPN tunnel itself, which can easily be a geoblock, but the local-in policy where the remote is actually authenticating against the firewall is much harder to change.
Not saying this is a Fortigate or that the federal government didn't change the low effort configuration, but it's certainly not unusual, Fortinet is a huge presence.
Not necessarily. One could have a gov site allowing anyone to view it, but have stricter rules on a /login path, HTTP POST, auth header, or it could have been blocked by some compny-wide safety layer that manages this stuff semi-automatically.
But that's just a speculation.
Remember these are elons are script kiddie hackers, it only occurred to disable the outer firewall, azure ad will independently geoip block all by itself
Or, very unlikely but maybe, the DOGE employee used this new account to attempt to login via a Russian VPN just to test security. Still very unlikely, because they were not interested in security at all.
Lets be honest: they are compromised. Musk is compromised. Trump is compromised. They are all traitors who are selling America out. It took almost four decades but Russia is winning the cold war after all, without firing a shot.
I want to know why your comment isn’t flagged but any dissenting opinion or question from yours will be…. Is that in alignment with American values? Hmm…
He does owe Russia for the email hack and leaks that he publicly requested. Not to mention sticking it to Ukraine after they didn't find/fabricate evidence against the Biden family.
The article mentioned that traces of a few GitHub repos were found. One of the READMEs left behind described a tool used to create a multihop network to hide the original source.
Seems plausible that they could have used that tool when logging in and it happened to bounce off a Russian IP.
Haha, have you never worked with a prolific junior that wants power and openly questions everything you do, their role and any limitations you place on them. These kids won’t care it’s not their remit.
If the president is behind all that, there are proper command chains to deal with such a scenario. Democracy is about checks and balances. The US is by far not a democracy anymore, but still calls itself so.
The "proper chain" for this scenario is either Congress impeaching the president, or the vice president triggering the 25th Amendment.
Unfortunately, the Republicans in Congress refuse to do so and pretend that everything is fine, and the vice president is the president's lackey.
As far as I know, we don't have any other legal mechanisms to remove the president from his position as commander-in-chief. If you know of any, I'd love to hear more about them.
If I am testing a login I don't need 20+ failed attempts to know it's not working. Sometimes the simple answer is the correct one. The series of events does not read as someone, whose job has been reported to disable security and demand root access to systems, testing the already in place login system to make sure Russian IPs (specifically) can not log in.
- "“Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains,” Wired reported. “One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.”"
What is interesting to me is how those two things are mixing. Theoretically any one of us could own a russian domain and any one of us could get a job at NLRB (or another gov agency) but our jobs and our ownership of that domain are two entirely separate things.
What's interesting here is how these two things are seemingly mixing. At this point I have two pet theories:
- One of the DOGE staffers is a Russian agent: This one I'm putting in the camp of "highly highly unlikely" but still possible given those login attempts from Russia.
- The more likely theory is this is just some braindead attempt to "own the libs". If we look back 6-8 years to when all the Trump Russia stuff came out and turned into a nothingburger. This could be some idea like: "Yo I've got this VM in Russia, let's own the libs and make them thin the Russians are invading again!"
- It could also be completley innocouous. Like right now I have a Mullvad VPN setup on my machine that points to Algeria. Ubuntu will auto start this VPN at login. What if one of DOGE staffers just happened to have a VPN running with an exit in Russia when they tried logging in.
The Russian IPs may also be a ploy by people at DOGE to cause doubt about the security of the NLRB to get play at a court in order to not disclose company secrets required for cases.
I guess DOGE wanted to write a report how they saw Russian IPs login in but it back fired because the people at NLRB have proof DOGE created the accounts.
The level of faith that there's in some of those communities is... Cultish.
These days I was reading on effective altruism, sbf, ftx debacle and macaskill influence on sbf. It's weird how long it is possible to go to justify someone's actions
And that's what scares me the most about those ideologies. With their p(doom) they basically say oh an infinite damage may happen! And to prevent an infinite damage, of course everything is allowed. And that absolutely doesn't bode well for democracy. And of course it goes well with the oligarchy at the silicon Valley because they see themselves as saviors
This is silicon valley and particularly Musk's logic put into practice in the government. Look at how they talk about driverless cars.
"Automobile deaths are bad and numerous, we want to get rid of them with driverless cars, which will kill people in the course of their development, but that's okay because remember we told you about the deaths we will prevent in the future? Therefore we can expend as many lives as we want now because by doing so we will save infinite lives. This is why we must be permitted to operate beta robots on public roads."
The rationale continues on to starship and neuralink. We have to go to Mars to save humanity, therefore you must tolerate starships exploding and destroying the ecosystem over your house. We have to invent this important medical device to save people, therefore we must conduct morally gray research on implanting devices into human brains. The justifications and rationalizations are endless.
Radical utopians think the ends justifies the means. But the problem is, utopia never arrives, so we never get the ends, but we certainly get the means.
The same is (almost) true of radical anti-dystopians. The problem is that their p(doom) is... shall we say uncalibrated? It may be a case of tiger repellent. But while they're trying to prevent their "doom", the damage they do is real. And they're willing to do unlimited amounts of it, because doom is really bad.
The "almost" part is because doom is sometimes real. Hitler, for example, really happened. The problem is that in 1931, say, it wasn't obvious that Hitler was actually going to become what he became. (Yeah, I know, Mein Kampf had already been written. It wasn't obvious that Hitler was actually going to be able to pull any of it off.) So in 1931, what was p(doom)? The doom everyone was trying to avoid in 1931 was economic. They weren't worried about trivial (!) little problems like a guy with a funny mustache who once wrote a nasty book.
So the p(doom) crowd, even if they're right that doom is coming, still are often wrong about which doom is coming, and so their steps to avoid it are just causing damage, and not preventing doom at all.
> The problem is that in 1931, say, it wasn't obvious that Hitler was actually going to become what he became
1923 was the Beer Hall putsch. It was clear to those who knew what they were looking at and didn't agree with the goals.
In 2016 people predicted Trump wouldn't leave office peacefully, and they turned out to be right. But people said "no your p(doom) is too high, you're deranged." But they were not calculating p(doom) they were calculating p(doom | narcissistic psychopath). The posterior probability skyrockets when you factor in the person has the same personality disorder in leaders that has spelled doom countless times throughout history.
Hitler wasn't the first Hitler, people had seen his type before, and we will continue to see his type in the future. Know the signs, they're not hard to spot if you know what to look for. Pretty much if someone's main complaint is "those people" then you have a good idea what they're all about.
When they start calling "those people" murderers, drug dealers, rapists, terrorists, gang members, then it's a foregone conclusion what they're all about. Hitler told Germans who he was in 1920 when he started giving public speeches against Jews. Trump told us who he was in 2016 (and arguably for decades before). They had no excuses then, and we have no excuses this time. We see it coming.
There is an easy (but maybe incorrect) answer. People who give benefit of doubt in the face of obvious bullshit excuse are simply okay with alleged things happening. A stronger version of this claim is -- such people don't believe the bullshit excuse at all and want alleged things to happen.
But his suggestion that they're connecting from Russian IPs as a ploy to make the NLRB seem insecure with the plan of using that as a way to make it unable to prosecute cases, is that really giving them the benefit of the doubt?
Isn't that instead to suspect them of a nefarious plan to basically cripple labour law enforcement?
We can debate the finer points of intent. The situation is that whoever put them there is fine with the current risk of Russian (or whoever, seems to be a party going on) infiltration.
Going by Occam's Razor, you'd be correct. The scenario with the least assumptions is the DOGE people are using personal devices too much, one of which had already been compromised. Which makes sense from Russian intelligence's point of view: people who ignore security because it slows them down are easier targets, and people with credentials to multiple systems are more valuable targets. They wouldn't be able to resist when those are the same people.
It seemed to me that when trying to log back in they bounced through a Russian vpn to be able to have a mildly plausible explanation. But yeah, your story is simpler and even more disturbing.
I think you could go the other way with Occam's Razor here. If you observe an extremely Russia-friendly administration coming in and meticulously dismantling American soft power around the world, I think to say that there's no connection would be reaching.
Ignorance is not a defence. Unwilling accomplices are still accomplices. But nothing will happen to them. The reign of the oligarchy is bearing down fast.
I'm confused, are they Russian agents or wannabe oligopolists? Presumably it can't be both, as being part of the American oligopoly in an America that is subservient to Russia seems hardly worthwhile.
Nobody mentioned about subservience, simply incompetance, if contractor X is given a DOGE superuser account, while also having his entire network compromised, there is some responsibility on you for that.
My oligarchy comment stems from the fact that one of the largest private company owners in the US is seemingly allowed to take all of this potentially rival information at will, without even having to inform anyone what exactly they want to look at.
All because he's friends with the president, to me thats an oligarchy.
