I like these kind of speculative articles. The click bait title states something with certanity than the first sentence clarifies that it is a speculation. I am not sure why we are falling for this click baity garbage, over and over.
Because it's easier to create and broadcast bait than to filter it.
In the long term HN should do something about it, e.g. editoralized titles.
HN does have a policy of using the original title from the submitted article, unless it is misleading or linkbait, and we try to be rigorous in enforcing it.
Users can help us by emailing us (hn@ycombinator.com) when they see a case where a title seems to be misleading or linkbait.
> Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware
Does not sound like clickbait for me.
(Also, if you are willing to be pointlessly formal, it goes in both directions, since it can be argued that a computer, which belongs to a person, who in the future will become DOGE's software engineer, but hasn't become yet, also formally isn't a "DOGE software engineer’s computer".)
As long as it's a work computer, what does it matter if it's his current computer or not? Remember that we're talking about an infostealer, it got his credentials and "that's it" (that's gravely serious).
This might just be selection bias because there is a large crowd of angry people looking for things to fling at DOGE.
If his accounts were compromised after the computer was (as article indicates), people would still care. It included Greenfield too, so potentially has password reuse risk.
>But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs.
Logs from information-stealing malware were leaked multiple times, and if your credentials appear in multiple of those, that's reasonably good evidence that you are doing something wrong.
So I don't think the headline is clickbait, but I do think that the Ars article could be clearer in making its point.
No need for multiple leaks, just one is enough.
And I wouldn't say "do something wrong", just getting infected with an infostealer. Happens all the time.
My credentials are in the various leaks, like the Adobe one.
“Login credentials belonging to a Department of Defense contractor, who previously had worked at a government-sponsored media outlet, have appeared in multiple public credential leaks.”
Actually critisizing DOGE for their major gaffes (like putting up easily defaceable websites, or their incompetence when it comes to reading numbers accurately) is important, but this kind of article is just sad and diminishes the credibility of news journalism
If your password is in the dumps, too, like this person's passwords, then yeah, you might want to look into it.
Indeed the ones getting hacked are more likely to.
> user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware.
So this isn't from website dumps with plaintext passwords.
"No domains were found for your email address. Whilst your email address was found in a stealer log, no websites were found alongside it. This can be due to the way the log was formatted."
TL;DR: You could try my email in there, believe credentials were stolen, when that might be recycled leak stuffing.
Stop reading Ars and your name will be cleared. This isnt real journalism, it is Ars-washed political talking points.
If you had to work in the nightmare of secure systems, the computers are literally in a different room, there is no Internet access in there, and you can’t take your smartphone in there.
It means the people in the leak had malware on their computer in the past, and maybe present.
Everyone I worked with respected OpSec and would never do something as risky as bring in an outside laptop and connect it to the network. DOGE has been so reckless that I believe they wanted to have the system hacked, because seeing our government destroyed is their real objective.
I’ve logged onto secondary email accounts from PC’s that weren’t mine and could well have been infected. That’s what 2FA is for.
I wouldn’t use a PC which isn’t mine to login to anything sensitive. A password in a leak isn’t evidence of anything.
It’s evidence that your password leaked. What are you on about? You think they just randomly guessed his password?
Good point.
uhhh... why are we commiting offensive cyber operations against a nuclear power? Somewhere in your line you seems to think that it's justified? And that biden was doing the right thing by provoking a major power?
Some people just want the world to burn, and when someone puts out the fire, they think that's unamerican?
Maybe because they are doing it too ?
You don't think trump is actively involved in negotations with russia to stop all this madness?
Don't you think that one of the first signs of good faith in negotations would be to stop attacking eachother?
(Though to be fair, every president since Truman has escalated things with Russia/USSR, except maybe Clinton. Reagan just did more than most.)
> You don't think trump is actively involved in negotations[sic] with russia to stop all this madness?
No, I think Trump is doing whatever Putin wants him to do.
And you forgot... besides Trump. because trumps not a warmonger, people like to act like he's on the side of the russians. People have lost their minds.
In the last 3 months, Trump has threatened to invade:
- Greenland - Canada - Mexico - Panama - Cuba
> people like to act like he's on the side of the russians
Trump has said that Ukraine is the one that started the war, and the "deal" he negotiated to end the war excluded Ukraine from the discussion and would give Russia everything it asked for.
> People have lost their minds.
You're right on that point, but its probably not the people you're thinking of.
Also I don't know why we keep referring to Russia as a major power, their GDP is about the size of Italy's, their economy is on the rocks, their military stockpile is depleted from a failed invasion of their much, much smaller neighbor.
Russia didn't punch us in the face, they punched some dude that we barley knew in highschool half way across the world.
Scroll to "Overall control of Ukraine": https://www.warmapper.org/stats
While looking at the chart, keep in mind that Russia currently loses around 30-45k people a month as dead and wounded and they have nothing to show for it. The last major territorial gains were during the first month of the war in March 2022. It's a total military disaster with no end in sight.
