Government Officials' Data Leaks: Cyber Security Today for Friday, March 18, 2025 - Cybersecurity Today

Summary5 min read

Cybersecurity Today: Government Officials' Data Leaks | Episode Summary

Podcast Information:

Title: Cybersecurity Today
Host: Jim Love
Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Episode: Government Officials' Data Leaks: Cyber Security Today for Friday, March 18, 2025
Release Date: March 28, 2025

Introduction

In the March 28, 2025 episode of Cybersecurity Today, host Jim Love delves into alarming revelations concerning data leaks involving senior U.S. government officials, significant cybersecurity failures by a defense contractor, and the troubling association of a young government employee with a cybercrime group. This episode underscores the escalating vulnerabilities within the highest levels of government and defense sectors.

Exposure of U.S. Security Officials' Data

Jim Love opens the discussion by highlighting a new investigation revealing that personal information of senior U.S. security officials is readily accessible online, posing serious national security threats.

"[00:01] Jim Love: Top US Security officials are exposed through public apps, chats and data leaks."

The investigation, reported by Der Spiegel, found that contact details—including active phone numbers, email addresses, and linked social media accounts—of figures aligned with former President Donald Trump, such as National Security Advisor Mike Walsh, former Fox host Pete Hegseth, and Director of National Intelligence Tulsi Gabbard, are present in commercial data broker databases and previous breach dumps.

Key Points:

Accessibility of Data: Many contact details are still active and linked to platforms like WhatsApp, Signal, Dropbox, LinkedIn, Instagram, and even fitness tracking apps.
Social Graph Exposure: Wired reported that Mike Walsh's Venmo account was left public, revealing a network of 328 friends, including White House Chief of Staff Susie Wiles and National Security Council official Walker Barrett. While no transactions were visible, experts warn that access to social graphs alone can facilitate intelligence mapping and targeting by hostile entities.

Jim Love emphasizes the lack of stringent personal cybersecurity practices among government officials, despite repeated warnings. He points out the continued use of unsecured platforms and the failure to secure accounts linked to sensitive national security roles.

"[00:01] Jim Love: ...raising concerns about national security and digital hygiene at the highest levels of government."

Notable Quote:

"But the exposure doesn't stop at static data. Experts warn that access to social graphs alone can aid intelligence mapping and targeting by hostile actors." — Jim Love [02:45]

Morse Corp.'s Cybersecurity Failures and Settlement

The episode transitions to discuss Morse Corp., a U.S. defense contractor, which has agreed to pay $4.6 million to settle allegations related to inadequate cybersecurity measures and the submission of false claims for payment.

Details of the Case:

Company Overview: Based in Massachusetts, Morse Corp. specializes in developing guidance and navigation technology for military vehicles.
Allegations: Brought to light through a whistleblower lawsuit under the False Claims Act, allegations include:
- Use of Non-Compliant Third-Party Email Hosts: From 2018, Morse utilized third-party email hosts without ensuring compliance with the Federal Risk and Authorization Management Program (FedRAMP) moderate baseline.
- Failure to Adhere to Pentagon Rules: The company did not ensure that their email providers complied with incident reporting, malware handling, forensic analysis, and media preservation standards.
- Non-Compliance with NIST Controls: Morse failed to implement all required National Institute of Standards and Technology (NIST) cybersecurity controls, crucial for preventing network exploitation and data exfiltration.
- Inaccurate Compliance Reporting: In January 2021, Morse reported a compliance score of 104 out of 110 for its implementation of NIST Special Publication 800-171 security controls. However, a later assessment by a third-party consultant revealed a score of minus 142, indicating significant non-compliance.

Jim Love underscores the significance of this settlement as a demonstration of the government's commitment to enforcing cybersecurity standards among defense contractors.

"[00:01] Jim Love: ...underscoring the government's commitment to enforcing cybersecurity standards among defense contractors to protect sensitive military information."

Notable Quote:

"This case highlights the critical importance of stringent cybersecurity practices and accurate compliance reporting within the defense industry." — Jim Love [15:30]

Edward Korostein and DOGE's Ties to Cybercrime

The episode further explores the case of Edward Korostein, a 19-year-old staffer working with the U.S. Department of Government Efficiency (DOGE), who has been linked to a cybercrime ring.

Key Points:

Alias and Previous Operations: Known online as Big Balls, Korostein previously operated Diamond CDN, a tech company that supported the cybercrime group Egodly Digital.
Services Provided: Diamond CDN offered hosting and DDoS protection services to Egodly Digital's leak site, DataLeak Fun, from late 2022 to mid-2023.
Attribution to Cybercrimes: Egodly Digital has claimed responsibility for:
- SIM Swapping Attacks
- Infiltrating Law Enforcement Email Accounts
- Coordinating Harassment Campaigns
- Swatting Attacks: Including attempting to publish personal information of an FBI agent and orchestrating a swatting attack—a hoax emergency call intended to trigger a heavily armed police response.

A retired FBI agent has confirmed Egodly Digital's involvement in these activities, though not all claims have been independently verified.

