(C) Daily Kos
This story was originally published by Daily Kos and is unaltered.
. . . . . . . . . .



DOGE website is a security risk and a lot more [1]

['This Content Is Not Subject To Review Daily Kos Staff Prior To Publication.']

Date: 2025-02-18

The DOGE website has finally been updated with receipts. That's where they had a link off the menu that said Savings. First, they promised it on Valentine's Day, then over the weekend and failing both times.

But before they did any updating, unknown computer hackers took a look at the website and found it was completely unsecured. They could have made all kinds of modifications to the website. They showed a sample of what they could do. Wired reports that the messages were up on the site for 12 hours into Friday. So, if there are those of you with skills...

DOGE tries to make an excuse for having put classified information online about a national security agency and failed. If it was publicly available, then why did they take it off the site?

As I was working on this, DOGE took down the X DOGE feed on the opening page. It now opens to nothing, which is what DOGE is worth. Nope. 5 minutes later it was back to the X feed. The DOGE website page creators don't appear to do any offline testing before making online changes. Bad practice right there. You never put something up without testing.

A Wired review found that much of the DOGE website directs to X.com. "It uses code that directs search engines to X.com instead of DOGE.com. 'This is not how things are usually handled, and it indicates that X.com is taking priority over the website itself," a web developer told Wired."

It also doesn't seem to be running on government servers. I just did a WHOIS on DOGE.gov, and Whitehouse.gov is running through ernest.ns.cloudflare.com and wally.ns.cloudflare.com for DNS Registered there in 1997. I think it means the website address itself. Cloudflare didn't exist until 2009. Says whitehouse.gov was updated on 5/13/2024.

DOGE is running through robert and ollie on Cloudflare. DOGE shows a mailing address that is the same as CISA, the Cyber and Infrastructure Security Agency. Part of DHS. Every other .gov website I tried had the address "Redacted for Privacy."

Justice.gov is also on Cloudflare on DNS jonah and novalee.

FBI.gov is on googledomains.com.

State.gov is on akam.net.

DHS.gov is on Cloudflare.

I checked USA.gov and found it running through dns.gsa.gov.

I tried agencies that have online access to critical information like SSA.gov, Social Security, or USDA.gov, and they were on clearly identifiable government DNS servers with a .gov at the end. Medicare came up on akam.net along with some other agencies. Consumerfinance.gov, CFPB, uses qwest.net.

DOGE.gov and Whitehouse.gov being on Cloudflare for DNS is not in itself suspect. I just thought that their domain name servers would logically be on a .gov address.

The question is where the website itself is hosted, on what computer. I'm not good enough for that. Trying to check the server's operating system comes back with Cloudflare. Other sites like medicare.gov are a complete blank.

The registrar for DOGE.gov is dotgov.gov which takes you to get.gov and you can get a .gov website if you can get through login.gov with a real username and password.

I wonder if Whitehouse.gov is as insecure as DOGE.gov was, and may be possible still. The websites are so alike that I belive they were created by the same person(s).

Then I found another article that showed this, today:

You can click on the link above and see for yourself.

The article itself was titled : Three days later, DOGE site remains defaced: experts point at cybersecurity violations.

As I suspected, there are laws requiring all executive agencies to to comply with minimum security standards. There's the Federal Information Security Modernization Act of 2014. The FedRamp Authorization Act. There's more.

The article has an expert explain what's wrong in acronym language, with terms defined along the way.

So, is DOGE an agency or not? They've been in court saying that they're not to win the case, and then claiming they are an agency. Which is it?

Back to the information on the DOGE website.

In the Savings section, the Consumer Financial Protection Bureau has had all their subscriptions canceled or reduced to nothing for financial information. Bloomberg is reduced to a fraction. Politico Pro is reduced to a fifth of what it was. Washington Post is down to a fraction. Dow Jones is down to a fraction. Don't you think the Consumer Financial Protection Bureau should be getting information on what the hell is going on out there in the financial world? CQ Roll Call is zeroed out. It calls itself the most comprehensive source of federal legislation. They don't want the CFPB to know what the government is doing. Even FedEx and PepsiCo are customers. Contract with Fiscal Note Inc. is canceled. Their customers are Exxonmobil, Chevron, and 7-Eleven, just to name a few. Contract with Culture Point, Inc. is canceled. They do DEIA training. No surprise about that one. Neural Leadership Institute contract is canceled. Another DEI trainer.

This doesn't even include the 102 CFPB enforcement contracts that were canceled.

Musk has made CFPB a major target. So has the new administrator Russell Vought. Vought shut down all enforcement, supervision, making new rules, even cutting off communications to the outside world.

