All: if you're going to comment here, please make sure you're up on the guidelines at https://news.ycombinator.com/newsguidelines.html, and don't post low-information / high-indignation comments that could just as easily appear in any related thread. Such generic comments make discussion less interesting and more activating. That's not what we're trying for here.
Rather, we want curious conversation. I know that's not so easy when a situation is intense, infuriating, frightening, distressing, and so on. But we need to protect this site for its specific mandate—which is fragile at the best of times—so please make the effort.
As some of you know, this article was posted a dozen times and immediately flagkilled by users. I turned the flags off on this one because there's interesting new information in the story. But now it's up to the commenters to prove that was a good decision by co-creating a discussion that is interesting, curious, and has to do with the specifics of the article.
If we end up with yet-another interchangeable flamewar about $BigTopic, that will only confirm that the flaggers were right, so those of you who want fewer of these threads to be flagged have a particular interest in sticking to the intended spirit of the site and proving that a substantively different discusson is possible.
Edit: if you want to reply to this, please uncollapse the child comment below and reply there. Your views are welcome! I just also want to conserve space at the top of the thread.
I spent all day responding to the replies here, and then detaching them in order to save space at the top of the thread. But I just had a better idea.
This is a stub comment so we have a single root to collapse the replies. This way (1) replies can stay close to their parent (the top comment) without flooding the screen with offtopicness; and (2) we can all re-experience the timeless truth of https://en.wikipedia.org/wiki/Fundamental_theorem_of_softwar....
If you want to reply, reply here. I've moved all the original replies back so everyone's on the same playing field.
Thank you, dang. I think you've done the right thing here, and I'm sure you're also under a lot of stress right now. Thanks for having faith in the community to discuss this amicably.
Genuine question - What's the meaning of "activating" as an opposite to "interesting" in this context? I've never heard it used like this and couldn't get good results from searching.
I’m curious what the new and interesting information is. I read the article when it was originally posted a few days ago. I just scanned it again and it seems the same as before. Just curious. Thanks.
I'm quite curious on your retrospective thoughts on this thread once this article goes off the front page! Also whether you'd do the same again.
Having looked around, probably around 80% of comments are mostly uninteresting/partisanship (though a fair few of those combine the mud slinging with an interesting fact or argument, which complicates categorization).
(Aside: One of the issues for me is that on high emotion topics like this I can't take people's word for things as much as in a usual thread, it just becomes visual noise)
Dan, can we BAN all political threads unless we have fairness. There are a fair number of HN users that also want the USAID scandal covered with a post with 1500 comments. The time for HN to be left biased needs to come to an end.
> All: please don't post the sort of low-information / high-indignation comment that could just as easily appear in any semi-related thread. Such generic comments make the discussion less interesting and more activating. That's not what we're trying for here.
We'd love to have the sort of useful discussion you're aiming for, but all new discussions that reference Musk are being systematically flagged by apparent supporters of Musk.
a ton of replies to dang's adminsitraviata comment are highjacking his "sticky" to coattail all their comments to the top, and the comments are generally right on the edge of being what dang's comment is trying to warn against.
I'd flag them all but fear that would appear heavy handed
My issue with this content on HN isn't that the conversation is sometimes garbage, which it is, but that it's overwhelmingly people repeating the same falsehoods that might, at best, have a kernel of truth, but have been blown out of proportion to the point of just being not-true. There is very little interest in actually taking a step backwards, challenging beliefs and the propaganda fed to us by corporate news channels owned by billionaires, and trying to objectively evaluate information without "so and so is literally worse than hitler" knee-jerk reactions. If people could actually steel-man (I hate that phrase) actions and have nuanced views, that would be interesting, but it's basically only anti-whatever people butting heads with any opinion that challenges their narrative at all.
If we end up with yet-another interchangeable flamewar about $BigTopic, that will only confirm that the flaggers were right'
No it won't. That would only be true if the flaggers were disinterested judges who never comment. You're projecting your desire for a good civil discussion onto them without considering the possibility that any of them could be flagging or commenting in bad faith, ie with a view to shaping the outcome of the discussion rather than optimizing the quality thereof.
I don't see how this kind of story is on-topic for HN. Yes, we all appreciate that HN is more than just a website for discussing garbage collection algorithms, graph algorithms, javascript frameworks, etc (i.e. computer science and programming) but isn't it meant to be about things that hackers would find interesting by virtue of being hackers?
My understanding of that broader topicality was that it was intended to capture things like science news ("Feynman's lectures have been published online for free" or "The Higgs Boson has been confirmed"), interesting posts and articles of other kinds (e.g. that series of posts of horror stories about dangerous chemical compounds - "why I will never work with supernitroglycerin" etc) and occasionally general news stories of such significance that ANYONE would want to discuss them (eg. Russian troops have invaded Ukraine).
That isn't what I am seeing here. There is now almost always general American political "news" on the front page. It isn't particularly newsworthy. It feels like the only reason it is here is that people here don't have anywhere else to discuss it because HN is one of the few decent forums left on the Web. But that doesn't make it on-topic, surely?
I often see you remove flags from posts. What's the point of having the flagging mechanism if you just remove them when people complain? You say there's interesting new information, but is everything that is interesting on-topic? Or is the test narrower: it should be interesting to hackers by virtue of their being hackers. I am sure this is interesting to many hackers that are also US political junkies (which I mean in a neutral way) but not because they are hackers.
@dang Considering how many are ready to label one of the “other side” as evil, I think it’s very irresponsible of you to allow articles about US politics in the front page, specially an article like this that it’s really an smearing attempt
It has been a fairly common story, and part rumor, that intelligence agencies like to recruit young people active in the cyber criminal scene, and that the IT security industry also adapted this approach. They basically becomes part informer and part subject expert, especially since IT security expertise seems to be a difficult subject matter to teach in universities. When I studied IT security in university, about 10 years ago, I heard multiple version of this several times, with one student from my university getting employed because they managed to demonstrate a hack on a bank.
I always hope that such recruits had a bit tighter surveillance from their employee, but no one in the industry describes such recruits as "highly susceptible to extortion and coercion from current members of the same gang", and absolutely no one described them as members of violent street gang. It might have been a fair label but at most, such teens were describe as smart but mischievous. Might not be the best people to be responsible for national security, or peoples bank accounts, but it seemed to be the culture of that industry.
Has other people in the IT security industry had the similar experience of this culture?
Yes, I've seen a number of people with criminal records hired. I don't really want to present my comment as an argument against every point Krebs made. I don't really have an opinion on whether the individual mentioned is a suitable hire.
But in infosec a lot of people probably got into it because 'hacking' is cool and glorified by the media. It's rebellious and appeals to a lot of teens I think. I don't think it's as serious as Krebs suggested that you could be extorted or compromised. It seems like it's just a bunch of inexperienced people in a discord channel. Soliciting a DDoS on there, to me, just seems like youthful nonsense. If you were actually in some kind of criminal hacking enterprise I bet you would know not to make mistakes like leaving a paper trail to your identity in a discord channel where you solicited a crime.
I haven't seen the people with criminal records for cyber crimes be less trustworthy in the industry. Some of them just made stupid mistakes when they were younger and sometimes dumb kids get way overcharged for cyber crimes. For the most part I think it's fine for kids to go through a phase where they think it's cool but they don't really know what they are doing. A lot of people have done that. A lot of 13 yr old kids on the internet have talked about hacking banks and things like that and they aren't all going to be in a gang. Another analogy is how a lot of people get into chemistry because they like blowing things up. Not all those people are terrorists.
> Some of them just made stupid mistakes when they were younger and sometimes dumb kids get way overcharged for cyber crimes. For the most part I think it's fine for kids to go through a phase where they think it's cool but they don't really know what they are doing.
I think a lot of the concern is that these kids aren't out of that phase yet.
There are numerous examples of American intelligence officials being turncoat because they were extorted and compromised. Compromise and extortion are the main things that spy agencies look for in turning people. It's all too common. This kid should be nowhere near federal databases or sensitive information on American citizens. How much background has DOGE done on him? With their 'Move Fast and Break Things' moniker, my guess is very little. You're also giving these kids access to huge swaths of sensitive information. Sure, intelligence agencies can recruit young hackers with shady backgrounds, but they are given narrow scopes to work with. And usually there's been some agreement that those individuals don't want to be black hats anymore.
People get clearances even if they've used hardcore drugs such as cocaine and various more serious crimes than computer crimes. The adjudication guides for clearances explain this in more detail. I have a friend who exploited RCE full-chain exploits on productions servers and used to DDoS. He got a TS/SCI clearance no problem and didn't even finish college. I interviewed too and admitted to that stuff. They cared more about me admitting to cheating in math at college lol.
TS/SCI clearance is a lot more about truthfulness. The adjudicators are looking for secrets that can be used as leverage. Publicly writing reviews for cannabis strains is not a risk. A Mormon secretly hiding alcoholic tendencies could be. I'm also told that owning foreign property is unfriendly countries, and debt are the other big reasons for clearance denial.
Maybe the US 3-letter agencies are a bit more forgiving, but when I worked in intelligence there were three deadly sins that would make you untouchable as a candidate:
- Drug use
- Financial crimes
- Close ties to hostile countries (China, Russia, Pakistan, Iran, North-Korea, etc.)
And at least in my country, it's not the intelligence agencies themselves that handle the security clearance, but rather a dedicated agency/authority that processes all the security clearances in the country.
Now, if you've never been arrested / charged / convicted on the two first points - who would know? I'm 100% some candidates would simply lie.