This entire subthread is about Musk et all "work for Moscow".
I guess I was also taking issue with your assertion that "unwitting accomplices are still accomplices", as that is generally not how it is viewed by courts of law or reasonable people.
Hmm, I’m not going to say musk is working with Russia or not, that’s a whole political thing that’s all opinion based until there are facts of course, but as for your view of the court system, INAL but there is “Federal Tort Act” that says you can sue the government for negligence but to be honest you’re probably right, nothing will happen anyway.
Perhaps I'm misunderstanding something but this could just mean their own equipment is compromised in some way. I wouldn't be surprised if they were using personal computers to conduct their work and downloading/executing any software they find on GitHub without regard for malicious code or supply chain attacks.
While bad in sensitive systems, breaking things seems preferable to blatantly giving account information to another country.
> There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.
I'm glad this is still being discussed. It seems like there are 4 main threads that we have to deal with right now as a society, and the severity of each means we have no time to deal with just one.
1. Breakdown of rule of law and political systems. Executive usurped Congress and is currently usurping SCOTUS. Both parties are dead. MAGA replaced the Republican party and Democrats are in the wilderness.
2. Destruction of the federal government through DOGE, which is this thread.
3. Destruction of the economy through tariffs and usurping the Federal Reserve by firing the Fed Chair, turning America into essentially a controlled economy.
4. Destruction of non-government institutions like law firms and academima which are power centers that could resist points 1-3.
The current Attorney General's brother is running for a seat on the Board of Governors of the Washington, DC bar. It is expected that he will carry water for Trump and Bondi and impede any sort of disciplinary action the DC bar may dole out to any attorney working for Trump.
Yet another way Trump has his lackeys putting a thumb on the scale.
This is a very important election and I'm surprised no one is talking about it. Maybe because only DC lawyers can vote but I would think dems would want national attention on this.
Yeah that's like a 5th thing: abusing all of the Article II powers to their maximum effect. We have to follow that thread because if the trends hold, we will see the US military being deployed against the US people within the next 3 years.
Is it me or does this sound like someone trying to create a Russia connection here? Why whould Russian intelligence do this so amateurishly? As if they want to get caught. - Cui bono?
I wouldn't rule out incompetence, but after the Nazi salute during the inauguration, I'd say it's a demonstration of power - "look at what I can do, and there's nothing you can do about it".
Or it's a 19 year old kid in Russia the DOGE kid met online, both of which do things for the lulz and have no idea how to properly secure their footprint.
Russia has absolutely no need to hide anything. Do you think they would face any consequences at all? And given the astonishing incompetence from DOGE, that its various staff members have been thoroughly compromised isn't remotely unlikely[1]. It doesn't even have to be Russian intelligence but could be any of the many hacking groups in Russia, and the IP noted (83.149.30.186) is a well known player in intrusion attempts.
Further, saying "someone trying to create a Russia connection" sounds rather incredible. The Russia connections have been so absolutely overwhelming at every turn that it's infinitely beyond deniable now.
Russia just had to be a predominately white nation that paid lip service to Christian nationalism and that hilarious show turned them into the US far-right's best pals. It would be nice if we moved beyond pretending this is conspiratorial when it has been in the open and stated in the open repeatedly for years.
[1] DOGE is completely disregarding all security norms -- they think it's an annoying slowdown to not just install whatever they want and to open whatever ports they want, etc -- so the likelihood that vast troves of US data has been exfiltrated by enemy states is approaching 100%.
The major powers are endlessly engaged in hacking operations against each other. This is just normal, and no one needs to "admit" to it for that reality to be true. The notable part of this story isn't that Russia tried to compromise a US system, but instead is that some Russian party (whether official or unofficial) apparently had DOGE credentials moments after they were created, which indicates that DOGE is thoroughly compromised. Which should surprise absolute no-one.
Look at what they did with the 2016 election. They hacked that too and didn't hide anything, but when they were accused by the US government they claimed innocence and blamed Ukraine. The allows Russian people to say "Look how awful those Ukrainians are for hacking America; and look at how awful America is for blaming Russia."
So they hack their enemy, and then use that to reinforce the false narratives they tell their own people. It's gaslighting at the national level. Russia is as if your emotionally abusive partner was your government. America is becoming the same.
The pattern has been that they don't particularly care about getting caught. The goal is to sow chaos, rather than any specific task. They like to goad you into making mistakes.
What do they want with NLRB days in the first place? Maybe they have an idea; maybe not. The goal is "we got your data, be worried". Getting caught furthers that.
I'm not so sure. Look at the bargaining power in geopolitics a country gets, when they know a certain country hacked them (Dem. hacks, Clinton email hacks, by Russia). It is always better to hide your tracks or to blaim someone else. Especially if it can be done easily.
I forgot about that, so what you are saying is that all these gop legislators that are suddenly pro Russia aren't true believers? That is maybe better.
The use of the nlrb data on the other hand is pretty clear. They had a number of ongoing cases against Musk's companies. Involving Russia is unnecessary to explain the motive.
The Russians assassinated someone on British soil using a radioactive agent that can only be made in nuclear reactors, and is incredibly expensive to extract and transport.
There are literally dozens of ways to kill a guy, if you must poison him, which are cheaper in every possible way and can be sourced locally by someone with the sort of basic chemistry knowledge an intelligence agency would have on payroll, or from a drunk undergrad.
Which is to say: Russia's MO has at no point been "subtlety", it's been vranyo: a lie they tell where you know they're lying, but are obliged to pretend the other party is not.
My humble personal hypothesis (so this could be totally completely wrong, because it's just an hypothesis) is that this is not about information, but about chaos. For the layman it seems connecting the dots is more than sufficient to get to a conclusion. As if somewhat tech adept people have been given very powerful tools, but not the entire oversight of what their actions might cause.
Yes, with a residential/mobile proxy. Russian proxies are cheap because they're blocked or heavily scrutinized by many interesting networks, due to the rampant and unpunished misbehavior of some people in Russia.
Would it make any sense at all for a government agency (DOGE) to buy shady residential proxies in order to log in to their super-admin accounts? No. Nearly every government bans foreign IP addresses from accessing internal systems. That leaves the question: why did that log-in attempt happen? There may be another explanation, but the only thing that comes to mind is that someone in Russia using a mobile internet connection tried to log in but forgot to enable his VPN before doing so.
I don't see a legitimate reason to require no logging either. If you're investigating things, you want your activities logged in a way you can't alter because it demonstrates how you found the evidence, and that you aren't just making things up.
Why would a representative of a US government agency use a Russian VPN with legitimate, freshly created login credentials? I'm confident this is against all the cybersecurity rules in place.
I also don't understand why the HN comment section is full of people trying to make excuses or explanations.
What I generally don't get, is that in so many hacks they state "this came from a Russina|Chinese|Iranian IP address", hinting that it came from that country probably.
Can someone in the security industry maybe elaborate if this makes sense or not?
We're firmly in the realm of 1984-type arguments: "The Party told you to reject the evidence of your eyes and ears".
It makes me sick we're even considering "trolling" as a motivation here but, given that we are, it's clear we're at the level of stupid that they would brazenly leak data to Russia. These people are not the best, they are not the brightest, and there's no reason to assume they are playing 4D chess when checkers is working for them.
That’s a naïve assumption that underestimates the capability of a party you clearly disagree and/or think poorly of. I’m not saying it’s happening, but I think it’s not an impossible scenario.
You really think DOGE as a whole couldn’t muster up the ability to route traffic via Russia? The engineers on the floor need to follow a relatively straightforward playbook.
Could they do it? Sure, it's not an impossible scenario, but what would be the reason for it outside of "trolling"? Both Occam's and Hanlon's razor fit easily here.
I think it’s reasonable to assume that a substantial portion of doge employees have roots in /pol/ which itself has roots in /b/. Elon literally carried a sink into Twitter on his first day, I’m sure there’s plenty of similar antics elsewhere.
This administration is almost blatantly pro-Russia. I don't think there's any need for a leak, you can just... be on their side. I mean, that's what the literal president does and no America-loving cowboys seem to care.
Something worth knowing is that "attribution" is extremely difficult.
Also "attribution engineering" is really quite easy and difficult to
see through.
Often the purpose of a hack is not to exfiltrate data or sabotage
systems but is exactly to direct blame (or sometimes
distract/misdirect)
Indeed in vault 5 of Snowden's NSA leaks an "attribution engineering
toolkit" was a interesting find. Malware is almost always engineered
to throw forensic investigators off the scent.
That all said, I think this incident happening in US gov, in the
current climate, without immediate urgent investigation is scandalous
and in itself an indicator of deeper and very serious skulduggery.
As a technical problem to correlate # bytes @ time is just a very simple and you don't need a PhD to solve. Its a matter of how many measurement points on the network you have available.
