What Could DOGE Do With Federal Data?
When the Department of Government Efficiency stormed the federal government, it had a clear objective—to remake the government, one must remake the civil service. And in particular, the team of Elon Musk acolytes 'focused on accessing the terminals, uncovering the button pushers, and taking control,' Michael Scherer, Ashley Parker, Shane Harris, and I wrote this week in an investigation into the DOGE takeover. Computers, they figured, run the government.
DOGE members and new political appointees have sought access to data and IT systems across the government—at the Treasury Department, IRS, Department of Health and Human Services, and more. Government technologists have speculated that DOGE's next step will be to centralize those data and feed them into AI systems, making bureaucratic processes more efficient while also identifying fraud and waste, or perhaps simply uncovering further targets to dismantle. Musk's team has reportedly already fed Department of Education data into an AI system, and Thomas Shedd, a former Tesla engineer recently appointed to the General Services Administration, has repeatedly spoken with staff about an AI strategy, mentioning using the technology to develop coding agents and analyze federal contracts.
No matter DOGE's goal, putting so much information in one place and under the control of a small group of people with little government experience has raised substantial security concerns. As one recently departed federal technology official wrote in draft testimony for lawmakers, which we obtained, 'DOGE is one romance scam away from a national security emergency.'
This Is What Happens When the DOGE Guys Take Over
By Michael Scherer, Ashley Parker, Matteo Wong and Shane Harris
They arrived casually dressed and extremely confident—a self-styled super force of bureaucratic disrupters, mostly young men with engineering backgrounds on a mission from the president of the United States, under the command of the world's wealthiest online troll.
On February 7, five Department of Government Efficiency representatives made it to the fourth floor of the Consumer Financial Protection Bureau headquarters, where the executive suites are located. They were interrupted while trying the handles of locked office doors.
'Hey, can I help you?' asked an employee of the agency that was soon to be forced into bureaucratic limbo. The DOGE crew offered no clear answer.
What to Read Next
DOGE and new Trump appointees' access to federal data and computer systems is growing in both breadth and depth. Defense technologies, Americans' sensitive personal and health data, dangerous biological research, and more are in reach. Within at least one agency, USAID, they have achieved 'God mode,' according to an employee in senior leadership—meaning Elon Musk's team has 'total control over systems that Americans working in conflict zones rely on, the ability to see and manipulate financial systems that have historically awarded tens of billions of dollars, and perhaps much more,' Charlie Warzel, Ian Bogost, and I reported this week. With this level of control, the USAID staffer feared, DOGE could terminate federal workers in 'a conflict zone like Ukraine, Sudan, or Ethiopia.'
In the coming weeks, we reported, 'the team is expected to enter IT systems at the CDC and Federal Aviation Administration.' Just how far Musk and his team can go is uncertain; they face various lawsuits, which have thus far had varying success. The team may be trying to improve the government's inner workings, as is its stated purpose. 'But in the offices where the team is reaching internal IT systems,' Charlie, Ian, and I wrote, 'some are beginning to worry that [Musk] might prefer to destroy' the government, 'to take it over, or just to loot its vaults for himself.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
38 minutes ago
- Yahoo
DOGE has built an AI tool to slash federal regulations
The Department of Government Efficiency hopes to use a new AI tool to eliminate half of the federal government's regulatory mandates, according to The Washington Post. Citing a PowerPoint presentation dated July 1, The Post reports that the DOGE AI Deregulation Decision Tool is supposed to analyze around 200,000 federal regulations and identify the ones that are no longer required by law, with the goal of eliminating half those regulations by the first anniversary of President Donald Trump's return to office. It seems this work is already underway, with the presentation declaring the tool has already been used to review regulations at the Department of Housing and Urban Development and to write '100% of deregulations' Consumer Financial Protection Bureau. A White House spokesperson told The Post that 'no single plan has been approved or greenlit' but praised the DOGE team as 'the best and brightest in the business.' This is just the latest AI tool developed by DOGE (led in the early months of the Trump administration by Elon Musk), including one reportedly error-prone tool that would hallucinate the size of Veterans Affairs contracts. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
CNBC
41 minutes ago
- CNBC
'Quishing' scams dupe millions of Americans as cybercriminals turn the QR code bad
QR codes were once a quirky novelty that prompted a fun scan with the phone. Early on, you might have seen a QR code on a museum exhibit and scanned it to learn more about the eating habits of the woolly mammoth or military strategies of Genghis Khan. During the pandemic, QR codes became the default restaurant menu. However, as QR codes became a mainstay in more urgent aspects of American life, from boarding passes to parking payments, hackers have exploited their ubiquity. "As with many technological advances that start with good intentions, QR codes have increasingly become targets for malicious use. Because they are everywhere — from gas pumps and yard signs to television commercials — they're simultaneously useful and dangerous," said Dustin Brewer, senior director of proactive cybersecurity services at BlueVoyant. Brewer says that attackers exploit these seemingly harmless symbols to trick people into visiting malicious websites or unknowingly share private information, a scam that has become known as "quishing." The increasing prevalence of QR code scams prompted a warning from the Federal Trade Commission