A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the most recent exhibit within the Trump administration’s continued disregard for primary cybersecurity protections. The message instructed recently-fired CISA staff to get in contact to allow them to be rehired after which instantly positioned on depart, asking staff to ship their Social Security quantity or date of delivery in a password-protected e mail attachment — presumably with the password wanted to view the file included within the physique of the e-mail.
The homepage of cisa.gov because it appeared on Monday and Tuesday afternoon.
On March 13, a Maryland district court docket decide ordered the Trump administration to reinstate greater than 130 probationary CISA staff who had been fired final month. On Monday, the administration introduced that these dismissed staff could be reinstated however positioned on paid administrative depart. They are amongst almost 25,000 fired federal employees who’re within the means of being rehired.
A discover protecting the CISA homepage mentioned the administration is making each effort to contact those that had been unlawfully fired in mid-February.
“Please provide a password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number,” the message reads. “Please, to the extent that it is available, attach any termination notice.”
The message didn’t specify how affected CISA staff ought to share the password for any connected information, so the implicit expectation is that staff ought to simply embody the plaintext password of their message.
Email is about as safe as a postcard despatched by means of the mail, as a result of anybody who manages to intercept the missive anyplace alongside its path of supply can probably learn it. In safety phrases, that’s the equal of encrypting delicate knowledge whereas additionally attaching the key key wanted to view the data.
What’s extra, an awesome many antivirus and safety scanners have hassle inspecting password-protected information, that means the administration’s directions are more likely to improve the danger that malware submitted by cybercriminals may very well be accepted and opened by U.S. authorities staff.
The message within the screenshot above was faraway from the CISA homepage Tuesday night and changed with a a lot shorter discover directing former CISA staff to contact a selected e mail deal with. But a barely completely different model of the identical message initially posted to CISA’s web site nonetheless exists on the web site for the U.S. Citizenship and Immigration Services, which likewise instructs these fired staff who want to be rehired and placed on depart to ship a password-protected e mail attachment with delicate private knowledge.
A message from the White House to fired federal staff on the U.S. Citizenship and Immigration Services instructs recipients to e mail private data in a password-protected attachment.
This is hardly the primary instance of the administration discarding Security 101 practices within the title of expediency. Last month, the Central Intelligence Agency (CIA) despatched an unencrypted e mail to the White House with the primary names and first letter of the final names of lately employed CIA officers who is likely to be straightforward to fireplace.
As cybersecurity journalist Shane Harris famous in The Atlantic, even these fragments of knowledge may very well be helpful to international spies.
“Over the weekend, a former senior CIA official showed me the steps by which a foreign adversary who knew only his first name and last initial could have managed to identify him from the single line of the congressional record where his full name was published more than 20 years ago, when he became a member of the Foreign Service,” Harris wrote. “The former official was undercover at the time as a State Department employee. If a foreign government had known even part of his name from a list of confirmed CIA officers, his cover would have been blown.”
The White House has additionally fired not less than 100 intelligence staffers from the National Security Agency (NSA), reportedly for utilizing an inner NSA chat device to debate their private lives and politics. Testifying earlier than the House Select Committee on the Communist Party earlier this month, the NSA’s former prime cybersecurity official mentioned the Trump administration’s makes an attempt to mass fireplace probationary federal staff will likely be “devastating” to U.S. cybersecurity operations.
Rob Joyce, who spent 34 years on the NSA, advised Congress how essential these staff are in sustaining an aggressive stance in opposition to China in our on-line world.
“At my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills,” Joyce advised the panel. “Eliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats.”
Both the message to fired CISA employees and DOGE’s ongoing efforts to bypass vetted authorities networks for a sooner Wi-Fi sign are emblematic of this administration’s total method to even primary safety measures: To go round them, or simply faux they don’t exist for a great purpose.
On Monday, The New York Times reported that U.S. Secret Service brokers on the White House had been briefly on alert final month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the Eisenhower constructing contained in the White House compound — to see about organising a dish to obtain satellite tv for pc Internet entry instantly from Musk’s Starlink service.