Having said that. I doubt they checked and who cares where it landed? Its out.
Occam's Razor on doge (and the admin as a whole) points to opportunist amateurs, fraternizing on bravado & loyalty while willing to entertain treason by jumping through hoops for why it can't bother them.
Looking for deeper layers is a distraction. Nostalgic even.
The more concerning part is the use of valid username/password combinations. Unless they literally set this up as root/root (not...as implausible as it should be but from the description it seems unlikely) then how did they get them?
(and even if that is what happened, it goes back into "holy shit how did that happen?")
I mean, honestly I wouldn't be amazed if one of the DOGE peoples' personal laptops (which I assume they were using, because no-one involved in any of this seems to have the first clue what they're doing) was compromised. If they saw outside login attempts within minutes of account creation, then, as you say, unless it was root/root or similar, presumably fairly realtime data exfiltration is going on _somewhere_.
EDIT: Also, given that the attacker had correct credentials and was only stopped by an _ip address_ check, we may assume that, unless the attacker was particularly incompetent, they likely got in.
There's no need to try and attempt to connect anyone, the entire thing is smelly enough.
Looking at the IP it might be a mobile connection.
> Russia
> MOW
> Moscow
> Moscow>
> 144700
> 55.7558
> 37.6173
> MegaFon
So, lets say it was one of the contracted private individuals that just happened to be travelling in RU for WHATEVER reason and wanted to test the login decided to just use their hotspot.
Given the level of incompetence here it wouldn't surprise me. But this is what whistleblowers are for, starting investigations. Now we will have to wait month and years of bureaucratic nonsense and legal challenges to every information request required for the investigation to even get started.
If one is using roaming, does it show the IP of locality they are actually in or the IP assigned to their home operator? I vaguely remember that it's the latter.
Why would you assume Ruzzian Intelligence if only IP address has been mentioned? Also, if it was such an agency, why wouldn't the supposed shiba-doge leaker/spy not provide them a warning that regional restriction firewall exists?
Go with the most probable case - one of the shiba-doge amateurs had a virus on his laptop, and after creating an account those credentials were automatically siphoned to some bot farm in the Ruzzian segment, from where a few automated attacks were initiated by a botnet, which were blocked by a regional firewall.
DOGE people were brand new to the infrastructure. (That's one of the criticisms - they're doing all this wild activity without really understanding the environment they're working in.) So they very plausibly would not know about the region-restricting firewall.
And then, they tried to get it shut off as soon as they found out it existed.
I would assume that mr. Berulis would mention taking down said firewall and the subsequent successful access from the foreign IP.
So far it seems that all the data was stolen by bulldoge people for the internal USA masters (Elon likely), at leas at the first step. And it makes sense, because Elon and his cronies do profit from the NLRB info and have a preexisting history attacking them. While at the same time Ruzzians probably won't have any use from the data itself, and planting backdoor to the system would be done in a more quiet way. As it stands now, that whole system would need to be sanitized after the dog invasion, and all backdoors will be destroyed most likely.
>Why would you assume Ruzzian Intelligence if only IP address has been mentioned?
because they have a theoretical capability to get the credentials that were being used and would love to have a database dump to figure out what to do with it later. The botnet explanation is also plausible, but not mutually exclusive.
Assuming the policy wasn't known and it wasn'teant to be seen. But either way... Backdoors in bleb starlink access points surreptitiously added to the roof of the gsa, how would you ever begin to undo this level of compromise?
DOGE needed to hide its activities while it collected data for the president so that the private citizens chosen by his associates can run analytics on it offsite and decide which cases to pursue. And Russia has a login because they are friendly to the new era of American interests.
It sounds so stupid, I can’t believe people still support this madness…
at what point does it make sense to say “maybe you don’t deserve the benefit of the doubt” because it sincerely feels well past that point by all measures.
I read that comment as a steelman of the position that this is genuine anti-corruption activity, and pointing out via doing so that even if you give them an incredibly unwarranted amount of good faith, it still doesn’t make any remote amount of sense.
Sorry, I don’t follow? Why did it need to hide its activities to run analytics? What statistical analytical purpose is served by wiping logs and removing logging?
Since we’re spitballing, Why not try giving them the opposite of benefit of doubt, as well? Something like, the administration is clearly compromised by Russia and hired a bunch of low status hackers, and we’re seeing massive bombs being dropped all over our cybersecurity defenses?
Yeah I've seen a few HN people try and defend undefensible things, citing they are "steelmanning"... but nobody asked them to. Same with "playing devil's advocate". It's fine in philosophical debates I suppose, but it's not necessary in a lot of cases.
Second, if you are the "playing devil's advocate" type, make sure your post contains your real, own, personal opinion. You can't just go say morally objectionable things and brush it off as that.
It's all terrible, but it pales in comparison to the fact that the government can now disappear people to a gulag in El Salvador with no due process. I know that comparative suffering isn't a good litmus test for one situation vs another, but I'll take my data being stolen over a life sentence in an offshore prison without a trial any day of the week.
On the gripping hand, just because Bush, our greatest war criminal (derogatory), did something doesn't mean that Trump should. If anything, he should have learned why it's a bad idea.
The point is that what we're witnessing is the logical end result of the preceding decades of giving the federal executive more and more unchecked power (it didn't start with Bush, either).
Trump is indeed uniquely bad in many ways, but the reason why he can do so much damage is because he was given access to the tools accumulated by previous presidential administrations.
I hope that we'll learn our lesson once this is over. But I'm also skeptical.
It's almost like all those people who said the federal government's post 9/11 power grabs set a bad precedent and moved us incrementally further down various slippery slopes were right.
This is true, important, and it's also important to recognize how long it was left open by both sides. "Imperial rebound" is very real. If you create a special extra-legal space which allows you to abuse people, it will expand.
First they came for enemy combatants, called them terrorists, shipped them to a torture prison abroad, stripped of all rights and still keep some there despite not having them convicted. But I'm not an enemy combatant, so I didn't care.
Then they care for immigrants, called them enemy aliens, shipped them to a torture prison, stripped them of all rights despite not having anybody convicted, but I'm not an immigrant, so I don't care.
It seems they’ve learned their lessons on Guantanamo: That was too much hassle with the legal battles so now they just cut them loose with a shoulder shrug and a “no jurisdiction” fig leaf.
Musk is heavily anti Union. He’s running DOGE. They exfiltrated highly confidential data from the National Labor Relations Board, which oversees things like labor disputes.
This is all under the auspices of Trump, which is figuring out how to get away with ‘deporting’ US citizens to El Salvador without due process.
Connected the dots yet? How long do you think until union organizers are getting black-bagged in the middle of the night and disappeared to El Salvador? A month? Less?
Unless the stolen data is being used to compile lists of enemies of the state to send to the gulag. Like are any of these troublesome trade unionists immigrants? Time to send them to the gulag, solves two problems at one - that’s efficiency!
Unfortunately close to a new lawsuit where a H1B employee at Tesla reported a serious safety issue and Musk allegedly threatened to deport her entire team..
> About a decade ago, engineer Cristina Balan called out a safety concern about a design flaw on a Tesla vehicle. Shortly after, Balan says she was forced to resign. Now, she's explaining the leverage Tesla allegedly used to get her signature.
> At Tesla CEO Elon Musk's own request, Balan went straight to the top to solve a problem in 2014, which involved floor mats in the Model S curling near the pedals, affecting braking. But instead of being granted a meeting with Musk, "HR and the legal department had another plan for me," Balan said in an interview with Times Radio over the weekend.
> "They told me that if I'm not resigning on the spot, they will deport my entire team…because the entire interior team was backing me up," said Balan, who is from Romania and has said many of her team members were waiting on green card applications. "And their plan—Tesla's plan and legal department plan—was to convince the entire team and myself to close the internal investigation that we opened in the company to fix a serious safety issue." Notably, Tesla has been among the leading employers of H-1B visa holders, who perform work in specialty occupations.
Fun fact to consider: when you apply for citizenship, you have to list which organizations you're a member of on the form you submit to USCIS. This includes trade unions and political parties and such. Failure to complete that form truthfully is potential grounds for denaturalization in the future (on the basis that citizenship was obtained through fraud and thus was never valid). Given that this administration has already talked about denaturalization a lot, I wouldn't put it past them to cross-reference those forms with any databases they can get their hands on.
Yeah but these things are not unrelated. This whistleblower is now risking being disappeared, and that will affect the calculations of all the other people considering blowing the whistle on the many other baldly illegal things this administration is doing.
Seen from afar; it seems that Trump is so close to absolute power that he can simply brush off what should be scandals with real consequences. How _everyone_ survived the Signal scandal blows my mind
It's shocking how prescient this quote is turning out to be. There's a significant chunk of the US voting population that is willing to forgive effectively anything Trump might do, no matter how distasteful, illegal or unconstitutional it gets.