The difficult thing, at 19, is that a person has had zero time to at all demonstrate that they have put drugs and/or other criminal activities behind them.
These guys worked for SpaceX anyway, so it's pretty much guaranteed that they were already cleared even before joining DOGE.
A lot of speculation and guessing on this topic, which is surprising from news outlets which pride themselves on "facts" and "truth"... I'm not even mentioning the fact that revealing the names, handles, identities of employees and clearing saying that they have admin rights on systems X and Y, is in itself a serious breach of cybersecurity...
> that intelligence agencies like to recruit young people active in the cyber criminal scene
Just linking this back to the story, am I mistaken in saying that DOGE is not an intelligence agency? (It certainly is a great position to exfiltrate information however.)
DOGE is a renamed Obama-era agency called the US Digital Service. This group basically tackles IT needs for different departments, which is how Elon is able to weasel his way into any department he decides to target.
The perfect place to exfiltrate information and absolutely no need for this level of security skills there unless they intended to break into government systems they were not given access to by e.g. the courts.
I think the implication is that if the person concerned (dox-ed again by Krebs) would pass an intelligence agency review, they should be OK for fraud investigation.
> They basically becomes part informer and part subject expert, especially since IT security expertise seems to be a difficult subject matter to teach in universities.
I don't think the argument they can act as an informer for things going on inside government agencies works. They've never been on the inside.
And I don't see what it has to do with IT security. What are they doing that's security related? Isn't what they're claiming to be doing pretty much data analysis?
The only overlapping skill I can see is a willingness to exfiltrate data, if they're doing that, without giving consideration to the rules or consequences.
I think the difference is in the kind of positions the "second chance" people get hired to. They aren't put in positions where they could cause significant wide scale harm with no auditing or barriers.
The debate isn't whether he should go to jail. The debate is whether he should get a clearance for some of the most powerful access someone can possibly get. He's not suitable. Why can't Musk replace him? He's just a kid.
Because, like Trump, he values loyalty above all else? That's the reason why he reinstated that other guy who resigned after his extreme-right social media posts were unearthed (https://www.theguardian.com/us-news/2025/feb/07/musk-doge-st...). That's also the reason why Trump pardoned all January 6 rioters, even those convicted of violent crimes. If it's his people vs. some random cops, he will always favor his people.
"Suitable" depends on what the aim is. If this were a good faith effort to find "waste and fraud" then clearly not. But if the goal is to destroy the capacity of the government to place any restraints on enterprise (and in particular Musk's enterprises), and an assault on the rule of law in general, and the instantiation of a racist ideology, then he's ideal. The fact that they let him go in the first place was the surprising part as what he said was no worse than what many Trump appointees have done.
I see you are mixing up IT security jobs where you can hire „mischievous people” with IT admins.
I say 90% of security is admin work where one has access to various stuff.
Then you have red teams, pentesters, consultants- that don’t have ever privileged access to anything. They should find flaws and pass recommendations to IT admins. If they hack anything at all - it has to be outlined in scope and strictly monitored. For both sides protection as if „hacking person” doesn’t get blame for something he did not touch by him but at the same time someone pulled off something nasty.
I think you would be a bit surprised with both the university programs that teach it security, and also which companies that look to employ them.
IT security can be admins, it can be programmers that focus on exploit vunerbilities, it can be reverse engineers, it can be pentesters, it can be red teams, and it can be people with high domain knowledge in a very narrow field related to security. IT security is a very wide field.
IT security programs focuses a bit on everything, but as in my university, they gave the person responsible for the program a fairly free range to focus on what they thought was what the market wanted. Different universities will focus on different aspects.
The organizations that seek such employees are also quite wide. The military, the intelligence agency, large software companies, large companies with internet assets (like banks, but also game studios), government departments like the tax office, and then naturally we got all kind of IT security firms with red teams, pentesters, consultants and so on. A big hire of my class was also a network company developing network finger rules for deep packet inspections, which wanted people skilled with reverse engineering and decompiling (they may or may not have employed people who had experience cracking games).
I agree with you. When I was younger, I played a lot of Minecraft PVP servers, and for whatever reason these PVP servers cultivated a weird and toxic community of cyber criminals about them. For reference/star value, the recent headline of the kids stealing 200m in crypto via social engineering— I played with those very same people when I was younger. As in, the people who were sent to jail.
Their story repeats itself a dozen times over from my now-fragmented friend group from that time. Many young kids getting into ill-fated get rich quick schemes ranging from credit card fraud to refunding (mail fraud) all the way to sim swapping, blackmail, doxxing, and even real life violence and gang activity. A few of my earliest friends were just indicted for home invasions and armed robbery in some scheme to steal crypto. All of them from Minecraft, weirdly enough.
Anyways, those who didn’t end up in jail or “on the run” from participating in these stupid schemes, I tend to notice a common trend towards security related work. I know one guy who went from fraternizing with the same now-criminally-indicted people I hung around to working for the FBI’s cyber crimes unit (fitting, I guess). Another one now works with a defense contractor developing spyware, as far as I can tell. Many more work in different areas of cyber security and programming et al, including myself.
The cyber-crime adjacent to cyber security pipeline is very much so real.
Don't know about intellegence agencies but I got to know pentesters / red teamers at some large companiese, and they were cool but had a very unsavory side. Several times I found myself in conversations where they were admiting to serious crimes and unethical behavior. I suspect that you need to be passionate about wanting to do bad things if you want to be good at security.
Equating script kiddies to some genius cyberhackers worth recruiting is laughable when we literally have PHDs and 6 figure salary professionals willing to be recruited legally with zero baggage. Why are the top digital safety institutions hiring the very bottom of the barrel?
> Why are the top digital safety institutions hiring the very bottom of the barrel?
I don't know anything about "The Com" or top digital safety institutions.
But I do know that historically, some parts of hacker culture have drawn heavily from political theories of anti-authoritarianism, anarchism, and libertarianism.
If the authorities and rules intend that I not have access to something, and I have a fascination with bypassing that and getting access anyway, am I not subverting power structures in the most literal sense?
If large corporations believe they alone should control the software that runs on my printer, so that they can ensure only authentic supplies are used and premium features are only available on premium devices, while I believe every user should be able to modify their printer's software and behaviour without limit, including to bypass such restrictions - is this not an anarchist stance, opposing coercion and mechanisms that perpetuate control?
If the exploit-discovering side of cybersecurity is inherently anti-authority, recruiting people who've never defied an authority in their life might not be the best move.
Those kids make good "experts" in thier narrow fields, but that doesnt last long. They are generally not effective leaders, thier usefullness drying up as the state of the art moves on. Some grow up and learn how to operate as leaders in a corporate or government environment, but most burn out once they meet the next generation of golden childs.
That's actually ok in a military context. Most kids right out of highschool dont serve more than a handfull of years. Then they are the corporate world's problem.
They are not considered experts in their fields. They are not senior in their fields, so that criteria is already off the table, eg, how to deal with legacy, production, and high sensitivity systems in regulated environments. (There are COBOL servers there!) Data science and accounting are fields too, so not sure why that is ignored. So that leaves junior criteria. I taught in one of the depts of one of 'the better' ones, and his peers are publicly lauding him with laughable examples of 'excellence' -- nowhere close to examples we use for describing top students.
They sound like regular A/B-grade CS students: unproven new grads. Motivated and high-energy, yes, which is sensible for a junior low-trust role if they pass other basics like references and criminal checks. At our current company, we would not have hired several of them in our entry roles due to the obvious issues that our routine diligence would surface (in recent work history: associating with criminals & criminal orgs, repeat googleable public displays of racism, etc). And the rest, for likely not being at the level of top students applying to us, irrespective of evaluating on academics vs DIY. Their examples would need to be significantly more compelling to change the conversation.
If these hires exist (and I'm doubtful they do, at least at any scale beyond "this one kid is an actual genius!"), are they then given the "keys to the kingdom"? Musk/Trump wanted this kid to have what amounts to superuser access to the government purse, which is unheard of for any new hire, let alone one with this kid's background.
I’d also distinguish between the hacker to gets access to a forbidden system out of curiosity or for a challenge, from a person who pays a ddos service to attack someone they don’t like (one of the accused actions of this kid).
The latter displays no competency in hacking or cybersecurity, only the attempt to harm another.
My concern in their access to secure government systems is not their hacking competency (which has not been demonstrated), but their sociopathy which has.
Sociopathy is a very strong word, but they do show a pattern of criminal and anti-social behavior. This is not too uncommon in teens, and many young problem kids reform into good members of society either by being shown consequences for their negative behavior, or more or less naturally "mellowing out".
The issue here is that these kids seem to fail upwards, and as you say, get rewarded for anti-social behavior, which sets them on a terrible path for the future. In the Com chat log shared in the article, they made fun of Edward Coristine for his complete lack of programming skills, and the other "doxxed" members of the DOGE team have some smaller projects online as well. If that's the kind of code SpaceX and Tesla run on, I'd give all of their projects a very wide berth.
while I agree there's typically a big event where the state has incredible leverage over the subject that is part of the flip. As far as we can see in this story; there is no leverage. So for all we know this guy is doing what he did in his last job and selling secrets gained working here to competitors.
Imagine if DOGE feeds all the data they get their hands on into an LLM and he sells a copy of that to a foreign nation, allowing any other government a text-based interface to ask any questions of any of the internal workings of the US administration, government, citizens or even some of its secrets.