And the person you replied to is absolutely right: Russia is not fighting for the potato fields of Ukraine, but to dismantle the entire international security system that the US built after the WWII to secure commerce and influence on the world. Ukraine is one of the stepping stones. Here's the full blueprint: https://en.wikipedia.org/wiki/Foundations_of_Geopolitics#Con...
Can you point to any of the contracts in the wall of savings that have saved billions of dollars and disagree with any of them? https://doge.gov/savings
Is the argument that government was so efficient before that eliminating these seemingly useful programs was the best and only way to save taxpayer dollars?
Edit: the contract was 3.3B, so that changes the calculus to 1,109,966.78 per child. Haven't seen the facility, but i highly doubt they are staying in million dollar condos, but if they are... there are better ways to do that.
$1,136,436,294.65 for paying their legal services... Why are we paying a billion dollars for legal services of a program we have discontinued?
1,021,000,000 to eradicate polio... Of which that last case in the united states was in 2022... Polio is all but irradicated here in the united states.
We just seem to disagree with what's important and what's wasteful. You could build a brand new city for those amounts in the private sector.
For reference, look up some of the Giga factory costs (With Capital expenditure for production). They are similiar in expenditures.
You can look at the bid requirements yourself and determine whether you think it's reasonable for the scope of the facility: https://sam.gov/opp/3726d9e2246c47e197396e805ce6bb33/view
I also find their J&A unconvincing, and there's no way it passes the smell test required in Far part 6.
There was really no other vendor in the world, besides Family Care to be able to do this? They aren't even a construction company.
That's the crux, for sure. The problem with DOGE though is that instead of creating better ways of doing anything, they just seem to eliminate doing those things at all.
Now we not only don't have a better way of doing a thing that might have been necessary, but we don't even have the sub-optimal way of doing that thing, so now it's not getting done at all.
Edit: Bringing it back to the article, if a person with access to 'a "core financial management system" belonging to the Federal Emergency Management Agency' was foolish enough to let their system get hacked, are we really finding a better way to do things, or are we being a little too careless?
Never heard of the program but on its face that sounds pretty bad. Grift, scam, or just inefficient govt? Not sure but not a good argument for keeping it around!
NYT is a trash media outlet, which obviously leans everything anti-elon.
...maybe your "law" is some ancient eye-for-eye kind of law instead of some modern stuff?
(Spanish for _Why not both?_)
Hanlon's razor was originally a joke. Not a scientific observation how world works, but a funny sentence about there being a lot of incompetence in the world.
Is it a good point? How so?
Without any proof or arguments, to me that Mastodon comment is just your average brain rot social media conspiracy slop, especially when you examine the profile of the user who wrote it.
Is this what journalism has now become? Parroting othe people's unhinged takes off social media, then upvoting it on HN?
I fully believe that the engineers themselves are wildly optimistic about society and their own abilities, but good security comes from realism and pessemism. Someone, probably many people, in the chain of command above them has moral and legal responsibility for choosing this course knowing it carried this risk and not caring.
Well, you’ve burned a bit of time on HN with the karma you’ve accrued. The non-conspiratorial truth is that if you go back and read HN over a longer period of time, it amounts to people parroting other people’s unhinged takes. Least offensive is tech, which is merely juvenile. But the other topics, especially medical ones, are dangerous. Political ones, with zero verification are the worst from a board culture/health perspective.
HN has turned itself into slop in large part due to the voting and flagging mechanisms, because the community was never mentally equipped to use either tools responsibly. And pg/dang never set the tone. So now you see how far it has fallen.
My advice: don’t come here to read comments seriously. Yes, from time to time someone of good taste shows up to a topic they have first hand experience with and they have to educate the rest as to why their takes are completely wrong (and sometimes dangerous, see above).
Instead, come here to get the news, laugh at the shit flinging if you must, and move on.
I’ve been contemplating doing an HN-without-HN filter board; show just the tech stuff, have commentary without voting or flagging. Because while you’re just seeing how things are now, I am afraid to say they’ve always been so.
https://en.wikipedia.org/wiki/January_6_United_States_Capito...
"...The extraordinary pardons and commutations extended to those who committed both violent and nonviolent crimes on Jan. 6, including assaulting police officers and seditious conspiracy..."
https://www.nytimes.com/2025/01/20/us/politics/trump-pardons...
- T'Challa
Maybe tell that to the guy in the white house. I'm tired of being held to much higher standards than that person. There are limits.
Exactly as you describe, and I'm sure for other foreign interests, everyone at DOGE became massive targets for very highly directed nation-state level interest for phishing/malware/compromise.
> [...] user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits.
> Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
Putting this in undermines the quality of their critique.
I don't disagree, but the reader may show critical thinking and consider that there is more: there is mention of malware, not just a leak.