Concerns Raised:

Korostein's Government Roles: Despite his ties to a known cybercriminal group, Korostein has held advisory roles with the State Department and the Cybersecurity and Infrastructure Security Agency (CISA).
Security Implications: Nitin Natarajan, former deputy director of CISA, expressed deep concerns about the proximity of someone with Korostein's associations to U.S. government networks.

Jim Love criticizes the oversight within government security measures, emphasizing that the issue extends beyond the individual to the lack of adequate supervision and security protocols.

"[00:01] Jim Love: ...the real problem is not the kid, it's that there are no adults in the room when it comes to U.S. government security."

Notable Quote:

"The proximity of someone with ties to a known cyber criminal group to US Government networks is deeply troubling," — Nitin Natarajan, former deputy director of CISA [28:10]

Conclusion and Host’s Remarks

Jim Love wraps up the episode by reiterating the gravity of the discussed cybersecurity breaches and the imperative for enhanced security measures within government and defense sectors. He emphasizes the non-political nature of the show, focusing solely on security issues.

"[00:01] Jim Love: The show is not political. We're about security. But I couldn't say that these weren't the biggest stories in cybersecurity today."

He invites listeners to share their opinions and engage with the content through email or comments on the podcast’s YouTube video.

Final Quote:

"I want to take a second to say I don't want to pick on some 19 year old kid who's done some stupid things... But this kid has no business working in highly secured environments." — Jim Love [30:00]

Summary: In this episode of Cybersecurity Today, Jim Love sheds light on critical security lapses within the U.S. government and defense sectors. From the exposure of high-ranking officials' personal data to the significant cybersecurity failures of a defense contractor and the unsettling connection of a young government staffer to a cybercrime group, the episode underscores the urgent need for robust cybersecurity practices and stringent oversight. Through detailed discussions and expert insights, listeners gain a comprehensive understanding of the current cybersecurity landscape and the challenges faced in safeguarding national security.

Loading summary

Transcript1 lines

[00:02]
Jim Love
Top US Security officials are exposed through public apps, chats and data leaks. A tech aide on a US Government efficiency team is linked to a Cybercrime Group and U.S. defense Contractors fined 4.6 million for failing to meet cybersecurity requirements. This is Cybersecurity Today. I'm your host Jim Love. A new investigation revealed that personal information belonging to senior U.S. security officials, including active phone numbers, email addresses and linked social accounts, is easily accessible online, raising concerns about national security and digital hygiene at the highest levels of government. According to Der Spiegel, the contact details of Trump aligned figures such as National Security Advisor Mike Walsh, former Fox host Pete Hegseth, and Director of National Intelligence Tulsi Gabbard appeared in commercial data broker databases and previous breach dumps. Many of these phone numbers and email addresses are still active and linked to WhatsApp, Signal, Dropbox, LinkedIn, Instagram, and even fitness tracking apps. But the exposure doesn't stop at static data. Wired reported that Mike Waltz's Venmo account was left public, revealing a network of 328 friends that included White House chief of staff Susie Wiles and now National Security Council official Walker Barrett. While no transactions were visible, experts warn that access to social graphs alone can aid intelligence mapping and targeting by hostile actors. These lapses have prompted calls for a review of personal cybersecurity practices among government officials. Despite repeated warnings, many continue to use unsecured platforms or fail to lock down accounts that link directly to sensitive national security roles. The revelations follow an earlier controversy in which the same group of officials used a Signal Group chat to coordinate potential airstrikes in Yemen. That chat inadvertently included the Atlantic editor Jeffrey Goldberg, underscoring how even encrypted tools can introduce risks if misused. A U.S. defense contractor, Morse Corp. Has agreed to pay $4.6 million to settle allegations of failing to meet cybersecurity require in its military contracts and knowingly submitting false claims for payment. Based in Massachusetts, Morse Corp. Specializes in developing guidance and navigation technology for military vehicles. The company's cybersecurity shortcomings were brought to light through a whistleblower lawsuit filed by its former head of security under the False Claims Act. Federal prosecutors outlined several cybersecurity failures by Morse, including since 2018, Morse utilized a third party email host testing provider without ensuring the vendor met the federal Risk and Authorization Management Program, or Fedramp moderate baseline as required in their contracts. Additionally, the contractor failed to confirm the email provider adhered to the Pentagon rules for incident reporting, malware handling, forensic analysis and media preservation. Morse neglected to fully implement all required National Institute of Standards and Technology, or NIST cybersecurity controls, including measures critical to preventing network exploitation or the exfiltration of controlled defense information. And in January 2021, Morse reported a compliance score of 104 out of 110 for its implementation of NIST Special Publication 800171 security controls. However, a third party cybersecurity consultant later assessed the company score at minus 142, indicating significant non compliance. As part of the settlement, Morse will pay 4.6 million but does not admit liability. The resolution underscores the government's commitment to enforcing cybersecurity standards among defense contractors to protect sensitive military information. This case highlights the critical importance of stringent cybersecurity practices and accurate compliance reporting within the defense industry, and it serves as a cautionary tale for contractors about the potential legal and financial repercussions of failing to adhere to mandated cybersecurity protocols. And finally, a 19 year old staffer working on the US Department of Government Efficiency, or DOGE, has been linked to a cybercrime ring accused of hacking, harassment and theft, according to a Reuters investigation. Edward Korostein, known online by the alias Big Balls, previously operated a tech company that supported the cybercrime group Egodly Digital. Records show that Corestein's company, Diamond CDN, provided hosting and DDoS protection services to Egodly's leak site, DataLeak Fun, from late 2022 into mid 2023. In February 2023, the group publicly credited Diamond CDN for its support on Telegram, thanking the service for helping keep their operations online. E. Godley has claimed responsibility for SIM swapping attacks, infiltrating law enforcement email accounts, and coordinating harassment campaigns. In one case, the group allegedly published personal information belonging to an FBI agent and attempted a swatting attack, a hoax emergency call designed to trigger a heavily armed police response. While not all claims have been independently verified, a retired FBI agent confirmed the group's involvement. Corestein's ties to E. Godley have raised serious concerns due to his recent advisory roles with the State Department and the cybersecurity and infrastructure security agency cisa. The proximity of someone with ties to a known cyber criminal group to US Government networks is deeply troubling, said Nitin Natarajan, former deputy director of cisa, in the Reuters report. Neither Korsten nor Doge representatives have responded to press requests for comment. The State Department and CISA have also declined to clarify Korostein's current access or involvement in government operations. Now I want to take a second to say I don't want to pick on some 19 year old kid who's done some stupid things. God knows, when I was 19 I probably did a lot of stupid things too. But this kid has no business working in highly secured environments. The real problem is not the kid, it's that there are no adults in the room when it comes to U.S. government security. That's our show. The show is not political. We're about security. But I couldn't say that these weren't the biggest stories in cybersecurity today. Always interested in your opinion. Contact me@EditorialEchnewsDay CA or leave a comment under the YouTube video. I'm your host, Jim Love. Thanks for listening.

