 |
| Do you want your Social Security in Elon Musk's hands? (X) |
"Engineers" who helped Elon Musk take control of government employees' personal data did it by illegally installing a commercial server to access the information, according to a report at The New Republic (TNR). To top it off, these literally were "whiz kids," mostly in the 19 to 24 age range. Under the headline "Elon Musk Installs Illegal Server to Seize All Federal Workers’ Data; Elon Musk’s DOGE henchmen are helping him make his most terrifying power grab yet."
The questions of the moment: Did Musk and his underlings engage in criminal activity? Could they be civilly liable for damages to the federal employees? We don't yet have a clear-cut answer to those questions, but trespass to chattels and various forms of identity theft could be in play. fbi.gov has a trove of information about data theft and related crimes:
Understand Common Crimes and Risks Online
- Business email compromise (BEC)
scams exploit the fact that so many of us rely on email to conduct
business—both personal and professional—and it’s one of the most
financially damaging online crimes.
- Identity theft happens when someone steals your personal information, like your Social Security number, and uses it to commit theft or fraud.
- Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.
- Spoofing and phishing are schemes aimed at tricking you into providing sensitive information to scammers.
- Online predators are a growing threat to young people.
- More common crimes and scam
The website currentware.com provides insights about the problem of data theft under the headline "5 of the Worst Examples of Data Theft by Employees." Here is a key section from the article:
The 2020 Verizon Data Breach Investigations Report found that 86% of all data breaches are financially motivated. This motivation is very much prevalent in instances of employee data theft.
Everyone knows just how valuable a company’s data can be, and in the cases you’ll see below, many employees know that they can receive a hefty sum of cash if they’re able to steal it and sell it.
Employee data theft is especially likely when an employee is experiencing financial stressors in their life. They are more likely to accept bribes from malicious third parties, consider selling sensitive data to threat actors, or steal intellectual property to gain favor with a competing company.
In addition to stealing data for financial gain, employees in financial distress are more likely to engage in illegal activities such as money laundering and financial fraud. As such, an insider threat program should consider the addition of an anti-money laundering and counter-terrorism financing (AML/CFT) component.ras
Here is more from TNR's article on Elon Musk and his youthful sidekicks. Hafiz Rashid writes:
Elon Musk has taken control of government employees’ private data by having his cronies illegally install a commercial server at the Office of Personnel Management.
Musk and his handpicked associates at the fake “Department of Government Efficiency” are using their ill-gotten access to control federal databases containing Social Security numbers, home addresses, medical histories, and other sensitive personal information, according to journalists Caleb Ecarma and Judd Legum at Musk Watch.
Many of these Musk staffers are young people between 19 and 24, such as software engineer Akash Bobba, an undergraduate student at University of California, Berkeley, and 2022 high school graduate Edward Coristine. At Musk’s direction, these inexperienced underlings now have access to the private information of every federal employee, and even people who have merely applied to federal jobs.
Musk’s people were given access to the federal government’s official hiring site USAJOBS, where people hoping to secure a federal job often enter their personal information including Social Security numbers, home addresses, and employment records, in their applications. They also gained access to the Enterprise Human Resources Integration, or EHRI, system, which contains Social Security numbers, dates of birth, salaries, home addresses, job descriptions, and disciplinary records of every single federal employee.
“They’re looking through all the position descriptions … to remove folks,” said one OPM employee about Musk’s team. “This is how they found all these DEI offices and had them removed—[by] reviewing position description level data.”
In addition, the DOGE staffers also have access to systems relating to onboarding, job performance reviews, and even the system the government uses to manage employee health care, which could violate laws on protected health information, such as HIPAA.
“What [Musk is] doing will put so many government employees at risk. It’s not at all what the office is intended for,” a former OPM director told Musk Watch. “I just can’t believe what I’m seeing.”
The unprecedented access also leaves federal employee data unsecured and vulnerable to hackers, said one OPM employee. One of the new email lists created by Musk’s people was already hit by a flood of spam emails last week.
The potential for invasion of privacy is virtually endless. In fact, invasion of privacy is a tort for which people can be sued. And that is where an international component can enter the pictures. From the TNR report:
“China and Russia are literally trying to hack us every day, and we just gave all this data over to somebody that’s not been properly vetted,” one of the OPM staffers said. “It’s not just Amanda Scales, it’s all the [political appointees] in that office right now. So it’s multiple vulnerability points.”
Many senior government officials have been locked out of EHRI and OPM, and thus can’t track what changes have been made by DOGE cronies. They could be doing irreparable damage to the federal civil service in their attempts to thin it out, with few, if any, ways of finding out what they’re doing. It kind of makes Hillary Clinton’s storing of government data on a private email server look rather quaint, doesn’t it?
No comments:
Post a Comment