„Das schlimmste Leck, das ich je gesehen habe“: US-amerikanische Cybersicherheitsbehörde veröffentlicht ihre digitalen Schlüssel auf GitHub
https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330
47 Kommentare
They’re all stoned off their asses.
I wish I could say I am shocked, but the level of ineptitude in govt. at all levels is astounding. Just like in Trumps last stint as President. Rudy Guliani (sp?) was put over cyber security and they deployed a public facing SQL server with ZERO protections. It got owned in a few minutes after deployment. And that’s just one of what we know about…
Ahh yes, giving my tax money to fund a bunch of a retards that don’t know how GitHub works.
A McDonald’s worker probably knows GitHub better
Six months of GovCloud admin credentials sitting in a public repo named Private-CISA, in a file called importantAWStokens, and the official statement is “no indication sensitive data was compromised.” I mean, technically true — nobody needed to compromise it. It was just sitting there. Like a buffet.
The worst leak they’ve witnessed so far.
More evidence of the silent rebellion happening in the US Government right now.
I wonder if it was some idiot using an llm… this happens all the time now.
Only the best I guess and perhaps why best have multiple layers of security
Incompetence top to bottom. That’s what the American people voted for. That and pedophile protection.
Babytown frolics.
They chased away every competent person they had. Just crooks and idiots left.
The Trump Administration couldn’t find its own ass w/ both hands and a diagram.
This is republican ‚leadership‘ on full display.
U.S. Cybersecurity Agency … I would let that sink in, but it is already on my sofa laughing its arse off
I’m a Software Engineer, it never fails to amaze me how the „big guys“ can make these mistakes and how often they do. This was the case even before AI assistants. I’m a nobody, working in low-stakes projects, I check the diff before every commit, no one had to tell me that, it’s obvious.
This is how the incompetent cronies Krasnov appoints run agencies. You can bet Russia and China now have all that information.
Tulsi Gabbard had to let her boss Putin know about those credentials
Wasnt done by error – insider
Clownery. GOP Congress has enabled all of this evil and stupidity with their cravenness.
don’t worry, j edgar boozer is on the case
I hate when articles refer to this kind of situation as a “vulnerability” as if there is some exploit required to access this information. All they are doing is working to avoid accountability. If I post my phone number on public social media it is not a vulnerability when scammers start calling.
I’ll bet they used „password“ as their password.
when you lay off the people that keep the things safe you get the things stolen.
I do bug bounty Audits I done DOD and other gov sites scary just how meany holes you find if you just look.
oh well it keep freelancers like me in business
I’m gonna cry laugh if they find out this was done by an AI set up so they could cut payroll.
Same CISA that was absolutely gutted and the people with much of expertise and skills were fired/let go? Shocking! [https://www.cybersecuritydive.com/news/cisa-layoffs-reassignments-dhs-white-house-government-shutdown/802723/](https://www.cybersecuritydive.com/news/cisa-layoffs-reassignments-dhs-white-house-government-shutdown/802723/)
My cynicism says ‘ain’t nothing gonna happen’ but it would be awesome to start seeing some consequences for blatant illegality and incompetence.
CISA has been a trainwreck under the current admin, with DOGE laying off a third of their workforce and Trump’s own ire due to them debunking his claims that the 2020 election was „stolen“ from him: https://cyberscoop.com/cisa-personnel-cuts-trump-second-term-analysis/?hl=en-US
>CISA has lost roughly a third of its personnel and shuttered entire divisions. Observers across the political spectrum told CyberScoop for this story that even on its core missions, like coordinating with industry and protecting federal networks, the agency is significantly diminished.
> … Trump’s ire over the 2020 election results has led to the agency being deprioritized within the administration. Congress has yet to approve the administration’s permanent pick to lead the agency, Sean Plankey, and lawmakers have failed to do other things to strengthen it.
Isn’t it great that trump slashed their budget so they are so short staffed?
Living in Idiocracy.
Can’t see leaks if you fire all the cybersecurity professionals.
***Taps brain***
Ouch.
Putting all this stuff in a private GitHub repo would be almost as stupid as putting it in a public one. Whoever was behind this made a LOT of mistakes
As a software engineer, things like that are a nightmare scenario. Just the concept of somehow making a mistake that egregious and having my own name stamped across something that fundamentally destructive and humiliating.
Yet another failure from this failure of an administration.
Incompetence at the highest level is unacceptable. Change them out
The levels of incompetence of this administration are through the stratosphere.
Someone at work did this once
The keys were scraped in seconds and we came back after a holiday weekend to a $750k cloud bill
Seems intentional- the traitors in charge are more than capable of leaking shit to our adversaries
Thats exactly what I expect from this administration
The worst leak was all of the US companies that wholesale gave communist countries their technology when they sold out American workers and made high tech manufacturing facilities overseas.
It’s intentional folks.
The US is a failed state.
Its almost like they are trying to get an attack.
Cybersecurity is passe, nobody cares about it anymore.
Making things secure is a huge time drag. Can’t vibe code and release 23 new products a week if you bog things down with „security“ or „reliability“ or „quality“ wastes of time.
Plus the huge salary savings of laying off everyone except a handful of developers with Claude! Makes next quarter look super awesome to have next to no payroll costs.
And outsourcing cybersecurity? Sure, pay those worthless bastards several thousands of $ each year… OR don’t and keep the money! It’s a no-brainer win for any CEO.
Just shovel software out the door as fast as you can burn the tokens to do it. If it breaks or gets hacked just say „oopsie poopsie“ and let your customers deal with any fallout.
(/frustrated now-former cybersecurity person)
And now you know why trump is here. To sell all of our data
For people who aren’t big on technology, this is like having a doctor who doesn’t think its a big deal to leave scalpels or things in you after surgery
I have to go through 3-5 interviews to get SWE job while some high level cybersecurity “experts” just leave keys on GitHub hahaha . You can’t make this up.
It’s the worst day since yesterday