Just use a unique complex root password for your password manager and check semi-regularly that it hasn't leaked on haveibeenpwnd.
Bonus points if your password manager automatically checks your stored passwords for leaks and scores them (eg. LastPass)
- SHA1 or NTLM hash prefix matching https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByR...
- actually download the HIBP db and check for yourself https://haveibeenpwned.com/API/v3#PwnedPasswordsDownload
Thus you could hash your passwords in your airgapped setup, transfer the hashes using a mechanism you trust to an Internet connected device, and then check the hashes
Despite their name being fastMAIL they also have a passable calendaring implementation. My only complaint about it is that they don't offer an Android "widget" in order to see the upcoming agenda at a glance, so one has to actually launch their app to view the calendar
If such things matter to you, they have CalDAV and WebDAV offerings, the latter of which I use for backing up my ViolentMonkey scripts. I haven't used their "Google Keep" replacement because Joplin serves my needs, but it does exist. And all of this for the same yearly price
I don't think anyone really needs to express more at this point.
DOGEs K Schutt's computer infected by malware, credentials found in stealer logs
In fact the story is that at someone point in the past at least in 2013 some credentials of his landed in multiple breaches. Some of my credentials also appear there, this of course means nothing at all about his current account security or the security of the data.
I don't even know what the allegations are. Can you not ever work for a government agency when any account of yours gets compromised? Databreaches aren't that uncommon, presumably many people here have some credentials leaked, do you think these people should be excluded from working jobs in the government?
Buried down the text, they have the plausible deniability disclaimer:
"As Lee notes, the presence of an individual’s credentials in such logs isn’t automatically an indication that the individual himself was compromised or used a weak password. In many cases, such data is exposed through database compromises that hit the service provider. The steady stream of published credentials for Schutt, however, is a clear indication that the credentials he has used over a decade or more have been publicly known at various points."
Of course "credentials have been exposed": the vast majority of sites have been hacked. It doesn't mean this person used the same credentials everywhere, AND that they didn't use 2FA, AND that the credentials matter in the first place. And, of course, this has absolutely nothing to do with malware.
Shame on you ARS for publishing purely speculative posts.
ndsipa_pomu•9mo ago
actionfromafar•9mo ago
zombot•9mo ago
actionfromafar•9mo ago
watwut•9mo ago
blitzar•9mo ago
redeux•9mo ago
anonymars•9mo ago
Related: https://www.newsweek.com/lisa-murkowski-donald-trump-retalia...
lesuorac•9mo ago
It's really just republicans are only unified in presenting a unified front so when it comes to actually doing something like electing a speaker [2] [3] the lack of alignment becomes obvious. So they aren't doing anything to counteract trump because they aren't as a whole unified in that it's something they want but they're unified in not fracturing and helping democrats.
[1]: https://en.wikipedia.org/wiki/United_States_Congress
[2]: https://en.wikipedia.org/wiki/January_2023_Speaker_of_the_Un...
[3]: https://en.wikipedia.org/wiki/October_2023_Speaker_of_the_Un...
blitzar•9mo ago
The democrats don't have the numbers - even if they did, the more ridiculous the whole thing gets the better for them it is.
lesuorac•9mo ago
Sure they might not lose the general election to a republican but their primary is going to be painful.
blitzar•9mo ago
anonymars•9mo ago
Liz Cheney? Adam Kitzinger? Mitt Romney?
> In an interview with The Atlantic published earlier this week, Romney fretted over his ability to keep his entire family safe from Trump’s ire, should he be reelected in November. (Trump has made it clear that his plans for a second term include seeking revenge on those who’ve wronged him.)
“How am I going to protect 25 grandkids, two great-grandkids?” Romney told The Atlantic. “I’ve got five sons, five daughters-in-law—it’s like, we’re a big group.”
watwut•9mo ago
watwut•9mo ago
Trump and his policies are to large extend logical extension of what republican party pushed for and wanted for years. Conservatives wanted exactly this, pressed for exactly this, made this happen. Plus, they are not just tolerating, they are actively defending it, sane-washing it more then mainstream media.
And yet also, they all have choices. They are not at risk the same way people living under dictatorship are. They made choice to support this party again and again, because they agree with it.
rsynnott•9mo ago
DFHippie•9mo ago
In these partisan times one can always be more precise: it is either the Democratic caucus or the Republican caucus. Almost no one goes against their caucus. In this case, and in every case until the midterm elections, it is the Republican caucus.
Assign blame or merit where it is due and maybe voters will have enough shame, pride, or sense of self-preservation to fix things.
Botching security is currently a Republican project.
trelane•9mo ago
withinboredom•9mo ago
vntok•9mo ago
thot_experiment•9mo ago
raverbashing•9mo ago
arp242•9mo ago
dragonwriter•9mo ago
marak830•9mo ago
withinboredom•9mo ago
bregma•9mo ago