Wired reports:

A 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies, has direct access to Treasury Department systems responsible for nearly all payments made by the US government, three sources tell WIRED.

Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: The Payment Automation Manager (PAM) and Secure Payment System (SPS) at the Bureau of the Fiscal Service (BFS). Housed on a top-secret mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy.

Despite reporting that suggests that Musk’s so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log into servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to. [Continue reading…]

Nathan Tankus reports:

[W]hile there was initial hesitation from “IT Leadership” to give them access, they relented. However, they still believed this was extremely risky with one member of leadership saying “I’ve never done anything like this before”, according to a source familiar with the situation. A current IT employee of the Bureau of the Fiscal Service told me “This level of unchecked access is critically dangerous to the economy and the government”. When I replied “this is terrifying” to being informed that they have “write access” this source replied “Yeah it’s not good. Read privileges on its own still would have left room for catastrophe, but read and write is apocalyptic.”

Josh Marshall reports:

I’m told that Elez and possibly other DOGE operatives received full admin-level access on Friday, January 31st. The claim of “read only” access was either false from the start or later fell through. The DOGE team, which appears to be mainly or only Elez for the purposes of this project, has already made extensive changes to the code base for the payment system. They have not locked out the existing programmer/engineering staff but have rather leaned on them for assistance, which the staff appear to have painedly provided hoping to prevent as much damage as possible — “damage” in the sense not of preventing the intended changes but avoiding crashes or a system-wide breakdown caused by rapidly pushing new code into production with a limited knowledge of the system and its dependencies across the federal government.

Phrases like “freaking out” are, not surprisingly, used to describe the reaction of the engineers who were responsible for maintaining the code base until a week ago. The changes that have been made all seem to relate to creating new paths to block payments and possibly leave less visibility into what has been blocked. I want to emphasize that the described changes are not being tested in a dev environment (i.e., a not-live environment) but have already been pushed into production. [Continue reading…]