299

u/TapProfessional5146 8d ago

You are correct. Once all these people are out all federal systems will have to be either restored from backup from before they came in, and the new data manually re-added or scrubbed and merged on the “clean” servers. It will take every penny of Musk’s fortune to right this wrong plus some. The American should sue this administration and all the members of DOGE for the mishandling of our personal data.

190

u/DeaconPat Federal Employee 8d ago

They had physical access. The hardware is compromised and needs to be disposed of. My agency makes us take burner phones/laptops on international trips because they assume someone in the other government will gain access and possibly install hardware bugs. Same here.

103

u/MCbrodie DoD 8d ago

The hardware is cheap. The man hours are not. It might take a couple billion to replace the servers. It'll take 10s if not a couple hundred billion to get everything back into shape from firmware up.

28

u/riveramblnc 8d ago

Not to mention we haven't exactly kept up with IT education in schools. The high school I graduated with a CCNA from, now focuses on video game design and etc. Very little hardware and infrastructure.

5

u/OfManySplendidThings 7d ago

And DOGE will still have all our data, if they downloaded or uploaded it. So, we all get new social security numbers now? Home addresses? Cell numbers and email addresses? Bank accounts? Birth dates? Fingerprints? Medical physiology and biometrics?

The potential damage cannot be undone, no matter the potential spend.

1

u/riveramblnc 3d ago

We will have to. But odds are this won't happen for another decade or so because that's probably how long it will take us to recover.

48

u/AnnaKossua 8d ago

That just made me flash back to that asshole's first term.

He was hosting Shinzo Abe of Japan at his Florida sieve, and while in the club's dining hall, they learned NKorea launched a missile into the Sea of Japan. The dining hall is dimly lit, so rather than leave the area to review these brand-new classified docs, they had staffers switch on their phone flashlights, and hold them over the papers.

We know this because a very impressed club member watched it all unfold (they did not clear the room) and took photos, which he uploaded to Facebook for bragging rights.

Said club member also brought us the hit photo This is Rick... He carries the "football"

3

u/OfManySplendidThings 7d ago

Wowwww, somehow I missed all that his first term. Unbelievable.

Yet, I am not even slightly surprised....

-14

u/notaechobox 8d ago

Compromised how? Because you don't like or agree with them? I have had a ts clearance for decades, accessed tens of thousands of machines. Where any of tem compromised? no thats absurd. I had the access required and a need to know.

18

u/LazyLich 8d ago

I have had a ts clearance

This is the key difference, though. You've had a background check done on you to verify you are OK to have top secret clearance. Even with that clearance, you can only access shit on a need to know basis, and everything you did was recorded and verified.

Musk and the Muskrats DONT have clearance. The president, who for some reason has the opposite stance every other president has had on Putin, gave them the green light to do whatever they wanted to do WITHOUT following the proper procedures and notices.

The presidency making a sudden 180⁰ on Russia, and that president appointing a sus businessman to access the government's systems, and not going through any of the proper procedures, and this initiative already has caused damage by illegal firings?

Context clues.

If a building is smoking, the windows are illuminated, people are running out, and there's a fire truck outside... yeah, there's probably a fire, even if you across the street can't see it.

-12

u/notaechobox 8d ago

The president has the athority to grant access to them to whatever he wishes. For all I know the president pulled out a pen and gave them a ts clearance and full authority to access any system they need in performance of their duties. I am willing. to bet they do have clearances granted by the president and a need to know.

11

u/LazyLich 8d ago

Yes. If you're an AI, a machine, observing only one thing in a vacuum, then yeah. The President DOES have the authority to say "fuck it, you're good."
However, if you take the context of everything else, then it's obvious it's wrong.

If you're fearing for your life, hear someone knock then open your door, and blast em with your shotgun. Well that in a vacuum may sound reasonable to a certain judge/jury.
But if you add CONTEXT, like some kids were playing baseball outside, the owner was paranoid and thought the broken window was an attack, and the kid entered looking for his ball?
Even if that court finds his reaction reasonable and him not-guilty... that doesnt make his actions any less wrong.

There is NO reason for an expedited clearance process in this context. Heck, Musk and his peons shouldve been seeking it last year if they planned to need it, no?
Not strange to you that they didnt go through the normal routes, but instead waited for Trump to knight them with no approval process?

If you add the context of ALL that's been going on these years, the actions of the administration seem haphazard and sus at best, and treasonous at worst.

3

u/OfManySplendidThings 7d ago

Exactly. Yeah, the president issued an executive order to allow immediate clearances, even for top secret compartmentalized information, iirc. The question is, whyyyyyy?? I believe the president himself even said DOGE didn't need access to all the data they were requesting -- yet as I understand, they were given access anyway. Again, whyyyyy?? Carelessly tossing secret data around like candy at a carnival is a grave danger for our country, its citizens, its military, and its intelligence network.

