4ndrewl 2025-02-14 07:54 UTC link

With friends like these, who needs enemies?

nxobject 2025-02-14 08:11 UTC link

Ironically enough, the WHOIS record points to CISA – the Cybersecurity and Infrastructure Security Agency. Very confidence-building.

zoelow 2025-02-14 08:15 UTC link

petargyurov 2025-02-14 08:24 UTC link

Move fast and break things, government edition.

rainforest 2025-02-14 08:26 UTC link

For a while the /join page was blocked by cloudflare WAF yesterday - I wonder if this is why.

fecal_henge 2025-02-14 08:39 UTC link

Can someone help me with what roro means?

cyberlimerence 2025-02-14 09:07 UTC link

Every other intelligence agency on the planet is about to scoop a ton of American data via cyber and basic HUMINT. It's free for all out there, I guess.

tjpnz 2025-02-14 09:34 UTC link

They're promising to deliver security next quarter.

EvanKnowles 2025-02-14 09:40 UTC link

If I click Join I am immediately redirected to a "Sorry, you have been blocked You are unable to access doge.gov" CloudFlare page. That's odd.

Brendinooo 2025-02-14 13:03 UTC link

Does anyone want to talk about the hack itself? Can anyone give more details than "left their database open"? I came to this site hoping for a real discussion about that and didn't see it here yet...

deadbabe 2025-02-14 17:50 UTC link

Maybe they should fire these kids and replace them with REAL engineers.

And I know some of those kids probably read Hackernews, so here’s the advice: put away ChatGPT and learn what the fuck you’re doing.

tolmasky 2025-02-14 17:50 UTC link

I guess DOGE lives up to "Vox Populi, Vox Dei" even better than Twitter.

danso 2025-02-14 18:29 UTC link

Worth noting that the U.S. Digital Service (USDS, i.e the org that DOGE has now subsumed) has for a long while been experts at building and deploying static websites for the federal government. And doing it completely in the open. Within minutes you can literally clone and re-deploy all of httsp://usds.gov — 150MB of 2,700 assets and documents, built on Jekyll — locally or on S3. They've even written out the complete deployment instructions:

https://github.com/usds/website

gvx 2025-02-14 18:42 UTC link

Everyone knows investing in cybersecurity is just wasteful spending!

linuxhansl 2025-02-14 19:22 UTC link

Is that really a surprise to anyone. DOGE is theater, a stage show.

insane_dreamer 2025-02-14 21:26 UTC link

Trump/Elon fascism/heroism (depending on your point of view) aside, one thing that concerns me is how quickly is it possible to decide that 1000 employees at a place like the Department of Energy, including 300 at the National Nuclear Security Administration, can be dismissed without any impact on the effectiveness of these agencies.

Even if you do believe that these agencies are bloated with workers who are doing "unnecessary" work, which is possible, it seems very unprudent to make cuts so quickly. And who is qualified to make these decisions? Elon? Some Tesla or SpaceX engineer who wrote some code and put up a website? Come on. WTF do they know about how all these agencies operate and the downstream effects? You think they're taking the time to really think it through?

Now it's possible that prior to taking office, Trump had people with deep understanding of government operations go through everything, and really think things through, and prepare a list of jobs that could be cut without any impact, but if that is the case, it's never been said. Given who Trump has around him to lead these agencies (McMahon for Dept of Ed? An Oil and Gas Lobbyist for BLM? Really?) that doesn't seem likely.

Move fast and break things works fine for a start-up, and might even be fine for more cultural type stuff ("DEI"), but Dept of Energy?

It's like firing two-thirds of your sysadmins because "well, we haven't had any issues with our servers lately, and no breaches, so those people must not be needed".

aqueueaqueue 2025-02-14 22:45 UTC link

I am wondering if it would have been more of an effect to instead of this add some DEI trolling ... April 1st level of foolery so people think it is real and then get Twitter riled up on it.

IAmGraydon 2025-02-15 04:01 UTC link

Does anyone else see what’s really going on here? Naming a “government agency” after a meme coin? Wearing a hat in the Oval Office while talking over the (literally) sitting president? Elon is attempting to telegraph that he has no respect for the institutions of our country. Why do you think Trump did something as petty as renaming the Gulf of Mexico? It’s a litmus test to see who will follow his most inane power plays. Today, it was put into action when they banned the AP from the Oval Office and AF1 for not bending the knee on this issue. This is far darker than Elon just running amok.

croes 2025-02-15 05:04 UTC link

They claimed the savings site would show receipts not later than Valentine's Day

https://www.doge.gov/savings

Now it says "Receipts coming over the weekend!"

Next time it's: The site is receipt-ready

JKCalhoun 2025-02-15 13:38 UTC link

Wondering why DOGE articles where we apparently are leaking classified info over the internet are being flagged.

This for example: https://news.ycombinator.com/item?id=43051135

(EDIT: Looks like others are wondering too: https://news.ycombinator.com/item?id=43050833)

croes 2025-02-14 08:25 UTC link

tennisflyi 2025-02-14 08:42 UTC link

I think they meant "ruh roh" - https://www.youtube.com/watch?v=R3SaxRRfJ4E

average_r_user 2025-02-14 09:28 UTC link

Tinfoil hat mode: "What if" this results from a foreign influence?

But I guess that you don't need to find answers externally when stupidity is a much simpler reason

gavinray 2025-02-14 09:49 UTC link

It's common to sign your handle to exploit/pwn'ed messages.