Using the DoJ to go after his perceived enemies. Mob boss protection rackets against universities and law firms. Revoking visas for traffic violations...or nothing at all. Putting people into a foreign prison camp without a chance for due process, and refusing to do anything about the inevitable errors and rights violations that result. Eliminating oversight roles and agencies, enabling grift, theft, and fraud for himself and his friends. Selling cars on the White House lawn. Hiring incompetent people and not firing them when they inevitably do incompetent things (looking at you, Hegseth and RFK Jr). Refusal to admit failure or error regardless of how obvious it is. Constant lies about what he has accomplished. Destroying the US economy with erratic and unstable tariff policies. And so much more...
> There's a significant chunk of the US voting population that is willing to forgive effectively anything Trump might do, no matter how distasteful, illegal or unconstitutional it gets.
One of my friends posts almost daily impassioned screeds against Trump. One, yesterday, was about him "handing our country to DOGE on a silver platter, to privatize for the benefit of his friends".
Someone replied:
> Once the systems are torn to shreds, we will need to build new systems that serve ALL of us. We may not like or agree with what is happening, but it’s more effective to come together and work toward building what you want, than it is to fight against what you don’t want.
They completely misunderstand or are in denial or have been deceived (or some combination of the above) into thinking this is the tear down, and Trump will build back something for everyone.
They are completely ignorant to the fact that there is no WE in Trump's plans, just "ME".
Yet he literally can't get existing laws to be policed and acted on by government officials. Hardly absolute power when judges brush off his work left right and center.
Yes judges still apply the law. But so what? Trump just ignores their verdicts. And its all fine and dandy, because he is a cult leader, and his followers are now everywhere.
I’ve been noodling this argument ever since November, and I am pretty confident now that America has a fragile, asymmetric information economy.
Most Americans on the right live in a protected information market. I am not talking about media bias — both sides have that. The issue is deeper: on the right, the marketplace of ideas has been captured. There's no free trade between ideas, only ‘subsidized’ narratives and ‘tariffs’ on dissent. That’s how Trump — or anyone like him — thrives. Realists, by contrast, get priced out.
This isn’t culture war stuff, this is structural failure. The traditional metaphor of American free speech — the Holmesian "marketplace of ideas" — breaks down when one side captures the market.
There is no competition of ideas when there is no fair fight.
If you’ve got a couple of million bucks to spend, my guess is start buying up and supporting local news channels in the rust belt, and then let them work on whatever they want to work, as long as they can show actual independence.
Or perhaps gift people subscriptions to things like groundnews or something. I don’t know if theres any science that shows it effectively diversifies information consumption of its users.
I don’t know what the napkin math is for a tipping point, but I suspect its not as expensive as litigating an entire administration.
Interesting theory. I'd venture that there is an element of selection happening though rather than just a structural flaw. i.e. The people aren't so much trapped in this captured market but rather actively opt in.
I believe you would be right. The structural case is made in Network Propaganda. One of the authors has another paper/article (1) that summarizes this and supports your point. I don’t see any sustainable future for America, or any other nation, unless this market is rebuilt.
To argue the case - while there is definitely an aspect of choice, opt-in matters less if your options are limited.
Because the impeachment attempts failed, the legal cases against Trump mostly failed, the Supreme Court inoculated him from further prosecution, and he got reelected.
The checks and balances have all been used up and failed.
America is being hacked by Russians while the authorities are watching, and nobody is doing anything to prevent it. Trump is obviously more involved in Russia's "greatness" than America's. It seems the cloud data nightmare - "[...] What if Adolf Hitler had access to all the data that is available today [...]" - is coming true. Perhaps we are witnessing the beginning of the end of "all things cloud."
How do you stop kleptocracy from destroying democracy?
The USA is an authoritarian country de facto now, though there should be a lot of rail-guards, which should prevent this from happening ... Nobody cares?
People want it as long as it's used against their enemies. The "anti-woke" propaganda, and the anti-immigrant propaganda, have been incredibly effective. People are demanding a police state so it can be used against "MS-13".
We can't stop it. All we can do is try to stay alive until they are satisfied they have extracted everything of value, and then rebuild from whatever is left.
While we should not elect influential people, we want persuasive, charismatic people in office. Catch 22. But I much prefer presidential candidates I'd never heard of before the campaign cycle began to any celebrity.
But putting someone massively influential in the executive branch, so influential that they've negated the entire legislative branch, has crippled our guard-rails / checks and balances.
Just about every Republican member of congress cares more about what Trump will do if they do not fall in line. To be sure, the overall issue of partisanship does cross the aisle, and has been an issue for decades. But being quite so beholden to the President over constitutional rules and law is largely a new and devastating phenomena.
Protests need to be disruptive in some way to be effective, not just performative. Marching with banners doesn't do anything because, well, why should they care?
This whole article reads like a comedy. Hidden accounts, login attempts from Russia (they can't afford IP addresses elsewhere?), and then there is this:
"Berulis told KrebsOnSecurity he was in the process of filing a support ticket with Microsoft to request more information about the DOGE accounts when his network administrator access was restricted. Now, he’s hoping lawmakers will ask Microsoft to provide more information about what really happened with the accounts."
Why does Microsoft have login and account information for a government institution? I'd prefer a mainframe without Windows or Internet access in the basement.
1. "Russian IPs" give them plausible deniability for people who are Pavlovian for that soundbite. 2. Plausible deniability no longer required for an administration with components that are obviously Kremlin influenced.
apparently? JEDI and Wild and Stormy were two programs just from the DoD and NSA that were 20 billion USD.
AWS, Azure, Oracle, SUSE (via Rancher) and I am sure GCP all have confidential & classified (C/S/TS) clouds, as well as lower FedRAMP clouds to get that sweet sweet federal money.
Not sure what questions it raises, it has been a thing for decades.
> Who handles physical security and what sort of place is it located that it can house that kind of data?
In general, the cloud/systems operator, in conjunction with the launch customer will build a dedicated facility for the classified stuff, and for the controlled stuff may have a dedicated facility, or have segments of the DCs in the US with extra security. for the classified stuff, there is a pretty rigorous list of requirements for the DC, and for any NOC that operates the service.
> To what degree is the federal government subsidizing Amazon's retail dominance?
A fair bit, but they are just like any big customer - just with higher margins. I think that was part of the reasoning for breaking up JEDI after AWS got it - the administration at the time hated the AMZN leadership, so wanted to remove money firehose from them and give it to others.
> login attempts from Russia (they can't afford IP addresses elsewhere?)
There’s some history of Russian intelligence being rather blatant here (presumably deliberately, as a way of making a statement). Remember Guccifer 2.0? That persona not only used a Russian ip address, but one which was _assigned to the GRU headquarters building_.
Lots of government employees are committing real-deal, federal penitentiary crimes here. While Trump is in power, they won’t be convicted, much less investigated.
How much incentive do they have to continue to commit as much crime as possible in order to keep Trump in power?
Every single story you read about these sorts of things os not only a horrible violation of constitutional rights and the rule of law, it is the creation of an army of incredibly dangerous people who desperately want trump to remain in power and can commit crimes with impunity in order to keep him there.
This is not about cyber security, this is about getting union activity data to the oligarchs. Russian IP's are a useful, probably unintentional, nugget that distracts people from what happened here.
Labor actions is the most powerful tool that ordinary people have and this is an effort to take that away. Citizens are already being kidnapped. Dissenter legal immigrants are being dissappeared.
Anyone that believes the administration is doing any business other than seizing more power is a useful tool.
It is also about cyber security. These people were following pretty good practices for what I'm guessing was a shoestring budget. Having this as a potential threat model is enlightening.
Edit: but yes, that is a bit in the noise compared to the attempt to end democracy in the us that is underway. If some combination of protests and judicial action manage to wake up congress to act for country instead of party, maybe we could use the momentum to do something good. I'd recommend closing the attack vector in our electoral system that creates two parties that can be so easily polarized against each other. Ranked choice voting and proportional representation or mmp for both house and electoral college would probably generate 4-8 parties and wouldn't require any amendments. Just 60 votes to allow the pr/mmp and then the hard part of convincing all the states to implement it in unison rather than delay to give their dominant party advantage.
US Politics is World Politics. Almost everything we do immediately effects the rest of the world. They have a vested interest in our governance, or lack there of.
Maybe adding a tariff for our comments and upvotes would solve the problem? Premium bandwidth tariffs since these bytes crossed the Atlantic to reach you.
I move past, and don't click on, articles I don't care about all the time. That approach takes a lot less time/effort than it does to click on them and post something about it. Doing that also means that they leave my mind almost instantaneously, rather than sticking around in my head after having thought about what to say.