earlier this year about unwanted or unexpected packages showing up with a QR code that when scanned "could take you to a phishing website that steals your personal information, like credit card numbers or usernames and passwords. It could also download malware onto your phone and give hackers access to your device." State and local advisories this summer have reached across the U.S., with the New York Department of Transportation and Hawaii Electric warning customers about avoiding QR code scams. The appeal to cybercriminals lies in the relative ease with which the scam operates: slap a fake QR code sticker on a parking meter or a utility bill payment warning and rely on urgency to do the rest. "The crooks are relying on you being in a hurry and you needing to do something," said Gaurav Sharma, a professor in the department of electrical and computer engineering at the University of Rochester. Sharma expects QR scams to increase as the use of QR codes spreads. Another reason QR codes have increased in popularity with scammers is that more safeguards have been put into place to tamp down on traditional email phishing campaigns. A study this year from cybersecurity platform KeepNet Labs found that 26 percent of all malicious links are now sent via QR code. According to cybersecurity company, NordVPN, 73% of Americans scan QR codes without verification, and more than 26 million have already been directed to malicious sites. "The cat and mouse game of security will continue and that people will figure out solutions and the crooks will either figure out a way around or look at other places where the grass is greener," Sharma said. Sharma is working to develop a "smart" QR code called a SDMQR (Self-Authenticating Dual-Modulated QR) that has built-in security to prevent scams. But first, he needs buy-in from Google and Microsoft, the companies that build the cameras and control the camera infrastructure. Companies putting their logos into QR codes isn't a fix because it can cause a false sense of security, and that criminals can usually simply copy the logos, he said. Some Americans are wary of the increasing reliance on QR codes. "I'm in my 60s and don't like using QR codes," said Denise Joyal of Cedar Rapids, Iowa. "I definitely worry about security issues. I really don't like it when one is forced to use a QR code to participate in a promotion with no other way to connect. I don't use them for entertainment-type information." Institutions are also trying to fortify their QR codes against intrusion. Natalie Piggush, spokeswoman for the Children's Museum of Indianapolis, which welcomes over one million visitors a year, said their IT staff began upgrading their QR codes a couple of years ago to protect against what has become an increasingly significant threat. "At the museum, we use stylized QR codes with our logo and colors as opposed to the standard monochrome codes. We also detail what users can expect to see when scanning one of our QR codes, and we regularly inspect our existing QR codes for tampering or for out-of-place codes," Piggush said. Museums are usually less vulnerable than places like train stations or parking lots because scammers are looking to collect cash from people expecting to pay for something. A patron at a museum is less likely to expect to pay, although Sharma said even in those settings, fake QR codes can be deployed to install malware on someone's phone. QR code scams are likely to hit both Apple and Android devices, but iPhone users may be slightly more likely to fall victim to the crime, according to a study completed earlier this year by Malwarebytes. Users of iPhones expressed more trust in their devices than Android owners and that, researchers say, could cause them to let down their guard. For example, 70% of iPhone users have scanned a QR code to begin or complete a purchase versus 63% of Android users who have done the same. Malwarebytes researcher David Ruiz wrote that trust could have an adverse effect, in that iPhone users do not feel the need to change their behavior when making online purchases, and they have less interest in (or may simply not know about) using additional cybersecurity measures, like antivirus. Fifty-five percent of iPhone users trust their device to keep them safe, versus 50 percent of Android users expressing the same sentiment. A QR code is more dangerous than a traditional phishing email because users typically can't read or verify the encoded web address. Even though QR codes normally include human-readable text, attackers can modify this text to deceive users into trusting the link and the website it directs to. The best defense against them is to not scan unwanted or unexpected QR codes and look for ones that display the URL address when you scan it. Brewer says cybercriminals have also been leveraging QR codes to infiltrate critical networks. "There are also credible reports that nation-state intelligence agencies have used QR codes to compromise messaging accounts of military personnel, sometimes using software like Signal that is also open to consumers," Brewer said. Nation-state attackers have even used QR codes to distribute remote access trojans (RATs) — a type of malware designed to operate without a device owner's consent or knowledge — enabling hackers to gain full access to targeted devices and networks. Still, one of the most dangerous aspects of QR codes is how they are part of the fabric of everyday life, a cyberthreat hiding in plain sight. "What's especially concerning is that legitimate flyers, posters, billboards, or official documents can be easily compromised. Attackers can simply print their own QR code and paste it physically or digitally over a genuine one, making it nearly impossible for the average user to detect the deception," Brewer said. Rob Lee, chief of research, AI, and emerging threats at the cybersecurity training focused SANS Institute, says that QR code compromise is just another tactic in a long line of similar strategies in the cybercriminal playbook. "QR codes weren't built with security in mind, they were built to make life easier, which also makes them perfect for scammers," Lee said. "We've seen this playbook before with phishing emails; now it just comes with a smiley pixelated square. It's not panic-worthy yet, but it's exactly the kind of low-effort, high-return tactic attackers love to scale."