I'd wager the person who did the edit goes by the name "roro".

dobin 2025-02-14 09:59 UTC link

Its not just this website. Since DOGE, China probably canceled all vacation days for their hackers, as its a free for all. Firing of most so many people including security departments and most likely the (good) femboy furry hackers.

Is the newly created user with name "bigballs" who downloads whole government databases a foreign TA or just DOGE? Who knows. Who cares, certainly not the Government.

The data and access gained currently by China, Russia, NK and SA will continue to be useful until and way after the next war.

bstsb 2025-02-14 10:10 UTC link

same, i'm assuming they've set up a firewall rule on the cloudflare dashboard to block non-internal ips for certain routes

giomasce 2025-02-14 11:08 UTC link

You mean Full Self Security?

bamboozled 2025-02-14 11:19 UTC link

I thought this was a feature to make it easier to leech information ?

cedws 2025-02-14 11:28 UTC link

Elon Musk needs it most of all, he’s the most insecure human in existence.

a012 2025-02-14 13:03 UTC link

My bet is on SQL injection

rsynnott 2025-02-14 13:25 UTC link

> The database it is pulling from can be and has been written to by third parties, and will show up on the live website.

Not enough detail to say for sure; could be SQL injection, could be credentials exposed in the frontend.

internetter 2025-02-14 16:36 UTC link

According to a source of mine, there were unsecured API endpoints for modification

davidw 2025-02-14 17:43 UTC link

Or they could just, like, call Tulsi Gabbard.

monocasa 2025-02-14 17:47 UTC link

Someone unminified the js, and it turned out that a bunch of the rest endpoints it knew about were just unverified crud endpoints for the site.

https://archive.ph/2025.02.14-132833/https://www.404media.co...

guywithahat 2025-02-14 17:51 UTC link

The one good thing about them all being so young is it explains why I never got an interview; at 28 I was too old to ever get a job there

PokemonNoGo 2025-02-14 17:55 UTC link

Scooby dooby Doo...

palmotea 2025-02-14 18:07 UTC link

> Maybe they should fire these kids and replace them with REAL engineers.

Nah, they'll want reasonable pay, reasonable hours, and won't confuse their boss for a living god. They may even have some self-confidence and morals, which would be a total deal breaker.

guywithahat 2025-02-14 18:09 UTC link

I mean the article is paywalled but it sounds like this is isolated to their site-displayed twitter feed; basically the site was hosted by cloudflare and you could insert your own fake tweets into what was recorded on the site (but not on the actual DOGE twitter feed). I don't think any data was actually compromised

caycep 2025-02-14 19:17 UTC link

I see recent changes being made, are the prior timestamps available for archiving?

enraged_camel 2025-02-14 19:23 UTC link

They are doing tremendous damage for something that is supposed to be a stage show. Among everything they've done over the past three weeks, HUD is being gutted as we speak and the company a friend works at lost $100 million in contracts practically overnight.

anigbrowl 2025-02-14 19:43 UTC link

These are ideologues, not earnest professionals.

mikepurvis 2025-02-14 20:06 UTC link

The real damage that has already been done is almost certainly incalculable. As just a very small taste:

https://www.schneier.com/blog/archives/2025/02/doge-as-a-nat...

e2le 2025-02-14 20:10 UTC link

Perhaps I'm misunderstanding the situation, but isn't this similar to Hillary’s E-Mail?[1]

>Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network.

[1]: https://www.schneier.com/blog/archives/2025/02/doge-as-a-nat...

superfrank 2025-02-14 20:17 UTC link

DOGE is a complete farce, but I think there's an important to not just write this off as a stage show and the people buying into it as idiots. There are a lot of people who feel that government isn't working for them and so when they see things like "8 million dollars spent on condoms for Palestinians" they're already primed to get angry about it. Musk/DOGE's actions may all be for spectacle, but he's tapping into some very real emotions that he wouldn't be able to tap into if people felt the government was working for them. DOGE is a symptom of a larger problem. Even if Musk and DOGE are completely discredited, if we don't figure out a way to make it so the average citizen feels like they're getting their money's worth from the government, it's just a matter of time until someone else steps in to exploit that feeling for their own gain.

ivewonyoung 2025-02-14 20:19 UTC link

Are they just running shell scripts off the public web for deploying federal gov sites that are targeted by nation states?

From the docker file:

  curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh

itronitron 2025-02-14 20:26 UTC link

if you think you own everything then there are no external threats

muglug 2025-02-14 20:34 UTC link

[flagged]

softwaredoug 2025-02-14 20:54 UTC link

The numbers they claim to save are like trying to turn your household budget around by cutting out a weekly latte.

If you really want to make big financial changes, you need a lot more income, or cut serious costs - like a car payment or downsize your house. In the case of DOGE, I haven't seen them touch DoD or any of the massive medical programs, etc.

whoomp12342 2025-02-14 20:59 UTC link

ow, put it back

nomel 2025-02-14 21:10 UTC link

Is there any evidence that the contents of the database are accessible? The linked article doesn't make these claims.

Is there any evidence that the database for this microblog of a cloud flare hosted website has anything of importance in it?

Are you also (alone) suggesting there's a tunnel from cloud flare (where this is hosted) to some larger government database?

You may want to RTFA: https://archive.ph/wy1Wt

Editorial Channel

What the content says

Structural Channel

What the site does