Exposing Security Flaws: Government Officials' Data Leaks, Defense Contractor Fines, and Cyber Crime Involvement
In this episode of Cybersecurity Today, host Jim Love highlights significant cybersecurity breaches affecting US security officials, a government defense contractor, and a Department of Government Efficiency staffer. Personal information of senior US security officials was found accessible online, raising concerns about national security. Morse Corp, a defense contractor, was fined $4.6 million for failing to meet cybersecurity requirements. Additionally, a 19-year-old tech aide from the Department of Government Efficiency was found linked to a cyber crime group, causing alarm due to his recent advisory roles with significant government agencies. The episode underscores the need for stringent cybersecurity practices and accurate compliance within government and defense circles.
00:00 Introduction and Headlines
00:24 Exposure of US Security Officials' Personal Information
02:22 US Defense Contractor's Cybersecurity Failures
04:40 19-Year-Old Linked to Cyber Crime Ring
07:05 Conclusion and Final Thoughts
Episode Transcript
top US security officials are exposedthrough public apps, chats and data leaks.
A tech aide on a US governmentefficiency team is linked to a cyber
crime group and US defense contractoris fined 4.6 million for failing
to meet cybersecurity requirements.
This is cybersecurity today.
I'm your host, Jim Love.
(00:24):
A new investigation revealed thatpersonal information belonging to senior
US security officials, including activephone numbers, email addresses, and linked
social accounts, is easily accessibleonline raising concerns about national
security and digital hygiene at thehighest levels of government, according
(00:45):
to Der Spiegel, the contact details ofTrump aligned figures such as National
Security Advisor Mike Walz, former Foxhost, Pete Hegseth, and Director of
National Intelligence, Tulsi Gabbard,appeared in commercial data broker
databases and previous breach dumps.
Many of these phone numbers and emailaddresses are still active and linked
(01:07):
to WhatsApp, signal, Dropbox, LinkedIn,Instagram, and even fitness tracking apps.
But the exposure doesn't stop its static.
Data Wired reported that MikeWaltz's Venmo account was left public
revealing a network of 328 friendsthat included White House chief of
(01:27):
Staff Susie Wiles and National SecurityCouncil Official Walker Barrett.
While no transactions were visible,experts warned that access to social
graphs alone can aid intelligencemapping and targeting by hostile actors.
These lapses have prompted calls fora review of personal cybersecurity
practices among government officials.
(01:49):
Despite repeated warnings, many continueto use unsecured platforms or fail to
lock down accounts that link directlyto sensitive national security roles.
The revelations follow an earliercontroversy in which the same group of
officials used a Signal group chat tocoordinate potential airstrikes in Yemen.
(02:10):
That chat inadvertently.
Included the Atlantic Editor JeffreyGoldberg, underscoring how even encrypted
tools can introduce risks if misused.
A US defense contractor, Morse Corp,has agreed to pay $4.6 million to
settle allegations of failing to meetcybersecurity requirements in its
(02:32):
military contracts, and knowinglysubmitting false claims for payment
.Based in Massachusetts, Morse Corp specializes in developing
guidance and navigationtechnology for military vehicles.
The company's cybersecurityshortcomings were brought to light
through a whistleblower lawsuitfiled by its former head of
security under the False Claims Act.
(02:55):
federal Prosecutors outlined severalcybersecurity failures by Morse,
including Since 2018, Morse utilizeda third party email hosting provider
without ensuring the vendor metthe Federal Risk and Authorization
Management Program or FedRAMP moderatebaseline as required in their contracts.
Additionally, the contractor failedto confirm the email provider adhered
(03:18):
to the Pentagon Rules for incidentreporting, malware handling at forensic
analysis and media preservation.
Morse neglected to fully implementall required National Institute of
Standards and Technology or NISTcybersecurity controls, including
measures critical to preventing networkexploitation, or the exfiltration
(03:39):
of controlled defense information.
And in January, 2021, Morse reporteda compliance score of 1 0 4 out
of one 10 for its implementationof NIST Special publication 800
dash 1 71 Security controls.
However, a third party cybersecurityconsultant later assessed the
company's score at negative 1 42indicating significant non-compliance
(04:04):
as part of the settlement.
Morse will pay 4.6 millionbut does not admit liability.
The resolution underscores thegovernment's commitment to enforcing
cybersecurity standards amongdefense contractors to protect
sensitive military information.
This case highlights the criticalimportance of stringent cybersecurity
practices and accurate compliancereporting within the defense
(04:27):
industry, and it serves as acautionary tale for contractors about
the potential legal and financialrepercussions of failing to adhere
to mandated cybersecurity protocols.
And finally, a 19-year-old stafferworking on the US Department of Government
Efficiency or Doge has been linked toa cyber crime ring accused of hacking,
(04:51):
harassment, and theft according toa Reuters investigation, Edward Coine
known online by the Alias Big Balls.
Previously operated a tech companythat supported the cybercrime group.
eGodly Digital records show thatCoristine's Company Diamond CDN,
provided hosting and DDoS protectionservices to e godley's leak site
(05:14):
dataleak.Fun from late 2022 into mid 2023
In February, 2023, the group publiclycredited Diamond CDN for its support
on Telegram, thanking the service forhelping keep their operations online.
egodly has claimed responsibility forSIM swapping attacks, infiltrating
(05:35):
law enforcement email accounts, andcoordinating harassment campaigns.
In one case, the group allegedly publishedpersonal information belonging To an
FBI agent and attempted a swattingattack, a hoax emergency call designed to
trigger a heavily armed police response.
While not all claims have beenindependently verified, a retired FBI
(05:57):
agent confirmed the group's involvement.
Coristine's ties to egodly haveraised serious concerns due to his
recent advisory roles with the StateDepartment and the cybersecurity and
infrastructure security agency CISA.
The proximity of someone with tiesto a known cyber criminal group to US
government networks is deeply troubling.
(06:18):
Said Nitin Natarajan, formerDeputy director of CISA.
In the Reuters report, neitherCoristine nor Doge representatives have
responded to press requests for comment.
The State Department and CISA havealso declined to clarify co dean's
current access or involvementin government operations.
(06:39):
Now, I wanna take a second to say, Idon't wanna pick on some 19-year-old
kid who's done some stupid things.
God knows.
When I was 19, I probably dida lot of stupid things too, But
this kid has no business workingin highly secured environments.
the real problem is not the kid,
It's that there are no adults in the roomwhen it comes to US Government security.
(07:05):
That's our show.
The show is not political.
We're about security, but I couldn'tsay that these weren't the biggest
stories in cybersecurity today.
always interested in your opinion.
Contact me at editorial@technewsday.ca Orleave a comment under the YouTube video.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com