Cathy Gellis writes:

People sometimes think that cybersecurity is just about defending computer systems from remote adversaries. But it’s broader than that; cybersecurity has always been about protecting computer systems more generally from any sort of misuse, no matter how the adversary might access them.

So that Elon Musk and his minions have managed to walk right into government offices to take over computer systems where they had no legitimate authorization or entitlement needs to be understood as a cyberattack by a rogue actor. And every ounce of outrage we ever would have had if any other rogue actor had taken over critical government infrastructure needs to be mustered here, because it is just as outrageous, and as dangerous, if not more so on both fronts, because this time the threat to America’s security came from within.

These systems Musk and his “team” have accessed are among the most sensitive and critical to the running of the United States of America. In the case of the Office of Personnel Management (OPM) they manage human resources. But there’s also reports that the Muskovites have taken over those computer services in the Treasury Department and Governments Services Administration (GSA), which spends the country’s multi-trillion dollar budget to pay America’s bills, and USAID, which handles a lot of highly classified information affecting our nation’s standing in the world. Yet here is Musk, a man who regularly chats with Vladimir Putin, with access to it all, if not also outright control.

Even if it’s true that he and his team of random bros currently cannot actually stop payments of the government’s bills themselves (and it’s unclear whether they are indeed so limited given how Musk appears to claim that they are not), they now have access to the most sensitive details of the entirety of America’s government workforce, including those in foreign service, including in countries that Putin has his eye on.

They know their names. They know their addresses. They know their backgrounds, careers, their spouses and dependents. They know absolutely every single detail about these people that would be captured in an HR system. And because OPM is involved with managing security clearances, they know plenty more private details about our nation’s public servants captured in the process of doing their background checks. [Continue reading…]

Caleb Ecarma and Judd Legum report:

Shortly after Trump took office, OPM installed Greg Hogan to serve as its new chief information officer (CIO). Hogan was tapped to replace OPM CIO Melvin Brown, who had accepted the job less than a month ago.

The civil servants who oversee the OPM’s information technology services were then instructed to provide access to Musk’s associates, according to the OPM staffers who spoke to Musk Watch. One of the OPM staffers received an email from the agency’s new leadership instructing them to give Musk’s team “access [to] the system as an admin user” and “code read and write permissions.”

“They have access to the code itself, which means they can make updates to anything that they want,” the staffer explained. [Continue reading…]