This is clearly relevant to HN (cybersecurity) and seems like a very straight-news recitation of the facts to me. Where do you see bias? It is not "biased" simply to report on what the government is doing.
> HN is its community, and the community is speaking loud and clear about its allegiance.
This seems to be over-simplifying. Flagging only requires some flat amount of flags for a post to be [flagged], meaning a small minority can shut down discussion on these topics even if some small subset of that minority is flagging a given post. The first tracks with all of the posts being flagged and the second tracks with moderator claims (which I personally believe) that there is not an obvious brigade of users doing the flagging.
Regardless of all of the posts being flagged, there seem to be many still who find them and think they should not have been flagged. That suggests to me that there is a sizeable portion of the community with either a more friendly allegiance or none at all.
Removing admin from people who don't need it is 100% the correct thing to do according to any IT guidelines you could quote. And of course, every single user will whine that they're special and really really need it.
With regards to the rest of the article, there's definitely stuff to be investigated here but I don't see the investigation yet.
"Removing admin from people who don't need it is 100% the correct thing to do"
Indeed. And if you look at the picture of the email from the deputy CIO he mentions SCuBA (see here: https://www.cisa.gov/resources-tools/services/secure-cloud-b...). Cleaning up unnecessary admin roles is exactly the kind of thing that CISA itself is requiring agencies to go in and do.
> Removing admin from people who don't need it is 100% the correct thing to do according to any IT guidelines you could quote. And of course, every single user will whine that they're special and really really need it.
You assume that "suddenly none of the IT employees at the agency could do their jobs properly anymore" is whining and not substantial?
Shouldn't be least privilege principle a culture (a standardised and automated process) and not something that happens ad hoc?
Yes I do assume that... I've worked in IT for a long time. That phrase in a ticket would be an immediate eye roll from me. A lot of the quotes in the article trigger my eye roll reflex actually. But there is some stuff in there that warrants an explanation/double check to be fair.
You’re focusing on the wrong thing. You’re not wrong but why is this the bone to pick? The big story here is that priv accounts were created, shortly thereafter they were being utilized from Russia, and data exfiltration occurred.
And the only effective negative stimulus here is locking up people in jail and/or violent action.
Which no one in the opposition will allow anyone in the opposition to do. Potentially for good reason (it would make them a legitimate target for violent retribution), but which just means the war was lost before it started.
Which is why people aren’t fighting back much either - because the smart ones are looking at the score going ‘I’m just going to get murdered fighting a war you already lost because you refuse to let anyone use weapons that will work’.
> “Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level of access,” Berulis wrote of their instructions after that meeting.
What exactly sounds unbelievable? Considering Berulis was an administrator and DOGE requested administrator accounts, they'd both have the ability to turn on/off logging as they wish, wouldn't they?
470 comments
[ 6.3 ms ] story [ 330 ms ] threadTrump will pardon anyone on his team.
The existence of Presidential pardons is a disgrace. There is no pretence of the rule of law.
Make no mistake the 'kids' in doge will be the first to be thrown under the bus
I'd say we didn't use them nearly enough. And now they're being used exclusively for crime. Yet another sound idea turned against us. There just isn't any way to govern a nation which has a majority in favor of destroying democracy.
The article only mentions a Russian IP.
That’s a great idea!
This feels funny to read, for some reasons.
Where's the technical ignorance?
It's not saying anything technically untrue, and emphasising the aspects it does arguably makes sense within the context of what the concept is being brought up for, but it comes across as an odd framing for people familiar with the concept in general (using containers for standardization/scaling/etc.)
We use them for standardization and scaling exactly because they are opaque. I personally believe the explanation shows a deep understanding of the technology, but also a good grasp of what matters politically.
I think it could potentially be improved with a more general/typical definition first ("Containers are self-contained environments that bundle all dependencies a piece of software needs to run and are commonly used to streamline deployment across different machines, but can also ...")
They intentionally turned off logging. Only attackers and criminals do that.
[0] https://en.wikipedia.org/wiki/Cambridge_Five
Then of course they are surprised nobody takes them seriously anymore
The media companies ate so well and grew so fat covering the rise of fascism they didn't think what would happen when it finally gained power.
https://www.whitehouse.gov/fact-sheets/2025/04/fact-sheet-pr...
The Cybersec one is Brian Krebs
You do not need russian attacks either, people in US leaking all sort of data every year.
"But her emails" was when Hillary using a private server was actually so exceptional it was like the singular thing. Trump's crew of misfits and clowns and self-dealing grifters have turned the government into a circus. They're all insider trading, launching shitcoins, turning the WH lawn into a pathetic infomercial while your commerce secretary -- Howard "Used Car Salesman" Lutnick -- is pushing stocks.
So even if 2/3rds of America decide this is too much, they aren’t sufficient to shift what is covered in the idea economy and the political economy.
I just found out there’s even a book that did the ground work to make this case, in 2018. (Network propaganda.)
This is the prime reason I recommend all democracies look beyond their current leaders and grapple with the structural issues caused by capture of the media ecosystem.
Do note - this isn’t an issue of bias. There’s a protectionist economy on the right, where reality is whatever storyline they need to share.
The same Pentagon, which is current run by this person? https://apnews.com/article/hegseth-signal-chat-houthis-attac...
As others have said but I can't reply to, it's because the Pentagon is run by a traitor and they stop any investigations under threat of dismissal.
But I hope people are keeping notes and will come forward, so that all of these people will face the consequences.
Anywho, this whole "opaque" or "untrusted" code running in a VM is the same lingo that big corporates use to gatekeep newer technologies that bypass traditional processes. E.g. "oh sorry you can't test locally because you need to use our officially licensed and expensive Oracle DB instance. Oh and BTW, you can't use the free container image that Oracle provides free of charge. It's running 'untrusted' code in our network." and endless variations of that.
That's the beautiful thing about democracy, you get exactly the government that you deserve.
Now I think about it, that can also be the terrifying thing about democracy as well, but you get the idea.
You deserve no better, nor any worse, than what you have.
"Now I think about it..." work on that some more going forward. The country is complicated and Democracy has grades. We're getting an F at the moment.
There are democratic procedures by which the people can go about changing citizens United. You apparently believe those procedures are not part of democracy, but they are.
That the people won’t take the decision, and implement the process to change citizens united, is the fault of the people, not of the democracy. Democracy simply provides the procedures. You make the decisions.
For instance, a lot of right wing people spent a lot of time stacking the court to do away with roe v wade. Democracy provided that possibility through procedures it put in place. That’s only one way to do away with citizens united. There are others. None of which you choose to avail yourself of. How is that the democracy’s fault?
So in a Democracy, if the people vote for something different, that's anti-Democratic, and non-democratic methods may be required to fix Democracy.
When I say Democracy, I mean a form of government in which political power is primarily seated within the common mass of people, as opposed to political power being with those who bribe, cheat, scheme, lie and bribe some more to achieve more political power than their fellow citizen. This tension puts democracy on a gradient, one which I believe is currently and firmly seated in corporate command of political power. I recommend you go read Democracy Incorporated to add a little more clarity and contrast to your world view.
Next I suspect you'll try to tell me the Brooks Brothers riot was also "democratic procedures."
> None of which you choose to avail yourself of.
Oh piss off.
You're just a few steps away from a russian version of democracy if you define it so loosely in the first place
In a democracy, the educational system is a democratic practice. A civic duty. We could have changed our educational system to be better, we didn’t. That’s on us. We could change it now. We won’t. That’s a choice. A democratic choice.
The practice of democracy is not solely about voting. There are many democratic choices we make every day that concert to give us the government we deserve.
Democracy is about how the people (demos) in a state or other community coexist by negotiating their individual and collective needs and priorities. Reducing it down to "you didn't vote so you don't count", or worse still, "you voted for the losing side so you don't count" is a gross distortion. Its not just about the vote, its what happens after that.
> That's the beautiful thing about democracy, you get exactly the government that you deserve.
This makes no sense. There isn't something out there that renders a singular judgement on what people deserve. There's only us.
* The two-party system dominates the process, and actively excludes 3rd parties. Look into changing requirements for debate participation.
* The Democratic party argued in court that they have no obligation to use a "fair" primary to select candidates. This was in response to a lawsuit from donors claiming the party mislead them by tipping the scales against Bernie Sanders in 2016.
* Gerrymandering continues to enable parties to win large majorities in state legislatures while losing the popular vote at the state level.
* Many of our current troubles have been caused by the Supreme Court, which is not democratically elected.
* The Electoral College and Senate apportionment continue to give more power to voters in low-population states.
How, exactly, are our choices suddenly the fault of the democratic system?
No, it wasn't. It was what about half voted for. There was no consensus. Consensus means general agreement, not a small majority.
