Hold up, is the implication that DOGE opened RDP access to national laboratories working on nuclear technology? I thought this administration might try to sell nuclear secrets, but I never expected them to be just be given away!
Oh dear god.
Between January 14 and February 8, servers belonging to Lawrence Livermore National Laboratory, Los Alamos National Laboratory, Thomas Jefferson National Accelerator Facility, and Fermi Accelerator National Laboratory have been found with Remote Desktop Protocol (RDP) services exposed to the public internet. This grants malicious actors the opportunity to hack into servers hosting sensitive nuclear research data, a golden egg for spy agencies across the globe.
Its FINE, ITS ALL FINE!
Alarmingly, a Department of Energy server allowed anonymous login with write access, raising the risk of hackers uploading malicious code or installing backdoors for persistent network access.
uh um, just a minor hiccup Mr. Musk, it’ll all be patched up… as soon as… hrmm…
However, my investigation reveals that Inventry[.]ai may be one of the AI products in question, with multiple U.S. government IP addresses pointing to its REST API. This indicates a massive flow of government data being sent to the AI company’s servers.
Proof: 8 IP addresses on Amazon’s GovCloud now point to Inventry.ai’s REST API, indicating a massive firehose of data being sent to the AI company’s servers. The IP addresses are: 18.253.166.131, 182.30.117.29, 18.253.153.187, 182.30.154.252, 18.254.229.158, 18.253.160.247, 18.254.175.18, 18.254.191.201
This is a stunning breach of Americans’ privacy that likely breaks multiple federal laws, including the 1974 Privacy Act, the Federal Information Security Management Act, the E-Government Act, and the Computer Fraud and Abuse Act, among others.
You just give the AI direct access to what you want it to make secure, and then it just … does that.
Right?
The Treasury Department’s Office of Inspector General’s Outlook Web login page is now publicly exposed. This allows attackers to attempt brute force password attacks. Once inside, hackers could exploit CVE-2024-21413 to send malicious emails that further compromise government systems. Another Treasury mail server is observed here.
Yeah ok so this is almost certainly the most serious cybersecurity… ‘event’, ever. At least of anything that’s been publicized.
This is somehow even worse than the actual plot of the Manchurian Candidate.
In a sane world, everyone responsible for this would be fleeing out of the country with a Luigi Mangione esque manhunt going on for all of them.
… Its literally an inside job, but seemingly done by accident, and also seemingly done by people who will get away with it and be protected by those in power.
Words fail me at this point.
EDIT: I guess if DOE allows anonymous write access…
… we are all Q now.
Please stop the ride, stop the ride Mr Bones PLEASE.
I will say that at least the main shit of consequence for the DOE is on a separate system which cannot be accessed externally.
Our saving grace is that many of the nuclear silos are running on systems so old that they do not connect to the network.
Until Elon shambles in and plugs in an ethernet cable of course
I’m gonna go with I hope to god you’re right.
But uh howabout Lawrence Livermore?
Don’t they do uh… nuclear weapons research?
Los Alamos … basically the real life Black Mesa?
Yes, and all the real data about that is on a separated computer and network system, with separate infrastructure. You require physical access to a terminal and getting even that is difficult. The entitlements on the system itself are very specific, very limited, and have multiple approval authorities for each person. The regular, external facing network and systems are mostly just for emails, memos, things like that. General business operations.
Super secret stuff only happens in SCIFs and vaults.
Jesus Christ this is detrimental
Who does this substack belong to? I’m not saying it’s wrong, I’m just saying they have 17 followers
Yeah they do provide extensive citations… but no listed author, no publically listed people on the about page.
It LOOKS credible but I’m not a network security expert so I want to make sure it’s trustworthy especially because I “want” it to be true
I mean… the specific author shouldn’t matter.
They provided extensive citations.
If you want to check the veracity and accuracy of the author’s writing, go through the citations and evaluate whether or not the author correctly refererenced and charscterized them.
It very much matters when you don’t have the knowledge to verify the citations…
I’m not trying to discredit them or anything. Just hoping for verification because the blog has an authoritative name like a lot of fake news outlets
Wow a bunch of script kiddies fucked up. Who could have predicted that /s
