Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Security

CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years (arstechnica.com) 78

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years." As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.

The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years

Comments Filter:
  • all services

    must be 2FA or passkeys

    or suffer

    users can not be blamed...

    • by SeaFox ( 739806 ) on Sunday May 11, 2025 @03:56AM (#65368047)

      users can not be blamed...

      Good news! No one will be held accountable for the consequences of this.

      • by mjwx ( 966435 )

        users can not be blamed...

        Good news! No one will be held accountable for the consequences of this.

        That will certainly be the case as the Trump administration is allergic to responsibility and accountability (except when you have displeased dear leader).

        Tech workers need to be held to a higher standard, which is why we get paid more. My standard day starts with getting a coffee, logging onto my non-privileged account with a password that regularly expires, connecting to VPN, using 2FA to access the secure password portal and generating my first password of the day to access my privileged account, whic

    • by Anonymous Coward on Sunday May 11, 2025 @04:02AM (#65368049)
      There's no personal responsibility anymore. Kyle Schutt can go and fire people and no doubt destroy their family's lives with a keyboard and a login, but when he's careless in the execution of his own job, some slashdotters only blame 2FA or passkeys. It's sad what America has been reduced to. A lot of hot air about defending freedom and protecting their homes with guns, then meekly accepting Kyle's antics.
      • by mjwx ( 966435 )

        There's no personal responsibility anymore. Kyle Schutt can go and fire people and no doubt destroy their family's lives with a keyboard and a login, but when he's careless in the execution of his own job, some slashdotters only blame 2FA or passkeys. It's sad what America has been reduced to. A lot of hot air about defending freedom and protecting their homes with guns, then meekly accepting Kyle's antics.

        On that,

        Dearest NRA,

        Regarding your promises and ostensible raison d'etre, you seem to have forgotten to rise up against an oppressive government that has taken over your country.

        Yours Sarcastically
        Everyone who saw though your bullshit from the start.

    • Users can be blamed for getting hit with cred stealing malware over and over.

  • by Mirnotoriety ( 10462951 ) on Sunday May 11, 2025 @04:08AM (#65368053)
    ‘“At this point it's difficult not to suspect their awful 0pSec is a choice, and that there are specific people (*ahem* *cough cough* the Russians *cough*) to whom they're leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda,” one critic wrote on Mastodon.’
    • How many other evidence-free conspiracy theories do you believe in? It was just as unhinged in the McCarthy era, perhaps you'd be more comfortable in the 1950s?

  • There are so many "leaks" of my usernames and IDs linked to me. They all feature the same password. It is the one I was using in 2010 or a random one like "pass1234"

    Unless these credentials are actually active, it doesnâ(TM)t really mean anything. It is just one of the "perks" of working in Cybersecurity
    • No, it's Russia. You see, the country with the weakest, smallest, drunkest, least advanced military in the world (yet somehow we need a worldwide military alliance so we can hug and cry together over the terrible menace), also has the most advanced mind control rays in the world.

      Totally unlike the poor, beleaguered USA who is just invading countries halfway around the world out of the goodness of their hearts.

      • Russia is a failed nuclear armed state that is currently trying it's best to take over Ukraine.

        The USA has played defender since WW2 for the whole world. As such they played a major role in peace keeping operations around the world.

        In exchange, the US Dollar is used as the world's reserve currency. Due to this informal agreement, the Fed can print as much debt as it wants and someone or the other, will pay the Fed for it. Essentially the Fed has a no-limit Amex, that the whole world has been happily payin
  • Mission accomplished

  • Why this is news. (Score:5, Interesting)

    by Gravis Zero ( 934156 ) on Sunday May 11, 2025 @04:40AM (#65368085)

    More than a few seem to not understand this story, so a summation of this follows.

    Agree or disagree, this is what the story is all about.

    • by sinij ( 911942 )

      The fact that his credentials have been found in four recent info dumps (rather than just one or two) is an indicator that his computer system has been compromised rather than the information being taken from a compromised business.

      It does not. It could mean that he is InfoSec professional that has many accounts related to his job to monitor various hacker forums.

      * Put it together and it means the inner workings of FEMA (and billions of dollars in funding) are all at risk.

      It does not. You are asserting without proof that these credentials were reused across various context (sensitive vs. throwaway). Do you have any evidence of that?

      • by AmiMoJo ( 196126 ) on Sunday May 11, 2025 @11:39AM (#65368581) Homepage Journal

        If you dig into the detail, the leaked credentials were stolen from hackers who obtained them from compromised devices. They are not website leaks of throwaway accounts, they are stolen from devices infected with malware.

        Given that members of the current administration have already been seen in public using compromised apps, and given that he is likely to be a major target for rival spy agencies looking for ways into US government systems, it was always a concern that Musk employed unvetted and very questionable people, and then got them full access to key systems.