That they're elected by majority (never mind the indirections) is a key reason why it is important that the executive is not allowed to wield too much power unilaterally.
(And a key reason why the executive in most countries have far less power than a US president...)
Red Team/Blue Team isn't Democracy, its Oligarchy with extra steps - self-evident by the recent actions of an ultra-wealthy elite to shape political decision-making in ways that increase their wealth.
You need only look as far as the inauguration of 47 to be slapped in the face by the audacity of it - flanked by the Railway Barons of Silicon Valley - Elon Musk, Jeff Bezos and Mark Zuckerberg - and bolstered by Tim Cook, Sam Altman, and Bernard Arnault.
The Fair Representation Act - which would solve a plethora of issues in one act - served to establish independent redistricting commissions in all states to prevent gerrymandering, whilst simultaneously introducing the proportional STV system of elections like we have in Ireland
https://en.wikipedia.org/wiki/Fair_Representation_Act_(Unite...
https://en.wikipedia.org/wiki/Single_transferable_vote
> Berulis [...] and his colleagues grew even more alarmed when they noticed nearly two dozen login attempts from a Russian Internet address (83.149.30,186) that presented valid login credentials for a DOGE employee account — one that had been created just minutes earlier. Berulis said those attempts were all blocked thanks to rules in place that prohibit logins from non-U.S. locations.
> “Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating,” Berulis wrote. “There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.”
Somehow each paragraph reveals something even worse than the last.
> Berulis [...] and the associate CIO were informed that “instructions had come down to drop the US-CERT reporting and investigation and we were directed not to move forward or create an official report.” Berulis said it was at this point he decided to go public with his findings.
In the same way that it's relatively easy to find a hitman on the dark web, it's considerably harder for them to actually not be law enforcement.
You -> Russian IP -> US IP
then you'd get anonymity via the Russian hop but aren't geoblocked due to your final hop being in the US.
- forgetting to take anti-paranoia pills
- doing it on purpose to "own the libs"
- doing it on purpose out of curiosity as to how stupid the adults can be in configuring a sensitive system
If you're blocking non-US IPs, you trpically block at the IP layer, before a login attempt can even begin.
Why allow someone to even log in at all?
Not saying this is a Fortigate or that the federal government didn't change the low effort configuration, but it's certainly not unusual, Fortinet is a huge presence.
Also I see no flagged other comment and some people just downvote downvotecommentors.
It is unconstitutional when the government does it, like say a president who requires unapproved language be scrubbed from public government sites.
Are you aware of the "krasnow" theory?
I see no proof there, but indeed strong indications to seriously look into it.
https://www.reuters.com/world/white-house-seeks-plan-possibl...
He does owe Russia for the email hack and leaks that he publicly requested. Not to mention sticking it to Ukraine after they didn't find/fabricate evidence against the Biden family.
Seems plausible that they could have used that tool when logging in and it happened to bounce off a Russian IP.
Homeland Security and co need to step in, but they're controlled by hostile agents.
Unfortunately, the Republicans in Congress refuse to do so and pretend that everything is fine, and the vice president is the president's lackey.
As far as I know, we don't have any other legal mechanisms to remove the president from his position as commander-in-chief. If you know of any, I'd love to hear more about them.
If I am testing a login I don't need 20+ failed attempts to know it's not working. Sometimes the simple answer is the correct one. The series of events does not read as someone, whose job has been reported to disable security and demand root access to systems, testing the already in place login system to make sure Russian IPs (specifically) can not log in.
https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-...
- "“Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains,” Wired reported. “One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.”"
edit: Here's the old HN thread,
https://news.ycombinator.com/item?id=42981756 ("Teen on Musk's DOGE team graduated from 'The Com' (krebsonsecurity.com)" — 1895 comments)
What's interesting here is how these two things are seemingly mixing. At this point I have two pet theories:
- One of the DOGE staffers is a Russian agent: This one I'm putting in the camp of "highly highly unlikely" but still possible given those login attempts from Russia.
- The more likely theory is this is just some braindead attempt to "own the libs". If we look back 6-8 years to when all the Trump Russia stuff came out and turned into a nothingburger. This could be some idea like: "Yo I've got this VM in Russia, let's own the libs and make them thin the Russians are invading again!"
- It could also be completley innocouous. Like right now I have a Mullvad VPN setup on my machine that points to Algeria. Ubuntu will auto start this VPN at login. What if one of DOGE staffers just happened to have a VPN running with an exit in Russia when they tried logging in.
I guess DOGE wanted to write a report how they saw Russian IPs login in but it back fired because the people at NLRB have proof DOGE created the accounts.
EDIT: edited for clarity.
How many scandals we have to endure?
How many evil things need to be done?
How many people need to be unnecessarily fired?
Edit: the parent comment was edited
It’s a matter of identity, he’s their guy and they stick to him through malpractice and treason.
These days I was reading on effective altruism, sbf, ftx debacle and macaskill influence on sbf. It's weird how long it is possible to go to justify someone's actions
"Automobile deaths are bad and numerous, we want to get rid of them with driverless cars, which will kill people in the course of their development, but that's okay because remember we told you about the deaths we will prevent in the future? Therefore we can expend as many lives as we want now because by doing so we will save infinite lives. This is why we must be permitted to operate beta robots on public roads."
The rationale continues on to starship and neuralink. We have to go to Mars to save humanity, therefore you must tolerate starships exploding and destroying the ecosystem over your house. We have to invent this important medical device to save people, therefore we must conduct morally gray research on implanting devices into human brains. The justifications and rationalizations are endless.
Paint me surprised
The same is (almost) true of radical anti-dystopians. The problem is that their p(doom) is... shall we say uncalibrated? It may be a case of tiger repellent. But while they're trying to prevent their "doom", the damage they do is real. And they're willing to do unlimited amounts of it, because doom is really bad.
The "almost" part is because doom is sometimes real. Hitler, for example, really happened. The problem is that in 1931, say, it wasn't obvious that Hitler was actually going to become what he became. (Yeah, I know, Mein Kampf had already been written. It wasn't obvious that Hitler was actually going to be able to pull any of it off.) So in 1931, what was p(doom)? The doom everyone was trying to avoid in 1931 was economic. They weren't worried about trivial (!) little problems like a guy with a funny mustache who once wrote a nasty book.
So the p(doom) crowd, even if they're right that doom is coming, still are often wrong about which doom is coming, and so their steps to avoid it are just causing damage, and not preventing doom at all.
1923 was the Beer Hall putsch. It was clear to those who knew what they were looking at and didn't agree with the goals.
In 2016 people predicted Trump wouldn't leave office peacefully, and they turned out to be right. But people said "no your p(doom) is too high, you're deranged." But they were not calculating p(doom) they were calculating p(doom | narcissistic psychopath). The posterior probability skyrockets when you factor in the person has the same personality disorder in leaders that has spelled doom countless times throughout history.
Hitler wasn't the first Hitler, people had seen his type before, and we will continue to see his type in the future. Know the signs, they're not hard to spot if you know what to look for. Pretty much if someone's main complaint is "those people" then you have a good idea what they're all about.
When they start calling "those people" murderers, drug dealers, rapists, terrorists, gang members, then it's a foregone conclusion what they're all about. Hitler told Germans who he was in 1920 when he started giving public speeches against Jews. Trump told us who he was in 2016 (and arguably for decades before). They had no excuses then, and we have no excuses this time. We see it coming.
Isn't that instead to suspect them of a nefarious plan to basically cripple labour law enforcement?
My oligarchy comment stems from the fact that one of the largest private company owners in the US is seemingly allowed to take all of this potentially rival information at will, without even having to inform anyone what exactly they want to look at.
All because he's friends with the president, to me thats an oligarchy.
I guess I was also taking issue with your assertion that "unwitting accomplices are still accomplices", as that is generally not how it is viewed by courts of law or reasonable people.
It's much more likely that these guys were either using a Russian VPN, or one or more of their devices were compromised.
> There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.
https://news.ycombinator.com/item?id=43691142
1139 points/7 days ago/528 comments
1. Breakdown of rule of law and political systems. Executive usurped Congress and is currently usurping SCOTUS. Both parties are dead. MAGA replaced the Republican party and Democrats are in the wilderness.
2. Destruction of the federal government through DOGE, which is this thread.
3. Destruction of the economy through tariffs and usurping the Federal Reserve by firing the Fed Chair, turning America into essentially a controlled economy.
4. Destruction of non-government institutions like law firms and academima which are power centers that could resist points 1-3.
The current Attorney General's brother is running for a seat on the Board of Governors of the Washington, DC bar. It is expected that he will carry water for Trump and Bondi and impede any sort of disciplinary action the DC bar may dole out to any attorney working for Trump.
Yet another way Trump has his lackeys putting a thumb on the scale.
