As digital privacy advocates have explained for years, every back door you create for yourself is a front door for an attacker. There's no chance code cooked up in a week by Musk acolytes is secure. The question is when, not if, the Treasury will be compromised by hostiles beyond Musk himself. - ThreadSky

maxkennerly.bsky.social • 112 days ago

As digital privacy advocates have explained for years, every back door you create for yourself is a front door for an attacker.

There's no chance code cooked up in a week by Musk acolytes is secure. The question is when, not if, the Treasury will be compromised by hostiles beyond Musk himself.

Reposted from Corey Rayburn Yung

This is a backdoor. Elon's coders are creating a backdoor into the US Treasury. This is incredibly dangerous both because of its intended use (by Elon and Trump) and the risk of other actors exploiting a major security vulnerability to cause a massive disruption to the US government.

Comments

jbittker.bsky.social•112 days ago

castlebridge-chief.bsky.social•112 days ago

So much wrong in the practices described… pushing code to production untested,
No governance… jeez this will end well.”

eschneider.bsky.social•112 days ago

I'm sure it worked on both test cases.

castlebridge-chief.bsky.social•112 days ago

Testing schmesting

plusbleuciel.bsky.social•112 days ago

Looking at you, black hat data breachers. Big payout if you can manage it.

maxandkat.bsky.social•112 days ago

OMG!! How will we ever recover from this?!

ataylorlaw.bsky.social•112 days ago

This also fits with some (younger) coders motto "Move fast and break things." In fact, some I believe are taught that documenting code as you write is a waste of time, as is module testing. If you think it will work, don't stop to check that out. And now they are doing that live.

lippard.bsky.social•112 days ago

I'd like to hear a better explanation about why this is being interpreted as a "backdoor" (which usually means an alternative method for *access* to a system), and not just additional conditions for enabling or disabling specific payments, which is how I initially interpreted it.

emiliagb.bsky.social•112 days ago

"Not working" is optimistic. "Deducting SSA payments from Grandma's account" or "Reissuing random historical charges or payments to the wrong accounts" is more likely.

I'd bet money they're using LLMs. On complex legacy code across multiple languages that has NEVER been part of a training set.

emiliagb.bsky.social•112 days ago

He's gonna break shit beyond repair, "accidentally" delete all the legacy code, and then claim in Court they literally can't pay people because they've destroyed all ability to do so.

You know -- equivalent of kill their parents and ask for mercy on account of being orphans.

potuselonamusk.bsky.social•112 days ago

I got what I needed.
You think I care if other black hats used it for target practice?

samcrut.bsky.social•112 days ago

Worse. I'll bet you can ask Grok how much you paid in taxes the last decade and it'll tell you. They're training AI on government spending data.

dave-mueller.bsky.social•112 days ago

And was that the plan all along?

samhalpert.bsky.social•112 days ago

@raskin.house.gov

bbennettesq.bsky.social•112 days ago

I guarantee these fucking AMATEURS have no idea how to do secure coding.

katieryall.bsky.social•112 days ago

This seems to assume that code was hastily cooked up only recently. I think they’ve had this in the works for quite some time. Musk’s involvement didn’t start recently. He’s always been working in the background

tom4okstate.bsky.social•112 days ago

The upper echelons of the PRC must have gotten tired of taking celebratory shots by now. Like 'Guys I know things are going great for us but my liver can't take much more of this.'

truth-consequences.bsky.social•112 days ago

These are all rogue agents with no background checks, no security clearances, no duty to protect people's privacy and absolutely no accountability.

We're going to have to learn the hard way, again.

skypete.bsky.social•112 days ago

Already is compromised. They are Russian assets.

pcollirigger.bsky.social•112 days ago

We never lost sleep over our Treasury software in the past. I'm not so much worried about them making mistakes. I'm more worried about the things that they did on purpose. Is there no way to find out what functions changed and why?

craykrypto.bsky.social•112 days ago

Can't we sue Elon?? Hasn't he broken a law?

galdireonai.bsky.social•112 days ago

He has broken numerous laws. They just aren't being enforced.

craykrypto.bsky.social•112 days ago

Where are the constitutional attorneys/scholars, Dem politicans?! Where are we protesting?

craykrypto.bsky.social•112 days ago

Our voting systems will be "fixed" next.
Twitter and Kash Patel will report widespread Dem fraud in prior elections, Trump will take emergency action to take control and they'll rig all future elections. Hegseth will enforce the mass chaos that that will produce.

navinabob.bsky.social•112 days ago

One thing I have yet to see mentioned is the value of the stolen personal information. We have several large data brokerage firms which would pay anything to get updated & accurate information. I know both utility and state/city governments have sold data to them, but Federal would be game-changing.

mom6.bsky.social•112 days ago

These high on access power interns are great targets for Russia and China.

Money talks.

derpgently.bsky.social•112 days ago

Sure, and that's assuming the intent is not to irrevocably damage financial data integrity to the point where fiat currency fails, in order to usher in a crypto based future.

Is that a stupid plan? Yes, definitely. But I'm not convinced it isn't an option.

grumdholt.bsky.social•112 days ago

A random company sent a bunch of internet connected devices to the HQ that has remote links into the US government payments system.
They may already be compromised.
Are these kids stupid enough to have an Alexia or other voice activated device, that can record all audio, running in their office?

kraniumkracka.bsky.social•112 days ago

It’s actually perfect. They can drain accounts, say they were hacked, their DOJ will “investigate”.

spaghetti.expert•112 days ago

Okay but what if the coder was a 25 year old who never had to have a real job outside of nepotism

infinitelyloopy.bsky.social•112 days ago

This! It should chill everyone’s blood that these inexperienced developers are writing code for an insanely sensitive system (I could stop there) without a code review by security experts.

There is simply no way they could have digested the code base in the time since they gained access.

bungdan.bsky.social•112 days ago

Could be compromised for years before anyone finds out, too.

ysosidious.bsky.social•112 days ago

I highly doubt this code was created recently. This is all pre-planned, and I’m pretty sure his foreign connections have helped with it. We are genuinely being attacked by enemies foreign and domestic.

sonofherby.bsky.social•112 days ago

Honestly, if this isn't an invitation to lay siege to Twitter, Tesla, and Space X, I don't know what is. No way those systems are secure.

wanderingvoron.bsky.social•112 days ago

The government put out "for sale to the highest bidder" signs decades ago, they just moved them to the front yard this year. It's pretty late in the game to stop it.
Things are probably going to have to crash and burn before real reform happens.

eddiethebulldog.bsky.social•112 days ago

Exactly. Again, for the cheap seats, this is an unprecedented security violation. Secure systems jimmied open from the inside by a tech company magnate with a questionable security clearance and openly hostile positions to data privacy and system protections.
With zero oversight.