      • by Anonymous Coward

        It could mean that he is InfoSec professional that has many accounts related to his job to monitor various hacker forums.

        Yes, it could mean that.

        You are asserting without proof that these credentials were reused across various context (sensitive vs. throwaway). Do you have any evidence of that?

        Probably not.

        Then again, had an analogue to DOGE been enrolled by a democratic president and a member of that DOGE ended up in the same situation as the one at hand, you and a horde of others would be effectively frothing at the mouth right about now.

        Deny it if you wish, but you know that it is true.

    • This is speculation. Speculation isn't news. As you say, it's "an indicator" that he might have had a compromised system. On the other hand, it's far from being proof. Of course, people tend have the view of "guilty until proven innocent", but I don't think there's a good case of going that way, although I do think it's worth further investigation just to put people's minds at ease.

      • The content of the speculation isn't news but the fact of the speculation is news. Often cited by other actors as justification for their political bullshit.

        Worked out real well when they tried the exact same tactics with the pee tape dossier.

    • About you and me to these jokers. The kind of things that can be used to do basically anything from opening a bank account to getting unlimited health insurance to buying houses. Treasure trove doesn't even begin to address it.

      And we are giving all of it to them. Every last bit of government data is going to be in Elon musk's and his teenage boys' hands.

      And it turns out they are completely incompetent morons who can't even keep basic passwords secure.
    • Agree or disagree, this is what the story is all about.

      With all due respect I disagree only slightly, because the problem is much, much more extensive.

      Citation:

      https://www.youtube.com/watch?... [youtube.com]

      More citations:

      https://slashdot.org/submissio... [slashdot.org]

      https://slashdot.org/submissio... [slashdot.org]

    • A whistleblower complaint filed by an IT staffer claims Elon Musk and his DOGE team gained access to sensitive data that could have led directly to a “significant cybersecurity breach.” Amna Nawaz discussed more with NLRB whistleblower Daniel Berulis and attorney Andrew Bakaj. Watch the fascinating interview of this technical person and whistleblower, with good technical details shared directly from him.

      We're not talking about any single agency here, we're talking about many multiple agencies 30

  • actually not a genius. Who knew, who could have predicted this, who would have guessed that this character is as slap dash as his superiors, inquiring minds want to know. The chances that he gets pulled up on this, let alone admonished, are very low. Creeping authoritarianism, film at 11.
  • by ET3D ( 1169851 ) on Sunday May 11, 2025 @07:02AM (#65368185)

    As the article says, anyone with a large online presence is likely to have their account details stolen. The stealer logs are the issue, but they often pad themselves with previously stolen credentials. So it's not clear to me if any of this person's devices has actually been hacked. The stealer logs could just be using data from the other breaches.

    Someone with access to the stealer logs could determine this, but up front for a person with such a large presence in the breaches data, I'm inclined to believe that's where the stealer logs got it, rather than an actual infected device of this person.

  • By itself this doesn't mean he was directly compromised. We need to be really careful about inferring things from presence on these stealer lists and breach tracking sites. This is the second time in the last couple weeks that I have seen a "stealer" list being used to discredit someone.

    You can easily end up on these without having ever had a directly compromised device of your own. If you have an email password combination that was breached in any of the many public breaches listed out there (see https [haveibeenpwned.com]

  • If you're gonna look up most people with any internet presence, you'll find their credentials pop up in one or more published malware logs. This isn't anything special other then clickbait/sensation writing.
  • by echo123 ( 1266692 ) on Sunday May 11, 2025 @10:02AM (#65368451)

    Having worked for the feds as a developer I can tell you emphatically, I am never allowed to administer anything, period. There's no user account giving me permissions to change ANYTHING on any system, period. The most I can do is push code to the GIT server. Okay sure, I can try to be influential by setting up at prototype of something, somewhere else, but that's about it.

    Yet young Big Balls has God Level rights against the most vociferous resistance of various agencies heads, (following the illegal dismissal of the attorneys general), before those agency protestors have been removed, one way or the other. How and why did that happen?

    We know who allowed it, no secret there.

    In a word: corruption.

    There's a price to be paid to keep the criminal in chief out of jail and serving his people. Fellow criminals can rejoice now -- the list of fellow criminals is long.

    The entire list is extremely disgusting although I have a favorite candidate for most evil scumbag: "libertarian" Ross Ulbricht [wikipedia.org] who couldn't be happier with his connection to DJ Trump.

    Criminals seem to respect and look out for each other. The people are fucked. We're all gonna pay for this.

    • I believe you meant "inspectors general" rather than "attorneys general". But "corruption" and "criminal" are always apposite w/r/t current administration.

    • pfffttt....

      someone's been watching too much mainstream media...

  • Hunter's (shiny!) laptop.

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...