The responsible mental pathways have been sacked
Is it me or does this sound like someone trying to create a Russia connection here? Why whould Russian intelligence do this so amateurishly? As if they want to get caught. - Cui bono?
Chaos.
no. as if they don't care about being caught.
Further, saying "someone trying to create a Russia connection" sounds rather incredible. The Russia connections have been so absolutely overwhelming at every turn that it's infinitely beyond deniable now.
Russia just had to be a predominately white nation that paid lip service to Christian nationalism and that hilarious show turned them into the US far-right's best pals. It would be nice if we moved beyond pretending this is conspiratorial when it has been in the open and stated in the open repeatedly for years.
[1] DOGE is completely disregarding all security norms -- they think it's an annoying slowdown to not just install whatever they want and to open whatever ports they want, etc -- so the likelihood that vast troves of US data has been exfiltrated by enemy states is approaching 100%.
Everyone knew it was Russia. They were still like "I don't know what you're talking about".
It's all power games.
So they hack their enemy, and then use that to reinforce the false narratives they tell their own people. It's gaslighting at the national level. Russia is as if your emotionally abusive partner was your government. America is becoming the same.
What do they want with NLRB days in the first place? Maybe they have an idea; maybe not. The goal is "we got your data, be worried". Getting caught furthers that.
The use of the nlrb data on the other hand is pretty clear. They had a number of ongoing cases against Musk's companies. Involving Russia is unnecessary to explain the motive.
There are literally dozens of ways to kill a guy, if you must poison him, which are cheaper in every possible way and can be sourced locally by someone with the sort of basic chemistry knowledge an intelligence agency would have on payroll, or from a drunk undergrad.
Which is to say: Russia's MO has at no point been "subtlety", it's been vranyo: a lie they tell where you know they're lying, but are obliged to pretend the other party is not.
Would it make any sense at all for a government agency (DOGE) to buy shady residential proxies in order to log in to their super-admin accounts? No. Nearly every government bans foreign IP addresses from accessing internal systems. That leaves the question: why did that log-in attempt happen? There may be another explanation, but the only thing that comes to mind is that someone in Russia using a mobile internet connection tried to log in but forgot to enable his VPN before doing so.
I don't see a legitimate reason to require no logging either. If you're investigating things, you want your activities logged in a way you can't alter because it demonstrates how you found the evidence, and that you aren't just making things up.
I also don't understand why the HN comment section is full of people trying to make excuses or explanations.
What I generally don't get, is that in so many hacks they state "this came from a Russina|Chinese|Iranian IP address", hinting that it came from that country probably.
Can someone in the security industry maybe elaborate if this makes sense or not?
It’s possible to route traffic such that assuming the crypto is perfect, the actual vps is not able to decrypt data.
I also think that it I were a doge member and _wanted_ to leak data to Russia, this is the exact opposite of how I’d go about doing it.
It makes me sick we're even considering "trolling" as a motivation here but, given that we are, it's clear we're at the level of stupid that they would brazenly leak data to Russia. These people are not the best, they are not the brightest, and there's no reason to assume they are playing 4D chess when checkers is working for them.
You really think DOGE as a whole couldn’t muster up the ability to route traffic via Russia? The engineers on the floor need to follow a relatively straightforward playbook.
Also "attribution engineering" is really quite easy and difficult to see through.
Often the purpose of a hack is not to exfiltrate data or sabotage systems but is exactly to direct blame (or sometimes distract/misdirect)
Indeed in vault 5 of Snowden's NSA leaks an "attribution engineering toolkit" was a interesting find. Malware is almost always engineered to throw forensic investigators off the scent.
That all said, I think this incident happening in US gov, in the current climate, without immediate urgent investigation is scandalous and in itself an indicator of deeper and very serious skulduggery.
Having said that. I doubt they checked and who cares where it landed? Its out.
Occam's Razor on doge (and the admin as a whole) points to opportunist amateurs, fraternizing on bravado & loyalty while willing to entertain treason by jumping through hoops for why it can't bother them.
Looking for deeper layers is a distraction. Nostalgic even.
I can empathize.
Though also, who knows, could just be Russian script-kiddies.
(and even if that is what happened, it goes back into "holy shit how did that happen?")
EDIT: Also, given that the attacker had correct credentials and was only stopped by an _ip address_ check, we may assume that, unless the attacker was particularly incompetent, they likely got in.
Looking at the IP it might be a mobile connection.
> Russia
> MOW
> Moscow
> Moscow>
> 144700
> 55.7558
> 37.6173
> MegaFon
So, lets say it was one of the contracted private individuals that just happened to be travelling in RU for WHATEVER reason and wanted to test the login decided to just use their hotspot.
Given the level of incompetence here it wouldn't surprise me. But this is what whistleblowers are for, starting investigations. Now we will have to wait month and years of bureaucratic nonsense and legal challenges to every information request required for the investigation to even get started.
It's incredibly frustrating.
Also I haven't played with eSIM cards either and so I'm not sure their behaviour.
Go with the most probable case - one of the shiba-doge amateurs had a virus on his laptop, and after creating an account those credentials were automatically siphoned to some bot farm in the Ruzzian segment, from where a few automated attacks were initiated by a botnet, which were blocked by a regional firewall.
And then, they tried to get it shut off as soon as they found out it existed.
because they have a theoretical capability to get the credentials that were being used and would love to have a database dump to figure out what to do with it later. The botnet explanation is also plausible, but not mutually exclusive.
DOGE needed to hide its activities while it collected data for the president so that the private citizens chosen by his associates can run analytics on it offsite and decide which cases to pursue. And Russia has a login because they are friendly to the new era of American interests.
It sounds so stupid, I can’t believe people still support this madness…
Eh. June 2018.
Since we’re spitballing, Why not try giving them the opposite of benefit of doubt, as well? Something like, the administration is clearly compromised by Russia and hired a bunch of low status hackers, and we’re seeing massive bombs being dropped all over our cybersecurity defenses?
Second, if you are the "playing devil's advocate" type, make sure your post contains your real, own, personal opinion. You can't just go say morally objectionable things and brush it off as that.
To be wafer-thin fair to Trump et al, that was started by Bush with Guantanamo.
Trump is indeed uniquely bad in many ways, but the reason why he can do so much damage is because he was given access to the tools accumulated by previous presidential administrations.
I hope that we'll learn our lesson once this is over. But I'm also skeptical.
Then they care for immigrants, called them enemy aliens, shipped them to a torture prison, stripped them of all rights despite not having anybody convicted, but I'm not an immigrant, so I don't care.
<--- you are here right now -->
This is all under the auspices of Trump, which is figuring out how to get away with ‘deporting’ US citizens to El Salvador without due process.
Connected the dots yet? How long do you think until union organizers are getting black-bagged in the middle of the night and disappeared to El Salvador? A month? Less?
> About a decade ago, engineer Cristina Balan called out a safety concern about a design flaw on a Tesla vehicle. Shortly after, Balan says she was forced to resign. Now, she's explaining the leverage Tesla allegedly used to get her signature.
> At Tesla CEO Elon Musk's own request, Balan went straight to the top to solve a problem in 2014, which involved floor mats in the Model S curling near the pedals, affecting braking. But instead of being granted a meeting with Musk, "HR and the legal department had another plan for me," Balan said in an interview with Times Radio over the weekend.
> "They told me that if I'm not resigning on the spot, they will deport my entire team…because the entire interior team was backing me up," said Balan, who is from Romania and has said many of her team members were waiting on green card applications. "And their plan—Tesla's plan and legal department plan—was to convince the entire team and myself to close the internal investigation that we opened in the company to fix a serious safety issue." Notably, Tesla has been among the leading employers of H-1B visa holders, who perform work in specialty occupations.
https://www.chron.com/culture/article/tesla-engineer-deporta...
Also, one illegal act doesn't excuse another. It's important to not willfully move the overton window over even more.
90% of people who were sent to the gulags survived and came back. This is much, much worse.
You can survive brutal conditions, but you won't be the same after. And that 10% is like a million and a half of people.
Please don't trivialize suffering of people.
The fear is the point.
https://youtu.be/iTACH1eVIaA
https://www.npr.org/sections/thetwo-way/2016/01/23/464129029...
Using the DoJ to go after his perceived enemies. Mob boss protection rackets against universities and law firms. Revoking visas for traffic violations...or nothing at all. Putting people into a foreign prison camp without a chance for due process, and refusing to do anything about the inevitable errors and rights violations that result. Eliminating oversight roles and agencies, enabling grift, theft, and fraud for himself and his friends. Selling cars on the White House lawn. Hiring incompetent people and not firing them when they inevitably do incompetent things (looking at you, Hegseth and RFK Jr). Refusal to admit failure or error regardless of how obvious it is. Constant lies about what he has accomplished. Destroying the US economy with erratic and unstable tariff policies. And so much more...