Miami Herald
43 minutes ago
- Miami Herald
Medicare and hospice scams are on the rise
Medicare and hospice scams are on the rise. In a rare show of bipartisanship, the U.S. House of Representatives unanimously passed the Senior Security Act - a bill aimed squarely at protecting older Americans from financial scams. Championed by Rep. Josh Gottheimer (D-N.J.), the bill would establish a Senior Investor Task Force within the Securities and Exchange Commission. Its job? Don't miss the move: SIGN UP for TheStreet's FREE daily newsletter To identify and address the risks older investors face - from outright fraud and financial exploitation to the more subtle threats tied to cognitive decline. Image source: Chaozzy Lin on Unsplash The Senior Investor Task Force is long overdue. For years, advocates have called for stronger investor protections for seniors, and this legislation delivers. Here's what it would do: Identify challenges that senior investors face navigating the financial systemRecommend changes to SEC rules or those of self-regulatory organizations to better protect seniorsCoordinate efforts with other SEC offices, the Elder Justice Coordinating Council, and other relevant agenciesCollaborate with state securities regulators, law enforcement, and insurance departments Related: Retired workers to see frustrating change to Medicare in 2026 The task force would also deliver a biennial report to Congress, summarizing: Trends and innovations reshaping the investing landscape for older AmericansRegulatory and industry practices that impact senior investorsKey observations from enforcement actions and investor education effortsThe most serious issues confronting senior investorsRecommendations for changes in regulation, guidance or legislation For retirees trying to safeguard their nest eggs - and for the advisers who help them - this is an important step toward turning concern into real protection. In 2024, Americans reported a record-shattering $16.6 billion in losses to the FBI's Internet Crime Complaint Center - a 33% increase over 2023. According to the 2024 IC3 Annual Report, IC3 received 859,532 complaints - more than 2,000 a day. A staggering 83% of those losses were tied to cyber-enabled fraud. Older adults were hit especially hard. Those aged 60 and older reported $4.9 billion in losses - a 43% jump from the previous year. They filed 147,127 complaints, up 46%. Among seniors who lost more than $100,000, the average loss was $83,000 - a life-altering amount for most. That's why efforts like the Senior Security Act - and public education campaigns about scams - are more important than ever. Speaking of public education campaigns, the Centers for Medicare & Medicaid Services (CMS) just issued a warning to beneficiaries about a disturbing new scam: fraudsters posing as salespeople offering "free" services or gifts in order to enroll unsuspecting seniors in hospice care - without their knowledge or need. In a July 16 fraud alert, CMS outlined how the scam works: Scammers contact you via text, phone, email, fake ads - or even knock on your offer "free" perks like cooking, cleaning, groceries, or medical return, they ask for your Medicare number and a use that information to enroll you in hospice care, allowing them to bill Medicare fraudulently. Related: Millions of Medicare beneficiaries could see major price shock Hospice care, CMS noted, is for individuals who are terminally ill and should only be considered after discussions with a person's doctor. Enrolling without medical necessity could jeopardize their future Medicare coverage. CMS Administrator Dr. Mehmet Oz issued a video message warning Medicare beneficiaries to stay alert for such scams and to guard their Medicare numbers carefully. The Federal Trade Commission is also sounding the alarm. In a recent post, FTC consumer education specialist Kira Krown also warned that scammers are luring older adults into fraudulent hospice enrollment by offering free services like housekeeping or gift cards. "What they likely won't tell you is how," Krown wrote. "They want to commit fraud by signing you up for Medicare hospice - that's right, hospice - care. Then, they can bill Medicare for all kinds of services in your name. If you're signed up and don't need it, this could affect your Medicare coverage in the future. Anyone who tells you differently is a scammer." To protect yourself, the FTC recommends: Never share your Medicare number with anyone offering "free" sign up for hospice in exchange for perks like groceries, gift cards, or that Medicare will never send someone to your home to enroll you in services. If you suspect hospice fraud, call 1-800-MEDICARE (1-800-633-4227) or file a report at You can also reach out to your local Senior Medicare Patrol (SMP) for assistance. What to do with Form 1099-R, Distributions From Pensions, Annuities, Retirement or Profit-Sharing Plans, IRAs, Insurance Contracts, etc. The Arena Media Brands, LLC THESTREET is a registered trademark of TheStreet, Inc.