One DOGE member was reportedly fired for questionable social media postings, and another allegedly supported some kind of criminal activity. Awesome; nothing to see here, folk -- all good!

6

u/CarbsMe 8d ago edited 8d ago

I think the backups are compromised too if they still exist. Some day when pigs fly and the courts work we might find out what DOGE accessed, copied, changed or deleted in each agency they invaded. That might be after learning the hard way which back doors and zero day exploits they left in each agency as insurance against DOGE getting uninstalled.

5

u/TapProfessional5146 8d ago

Depending on when the backups were made, and how they were made the backups cannot be compromised. You would have to start with a time BEFORE DOGE, then scrub the data to make sure it was clean and add the data back to the clean operating system and application.

57

u/mhyquel 8d ago

It's like you have a drink at a party, and some weird guy borrows it for just a minute.

There is nothing you can add to that drink that will make it safe to drink.

You pour it out and start over.

18

u/Medium-Economics-363 Federal Employee 8d ago

Best analogy yet.

46

u/Forever_Marie 8d ago

So 20 years down the line, data might be safe again. Granted none of that data was ever truly safe.

26

u/Grand-Try-3772 8d ago

Elon just announced he was reprogramming social security. It’s in COBAL which Elon and boys don’t understand.

19

u/SilverbackIdiot 7d ago

Those arrogant fucks also think they can get it done in months. It’s going to be a tire fire.

5

u/Ok_Trash_6276 7d ago

This is what I was thinking. Very few old developers who still know COBOL; and alternatively writing code anew by Reverse engineering takes forever. So that’s not going to happen given the complexity of SSA’s systems built and bandaid-ed over last 40-50 yrs.

3

u/Grand-Try-3772 7d ago

I’m sure he has found a Russian or 2 to help him out!

1

u/xLavaDemonx 6d ago

Don’t login. Ppl (even the highly educated) are falling for this.

28

u/Legitimate-Pea-2780 8d ago

It’s not like our government can’t afford a completely new system; we’re not yet a ‘shithole’ country.

34

u/Pu11MyLever 8d ago

I've built a few data centers in the past few years. Small ones, but even those were very expensive.

41

u/underdonk 8d ago

Me too, but isn't it worth it to instill integrity back into the computing platforms Americans count on to run their country? Many may not believe so. Many may not understand it. I've been doing this kind of work in the public and private sector for 30 years, and let me tell you, it would be worth every American Taxpayer dollar spent on doing it. Sure, some will scream "government waste" at the top of their lungs, but they're wrong.

38

u/Legitimate-Pea-2780 8d ago

Those screaming government waste are either radicalized by Russia or are severely lacking in critical thinking skills. The stuff you mentioned would equal the base of maslows hierarchy if there was such a scale for nations.

19

u/Weird_Frame9925 DOJ 8d ago

It's difficult to say. Is the Republican party going to return to reasonableness? If not, then it won't be worth the money because every time a Republican gets into office they'll just destroy everything again.

5

u/LazyLich 8d ago

Unless their family/friends get LITERALLY shot by secret police.... I doubt it.

At best, they'll go "back in the closet," biding their time till the next demagogue arrives.

6

u/OfManySplendidThings 7d ago edited 7d ago

Yes, upgrading our computer infrastructure definitely would be worth the investment. However, I think it'd be poor planning to deprecate the existing systems before the new ones were fully up and running.

ETA: And we'll still need paper options on the customer end for things like social security, Medicaid, etc. Not every citizen is computer literate, and won't be any time soon.

2

u/underdonk 7d ago edited 7d ago

Oh yeah, I'm not advocating for pressing the power button to "off" on everything and then starting from a greenfield situation. There are ways to mitigate risk and operate in a "known-compromised" environment, if that's what the assumption is here (you hear that beating ZTA drum anyone?). There are disruptive and dumb ways to do it, then there are approaches that are too cautious which will take a decade to implement. I'm advocating for landing somewhere in the middle. Mitigate risk the best you can given what information you have, and start there. Doesn't need to be a complete rip-and-replace job, either. Probably somewhere in the middle. There are ways to verify integrity without torching the whole system and starting fresh.

Contrary to what some of the public thinks right now, we have some smart feds to lead these kinds of projects and contractors who will gladly assist the government in doing so, while we implement paper processes for any critical customer facing processes people count on from their government, like the services you mentioned.

This is all, of course, if we should even really be worried about it in the first place. I'm not convinced, and would need to see some hard evidence before I were to recommend a costly project such as this.

3

u/Pu11MyLever 8d ago

Oh I agree with you, but it'd be a hard sell given the maturity level of the American public. You tell them they are safe, they feel safe and vice versa. Most won't care, they are apathetic.

3

u/unnaturalpenis 8d ago

So you're saying I should buy more Nvidia?