And they eat it up.
One of my friends posts almost daily impassioned screeds against Trump. One, yesterday, was about him "handing our country to DOGE on a silver platter, to privatize for the benefit of his friends".
Someone replied:
> Once the systems are torn to shreds, we will need to build new systems that serve ALL of us. We may not like or agree with what is happening, but it’s more effective to come together and work toward building what you want, than it is to fight against what you don’t want.
They completely misunderstand or are in denial or have been deceived (or some combination of the above) into thinking this is the tear down, and Trump will build back something for everyone.
They are completely ignorant to the fact that there is no WE in Trump's plans, just "ME".
Most Americans on the right live in a protected information market. I am not talking about media bias — both sides have that. The issue is deeper: on the right, the marketplace of ideas has been captured. There's no free trade between ideas, only ‘subsidized’ narratives and ‘tariffs’ on dissent. That’s how Trump — or anyone like him — thrives. Realists, by contrast, get priced out.
This isn’t culture war stuff, this is structural failure. The traditional metaphor of American free speech — the Holmesian "marketplace of ideas" — breaks down when one side captures the market.
There is no competition of ideas when there is no fair fight.
If you’ve got a couple of million bucks to spend, my guess is start buying up and supporting local news channels in the rust belt, and then let them work on whatever they want to work, as long as they can show actual independence.
Or perhaps gift people subscriptions to things like groundnews or something. I don’t know if theres any science that shows it effectively diversifies information consumption of its users.
I don’t know what the napkin math is for a tipping point, but I suspect its not as expensive as litigating an entire administration.
To argue the case - while there is definitely an aspect of choice, opt-in matters less if your options are limited.
1] https://www.cambridge.org/core/services/aop-cambridge-core/c...
The checks and balances have all been used up and failed.
Increasingly it appears, we are the only ones who will, also.
We have to group together so that we are a recognizable entity. We.
According to political science, historically 3.5% of the population protesting non violently is a big enough we.
While we should not elect influential people, we want persuasive, charismatic people in office. Catch 22. But I much prefer presidential candidates I'd never heard of before the campaign cycle began to any celebrity.
But putting someone massively influential in the executive branch, so influential that they've negated the entire legislative branch, has crippled our guard-rails / checks and balances.
Just about every Republican member of congress cares more about what Trump will do if they do not fall in line. To be sure, the overall issue of partisanship does cross the aisle, and has been an issue for decades. But being quite so beholden to the President over constitutional rules and law is largely a new and devastating phenomena.
If 3.5% of protested then historically, that could motivate change, per
> based on the research of political scientist Erica Chenoweth
The door is supposed to be completely open.
Or maybe I'm giving this situation too much credit and we should call a spade by its name.
"Berulis told KrebsOnSecurity he was in the process of filing a support ticket with Microsoft to request more information about the DOGE accounts when his network administrator access was restricted. Now, he’s hoping lawmakers will ask Microsoft to provide more information about what really happened with the accounts."
Why does Microsoft have login and account information for a government institution? I'd prefer a mainframe without Windows or Internet access in the basement.
Undoubtedly Office365. Difficult to run a bureaucracy without Word or Outlook.
(French/German governments investing in a replacement for this kind of reason: https://www.techspot.com/news/107225-france-germany-unveil-d... )
AWS, Azure, Oracle, SUSE (via Rancher) and I am sure GCP all have confidential & classified (C/S/TS) clouds, as well as lower FedRAMP clouds to get that sweet sweet federal money.
Not sure what questions it raises, it has been a thing for decades.
Who handles physical security and what sort of place is it located that it can house that kind of data?
To what degree is the federal government subsidizing Amazon's retail dominance?
None of this is new, AWS' dedicated US government stuff has existed for around a decade.
> To what degree is the federal government subsidizing Amazon's retail dominance?
Not more than any other big AWS customer.
In general, the cloud/systems operator, in conjunction with the launch customer will build a dedicated facility for the classified stuff, and for the controlled stuff may have a dedicated facility, or have segments of the DCs in the US with extra security. for the classified stuff, there is a pretty rigorous list of requirements for the DC, and for any NOC that operates the service.
> To what degree is the federal government subsidizing Amazon's retail dominance?
A fair bit, but they are just like any big customer - just with higher margins. I think that was part of the reasoning for breaking up JEDI after AWS got it - the administration at the time hated the AMZN leadership, so wanted to remove money firehose from them and give it to others.
There’s some history of Russian intelligence being rather blatant here (presumably deliberately, as a way of making a statement). Remember Guccifer 2.0? That persona not only used a Russian ip address, but one which was _assigned to the GRU headquarters building_.
why pretend at this point? they own all of the leadership and there won't be consequences
How much incentive do they have to continue to commit as much crime as possible in order to keep Trump in power?
Every single story you read about these sorts of things os not only a horrible violation of constitutional rights and the rule of law, it is the creation of an army of incredibly dangerous people who desperately want trump to remain in power and can commit crimes with impunity in order to keep him there.
https://www.justice.gov/pardon/pardons-granted-president-jos...
https://en.wikipedia.org/wiki/List_of_people_pardoned_or_gra...
"Joe Biden 2021–2025 8,064"
That’s the overwhelming bulk of those pardons.
The other folks are people that Trump said should be in jail and/or summarily executed.
Labor actions is the most powerful tool that ordinary people have and this is an effort to take that away. Citizens are already being kidnapped. Dissenter legal immigrants are being dissappeared.
Anyone that believes the administration is doing any business other than seizing more power is a useful tool.
Edit: but yes, that is a bit in the noise compared to the attempt to end democracy in the us that is underway. If some combination of protests and judicial action manage to wake up congress to act for country instead of party, maybe we could use the momentum to do something good. I'd recommend closing the attack vector in our electoral system that creates two parties that can be so easily polarized against each other. Ranked choice voting and proportional representation or mmp for both house and electoral college would probably generate 4-8 parties and wouldn't require any amendments. Just 60 votes to allow the pr/mmp and then the hard part of convincing all the states to implement it in unison rather than delay to give their dominant party advantage.
Downvote and move on.
What a weird complaint.
Here are some recent HN posts that have been flagged into oblivion:
>Dow Headed for Worst April Since 1932 as Investors Send 'No Confidence' Signal (wsj.com)
>Trump's Fed Attacks, Trade War Push World to Sell Off US Assets (bloomberg.com)
>White House plagued by Signal controversy as Pentagon in "full-blown meltdown" (arstechnica.com)
>An Age of Extinction Is Coming. Here's how to survive. (nytimes.com)
>The Crypto Con: How Trump Is Looting America from the Oval Office (mitchthelawyer.substack.com)
>RFK Jr.'s autism study to amass medical records of many Americans (cbsnews.com)
HN is its community, and the community is speaking loud and clear about its allegiance.
This seems to be over-simplifying. Flagging only requires some flat amount of flags for a post to be [flagged], meaning a small minority can shut down discussion on these topics even if some small subset of that minority is flagging a given post. The first tracks with all of the posts being flagged and the second tracks with moderator claims (which I personally believe) that there is not an obvious brigade of users doing the flagging.
Regardless of all of the posts being flagged, there seem to be many still who find them and think they should not have been flagged. That suggests to me that there is a sizeable portion of the community with either a more friendly allegiance or none at all.
Indeed. And if you look at the picture of the email from the deputy CIO he mentions SCuBA (see here: https://www.cisa.gov/resources-tools/services/secure-cloud-b...). Cleaning up unnecessary admin roles is exactly the kind of thing that CISA itself is requiring agencies to go in and do.
You assume that "suddenly none of the IT employees at the agency could do their jobs properly anymore" is whining and not substantial?
Shouldn't be least privilege principle a culture (a standardised and automated process) and not something that happens ad hoc?
But, in this case, they have Musk's bank accounts and POTUS covering for them, so why bother with different IPs?
Which no one in the opposition will allow anyone in the opposition to do. Potentially for good reason (it would make them a legitimate target for violent retribution), but which just means the war was lost before it started.
Which is why people aren’t fighting back much either - because the smart ones are looking at the score going ‘I’m just going to get murdered fighting a war you already lost because you refuse to let anyone use weapons that will work’.
Big enough protest historically predicts country wide change
Standing in a city park with a sign that says "Dumbledore wouldn't have let this happen" isn't working. [0]
[0] https://preview.redd.it/some-of-my-favorite-photos-from-hand...
> based on the research of political scientist Erica Chenoweth
How can this be true?
What exactly sounds unbelievable? Considering Berulis was an administrator and DOGE requested administrator accounts, they'd both have the ability to turn on/off logging as they wish, wouldn't they?
>"But we don't have laws," she says, "so it's just another chain."
Following laws is not exactly of the highest priority.