Summary of a Recent Breach Involving DOGE Software Engineer’s Computer
A recent news article has reported on a potential security breach involving Kyle Schutt, a 30-something-year-old software engineer working for DOGE, who allegedly accessed a "core financial management system" belonging to the Federal Emergency Management Agency (FEMA) in February. This incident raises concerns about the security of government networks and critical infrastructure.
Credentials Exposed by Info-Stealer Malware
According to journalist Micah Lee’s investigation, login credentials belonging to Schutt have appeared in multiple public leaks from info-stealer malware since 2023. These credentials include usernames and passwords for logging into various accounts, which were likely obtained through trojanized apps, phishing, or software exploits.
Implications of the Breach
The presence of Schutt’s credentials in leaked "stealer logs" indicates that his device was infected with info-stealing malware. This raises concerns about the potential compromise of sensitive information he has access to as an employee of CISA and DOGE. As Lee notes, the steady stream of published credentials for Schutt is a strong indication that his devices were hacked in recent years.
Background on Stealer Malware
Stealer malware typically infects devices through trojanized apps, phishing, or software exploits. Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps.
Previous Data Breaches
Lee’s investigation found that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
Possible Indications of Compromise
While the presence of an individual’s credentials in such logs isn’t automatically an indication that the individual himself was compromised or used a weak password, the steady stream of published credentials for Schutt suggests that his devices were likely hacked at some point. In the event that Schutt used the same or similar credentials in systems or machines during his work at CISA and DOGE, attackers may already have been able to access sensitive information he’s privy to.
Criticism of DOGE’s Operational Security
DOGE critics have pointed out that Lee’s findings are consistent with other operational security gaffes by the office, such as a website that could be edited by anyone and unprecedented and extraordinarily broad access to government data like that stored in the federal payroll system. One critic wrote on Mastodon that "it’s difficult not to suspect their awful OPSEC is a choice, and that there are specific people (ahem cough cough the Russians cough) to whom they’re leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda."
Response from CISA and DHS
Representatives at CISA and the Department of Homeland Security—the agency that oversees CISA—didn’t immediately respond to an email seeking confirmation of the report.
Conclusion
The recent breach involving DOGE software engineer Kyle Schutt’s computer raises concerns about the security of government networks and critical infrastructure. The steady stream of published credentials for Schutt suggests that his devices were likely hacked at some point, potentially compromising sensitive information he has access to as an employee of CISA and DOGE. This incident highlights the need for improved operational security measures within government agencies to prevent such breaches from occurring in the future.