Musk in his oval office presser with Trump claimed he’d found a woman who had too much money in the bank based on her government income. How exactly did he get into her bank account? Anyone who can’t understand the espionage disaster they’re creating might grasp that being able to access everyone’s bank info isn’t a good thing. Are Americans truly as stupid as we appear?
Yup... well- we already have Anonymous Messages threatening Musk/Trump to stop or they'll use these "open doors" they've left to strike back. At least they seem like pro-democracy hackers, but if they can do it, so can our enemies.
In spite of all the horrible things going on now, this assault on our nation’s security by Elon and his boy minions is the worst, and this is what every American needs to wake up to and fight against! The impact of their actions will be immense and long term.
But Her emails! The takeover of the US by Russia in their 'spheres of influence' campaign is apparently well on its way. I hope people who voted for this understand at some point they are quite literally to blame for whatever comes next. The conservatives may have miscalculated on how willing the 'libs' in this country will be to forgive and keep sharing their cookies, which likely explains the wholesale promotion in FL by the gov to sell guns and ammo. They are turning people against each other and fomenting civil war.
Shodan's lookback window is one month. I assume the author was using Shodan's timeline feature, and interpreted the data as an uptick in exposed services. When I used the cited queries today (February 15th, 2025), the oldest date I got was January 14th, 2025. Given that the article in question was posted on February 9th, 2025, it is highly likely the author was only seeing historical data within the Shodan look-back window, as the article states it data began coming publicly accessible on January 8th, 2025.
Additionally, here is one of the DoE services on the wayback machine, dating as far back as 2021:
Comparing archive.org's documentation of `linux-mirrors.fnal.gov` with Shodan's "History" or "Timeline" tab, we find that the earliest data Shodan reports is from January 14th, 2025 (keep in mind this data was queried on February 15th, 2025), and the earliest data on web.archive.org is February 17th, 2021, both reporting a vanilla HTTP file server with a `/linux/` subdirectory.
But most importantly, nearly everything mentioned in this post is benign, standard services that have likely been up for years, if not decades. I personally looked at every single referenced IPv4 address returned by each cited query or specifically mentioned in the article. Most of the FTP and Rsync servers are legitimate services, such as Linux mirrors, public datasets for things like LANL's GDO (https://hpc.llnl.gov/services/green-data-oasis-gdo/green-data-oasis-usage), or just file sharing services being used as intended (see instruction manual for using FTP anonymous login at LLNL here -> https://hpc.llnl.gov/sites/default/files/anonymousFTPinstructions.pdf).
And the things that might be concerning have been up for years, including the Citrix NetScaler which has a bug bounty report on OBB (https://www.openbugbounty.org/reports/3495765/). The secure payment systems don't allow login without the client software and PKI (Common Access Card) credentials, which is a physical card.
But don't take my word for it, go check out these things yourself if you have the chops. Because clearly, the author did not. It's sad to see people at each other's throats over a nothing burger.
but "This investigation has been the toughest of my career. I’ve had many sleepless nights wondering why exactly the DOGE broligarchy thinks they can play games with our nation’s most deeply-held secrets. And honestly, as someone who analyzes terrible things for a living, I believe this is the biggest crisis we have ever faced."...
you doubt?
but public anti-DOGE group think is no nothing burger. We will be living with the ongoing consequences of RESIST for the next 4 years.
So you don't actually need to be a Federal employee to be able to deploy a host in AWS GovCloud. Any cloud service provider seeking FedRAMP accreditation might choose to do so.
Not that I'm a fan of DOGE, but we shouldn't assume these are Federal IP addresses.
I dislike Trump and Musk as much as anyone, but you have an irreconcilable problem with your story. In the first line you state that these assets started appearing on January 8, 2025 in SHODAN; however, the Trump administration did NOT have access or power til' Jan 20. Can you please address this HUGE conflict that effectively disproves your entire story?
The assets unexplainably popping up on shodan does not disprove the entire theory whatsoever. This dude is investigating, he doesn't have an eye of sauron to know exactly why something like that is open. That's the point. Even assuming cronies weren't already in or someone didn't leave a hole open, or a million other reasons it'd *automatically* pop up on shodan as connectable doesn't negate the entire rest of the potential issues. Are you going to say their Wordpress wasn't hacked when we saw it ourselves? When was the election again? November? We heard Musk had phone calls with Putin long before jan 20.
The US has been hosed since the Solarwinds attack. I'm sorry you we're apprised of the situation. If anything these are internal agents allowing the Chinese in before the DOGE shuts it down.
> Beginning on January 8, 2025, a surge of U.S. government infrastructure began appearing on what’s known as “the search engine of Internet-connected devices,” Shodan.io.
Um... DOGE started on January 20, so who had access to do this up to then?
People appear to have learned nothing over the past 8-12 years, on both sides. Do we know who even wrote this? Timeline off a little? Why would anyone just believe this from an unknown source? Are people just not able to step back and see what if anything this is all about? The lack of patience and critical thinking on the part of so many of these comments is astounding. And you have the nerve to call the rest of the American people stupid? Wow. What are you all going to say when this turns out to be another nothing burger? Nothing probably.
Almost like some narcissistic oligarch intended as much huh??
This confirms some of my worst fears of the magnitude of the insider attacks by Musk and Company. Holy Shit!
Same. I was hoping I was catastrophizing.
Apparently not
This started before Trump took office. You can't blame Trump, Musk nor DOGE for this.
Regardless of when it started, the issue is how to deal with the assaults currently ocurring daily.
So what's dirty don gonna do???