Even without the leverage, I think that former teenage hackers turned pentesters or three-letter-agency adjuncts are hired for specific skills on the understanding they're being watched and they're probably not getting access to much more than a sandbox or adversary data and the money and freedom's all in scrupulously obeying the rules
That feels a little different to hiring people with cracking credentials for auditing jobs, giving them full access to extensive government records (and possibly the right to backdoor them) in a move fast break things environment on the understanding that they're probably above the law and they're less likely to be punished than anyone barring their way.
I doubt the success rate of converting teenage tearaways to scrupulous white hats in boring businesses is 100% either....
Good reporting here. Clarifies why the kid was fired for leaking documents - it was specifically for leaking internal corporate documents to a competitor.
The details about cybercrime discords involved in SWATting and DDOS attacks are fascinating.
The idea that anyone involved in this would be fast-tracked for a clearance is beyond the pale.
He was in the com chat, which is a domestic tier one threat. There is no way any fast-tracking would solve this, unless monsieur big balls is an American spy, when in reality he's an overly caffeinated kid who has no idea how bad he's screwing up his, and while we're at it our country's, future.
I personally think it says volumes about how those in the Trump-Musk group (Musk group?) see this. They see the task as infiltrating an adversary, requiring someone with the technical skills to do so but who is also disposable. This in their mind is not about improving anything in the government for citizens, or with regard to US interests, it's about gaining access to a hostile entity without regard to their interests or the long-term interests of the persons actually doing the activity. It doesn't matter if they compromise US security, because the US is a hostile adversary, and they don't want to deal with people who might hesitate because of families or a reputation to uphold. If this person gets in trouble for security breaches or racism or whatever, they just fire them and replace them with another 19 year old with nothing left to lose and/or plenty of time left to go another path later.
The problem here is having such activities in his past makes him an exploitable by criminal organizations or foreign adversaries who would seek the sensitive information he now has access to.
Or indeed that they are a hostile adversary to the US who have achieved some successes adversarial to the US.
I feel like from the perspective of the US, if we frame this conflict/battle for control of US services and computer systems, we needn't say 'the US is a hostile adversary'. It's fair to frame it as 'the US is the US, and the people seizing control of the systems against the interests of the US are hostile adversaries of the US'.
The specifics of who they're working for, how, why etc. can still be up for speculation or further discovery, but we needn't frame it as 'perhaps the US is actually the enemy and Musk's people are actually the liberators'.
> They see the task as infiltrating an adversary, requiring someone with the technical skills to do so but who is also disposable.
People who have had access to that kind of data, and who have those kinds of skills, you'd better be careful about how you dispose of them. (Consider the term "blowback".)
This assumes that leaking is a compulsive behavior. The federal government has stronger incentives to offer for not leaking information. Getting fired is nothing.
Eh, I think "stealing is bad" is a plenty sufficient rationale for the vast majority of people not to engage in this type of behavior regardless of what kind of threats people dangle over their head.
Obviously this kid would reasonably expect to get a pardon for any law he breaks anyway so long as he breaks it in service of the cult.
> the DOGE teen is a former denizen of ‘The Com,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration
To be honest, this is my first time hearing about The Com. Does anyone have any more reading on this? You'd think they'd use something more secure than Discord (which has 0 encryption) and Telegram which doesn't have encryption by default and whose gov't backdoor is basically an open secret[0]
> Violent online groups are targeting and manipulating vulnerable children and young people across widely accessible online platforms. There are multiple groups, associations and evolving subgroups that make up the online network known as The Com – short for community. The Com is a virtual community of groups and individuals who conduct illicit activities that glorify serious violence, cruelty, and gore.
> Elements of The Com network are known to have extreme ideological views and victimise children, coercing them to commit violent acts. Predators groom their victims through different methods – one approach is establishing friendships based on trust or romantic relationships. Another technique involves the use of power or coercive tactics with one goal – taking control over the victims, while getting them to engage in serious violence, self-harm, or other gruesome. It’s a vicious cycle - the predators in this network influence children or young people into conducting acts that increasingly shame, incriminate, or isolate them, this in turn makes them more vulnerable to further exploitation.
> The child sextortion group 764 and the global collective of loosely associated groups known as “The Com” are using tools and techniques normally used for financially motivated cybercrime tactics — such as SIM swapping, IP grabbing and social engineering — to commit violent crimes, according to exclusive law enforcement and intelligence reports reviewed by CyberScoop.
> The reports offer insight into the underbelly of the global network, showing how they are using traditional cybercriminal tools to identify, target, groom, extort, and cause physical and psychological harm to victims as young as 10. They were shared with police nationwide and in some cases, with foreign-allied governments.
The Com is just a general term for crime communities on the Internet. Its not a specific group. The Com includes groups that commit crimes stretching from cybercrime to literally the worst crimes you can think of and the vast majority of this is done on Discord and Telegram.
You can go down a really dark rabbit hole if you really dig deep into some of these groups within The Com.
This is where the worst of the worst spend all their time.
So is "The Com" an actual distinct concept that exists outside of security blogs, or is it more or less the same as "the scene" is used in other communities—just a generic term for all the unaffiliated people who happen to participate in a particular (in this case nefarious) hobby?
The way Krebs uses this first makes it sound like The Com is the name of a specific gang, but when I dig into the details the definition gets really fuzzy and starts to read like it literally just means "English speaking cybercriminals".
If it's the latter, I'm not sure why we need a name for it.
To what degree is this common knowledge? After 20 years of being highly online I'm surprised to be so blindsided. Not that I work in security or anything.
no it isn't. What a blind take. As someone who has ventured down these forums when I was younger. Its a mix of gamers/programmers/online hustlers. Some of it is grey area, some if it is renting out RDP's/VPNS for malicious users acting as middlemen for the criminals.
The mob mentality of rule following software engineers on here who are throwing out the accusation that these are all hardened criminals that want to burn down society here are a testament to the fact that hackernews is a cesspool of careerists. If you haven't ventured down these, I would even argue that you've no idea how the internet actually functions outside of your usual entertainment holes.
but the question is why operate on such insecure, backdoored, government friendly platforms? if they're smart enough to commit cybercrimes, why make such a basic opsec blunder? or are the skiddie tiers of these networks all that's visible/accessible to reporters?
When I was a teen these types hung out on IRC and even AOL in chatrooms like "progs" to trade credit card numbers. Young people and operational security doesn't exist.
>Young people and operational security doesn't exist.
If I had PII in the systems they have access to I would be concerned. How long until someone gets spear phished or malware is installed on their presumably non-compliant systems? There's a reason why big corps spend significantly on security training for new grads.
Discord is very popular with skiddies and real criminal organizations alike. It's got pretty basic KYC controls in place, meaning essentially anyone with just an email can sign up. It can be accessed from behind VPNs without any issues, so effectively it doesn't matter that it's not e2e encrypted.
I feel that discord the company probably let's it slide because:
1. Moderation at scale is incredibly difficult.
2. They work with law enforcement agencies to execute warrants and subpoenas.
I've been mistakenly banned from Discord before and I know from experience that pretty much any low level mod has a complete and readibly accessible history of all of my posts across all servers complete with timestamps and IP addresses
I'm also pretty sure phone number are required for sign up
I think your second point is the more likely explanation. Any other platform that would've hosted this many communities dedicated to drugs, cybercrime, etc would definitely have faced serious legal challenges. It seems much more likely that feds find it a useful platform to keep around
I still don't get how Discord can be secure - I suspect it can't. Just the fact that the forums are persistent, and controlled by a third party, and the client is closed source means people on there can be compromised at any point incredibly easily, VPN or not.
Just something as simple as using a cookie or local storage can leave permanent traces behind so all the access can be easily correllated.
I'm not even sure if serious infosec measures exist to stop this, and if they do, someone is bound to slip up and they need to do it just once, and expose the whole chatroom.
I'm not a hacker but this sounds like failing Opsec 101, and people getting by just with sheer luck.
> It can be accessed from behind VPNs without any issues, so effectively it doesn't matter that it's not e2e encrypted.
How do these two things correlate? I thought the benefit of E2E encryption is the fact that no one can decrypt your messages except for the participants in the conversation. There’s no keys anywhere on a server that an admin could use to decrypt the conversation. How would being behind a VPN negate that? The VPN still has to go through Discord servers where a key is presumably stored if the information is encrypted at all.
This info seems very outdated. Creating a discord account from even a residential IP without SMS KYC is from my experience basically impossible, they even block most (all?) sms VOIP services.
I recommend Marc-André Argentino's research on the Com; he's a conspiracy researcher who got his PhD on QAnon. He leans left, if that's a factor for you.
That piece doesn't get specific at all about Com activities but be aware that some of the manifestos and other material he discusses is quite disturbing.
He cites same journalist Krebs that has no cybersecurity background. Even Marc-André Argentino himself is a master of arts in theology and not a real cybersecurity specialist.
He worked in contact with Musk and his sponsorship to create this tool
Interesting cybercrime research credentials
Yes there's not evidence available that this research was used for crime, just that the project is capable of what's described and that it was done under Musk's sponsorship and that he was hired after building this in contact with Musk
This does not strike me as nefarious in any way and there is a really valid reason for generating the ballot images -- testing, which is exactly how it is used in the project.
Another legitimate use would be research to demonstrate vulnerabilities in support of a return to paper ballots. Ed Felten and many others have been arguing this for years.
