BrianKrebsNov 20

I have quite a few projects I'm super excited to publish in the coming weeks. But honestly, the main thing that's consuming my brain cycles story-wise is a year-end piece about just how badly this administration has fscked our cybers in so many ways.

This won't be a polemical soliloquy. I intend to document all of the specific actions this administration has taken that appear to weaken, redirect, or fully castrate our cyber capabilities. Your assistance would be appreciated (and possibly noted).

Show threadBrianKrebsNov 20

One aspect of this I can't stop thinking about is the example and precedent set by this administration when Musk took over and started joining all these federal databases that had previously been kept separate for about 100+ reasons over time.

Kind of secondary to those alarming developments was the fact that all of the safeguards we put in place to ensure Security 101 things like "need to know access" and auditability were just tossed out the window, and really haven't been observed by this administration since. It's as if the entirety of what they teach you in Security 101, 201, 301, etc, is just a suggestion.

Also, where THE FUCK did this data go? Who has it? How can anyone be sure who does? Is it still being used? How will it be used going forward?

Show threadJames M.
@briankrebs I assume everyone has the data who was willing to pay for it, probably including the Russian and Chinese governments.
Nov 20 at 10:50pmWeb
Show threadBrianKrebsNov 20
@jamesmarshall Hrm. To my mind, the assumption with this administration should be that one or more of the people who might have access to these joined databases are using a machine that is infected by malware from our adversaries. Or, at the very least, is on the same network as someone using some hacked Android TV box or something.
Show threadJames M.Nov 20
@briankrebs that makes sense. One effective way to transmit sensitive data to adversaries would be to put it on an insecure machine, either on purpose or not.
Show threadMissConstrueNov 21

@jamesmarshall @briankrebs

Forgive me, but I'm not at a place where I can dig into trying to find a cite, but I have this vague memory of a report that there was some significantly weird traffic coming over the Elon-installed starlink in DC. I can't remember if an embassy was implicated, or if I'm getting my conspiracies confused.