Musk in his oval office presser with Trump claimed he’d found a woman who had too much money in the bank based on her government income. How exactly did he get into her bank account? Anyone who can’t understand the espionage disaster they’re creating might grasp that being able to access everyone’s bank info isn’t a good thing. Are Americans truly as stupid as we appear?
In a word, absolutely!
If you mean a majority of Americans, absolutely.
Yup... well- we already have Anonymous Messages threatening Musk/Trump to stop or they'll use these "open doors" they've left to strike back. At least they seem like pro-democracy hackers, but if they can do it, so can our enemies.
In spite of all the horrible things going on now, this assault on our nation’s security by Elon and his boy minions is the worst, and this is what every American needs to wake up to and fight against! The impact of their actions will be immense and long term.
The worst spies in history have always been very loud patriots.
But Her emails! The takeover of the US by Russia in their 'spheres of influence' campaign is apparently well on its way. I hope people who voted for this understand at some point they are quite literally to blame for whatever comes next. The conservatives may have miscalculated on how willing the 'libs' in this country will be to forgive and keep sharing their cookies, which likely explains the wholesale promotion in FL by the gov to sell guns and ammo. They are turning people against each other and fomenting civil war.
I daresay that is the whole point of this DOGE and pony show...
Shodan's lookback window is one month. I assume the author was using Shodan's timeline feature, and interpreted the data as an uptick in exposed services. When I used the cited queries today (February 15th, 2025), the oldest date I got was January 14th, 2025. Given that the article in question was posted on February 9th, 2025, it is highly likely the author was only seeing historical data within the Shodan look-back window, as the article states it data began coming publicly accessible on January 8th, 2025.
Additionally, here is one of the DoE services on the wayback machine, dating as far back as 2021:
- https://web.archive.org/web/20210801000000*/linux-mirrors.fnal.gov
Comparing archive.org's documentation of `linux-mirrors.fnal.gov` with Shodan's "History" or "Timeline" tab, we find that the earliest data Shodan reports is from January 14th, 2025 (keep in mind this data was queried on February 15th, 2025), and the earliest data on web.archive.org is February 17th, 2021, both reporting a vanilla HTTP file server with a `/linux/` subdirectory.
But most importantly, nearly everything mentioned in this post is benign, standard services that have likely been up for years, if not decades. I personally looked at every single referenced IPv4 address returned by each cited query or specifically mentioned in the article. Most of the FTP and Rsync servers are legitimate services, such as Linux mirrors, public datasets for things like LANL's GDO (https://hpc.llnl.gov/services/green-data-oasis-gdo/green-data-oasis-usage), or just file sharing services being used as intended (see instruction manual for using FTP anonymous login at LLNL here -> https://hpc.llnl.gov/sites/default/files/anonymousFTPinstructions.pdf).
And the things that might be concerning have been up for years, including the Citrix NetScaler which has a bug bounty report on OBB (https://www.openbugbounty.org/reports/3495765/). The secure payment systems don't allow login without the client software and PKI (Common Access Card) credentials, which is a physical card.
But don't take my word for it, go check out these things yourself if you have the chops. Because clearly, the author did not. It's sad to see people at each other's throats over a nothing burger.
but "This investigation has been the toughest of my career. I’ve had many sleepless nights wondering why exactly the DOGE broligarchy thinks they can play games with our nation’s most deeply-held secrets. And honestly, as someone who analyzes terrible things for a living, I believe this is the biggest crisis we have ever faced."...
you doubt?
but public anti-DOGE group think is no nothing burger. We will be living with the ongoing consequences of RESIST for the next 4 years.
So you don't actually need to be a Federal employee to be able to deploy a host in AWS GovCloud. Any cloud service provider seeking FedRAMP accreditation might choose to do so.
Not that I'm a fan of DOGE, but we shouldn't assume these are Federal IP addresses.
I dislike Trump and Musk as much as anyone, but you have an irreconcilable problem with your story. In the first line you state that these assets started appearing on January 8, 2025 in SHODAN; however, the Trump administration did NOT have access or power til' Jan 20. Can you please address this HUGE conflict that effectively disproves your entire story?
The assets unexplainably popping up on shodan does not disprove the entire theory whatsoever. This dude is investigating, he doesn't have an eye of sauron to know exactly why something like that is open. That's the point. Even assuming cronies weren't already in or someone didn't leave a hole open, or a million other reasons it'd *automatically* pop up on shodan as connectable doesn't negate the entire rest of the potential issues. Are you going to say their Wordpress wasn't hacked when we saw it ourselves? When was the election again? November? We heard Musk had phone calls with Putin long before jan 20.
"Beginning on January 8, 2025, ..." Could you mean the weekend of February 7, 8 ,9 instead?
Nothing says fortress of security like exposing RDP to the internet with no MFA, and saying to ourselves it’s fine, we’ll patch later.
The US has been hosed since the Solarwinds attack. I'm sorry you we're apprised of the situation. If anything these are internal agents allowing the Chinese in before the DOGE shuts it down.
Yes that MUST be it. The timing completely aligns.
> Beginning on January 8, 2025, a surge of U.S. government infrastructure began appearing on what’s known as “the search engine of Internet-connected devices,” Shodan.io.
Um... DOGE started on January 20, so who had access to do this up to then?
People appear to have learned nothing over the past 8-12 years, on both sides. Do we know who even wrote this? Timeline off a little? Why would anyone just believe this from an unknown source? Are people just not able to step back and see what if anything this is all about? The lack of patience and critical thinking on the part of so many of these comments is astounding. And you have the nerve to call the rest of the American people stupid? Wow. What are you all going to say when this turns out to be another nothing burger? Nothing probably.