Yeah— when I needed to test an integration with a cash recycler of the kind found in atms I asked if there were any fake or test bills I could use. It’s a reasonable thing to do in embedded systems, and frankly you’d be surprised at what tools are out there and how hard they would be to actually use the way you say. Physical controls are paramount in this case.
Yup, there are election conspiracy theorists on the left too. I ran into a few on Bluesky, and after a conversation, they were realizing the evidence they wanted to believe in was quite thin and that they should hold off on such strong beliefs
The question no one asking is why Elon is sending a team of teenage programmers and not a team of financial auditors if he really wanted to cut government spending?
Reporting on this is terrible. There are also senior (in age and experience) people, but much of the focus is on the youngins for obvious reasons.
Musk also believes (either arrogance, or true belief) that much of this stuff can be figured out from first principals without much need of traditional experts.
As a side note: that is very similar to how a consulting team would operate. Very young (inexperienced) team on the ground + senior people flying in from time to time.
I think that's generous. He is chopping entire departments after scooping up all their data. He doesn't seem to be doing any analysis at all. And a lot of his public statements have been patently false.
Touting “first principals” is a way of revealing “I’m too dumb to understand other people’s work.” Like if you can’t understand higher level concepts and have to start on your own from Euclid, it just means you aren’t very smart but think you can be another Maxwell just by thinkin’ real hard. It’s a joke.
Auditors take time and are boring. Auditors measure performance against rules and goals — this is about discarding the rules and goals. The point of this is chaos and power.
Elon has contempt for rules and laws. Blame the fuckups on the deep state or whatever. He will run wild until the president cuts off his head.
USAID was the most resistant to an audit which is why they’re getting scrutinized early. Trump literally said today on an interview aired before the superbowl that a department of defense audit is coming up and he expects it to turn up billions to hundreds of billions in waste.
I don't quite understand how they are gaining the access credentials required? Where I work, it takes days to onboard people, through standard processes. Whats happening in this case.
Given the highly volatile, and legally gray, situation; I'd expect the front line people who usually grant access are at least flagging these requests to their boss, who flags to their boss etc. Is everyone up the chain just giving a shrug and saying "seems legit, give them the access".
Of course people don't want to loose their jobs, but I would have expected someone in a senior leadership position to take a stand in preventing this (unless their all on board?)
People mentioned Elon's DOGE team is about 200 people including lawyers and accountants. I am guessing the focus on the 6 youngsters is mainly because here's a bunch of former Deloitte lawyers/accountants is not a newsworthy thing to focus on especially if your angle is to discredit the effort.
You're telling me 200 ALLEGED adult professionals are involved in a scheme where some 19 year old cybercriminal has access to classified nuclear weapons systems as if that's any indication of a better situation than critics allege and you think you've got sober and thoughtful take to offer on this situation, do you?
Just look in this thread for how many posters here are 100% certain that irreparable damage is being done - because they want to feel mad.
There is no proof of anything bad. Regardless how many people want that to be false, oddly.
So I guess tough to not think that the worldwide media that has been receiving government money would be mad and willing to focus on ”a handful of 20 year olds” as a means to discredit.
What I find strange is that it’s working so well. So many people here KNOW so much that hasn’t been reported or happened.
Cause these can get access to things Elon wants access to and will do what Elon wants. Musk does not want audit, he wants someone who will find exactly what Musk wants him to find and wont worry about legality or rules.
Musk is not concerned with producing false accusation for example. Obviously he could find corrupt auditors and probably did, but those are slower. They take more time to produce what was asked from them.
There is a claim that many federal payments do not have information necessary for traditional financial audits. Maybe a team of forensic auditors would be more apt?
Given how transparent government spending is and how frequently it’s audited, I think that’s begging the question of how scientific that claim is. The DoD is the only federal agency which hasn’t been able to have a clean audit[1] so it would be reasonable to question them – taking into consideration their unusual size and distribution, of course – but that doesn’t say anything about the rest of the government, or even distinguish between issues with payments vs. things like physical inventory when you have thousands of facilities around the world.
The question no one is asking is why does the federal government have so much "sensitive data" on it's citizens in the first place?
When you build a machine like this you should ask, "would I be comfortable if my political opposites had control of this?" If the answer is no, then you DON'T BUILD IT.
Meanwhile someone goes in there to try to break up this 30 year pile of technical debt and it's all lawsuits and handwaving theatrics to try to stop it.
The NIH and CDC have incredibly detailed medical event data for infectious diseases, cancer diagnoses, and death certificates (which have a ton of data beyond "John Doe of New York City died of such and such on such and such date." It's how we have incredibly effective epidemiologists. Hospitals and non-profits use the data published by the government to make large decisions about equipment purchases, types of staff to hire, and community health programs to run.
All the government professionals I've met who work with that data are very careful with it. The guiding star is "Never let anyone use our data to find out something about any individual. Then, if you still can, publish someone useful."
>Meanwhile someone goes in there to try to break up this 30 year pile of technical debt and it's all lawsuits and handwaving theatrics to try to stop it.
They only had to get security clearances and follow the Constitution. Clearances are routine, so shouldn't be a problem (unless the person being cleared is a problem). The Republicans control all branches of government, and cost-cutting is very popular among all voters, so writing a better budget is possible. Things won't collapse if they work on it until before the midterm elections. It just seems like Trump is testing how far he can walk along the path to tyranny.
Maybe it's a question of wording, but I would agree if the word were "inexperienced" instead of teenage (in reality, they are young adults).
I have no horse in this DOGE race and all the discussions, but I find this "reverse ageism" (for lack of a better term) quite sad, 'cause it does not sound condescending but infantilizes youth and hides one of the biggest elephants in the room in the modern world, which is the real lack of representation of youth in politics (and maybe in the public service?) [1][2].
I was a 19-year-old holding an assault weapon in my daily work in the military with the power to terminate the lives of almost 99.99% civilians, friends with 23 starting piloting USD 5 million machines, and it's just sad to see that we as a society do not see young adults as capable as their older counterparts.
I speculate that at least in Europe, due to this credibility bias in favor of older politicians, we are facing one of the biggest violations of the intergenerational pact, which is the fact that this same youth will end up without retirement [3].
You’re not wrong, but there is also wisdom in age. I’m 37 now, and got in plenty of similar trouble when I was 16-22, simply because my brain literally was not fully developed yet. My impulse control was worse, my consideration of consequences was much less existent, and so on.
I think the reaction is more about wanting some older adults in the room as well, not about having no younger adults in the room.
Younger people always want to knock down Chesterton’s fences whenever they see them; I know, because I was recently young.
But asking the elders why those fences exist is always a good idea; then, knock them down if the issue is resolved. Humility and curiosity are required for that.
I would trust 19 years old soldier with an assault weapon more then trusting him with what DOGE is supposed to do. Soldiers passed training literally designed to make them obey orders and not randomly shoot that gun. And there is whole hierarchy designed to keep their use of assault guns in check.
I would not trust a random 19 years old with assault gun, I would not trust that guy if we were alone in the room where his superiors do not see. But, I would be afraid of him raping me more then him using that gun without order.
> I was a 19-year-old holding an assault weapon in my daily work in the military with the power to terminate the lives of almost 99.99% civilians, friends with 23 starting piloting USD 5 million machines, and it's just sad to see that we as a society do not see young adults as capable as their older counterparts.
Who would you trust more, a teenager with active military training and awareness on how to handle a gun or a teenager picking up a gun off the floor for the first time?
If these teens all had followed proper protocol, went through a full security clearance process and training on how to handle sensitive data there would be no issue. They did not. And they are definitely not old enough to have had experience dealing with highly sensitive systems. So you've got people that are not qualified to handle data, working on systems they are not experienced enough to work in, kicking over load-bearing pillars that they can't see.
you're probably being dowvoted because there are thousand of regulations and a multi year program exclusively made to educate young soldiers, besides giving them guns.
your argument starts well, but then compares the top well behaved military machine with a war lord arming children and throwing them on the front.
Yeah, there is a trend towards an absurd infantilization that would call 26 year olds children. It seems to me to have grown first out of a desire to acquit themselves of responsibilities combined with the junk pop-science about brain age fully forming and a desire to acquit themselves of poor decision making and their own bad outcomes, and then later used as they grew older use to dismiss others.
The answer to that question is that Elon Musk does not seem to believe that the government departments can answer data questions. Rather than wait for them to inevitably say it will take weeks to gather the data, he has his war boys extract it from the system.
One might as well ask "if you want to stop HIV/AIDS in Africa why pay a bunch of young kids with international relations degrees instead of AIDS researchers". Grunt work takes grunt effort.
Because the media machine is spinning it all about the "teenagers", rather than doing actual investigative journalism and asking the right questions and assuming good-faith. So now instead of going to a DOGE rep and asking sane questions that illuminate the conversation and bring more info to light, they ask spin and hype-inducing ones like "There have been some criticisms from government senators about your alleged hiring of young individuals without security clearance, care to comment on that? What do you say to the concerns 'many' are having over granting such privileged access to un-accountable and non-departmental employees?"
it all mirrors the Twitter takeover (fetishizing "hardcore coders", micromanagement, randomly breaking or cancelling things), so this might just be how Elon Musk approaches things.
> The question no one asking is why Elon is sending a team of teenage programmers and not a team of financial auditors if he really wanted to cut government spending?
If it's working, why would it matter? The most curious thing in all these discussions is that the elephant in the room is never addressed: they already found on hundreds of billions of pure fraud and funding for extremely dubious endeavors.
But nobody talks about that: everybody attacks the messenger. Everywhere.