Before there was DOGE.gov online, there was WASTE.gov. Somewhere between February 12th and now, there was an update to make it a page with password protection. I tried a variety of default passwords that didn't work. Before this, it was a sample website of an architecture firm. That's what happens when you start a website with a default form, and don't bother to change it. That was up for a minimum of 12 days.

Waste.gov was supposed to be what DOGE is going overboard doing. WASTE was created on Feb. 4th and DOGE on January 21st. If you enter DEI.gov, it redirects you to Waste.gov. Their form of humor.

There are federal website standards that are supposed to be followed, and there is even an agency for it called : Standards.digital.gov. For the agency that covers the whole gamut of website creation, there is : Digital.gov. As I noted earlier, seeing changes occur on DOGE.gov while I was on the page, the website programmers aren't very good or following common proceedures.

The DOGE website is as dark and bleak as Whitehouse.gov has become. Neither site follows government standards.

DOGE, on the Savings section, now has a Real Estate section. It includes closing of offices, canceling leases or reducing office space.

A new and dangerous DOGE action is trying to access the Social Security's system, causing the acting commissioner to resign in protest. Michelle King had been with the agency for 30 years. With access, DOGE could do real damage. Wipe out people's history that garners them benefits. Change information on individuals. Their guise could still be going after 150 year old recipients, which has been thoroughly debunked. But MAGA is way too stupid to understand COBOL. With private information of 72.5 million recipients at stake, Musk and DOGE must be stopped this time.There is a complete explanation of the Social Security database called Numident on the link. Also, an explanation about how records from before there were computers had to fit and the problems that resulted. MAGA won't understand this, either.

In another breach of right to privacy, a judge is letting DOGE drones to access the Dept. of Education's student database. Specifically, it looks like DOGE wants college students personal and financial information. My guess is they're going to look at Pell grants and student loans to eliminate the "unworthy." Every time Joe Biden zeroed out student loans that were only there because of interest, the Republicans howled. They used the Supreme Court to stop the $400 billion forgiveness Joe Biden wanted to do. DOGE has already canceled $1 billion in education research grants and $373 million in DEI contracts. This is all before Linda McMahon has even gotten there to screw things up. We can only hope she won't get confirmed as Secretary of Education.

Judge Chutkan ruled Tuesday that she declined to restrain Musk and DOGE from accessing federal data systems in a number of agencies. But at the same time skeptical about the Trump administration's claims about MUSK and DOGE's authority. States Attorneys General claimed DOGE's creation was a violation of the Appointments Clause of the Constitution. The President can appoint officials, but they have to be confirmed by the Senate, which has obviously not been done. Chutkan basically called Trump's lawyers as liars when she said, "Defense counsel is reminded of their duty to make truthful representations to the court."

Now DOGE wants your IRS information. I thought the first thing DOGE would do is claw back the $60 billion that was left to go to the IRS from the Inflation Reduction Act. That was, of course, to go to hiring more IRS agents to go after corporations and the rich that weren't paying their taxes. But it looks like DOGE is going to go after the IRS database first. A massive invasion of privacy. It can change your Social Security, how much you earn, your tax records and also how much you owe to the IRS. It's possible they're targeting the "owe" part of it.

At a White House Press briefing about accessing Treasury records, Musk said:

"We do find it rather odd that there are quite a few people in the bureaucracy who ostensibly have a salary of a few hundred thousand dollars some power managed to accrue tens of millions of net worth while they are in that position. We're just curious to where it came from."

You can see where this is going. Musk is going to use the information to accuse people of corruption, when he is the most corrupt of all.

In addition, 16,000 IRS employees are facing layoffs as early as this week. That's really smart to do during tax filing season. Makes a lot of sense to create a situation where you suddenly don't collect the tax revenue the government needs to operate.

There are also numerous suits regarding DOGE's invasion of privacy.

The other problem is that you never know what DOGE is going to put online. They've already put up classified information, no matter how many times they deny it. They could point out Social Security recipients who they think are undeserving. Somehow, DOGE already had access of some kind to come up with the 150 year old's.

The dark website of DOGE reflects their mission, which is punishing anything in Trump's way, or eliminating it altogether, in the guise of saving taxpayers' money.

And their website is full of dangerous security holes, for even non-sensitive data.

DOGE really means Diabolical Oligarch Grifting Efficiently.

The top of their website pages say "An official website of the United States government." It's not.

[END]
---
[1] Url: https://dailykos.com/stories/2025/2/18/2304449/-DOGE-at-work?pm_campaign=front_page&pm_source=more_community&pm_medium=web

Published and (C) by Daily Kos
Content appears here under this condition or license: Site content may be used for any purpose without permission unless otherwise specified.

via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/dailykos/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.