Cybersecurity Today: Government Officials' Data Leaks | Episode Summary

Podcast Information:

• Title: Cybersecurity Today
• Host: Jim Love
• Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
• Episode: Government Officials' Data Leaks: Cyber Security Today for Friday, March 18, 2025
• Release Date: March 28, 2025

Introduction

In the March 28, 2025 episode of Cybersecurity Today, host Jim Love delves into alarming revelations concerning data leaks involving senior U.S. government officials, significant cybersecurity failures by a defense contractor, and the troubling association of a young government employee with a cybercrime group. This episode underscores the escalating vulnerabilities within the highest levels of government and defense sectors.

Exposure of U.S. Security Officials' Data

Jim Love opens the discussion by highlighting a new investigation revealing that personal information of senior U.S. security officials is readily accessible online, posing serious national security threats.

"[00:01] Jim Love: Top US Security officials are exposed through public apps, chats and data leaks."

The investigation, reported by Der Spiegel, found that contact details—including active phone numbers, email addresses, and linked social media accounts—of figures aligned with former President Donald Trump, such as National Security Advisor Mike Walsh, former Fox host Pete Hegseth, and Director of National Intelligence Tulsi Gabbard, are present in commercial data broker databases and previous breach dumps.

Key Points:

• Accessibility of Data: Many contact details are still active and linked to platforms like WhatsApp, Signal, Dropbox, LinkedIn, Instagram, and even fitness tracking apps.
• Social Graph Exposure: Wired reported that Mike Walsh's Venmo account was left public, revealing a network of 328 friends, including White House Chief of Staff Susie Wiles and National Security Council official Walker Barrett. While no transactions were visible, experts warn that access to social graphs alone can facilitate intelligence mapping and targeting by hostile entities.

Jim Love emphasizes the lack of stringent personal cybersecurity practices among government officials, despite repeated warnings. He points out the continued use of unsecured platforms and the failure to secure accounts linked to sensitive national security roles.

"[00:01] Jim Love: ...raising concerns about national security and digital hygiene at the highest levels of government."

Notable Quote:

"But the exposure doesn't stop at static data. Experts warn that access to social graphs alone can aid intelligence mapping and targeting by hostile actors." — Jim Love [02:45]

Morse Corp.'s Cybersecurity Failures and Settlement

The episode transitions to discuss Morse Corp., a U.S. defense contractor, which has agreed to pay $4.6 million to settle allegations related to inadequate cybersecurity measures and the submission of false claims for payment.

Details of the Case:

• Company Overview: Based in Massachusetts, Morse Corp. specializes in developing guidance and navigation technology for military vehicles.
• Allegations: Brought to light through a whistleblower lawsuit under the False Claims Act, allegations include:
  • Use of Non-Compliant Third-Party Email Hosts: From 2018, Morse utilized third-party email hosts without ensuring compliance with the Federal Risk and Authorization Management Program (FedRAMP) moderate baseline.
  • Failure to Adhere to Pentagon Rules: The company did not ensure that their email providers complied with incident reporting, malware handling, forensic analysis, and media preservation standards.
  • Non-Compliance with NIST Controls: Morse failed to implement all required National Institute of Standards and Technology (NIST) cybersecurity controls, crucial for preventing network exploitation and data exfiltration.
  • Inaccurate Compliance Reporting: In January 2021, Morse reported a compliance score of 104 out of 110 for its implementation of NIST Special Publication 800-171 security controls. However, a later assessment by a third-party consultant revealed a score of minus 142, indicating significant non-compliance.

Jim Love underscores the significance of this settlement as a demonstration of the government's commitment to enforcing cybersecurity standards among defense contractors.

"[00:01] Jim Love: ...underscoring the government's commitment to enforcing cybersecurity standards among defense contractors to protect sensitive military information."

Notable Quote:

"This case highlights the critical importance of stringent cybersecurity practices and accurate compliance reporting within the defense industry." — Jim Love [15:30]

Edward Korostein and DOGE's Ties to Cybercrime

The episode further explores the case of Edward Korostein, a 19-year-old staffer working with the U.S. Department of Government Efficiency (DOGE), who has been linked to a cybercrime ring.

Key Points:

• Alias and Previous Operations: Known online as Big Balls, Korostein previously operated Diamond CDN, a tech company that supported the cybercrime group Egodly Digital.
• Services Provided: Diamond CDN offered hosting and DDoS protection services to Egodly Digital's leak site, DataLeak Fun, from late 2022 to mid-2023.
• Attribution to Cybercrimes: Egodly Digital has claimed responsibility for:
  • SIM Swapping Attacks
  • Infiltrating Law Enforcement Email Accounts
  • Coordinating Harassment Campaigns
  • Swatting Attacks: Including attempting to publish personal information of an FBI agent and orchestrating a swatting attack—a hoax emergency call intended to trigger a heavily armed police response.

A retired FBI agent has confirmed Egodly Digital's involvement in these activities, though not all claims have been independently verified.

Concerns Raised:

• Korostein's Government Roles: Despite his ties to a known cybercriminal group, Korostein has held advisory roles with the State Department and the Cybersecurity and Infrastructure Security Agency (CISA).
• Security Implications: Nitin Natarajan, former deputy director of CISA, expressed deep concerns about the proximity of someone with Korostein's associations to U.S. government networks.

Jim Love criticizes the oversight within government security measures, emphasizing that the issue extends beyond the individual to the lack of adequate supervision and security protocols.

"[00:01] Jim Love: ...the real problem is not the kid, it's that there are no adults in the room when it comes to U.S. government security."

Notable Quote:

"The proximity of someone with ties to a known cyber criminal group to US Government networks is deeply troubling," — Nitin Natarajan, former deputy director of CISA [28:10]

Conclusion and Host’s Remarks

Jim Love wraps up the episode by reiterating the gravity of the discussed cybersecurity breaches and the imperative for enhanced security measures within government and defense sectors. He emphasizes the non-political nature of the show, focusing solely on security issues.

"[00:01] Jim Love: The show is not political. We're about security. But I couldn't say that these weren't the biggest stories in cybersecurity today."

He invites listeners to share their opinions and engage with the content through email or comments on the podcast’s YouTube video.

Final Quote:

"I want to take a second to say I don't want to pick on some 19 year old kid who's done some stupid things... But this kid has no business working in highly secured environments." — Jim Love [30:00]

Summary: In this episode of Cybersecurity Today, Jim Love sheds light on critical security lapses within the U.S. government and defense sectors. From the exposure of high-ranking officials' personal data to the significant cybersecurity failures of a defense contractor and the unsettling connection of a young government staffer to a cybercrime group, the episode underscores the urgent need for robust cybersecurity practices and stringent oversight. Through detailed discussions and expert insights, listeners gain a comprehensive understanding of the current cybersecurity landscape and the challenges faced in safeguarding national security.