Are people not happy that the fraud team already uncovered the following:
USAID fund diverted to the Clinton family, part of which funded a $3m for Chelsea Clinton's wedding and $10m for Chelsea Clinton's mansion.
$41m to study transgender mice
$3m to BBC (seriously, what? BBC in the UK? With US taxpayers dollars? Why? To push what kind of narrative?)
$8m to the supposedly independent "Politico"
$40m+ to EcoHealthAlliance to fund gain-of-function on modified bat viruses (moreover now official report to Congress says the most likely source for the Covid-19 outbreak is a lab-leak: so we have USAID partially responsible for the *death of tens of millions of people*
$20m for a "Sesame Street" show in Iraq
$110m to find water in Afghanistan
funding of a movie in Portugal glorifying incest
countless NGOs worldwide who got funded by USAID and who constantly pushed for tens of millions of illegal migrants to make their way both to the US and the EU (now you may believe it's a good thing that countless NGOs do actively work towards migrating tens of millions of people to the US and the EU but *why* is this done with US taxpayers' money?)
The examples are endless and yet everybody shoots the messenger. If out of hundreds of dubious endeavour (money to publish trans book for children in Guatemala: I mean, come on guys), if one happens to be justified spending or a wrongly attributed spending, then people will focus on that to attack DOGE.
But the elephant in the room is constantly dodged: why? The elephant in the room is there. And it's a gigantic elephant.
Why is it that to some, like me, it looks like USAID (and certainly more with more revelations to come) is basically a gigantic money laundering operation combined with the push of a worldwide leftist agenda?
And the curious thing: people keep crying "attack on democracy" although DOGE keeps exposing, day after day, actual attacks on democracy, where US taxpayers dollar were used to fund a leftist agenda.
To me DOGE is doing something right. Instead of shooting the messenger, discuss the actual findings they already did.
Explain to me how you defend $40m+ going to fund gain-of-function bat viruses and how you defend Biden pardoning Fauci who lied about it in Congress? Because that's what DOGE is exposing.
Your list of "already uncovered" fraud seems more like a list of RW hot-buttons: Clintons - check. Transgender - check. Various lame-stream media - check. Covid bats - check. Muslims - check. Incest movies - check. I'm just surprised they haven't turned up the payments for the NASA movie studio where they faked the moon landings.
But not a single administrator skimming off their department's budgets, which I would imagine is 90% of government fraud.
Also no-one is shooting the messenger. Mainly they are complaining that completely unauthorised people are rooting through all government data with no oversight. No matter what your politics, the president should have got these people vetted and followed the carefully designed processes to keep this data safe. If you're not seriously concerned that one day your tax info is going to turn up in an unsecured AWS bucket, then I can offer you a unique video of out-takes of Neil Armstrong falling off the LEM ladder for just $5,000.
You appear to believe those things are true, but consider what evidence you actually have beyond social media claims. For example, the very first one has been circulating in right-wing social media but we don’t have any evidence that it’s actually true:
The second similarly wasn’t a DOGE find and is vaguely sourced because it was from Nancy Mace’s political fundraising and there’s a direct financial incentive to misrepresent what was actually funded. If you read the actual grants, they’re studying things like gender-based differences in how wounds heal or whether transgender people have different responses to things like HIV vaccination or other medical treatments - and unless your position is that transgender people shouldn’t exist, it’s hard to argue that a tiny fraction of a percent of government spending going to medical research is fraud.
Similarly, there is still no evidence that COVID was caused by gain of function research even if it would be really useful politically.
Finally, not understanding why the United States invests money building influence internationally is not fraud. We spent trillions invading Iraq and Afghanistan, it’s profoundly unsurprising that we spent money trying to improve our reputation in those countries.
Have the people telling you these things put any effort into making them independently verifiable? That would be an important early step in any kind of transparency effort.
People are not shooting the messenger. The messenger has no credibility, and no demonstrated interest in earning it as long as they can hold power otherwise.
Seems like your first point is "fake news" as they say?
So it seems like its not working, what info we do get is false or slanted to support a narrative. Social media posts are making people hysterical. It's not clear why your other 7 bullet points are things to be concerned about. As you pointed out a few times, we don't have context into these deals. Your jumping to conclusions assuming the worst for some reason.
> DOGE keeps exposing, day after day, actual attacks on democracy, where US taxpayers dollar were used to fund a leftist agenda
That’s… normal? Just because you don’t like a leftist agenda doesn’t mean it’s an attack on democracy. You might be surprised to hear that those leftist presidents were actually democratically elected. Much like, as much as it pains me to say it, Trump.
> To me DOGE is doing something right. Instead of shooting the messenger, discuss the actual findings they already did.
> $110m to find water in Afghanistan
I assume that's the same as the whitehouse.gov [1] talking point:
> Hundreds of millions of dollars to fund “irrigation canals, farming equipment, and even fertilizer used to support the unprecedented poppy cultivation and heroin production in Afghanistan,” benefiting the Taliban
The source they link for that is a Breitbart article [2] from 2018 and it talks about 20 year old project that ran for 3 years.
> Between 2005 and 2008, the U.S. Agency for International Development (USAID) devoted at least $330 million in funding to failed ADP projects intended to deter farmers and traffickers from cultivating and trafficking opium.
During the $2+ trillion war in Afghanistan, the US government tried to spend $330 million to damage the Taliban's primary source of revenue. It didn't work and the funding stopped in 2008.
The DOGE "proof" of waste is a 7 year old news article talking about a 20 year old program that only ran for 3 years while George W Bush was the president.
That's the only big number in their official statement regarding the waste. They're going 20 years into the past and once you throw out the dubious claim above, the "waste" they're saying exists is a few million dollars. They didn't even put the $8 million Politico thing on whitehouse.gov because it's been debunked too.
A couple million dollars in waste for an organization that distributes about $44 billion [3] in foreign aid every year is a giant nothing burger and American's are eating it up like it's kobe beef.
> everybody attacks the messenger
He's not the messenger. He's the source of the misinformation.
You're just regurgitating conspiracy theories and political nonsense from the right.
For example: '$8m to the supposedly independent "Politico"' is for subscriptions. So what? The rest is the same sort of nonsense: innuendo, smears and outright lies.
this just exposes the double standard and agism in tech industries. in tech, a lot of companies won't hire you in technical roles or as programmer because you're over 40.
a lot of doge/elon's team is from the various tech companies he owns, so of course, they're going to be teenagers and senior people are pretty much laid off.
think about the next tech layoff you hear in the news (facebook/meta, etc) and think about what portion of the layoff is younger than 20 and what portion are older than 40.
When we think about what tasks bright young people can become good at, I think auditing flows of money is one of them. It's a technical task with objective results, and a tight feedback cycle. The places where you need age and experience are like resolving interpersonal conflict, balancing interests from many stakeholders, setting up objectives for others to follow, etc.
So to me this argument sounds the same as "how can young kids think they can program like experienced engineers".
Another answer is that financial auditors don't have ALL the technical skill for this scope of project. Light SQL skills tend to be the upper end of technical accounting (many workers on a project is good for corporate billing). Reports indicate Doge is employing graph analysis, LLMs, etc.
Getting the data looks like a SW problem perfect for young people. I have no evidence that this how the organization functions, but I can imagine them as technical analysts, who simply pass information to higher ups who do have organizational experience.
This is just someone who took Coristine's previous handle [0]. That post was made 1 day after the WIRED article revealing his handle. Lots of conspiracies around election stealing going round (and sadly, quite prevalent in some corners of Bluesky), don't fall for it!
Can anyone recommend a journalist who is reporting the facts of what’s happening on this subject?
From what I can tell, it’s widely been reported that
- Elon Musk was allowed into the Department of Education
- “Big Balls” accessed Treasury computers
- etc…
But I have not been able to find any first person testimony that confirms those statements.
From what I can tell Tom Krause is actually the one who was given access by Treasury Secretary Scott Bessent. And Tom Krause is an employee of the Treasury and has security clearance.
I see a lot of people claiming there was some sort of illegal access, but I would love to read a source that explains exactly who accessed exactly what system improperly.
I don't think you're going to find any on-he-record first person testimony. It's going to be unnamed government officials, or front-line government employees who are talking to reporters and providing information without direct attribution
The two confirmed people are Krause and Elez. Elez briefly resigned after his extremely racist tweets surfaced but is back at DOGE now. Krause has only been a treasury employee for 7 business hours as of now but has been on the task for much longer than that.
Readit News
Rather, we want curious conversation. I know that's not so easy when a situation is intense, infuriating, frightening, distressing, and so on. But we need to protect this site for its specific mandate—which is fragile at the best of times—so please make the effort.
As some of you know, this article was posted a dozen times and immediately flagkilled by users. I turned the flags off on this one because there's interesting new information in the story. But now it's up to the commenters to prove that was a good decision by co-creating a discussion that is interesting, curious, and has to do with the specifics of the article.
If we end up with yet-another interchangeable flamewar about $BigTopic, that will only confirm that the flaggers were right, so those of you who want fewer of these threads to be flagged have a particular interest in sticking to the intended spirit of the site and proving that a substantively different discusson is possible.
Edit: if you want to reply to this, please uncollapse the child comment below and reply there. Your views are welcome! I just also want to conserve space at the top of the thread.
This is a stub comment so we have a single root to collapse the replies. This way (1) replies can stay close to their parent (the top comment) without flooding the screen with offtopicness; and (2) we can all re-experience the timeless truth of https://en.wikipedia.org/wiki/Fundamental_theorem_of_softwar....