The White House press secretary advised The Times that Starlink had “donated” the service and that the reward had been vetted by the lawyer overseeing ethics points within the White House Counsel’s Office. The White House claims the service is important as a result of its wi-fi community is simply too sluggish.
Jake Williams, vp for analysis and growth on the cybersecurity consulting agency Hunter Strategy, advised The Times “it’s super rare” to put in Starlink or one other web supplier as a alternative for current authorities infrastructure that has been vetted and secured.
“I can’t think of a time that I have heard of that,” Williams mentioned. “It introduces another attack point,” Williams mentioned. “But why introduce that risk?”
Meanwhile, NBC News reported on March 7 that Starlink is increasing its footprint throughout the federal authorities.
“Multiple federal agencies are exploring the idea of adopting SpaceX’s Starlink for internet access — and at least one agency, the General Services Administration (GSA), has done so at the request of Musk’s staff, according to someone who worked at the GSA last month and is familiar with its network operations — despite a vow by Musk and Trump to slash the overall federal budget,” NBC wrote.
The longtime Musk worker who encountered the Secret Service on the roof within the White House advanced was Christopher Stanley, the 33-year-old senior director for safety engineering at X and principal safety engineer at SpaceX.
On Monday, Bloomberg broke the information that Stanley had been tapped for a seat on the board of administrators on the mortgage big Fannie Mae. Stanley was added to the board alongside newly confirmed Federal Housing Finance Agency director Bill Pulte, the grandson of the late housing businessman and founding father of PulteGroup — William J. Pulte.
In a nod to his new board function atop an company that helps drive the nation’s $12 trillion mortgage market, Stanley retweeted a Bloomberg story concerning the rent with a smiley emoji and the remark “Tech Support.”
But earlier in the present day, Bloomberg reported that Stanley had abruptly resigned from the Fannie board, and that particulars concerning the purpose for his fast departure weren’t instantly clear. As first reported right here final month, Stanley had a brush with movie star on Twitter in 2015 when he leaked the consumer database for the DDoS-for-hire service LizardStresser, and shortly confronted threats of bodily violence in opposition to his household.
My 2015 story on that leak didn’t title Stanley, however he uncovered himself because the supply by posting a video about it on his Youtube channel. A overview of domains registered by Stanley exhibits he glided by the nickname “enKrypt,” and was the previous proprietor of a pirated software program and hacking discussion board referred to as error33[.]web, in addition to theC0re, a online game dishonest neighborhood.
Stanley is considered one of greater than 50 DOGE employees, largely younger women and men who’ve labored with a number of of Musk’s corporations. The Trump administration stays dogged by questions about what number of — if any — of the DOGE employees had been put by means of the gauntlet of a radical safety background investigation earlier than being given entry to such delicate authorities databases.
That’s largely as a result of in considered one of his first govt actions after being sworn in for a second time period on Jan. 20, President Trump declared that the safety clearance course of was just too onerous and time-consuming, and that anybody so designated by the White House counsel would have full prime secret/delicate compartmented data (TS/SCI) clearances for as much as six months. Translation: We accepted the danger, so TAH-DAH! No danger!
Presumably, this is identical counsel who noticed no moral considerations with Musk “donating” Starlink to the White House, or with President Trump summoning the media to movie him hawking Cybertrucks and Teslas (a.okay.a. “Teslers”) on the White House garden final week.
Mr. Musk’s unelected function as head of an advert hoc govt entity that’s gleefully firing federal employees and feeding federal businesses into “the wood chipper” has seen his Tesla inventory value plunge in latest weeks, whereas firebombings and different vandalism assaults on property carrying the Tesla brand are cropping up throughout the U.S. and abroad and driving down Tesla gross sales.
