> Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware
The Ars Technica article is a bit confusing, if you click through to the original article, the case they make is much clearer. It's not that his credentials were found on Have I Been Pwned, which is the case for most people through no fault of their own. Instead, it's this:
>But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs.
Logs from information-stealing malware were leaked multiple times, and if your credentials appear in multiple of those, that's reasonably good evidence that you are doing something wrong.
So I don't think the headline is clickbait, but I do think that the Ars article could be clearer in making its point.
"Well-known" email addresses (e.g: gaben@valvesoftware.com, president@whitehouse.gov) also seem to show up in these mentioned stealer logs on https://haveibeenpwned.com/ - which makes me suspect addresses are extracted from keypresses even if just typed in the To field of an email, for instance, and do not necessarily indicate the owner of the email has malware on their machine or has had their account/password compromised.
At one point I was a contractor for a government department and at another I was at a government sponsored NGO.
My credentials are in the various leaks, like the Adobe one.
“Login credentials belonging to a Department of Defense contractor, who previously had worked at a government-sponsored media outlet, have appeared in multiple public credential leaks.”
Yep, headline doesn't say it is his current computer or anything, just that his computer was infected. It would be clickbait if it said his current computer is actively infected. Less clickbait than now if it said one of his computers appears to have been infected at some point.
Cannot tell if it's sarcasm or not. Obviously everyone who reads the headline assumes it's his current computer, and it had some, uh, consequences. That's why they click. That's what makes it clickbait. Nobody would care otherwise.
(Also, if you are willing to be pointlessly formal, it goes in both directions, since it can be argued that a computer, which belongs to a person, who in the future will become DOGE's software engineer, but hasn't become yet, also formally isn't a "DOGE software engineer’s computer".)
As long as it's a work computer, what does it matter if it's his current computer or not? Remember that we're talking about an infostealer, it got his credentials and "that's it" (that's gravely serious).
Wouldn't the assumption be that some percentage of government workers have infostealers on their computers? The track record of these people is not good, pretty much since we've had the internet there have been a steady stream of minor-to-moderate scandals where information gets to places that it shouldn't be.
This might just be selection bias because there is a large crowd of angry people looking for things to fling at DOGE.
If there's bias, I think it comes from people being concerned that there are people coming into various govt. offices, demanding and receiving write/read, non-logging accounts on systems containing sensitive information. The access DOGE staffers are being granted absolutely warrants extra scrutiny of their conduct and security practices.
If his accounts were compromised after the computer was (as article indicates), people would still care. It included Greenfield too, so potentially has password reuse risk.
I once tried OpenSearch serverless, as it is advertised as "you only pay for the resources consumed by the workload".
After one month of not using it I was surprised by a 300+$ bill as there is a minimum of 2 OCU billed. Yes it is explained on the billing page later in more technical terms but was still surprising for me as I have a different understanding of "only pay what was consumed".
We use wiz and rapid7, so I can compare these two:
Usability of Wiz and the ability to adapt it is so much better. Everyone can get a seat without extra costs, enabling shift-left for the dev teams. Projects make sure they only see what they need to see.
The query engine is top. There are very good presets. Create Boards to share custom queries with the teams.
Compliance frameworks are available. You could inspect the rules, they are written in OPA rego and you could add your own rules.
Cloudtrail search is also a lot better than the one aws is providing.
I could go on and on and on .. this solution has so many powerful features.
reply