If you want to reply, reply here. I've moved all the original replies back so everyone's on the same playing field.
First I want to thank you for the tireless job of moderating this form, it is really the thing that keeps it as a special place on the internet.
I genuinely wanted to ask if you feel out of depth on moderating the current and upcoming news on both the US and AI.
Both feel like we are heading towards things many of us have not experienced in our lives.
How do you find your previous moderation experience is leading you in the current environment?
That's because HN appears to be disturbingly pro-trump and they seem to organize to flagkill anything "negative".
You really should look into organized flagkilling.
You have earned my respect, dang, but this is hardly an "interchangeable flamewar".
What is happening is frankly beyond anything we have ever seen before in the history of the country.
Having looked around, probably around 80% of comments are mostly uninteresting/partisanship (though a fair few of those combine the mud slinging with an interesting fact or argument, which complicates categorization).
(Aside: One of the issues for me is that on high emotion topics like this I can't take people's word for things as much as in a usual thread, it just becomes visual noise)
Deleted Comment
We'd love to have the sort of useful discussion you're aiming for, but all new discussions that reference Musk are being systematically flagged by apparent supporters of Musk.
We're being censored.
I'd flag them all but fear that would appear heavy handed
No it won't. That would only be true if the flaggers were disinterested judges who never comment. You're projecting your desire for a good civil discussion onto them without considering the possibility that any of them could be flagging or commenting in bad faith, ie with a view to shaping the outcome of the discussion rather than optimizing the quality thereof.
Dead Comment
My understanding of that broader topicality was that it was intended to capture things like science news ("Feynman's lectures have been published online for free" or "The Higgs Boson has been confirmed"), interesting posts and articles of other kinds (e.g. that series of posts of horror stories about dangerous chemical compounds - "why I will never work with supernitroglycerin" etc) and occasionally general news stories of such significance that ANYONE would want to discuss them (eg. Russian troops have invaded Ukraine).
That isn't what I am seeing here. There is now almost always general American political "news" on the front page. It isn't particularly newsworthy. It feels like the only reason it is here is that people here don't have anywhere else to discuss it because HN is one of the few decent forums left on the Web. But that doesn't make it on-topic, surely?
I often see you remove flags from posts. What's the point of having the flagging mechanism if you just remove them when people complain? You say there's interesting new information, but is everything that is interesting on-topic? Or is the test narrower: it should be interesting to hackers by virtue of their being hackers. I am sure this is interesting to many hackers that are also US political junkies (which I mean in a neutral way) but not because they are hackers.
Do you see what I mean?
https://news.ycombinator.com/item?id=42933391
I always hope that such recruits had a bit tighter surveillance from their employee, but no one in the industry describes such recruits as "highly susceptible to extortion and coercion from current members of the same gang", and absolutely no one described them as members of violent street gang. It might have been a fair label but at most, such teens were describe as smart but mischievous. Might not be the best people to be responsible for national security, or peoples bank accounts, but it seemed to be the culture of that industry.
Has other people in the IT security industry had the similar experience of this culture?
But in infosec a lot of people probably got into it because 'hacking' is cool and glorified by the media. It's rebellious and appeals to a lot of teens I think. I don't think it's as serious as Krebs suggested that you could be extorted or compromised. It seems like it's just a bunch of inexperienced people in a discord channel. Soliciting a DDoS on there, to me, just seems like youthful nonsense. If you were actually in some kind of criminal hacking enterprise I bet you would know not to make mistakes like leaving a paper trail to your identity in a discord channel where you solicited a crime.
I haven't seen the people with criminal records for cyber crimes be less trustworthy in the industry. Some of them just made stupid mistakes when they were younger and sometimes dumb kids get way overcharged for cyber crimes. For the most part I think it's fine for kids to go through a phase where they think it's cool but they don't really know what they are doing. A lot of people have done that. A lot of 13 yr old kids on the internet have talked about hacking banks and things like that and they aren't all going to be in a gang. Another analogy is how a lot of people get into chemistry because they like blowing things up. Not all those people are terrorists.
I think a lot of the concern is that these kids aren't out of that phase yet.
IMO intent matters, if they access a bank DB as a skill test (and disclose the hack to the bank) that's fine.
If they're taking a hospital offline for giggles they should get a record.
- Drug use
- Financial crimes
- Close ties to hostile countries (China, Russia, Pakistan, Iran, North-Korea, etc.)
And at least in my country, it's not the intelligence agencies themselves that handle the security clearance, but rather a dedicated agency/authority that processes all the security clearances in the country.
Now, if you've never been arrested / charged / convicted on the two first points - who would know? I'm 100% some candidates would simply lie.
A lot of speculation and guessing on this topic, which is surprising from news outlets which pride themselves on "facts" and "truth"... I'm not even mentioning the fact that revealing the names, handles, identities of employees and clearing saying that they have admin rights on systems X and Y, is in itself a serious breach of cybersecurity...
Just linking this back to the story, am I mistaken in saying that DOGE is not an intelligence agency? (It certainly is a great position to exfiltrate information however.)
I don't think the argument they can act as an informer for things going on inside government agencies works. They've never been on the inside.
And I don't see what it has to do with IT security. What are they doing that's security related? Isn't what they're claiming to be doing pretty much data analysis?
The only overlapping skill I can see is a willingness to exfiltrate data, if they're doing that, without giving consideration to the rules or consequences.
The debate isn't whether he should go to jail. The debate is whether he should get a clearance for some of the most powerful access someone can possibly get. He's not suitable. Why can't Musk replace him? He's just a kid.
Because, like Trump, he values loyalty above all else? That's the reason why he reinstated that other guy who resigned after his extreme-right social media posts were unearthed (https://www.theguardian.com/us-news/2025/feb/07/musk-doge-st...). That's also the reason why Trump pardoned all January 6 rioters, even those convicted of violent crimes. If it's his people vs. some random cops, he will always favor his people.
I say 90% of security is admin work where one has access to various stuff.
Then you have red teams, pentesters, consultants- that don’t have ever privileged access to anything. They should find flaws and pass recommendations to IT admins. If they hack anything at all - it has to be outlined in scope and strictly monitored. For both sides protection as if „hacking person” doesn’t get blame for something he did not touch by him but at the same time someone pulled off something nasty.
IT security can be admins, it can be programmers that focus on exploit vunerbilities, it can be reverse engineers, it can be pentesters, it can be red teams, and it can be people with high domain knowledge in a very narrow field related to security. IT security is a very wide field.
IT security programs focuses a bit on everything, but as in my university, they gave the person responsible for the program a fairly free range to focus on what they thought was what the market wanted. Different universities will focus on different aspects.
The organizations that seek such employees are also quite wide. The military, the intelligence agency, large software companies, large companies with internet assets (like banks, but also game studios), government departments like the tax office, and then naturally we got all kind of IT security firms with red teams, pentesters, consultants and so on. A big hire of my class was also a network company developing network finger rules for deep packet inspections, which wanted people skilled with reverse engineering and decompiling (they may or may not have employed people who had experience cracking games).
Their story repeats itself a dozen times over from my now-fragmented friend group from that time. Many young kids getting into ill-fated get rich quick schemes ranging from credit card fraud to refunding (mail fraud) all the way to sim swapping, blackmail, doxxing, and even real life violence and gang activity. A few of my earliest friends were just indicted for home invasions and armed robbery in some scheme to steal crypto. All of them from Minecraft, weirdly enough.
Anyways, those who didn’t end up in jail or “on the run” from participating in these stupid schemes, I tend to notice a common trend towards security related work. I know one guy who went from fraternizing with the same now-criminally-indicted people I hung around to working for the FBI’s cyber crimes unit (fitting, I guess). Another one now works with a defense contractor developing spyware, as far as I can tell. Many more work in different areas of cyber security and programming et al, including myself.
The cyber-crime adjacent to cyber security pipeline is very much so real.
I don't know anything about "The Com" or top digital safety institutions.
But I do know that historically, some parts of hacker culture have drawn heavily from political theories of anti-authoritarianism, anarchism, and libertarianism.
If the authorities and rules intend that I not have access to something, and I have a fascination with bypassing that and getting access anyway, am I not subverting power structures in the most literal sense?
If large corporations believe they alone should control the software that runs on my printer, so that they can ensure only authentic supplies are used and premium features are only available on premium devices, while I believe every user should be able to modify their printer's software and behaviour without limit, including to bypass such restrictions - is this not an anarchist stance, opposing coercion and mechanisms that perpetuate control?
If the exploit-discovering side of cybersecurity is inherently anti-authority, recruiting people who've never defied an authority in their life might not be the best move.
That's actually ok in a military context. Most kids right out of highschool dont serve more than a handfull of years. Then they are the corporate world's problem.
They sound like regular A/B-grade CS students: unproven new grads. Motivated and high-energy, yes, which is sensible for a junior low-trust role if they pass other basics like references and criminal checks. At our current company, we would not have hired several of them in our entry roles due to the obvious issues that our routine diligence would surface (in recent work history: associating with criminals & criminal orgs, repeat googleable public displays of racism, etc). And the rest, for likely not being at the level of top students applying to us, irrespective of evaluating on academics vs DIY. Their examples would need to be significantly more compelling to change the conversation.
What does the infosec industry have to do with DOGE?
Deleted Comment
The latter displays no competency in hacking or cybersecurity, only the attempt to harm another.
My concern in their access to secure government systems is not their hacking competency (which has not been demonstrated), but their sociopathy which has.