President Trump and his lawyer common Pam Bondi have dubiously asserted that these accountable for assaults on Tesla dealerships are committing “domestic terrorism,” and that vandals will likely be prosecuted accordingly. But it’s not clear this administration would acknowledge an actual home safety menace if it was ensconced squarely behind the Resolute Desk.
Or on the pinnacle of the Federal Bureau of Investigation (FBI). The Washington Post reported final month that Trump’s new FBI director Kash Patel was paid $25,000 final yr by a movie firm owned by a twin U.S. Russian citizen that has made applications selling “deep state” conspiracy theories pushed by the Kremlin.
“The resulting six-part documentary appeared on Tucker Carlson’s online network, itself a reliable conduit for Kremlin propaganda,” The Post reported. “In the film, Patel made his now infamous pledge to shut down the FBI’s headquarters in Washington and ‘open it up as a museum to the deep state.’”
When the pinnacle of the FBI is promising to show his personal company headquarters right into a mocking public exhibit on the U.S. National Mall, it might appear foolish to fuss over the White House’s clumsy and insulting directions to former staff they unlawfully fired.
Indeed, one constant suggestions I’ve heard from a subset of readers right here is one thing to this impact: “I used to like reading your stuff more when you weren’t writing about politics all the time.”
My response to that’s: “Yeah, me too.” It’s not that I’m all of the sudden excited by writing about political issues; it’s that varied actions by this administration hold intruding on my areas of protection.
A much less charitable interpretation of that reader remark is that anybody nonetheless giving such suggestions is both dangerously uninformed, being disingenuous, or simply doesn’t wish to hold being reminded that they’re on the facet of the villains, regardless of all of the proof displaying it.
Article II of the U.S. Constitution unambiguously states that the president shall take care that the legal guidelines be faithfully executed. But virtually from Day One of his second time period, Mr. Trump has been performing in violation of his sworn responsibility as president by selecting to not implement legal guidelines handed by Congress (TikTookay ban, anybody?), by freezing funds already allotted by Congress, and most lately by flouting a federal court docket order whereas concurrently calling for the impeachment of the decide who issued it. Sworn to uphold, shield and defend The Constitution, President Trump seems to be creating new constitutional challenges with virtually every passing day.
When Mr. Trump was voted out of workplace in November 2020, he turned to baseless claims of widespread “election fraud” to elucidate his loss — with lethal and long-lasting penalties. This time round, the rallying cry of DOGE and White House is “government fraud,” which provides the administration a certain quantity of canopy for its actions amongst a base of voters that has lengthy sought to shrink the scale and value of presidency.
In actuality, “government fraud” has grow to be a time period of derision and public scorn utilized to something or anybody the present administration doesn’t like. If DOGE and the White House had been actually excited by trimming authorities waste, fraud and abuse, they might scarcely do higher than seek the advice of the inspectors common combating it at varied federal businesses.
After all, the inspectors common probably know precisely the place quite a lot of the federal authorities’s fiscal skeletons are buried. Instead, Mr. Trump fired not less than 17 inspectors common, leaving the federal government with out important oversight of company actions. That motion is unlikely to stem authorities fraud; if something, it is going to solely encourage such exercise.
As Techdirt founder Mike Masnick famous in a latest column “Why Techdirt is Now a Democracy Blog (Whether We Like it or Not),” when the very establishments that made American innovation doable are being systematically dismantled, it’s not a “political” story anymore: It’s a narrative about whether or not the atmosphere that enabled all the opposite tales we cowl will live on.
“This is why tech journalism’s perspective is so crucial right now,” Masnick wrote. “We’ve spent decades documenting how technology and entrepreneurship can either strengthen or undermine democratic institutions. We understand the dangers of concentrated power in the digital age. And we’ve watched in real-time as tech leaders who once championed innovation and openness now actively work to consolidate control and dismantle the very systems that enabled their success.”
“But right now, the story that matters most is how the dismantling of American institutions threatens everything else we cover,” Masnick continued. “When the fundamental structures that enable innovation, protect civil liberties, and foster open dialogue are under attack, every other tech policy story becomes secondary.”