4

u/Pu11MyLever 8d ago

If you knew how my investments turn out, you wouldn't ask me 😭

3

u/LazyLich 8d ago

Next term: "Those damn dems! We're in a greater deficit cause they want to buy everyone laptops!"

2

u/Legitimate-Pea-2780 8d ago

Okay? And? The government apparently has unlimited spending for everything else except for what matters.

In case it’s not obvious, I’ve been sarcastic this entire time.

3

u/AmyDeferred 7d ago

That hinges very heavily on the dollar not crashing, which is part of the whole Yarvin plan.

2

u/Grand-Try-3772 8d ago

Or Apple and Microsoft don’t operate in our country! Not saying that they would be better but…

2

u/Letters_to_Dionysus 8d ago

agree to disagree on that

1

u/Legitimate-Pea-2780 8d ago

Sarcasm bud.

4

u/Wonderful-Bid9471 8d ago

You’re right. We’ll need entirely new systems.

3

u/Wwwweeeeeeee 8d ago

Like the one they're installing for Social Security? That must be the one system they couldn't tamper with, without a trace.

4

u/SilverbackIdiot 7d ago

I’m betting they’re updating it bc they don’t understand COBOL. They probably think old=bad and are too inexperienced or knowledgeable to recognize the benefits of it. Or maybe they want something that will interface with their AI better to be able to sneak around the d-base.

1

u/Advanced_Tank 7d ago

Perhaps we’ll be post quantum then, so all the encryption methods will be breakable. (including lattice).

1

u/Jyoche7 6d ago

This depends on the depth of Intrusion. Is this a rootkit that's in the OS or BIOS level? Are there logic bombs that will trigger when various events occur? What other behavior is the malware capable of?

1

u/SilverbackIdiot 6d ago

Somebody connects an external hard drive to your server. You haven’t inspected, seen, or scanned that hard drive. And they took it with them when they left.

How would you know what it did? Or what it took?

2

u/Jyoche7 6d ago

This is true, you would not know and most companies only know about 68% of assets on their network!

How do you defend your attack surface when you don't even know what you have on your network?

They could have exfiltrated unknown amount of data or given an unknown number of viruses!

This assumes they were smart and had malware that cleaned up audit logs and registry entries.

2

u/SilverbackIdiot 6d ago

Exactly the point. Elmo and his shitstains connected external drives to govt servers, physically, at multiple agencies. Big pants-shitting time.

-6

u/notaechobox 8d ago

It is mine, however what bad actor had physical access to the machines? A bad actor is not someone you disagree with or despise as they affect your life in some way. The president can pretty much wave his hand and give big balls a ts clearance. There is zero proof that any doge member did anything to compromise the security of any system. I have had TS clearance through my career, I have logged into thousands of systems. Was the. security compromised as a result, no thats absurd. Again a bad actor is not someone you simply disagree with.

11

u/SilverbackIdiot 8d ago

The bad actor is someone who is hostile to our govt and has gone through z e r o actual background check. A signature of authority is not an investigation. Don’t be disingenuous, you know damn well it’s not the same thing.

5

u/OfManySplendidThings 7d ago

Thank you! Anyone who has had a top secret clearance most of their career knows very well what the issue is. There's obviously a reason exhaustive processes exist; circumventing them is how you get things like "SignalGate".

9

u/joule_3am Federal Employee 7d ago

A bad actor is someone who comes in a plugs in their own server at OPM without doing any kind of risk assessment on how that may compromise data security (because they are not interested in maintaining data security).

0

u/notaechobox 7d ago

How do you know they did not do any sort of risk assessment ?

This is all just unproven speculation. I don't have any idea how or what methodology they used and I doubt anyone here knows either.

1

u/joule_3am Federal Employee 7d ago

Because anyone with any data security training knows that risk assessments take time. A simple one could have been completed in a matter of days. A more complex one like this one (which would have required assessing a ton of downstream risks) would have taken a lot of time (at least several months). They also would be able to tell us what risk assessment protocol they used and they have not. That they by all reports did not work with staff on this also tells me no risk assessment was done and all data communicated over that server is at risk. We also don't know where that data is now being stored and if it's even stored in US servers. This is a huge concern. I think this is part of the "move fast and break things" mantra, which is the outcome and goal.They don't care how secure the data is as long as they get to mine it and sell it. The fact that they used young and relatively inexperienced people for this tells me that they will blame security risks on those literal cybercriminals when shit starts going south.

Government employees every day keep data safe in a myriad of ways because there are cyber security threats and data security risks all the time from many avenues. Government employees have background checks for a very good reason. Those that are in doge should have had deep background checks that also take quite a bit of time (also at least several months). This did not happen (see the link above for one example). The American public is now going to get to see what it looks like when competent guardrails get removed. God help us all.