The issue here is that these kids seem to fail upwards, and as you say, get rewarded for anti-social behavior, which sets them on a terrible path for the future. In the Com chat log shared in the article, they made fun of Edward Coristine for his complete lack of programming skills, and the other "doxxed" members of the DOGE team have some smaller projects online as well. If that's the kind of code SpaceX and Tesla run on, I'd give all of their projects a very wide berth.
https://news.ycombinator.com/item?id=42996313
Imagine if DOGE feeds all the data they get their hands on into an LLM and he sells a copy of that to a foreign nation, allowing any other government a text-based interface to ask any questions of any of the internal workings of the US administration, government, citizens or even some of its secrets.
That feels a little different to hiring people with cracking credentials for auditing jobs, giving them full access to extensive government records (and possibly the right to backdoor them) in a move fast break things environment on the understanding that they're probably above the law and they're less likely to be punished than anyone barring their way.
I doubt the success rate of converting teenage tearaways to scrupulous white hats in boring businesses is 100% either....
Deleted Comment
The details about cybercrime discords involved in SWATting and DDOS attacks are fascinating.
The idea that anyone involved in this would be fast-tracked for a clearance is beyond the pale.
The problem here is having such activities in his past makes him an exploitable by criminal organizations or foreign adversaries who would seek the sensitive information he now has access to.
I feel like from the perspective of the US, if we frame this conflict/battle for control of US services and computer systems, we needn't say 'the US is a hostile adversary'. It's fair to frame it as 'the US is the US, and the people seizing control of the systems against the interests of the US are hostile adversaries of the US'.
The specifics of who they're working for, how, why etc. can still be up for speculation or further discovery, but we needn't frame it as 'perhaps the US is actually the enemy and Musk's people are actually the liberators'.
People who have had access to that kind of data, and who have those kinds of skills, you'd better be careful about how you dispose of them. (Consider the term "blowback".)
It's more the Musk, Thiel, Vance Group. Trump is simply a tool.
This is what actual schizophrenia looks like.
Dead Comment
Dead Comment
Dead Comment
Obviously this kid would reasonably expect to get a pardon for any law he breaks anyway so long as he breaks it in service of the cult.
To be honest, this is my first time hearing about The Com. Does anyone have any more reading on this? You'd think they'd use something more secure than Discord (which has 0 encryption) and Telegram which doesn't have encryption by default and whose gov't backdoor is basically an open secret[0]
[0] https://words.filippo.io/dispatches/telegram-ecdh/
> Violent online groups are targeting and manipulating vulnerable children and young people across widely accessible online platforms. There are multiple groups, associations and evolving subgroups that make up the online network known as The Com – short for community. The Com is a virtual community of groups and individuals who conduct illicit activities that glorify serious violence, cruelty, and gore.
> Elements of The Com network are known to have extreme ideological views and victimise children, coercing them to commit violent acts. Predators groom their victims through different methods – one approach is establishing friendships based on trust or romantic relationships. Another technique involves the use of power or coercive tactics with one goal – taking control over the victims, while getting them to engage in serious violence, self-harm, or other gruesome. It’s a vicious cycle - the predators in this network influence children or young people into conducting acts that increasingly shame, incriminate, or isolate them, this in turn makes them more vulnerable to further exploitation.
> The child sextortion group 764 and the global collective of loosely associated groups known as “The Com” are using tools and techniques normally used for financially motivated cybercrime tactics — such as SIM swapping, IP grabbing and social engineering — to commit violent crimes, according to exclusive law enforcement and intelligence reports reviewed by CyberScoop.
> The reports offer insight into the underbelly of the global network, showing how they are using traditional cybercriminal tools to identify, target, groom, extort, and cause physical and psychological harm to victims as young as 10. They were shared with police nationwide and in some cases, with foreign-allied governments.
You can go down a really dark rabbit hole if you really dig deep into some of these groups within The Com.
This is where the worst of the worst spend all their time.
The way Krebs uses this first makes it sound like The Com is the name of a specific gang, but when I dig into the details the definition gets really fuzzy and starts to read like it literally just means "English speaking cybercriminals".
If it's the latter, I'm not sure why we need a name for it.
it's not one coherent group but a mix of them, sometimes overlapping but often not. they hangout in the same spaces, sometimes, but also not.
The mob mentality of rule following software engineers on here who are throwing out the accusation that these are all hardened criminals that want to burn down society here are a testament to the fact that hackernews is a cesspool of careerists. If you haven't ventured down these, I would even argue that you've no idea how the internet actually functions outside of your usual entertainment holes.
If I had PII in the systems they have access to I would be concerned. How long until someone gets spear phished or malware is installed on their presumably non-compliant systems? There's a reason why big corps spend significantly on security training for new grads.
I miss 1IM punting so much and being able to use Gothic Nightmares and FiReTooLz
I feel that discord the company probably let's it slide because:
1. Moderation at scale is incredibly difficult. 2. They work with law enforcement agencies to execute warrants and subpoenas.
I'm also pretty sure phone number are required for sign up
I think your second point is the more likely explanation. Any other platform that would've hosted this many communities dedicated to drugs, cybercrime, etc would definitely have faced serious legal challenges. It seems much more likely that feds find it a useful platform to keep around
Just something as simple as using a cookie or local storage can leave permanent traces behind so all the access can be easily correllated.
I'm not even sure if serious infosec measures exist to stop this, and if they do, someone is bound to slip up and they need to do it just once, and expose the whole chatroom.
I'm not a hacker but this sounds like failing Opsec 101, and people getting by just with sheer luck.
How do these two things correlate? I thought the benefit of E2E encryption is the fact that no one can decrypt your messages except for the participants in the conversation. There’s no keys anywhere on a server that an admin could use to decrypt the conversation. How would being behind a VPN negate that? The VPN still has to go through Discord servers where a key is presumably stored if the information is encrypted at all.
His general overview: https://www.maargentino.com/the-pillars-of-the-com-network/
That piece doesn't get specific at all about Com activities but be aware that some of the manifestos and other material he discusses is quite disturbing.
He worked in contact with Musk and his sponsorship to create this tool
Interesting cybercrime research credentials
Yes there's not evidence available that this research was used for crime, just that the project is capable of what's described and that it was done under Musk's sponsorship and that he was hired after building this in contact with Musk
This does not strike me as nefarious in any way and there is a really valid reason for generating the ballot images -- testing, which is exactly how it is used in the project.
https://www.npr.org/2006/09/23/6129761/study-shows-vulnerabi...
Musk also believes (either arrogance, or true belief) that much of this stuff can be figured out from first principals without much need of traditional experts.
I agree with him. Corruption often get a pass when covered in layers of legalize.
History has one answer for the deployment of reams of young fiery-loyalist men to the front lines: cannon fodder.
Elon has contempt for rules and laws. Blame the fuckups on the deep state or whatever. He will run wild until the president cuts off his head.
USAID: 0.6% of the budget CFPB: 0.011% of the budget
It has nothing to do with saving money and is well beyond the executive order than instantiated the agency.
If all they do is disrupt things enough for some crypto dorks and Russians to make a play it was all worth it.
Given the highly volatile, and legally gray, situation; I'd expect the front line people who usually grant access are at least flagging these requests to their boss, who flags to their boss etc. Is everyone up the chain just giving a shrug and saying "seems legit, give them the access".
Of course people don't want to loose their jobs, but I would have expected someone in a senior leadership position to take a stand in preventing this (unless their all on board?)
Especially if you're sending someone in to shut down entire departments and freeze communications.
Several recent news stories have described situations where the agency head resisted and was removed.
There is no proof of anything bad. Regardless how many people want that to be false, oddly.
So I guess tough to not think that the worldwide media that has been receiving government money would be mad and willing to focus on ”a handful of 20 year olds” as a means to discredit.
What I find strange is that it’s working so well. So many people here KNOW so much that hasn’t been reported or happened.
Musk is not concerned with producing false accusation for example. Obviously he could find corrupt auditors and probably did, but those are slower. They take more time to produce what was asked from them.
Though I note at SpaceX he seems to hire actual rocket scientists.
There is a claim that many federal payments do not have information necessary for traditional financial audits. Maybe a team of forensic auditors would be more apt?
1. https://www.gao.gov/assets/gao-24-106890.pdf
When you build a machine like this you should ask, "would I be comfortable if my political opposites had control of this?" If the answer is no, then you DON'T BUILD IT.
Meanwhile someone goes in there to try to break up this 30 year pile of technical debt and it's all lawsuits and handwaving theatrics to try to stop it.
All the government professionals I've met who work with that data are very careful with it. The guiding star is "Never let anyone use our data to find out something about any individual. Then, if you still can, publish someone useful."
>Meanwhile someone goes in there to try to break up this 30 year pile of technical debt and it's all lawsuits and handwaving theatrics to try to stop it.
They only had to get security clearances and follow the Constitution. Clearances are routine, so shouldn't be a problem (unless the person being cleared is a problem). The Republicans control all branches of government, and cost-cutting is very popular among all voters, so writing a better budget is possible. Things won't collapse if they work on it until before the midterm elections. It just seems like Trump is testing how far he can walk along the path to tyranny.
Maybe it's a question of wording, but I would agree if the word were "inexperienced" instead of teenage (in reality, they are young adults).
I have no horse in this DOGE race and all the discussions, but I find this "reverse ageism" (for lack of a better term) quite sad, 'cause it does not sound condescending but infantilizes youth and hides one of the biggest elephants in the room in the modern world, which is the real lack of representation of youth in politics (and maybe in the public service?) [1][2].
I was a 19-year-old holding an assault weapon in my daily work in the military with the power to terminate the lives of almost 99.99% civilians, friends with 23 starting piloting USD 5 million machines, and it's just sad to see that we as a society do not see young adults as capable as their older counterparts.
I speculate that at least in Europe, due to this credibility bias in favor of older politicians, we are facing one of the biggest violations of the intergenerational pact, which is the fact that this same youth will end up without retirement [3].
[1] - https://www.washingtonpost.com/politics/2023/congress-age-de...
[2] - https://fivethirtyeight.com/features/both-republicans-and-de...
[3] - https://www.dw.com/en/pension-fund-crisis-looms-in-germany-a...
I think the reaction is more about wanting some older adults in the room as well, not about having no younger adults in the room.
Younger people always want to knock down Chesterton’s fences whenever they see them; I know, because I was recently young.
But asking the elders why those fences exist is always a good idea; then, knock them down if the issue is resolved. Humility and curiosity are required for that.
I would not trust a random 19 years old with assault gun, I would not trust that guy if we were alone in the room where his superiors do not see. But, I would be afraid of him raping me more then him using that gun without order.
Who would you trust more, a teenager with active military training and awareness on how to handle a gun or a teenager picking up a gun off the floor for the first time?
If these teens all had followed proper protocol, went through a full security clearance process and training on how to handle sensitive data there would be no issue. They did not. And they are definitely not old enough to have had experience dealing with highly sensitive systems. So you've got people that are not qualified to handle data, working on systems they are not experienced enough to work in, kicking over load-bearing pillars that they can't see.
your argument starts well, but then compares the top well behaved military machine with a war lord arming children and throwing them on the front.
One might as well ask "if you want to stop HIV/AIDS in Africa why pay a bunch of young kids with international relations degrees instead of AIDS researchers". Grunt work takes grunt effort.
To be fair, having been part of many an corp at this point ( you would think they would want to have accurate data ), that assumption is not flawed.
If it's working, why would it matter? The most curious thing in all these discussions is that the elephant in the room is never addressed: they already found on hundreds of billions of pure fraud and funding for extremely dubious endeavors.
But nobody talks about that: everybody attacks the messenger. Everywhere.
Are people not happy that the fraud team already uncovered the following:
The examples are endless and yet everybody shoots the messenger. If out of hundreds of dubious endeavour (money to publish trans book for children in Guatemala: I mean, come on guys), if one happens to be justified spending or a wrongly attributed spending, then people will focus on that to attack DOGE.But the elephant in the room is constantly dodged: why? The elephant in the room is there. And it's a gigantic elephant.
Why is it that to some, like me, it looks like USAID (and certainly more with more revelations to come) is basically a gigantic money laundering operation combined with the push of a worldwide leftist agenda?
And the curious thing: people keep crying "attack on democracy" although DOGE keeps exposing, day after day, actual attacks on democracy, where US taxpayers dollar were used to fund a leftist agenda.
To me DOGE is doing something right. Instead of shooting the messenger, discuss the actual findings they already did.
Explain to me how you defend $40m+ going to fund gain-of-function bat viruses and how you defend Biden pardoning Fauci who lied about it in Congress? Because that's what DOGE is exposing.
But not a single administrator skimming off their department's budgets, which I would imagine is 90% of government fraud.
Also no-one is shooting the messenger. Mainly they are complaining that completely unauthorised people are rooting through all government data with no oversight. No matter what your politics, the president should have got these people vetted and followed the carefully designed processes to keep this data safe. If you're not seriously concerned that one day your tax info is going to turn up in an unsecured AWS bucket, then I can offer you a unique video of out-takes of Neil Armstrong falling off the LEM ladder for just $5,000.
https://www.newsweek.com/fact-check-chelsea-clinton-foundati...
https://www.snopes.com/fact-check/clinton-foundation-paid-fo...
The second similarly wasn’t a DOGE find and is vaguely sourced because it was from Nancy Mace’s political fundraising and there’s a direct financial incentive to misrepresent what was actually funded. If you read the actual grants, they’re studying things like gender-based differences in how wounds heal or whether transgender people have different responses to things like HIV vaccination or other medical treatments - and unless your position is that transgender people shouldn’t exist, it’s hard to argue that a tiny fraction of a percent of government spending going to medical research is fraud.
Similarly, there is still no evidence that COVID was caused by gain of function research even if it would be really useful politically.
Finally, not understanding why the United States invests money building influence internationally is not fraud. We spent trillions invading Iraq and Afghanistan, it’s profoundly unsurprising that we spent money trying to improve our reputation in those countries.
People are not shooting the messenger. The messenger has no credibility, and no demonstrated interest in earning it as long as they can hold power otherwise.
Seems like your first point is "fake news" as they say?
So it seems like its not working, what info we do get is false or slanted to support a narrative. Social media posts are making people hysterical. It's not clear why your other 7 bullet points are things to be concerned about. As you pointed out a few times, we don't have context into these deals. Your jumping to conclusions assuming the worst for some reason.
That’s… normal? Just because you don’t like a leftist agenda doesn’t mean it’s an attack on democracy. You might be surprised to hear that those leftist presidents were actually democratically elected. Much like, as much as it pains me to say it, Trump.
> $110m to find water in Afghanistan
I assume that's the same as the whitehouse.gov [1] talking point:
> Hundreds of millions of dollars to fund “irrigation canals, farming equipment, and even fertilizer used to support the unprecedented poppy cultivation and heroin production in Afghanistan,” benefiting the Taliban
The source they link for that is a Breitbart article [2] from 2018 and it talks about 20 year old project that ran for 3 years.
> Between 2005 and 2008, the U.S. Agency for International Development (USAID) devoted at least $330 million in funding to failed ADP projects intended to deter farmers and traffickers from cultivating and trafficking opium.
During the $2+ trillion war in Afghanistan, the US government tried to spend $330 million to damage the Taliban's primary source of revenue. It didn't work and the funding stopped in 2008.
The DOGE "proof" of waste is a 7 year old news article talking about a 20 year old program that only ran for 3 years while George W Bush was the president.
That's the only big number in their official statement regarding the waste. They're going 20 years into the past and once you throw out the dubious claim above, the "waste" they're saying exists is a few million dollars. They didn't even put the $8 million Politico thing on whitehouse.gov because it's been debunked too.
A couple million dollars in waste for an organization that distributes about $44 billion [3] in foreign aid every year is a giant nothing burger and American's are eating it up like it's kobe beef.
> everybody attacks the messenger
He's not the messenger. He's the source of the misinformation.
1. https://www.whitehouse.gov/fact-sheets/2025/02/at-usaid-wast...
2. https://www.breitbart.com/national-security/2018/06/21/feds-...
3. https://www.pewresearch.org/short-reads/2025/02/06/what-the-...
For example: '$8m to the supposedly independent "Politico"' is for subscriptions. So what? The rest is the same sort of nonsense: innuendo, smears and outright lies.
The media is portraying it as a left-right issue. This is presumably because it is easier to incite the opposition party.
This is an opening salvo on what has been termed "the deep state", "permanent Washington" or "the swamp".
Dead Comment
a lot of doge/elon's team is from the various tech companies he owns, so of course, they're going to be teenagers and senior people are pretty much laid off.
think about the next tech layoff you hear in the news (facebook/meta, etc) and think about what portion of the layoff is younger than 20 and what portion are older than 40.
So to me this argument sounds the same as "how can young kids think they can program like experienced engineers".
Another answer is that financial auditors don't have ALL the technical skill for this scope of project. Light SQL skills tend to be the upper end of technical accounting (many workers on a project is good for corporate billing). Reports indicate Doge is employing graph analysis, LLMs, etc. Getting the data looks like a SW problem perfect for young people. I have no evidence that this how the organization functions, but I can imagine them as technical analysts, who simply pass information to higher ups who do have organizational experience.
Which leads me to my favorite quote from TFA: "must have killed all those test pigs with some bugs"
https://bsky.app/profile/cartwright776.bsky.social/post/3lhr...
This is just someone who took Coristine's previous handle [0]. That post was made 1 day after the WIRED article revealing his handle. Lots of conspiracies around election stealing going round (and sadly, quite prevalent in some corners of Bluesky), don't fall for it!
[0]: https://www.wired.com/story/edward-coristine-tesla-sexy-path... - "He also *previously* used an account on X with the username @edwardbigballer"
Elon Musk knows 'those vote counting computers' -Trump
I think it is the same guy.
Dead Comment
From what I can tell, it’s widely been reported that
- Elon Musk was allowed into the Department of Education
- “Big Balls” accessed Treasury computers
- etc…
But I have not been able to find any first person testimony that confirms those statements.
From what I can tell Tom Krause is actually the one who was given access by Treasury Secretary Scott Bessent. And Tom Krause is an employee of the Treasury and has security clearance.
I see a lot of people claiming there was some sort of illegal access, but I would love to read a source that explains exactly who accessed exactly what system improperly.
Can anyone point me at that source?
Ordering them to delete everything they got copies of, and the subsequent frustration from Musk.
Why cares who personally violated federal law? However he managed to, Musk got unlawful access to restricted data.
Can you articulate what federal law you think that order says was violated?
That many in DOGE had access and that two would continue to have it is not in question: https://thehill.com/business/5130107-treasury-department-lim...
The legality is also clearly in question: https://www.cnn.com/2025/02/08/politics/elon-musk-doge-treas...