Cybersecurity Today: Government Officials' Data Leaks | Episode Summary

Podcast Information:

Title: Cybersecurity Today
Host: Jim Love
Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Episode: Government Officials' Data Leaks: Cyber Security Today for Friday, March 18, 2025
Release Date: March 28, 2025

Introduction

Exposure of U.S. Security Officials' Data

"[00:01] Jim Love: Top US Security officials are exposed through public apps, chats and data leaks."

Key Points:

Accessibility of Data: Many contact details are still active and linked to platforms like WhatsApp, Signal, Dropbox, LinkedIn, Instagram, and even fitness tracking apps.
Social Graph Exposure: Wired reported that Mike Walsh's Venmo account was left public, revealing a network of 328 friends, including White House Chief of Staff Susie Wiles and National Security Council official Walker Barrett. While no transactions were visible, experts warn that access to social graphs alone can facilitate intelligence mapping and targeting by hostile entities.

"[00:01] Jim Love: ...raising concerns about national security and digital hygiene at the highest levels of government."

Notable Quote:

"But the exposure doesn't stop at static data. Experts warn that access to social graphs alone can aid intelligence mapping and targeting by hostile actors." — Jim Love [02:45]

Morse Corp.'s Cybersecurity Failures and Settlement

Details of the Case:

Company Overview: Based in Massachusetts, Morse Corp. specializes in developing guidance and navigation technology for military vehicles.
Allegations: Brought to light through a whistleblower lawsuit under the False Claims Act, allegations include:
- Use of Non-Compliant Third-Party Email Hosts: From 2018, Morse utilized third-party email hosts without ensuring compliance with the Federal Risk and Authorization Management Program (FedRAMP) moderate baseline.
- Failure to Adhere to Pentagon Rules: The company did not ensure that their email providers complied with incident reporting, malware handling, forensic analysis, and media preservation standards.
- Non-Compliance with NIST Controls: Morse failed to implement all required National Institute of Standards and Technology (NIST) cybersecurity controls, crucial for preventing network exploitation and data exfiltration.
- Inaccurate Compliance Reporting: In January 2021, Morse reported a compliance score of 104 out of 110 for its implementation of NIST Special Publication 800-171 security controls. However, a later assessment by a third-party consultant revealed a score of minus 142, indicating significant non-compliance.

Jim Love underscores the significance of this settlement as a demonstration of the government's commitment to enforcing cybersecurity standards among defense contractors.

"[00:01] Jim Love: ...underscoring the government's commitment to enforcing cybersecurity standards among defense contractors to protect sensitive military information."

Notable Quote:

"This case highlights the critical importance of stringent cybersecurity practices and accurate compliance reporting within the defense industry." — Jim Love [15:30]

Edward Korostein and DOGE's Ties to Cybercrime

Key Points:

Alias and Previous Operations: Known online as Big Balls, Korostein previously operated Diamond CDN, a tech company that supported the cybercrime group Egodly Digital.
Services Provided: Diamond CDN offered hosting and DDoS protection services to Egodly Digital's leak site, DataLeak Fun, from late 2022 to mid-2023.
Attribution to Cybercrimes: Egodly Digital has claimed responsibility for:
- SIM Swapping Attacks
- Infiltrating Law Enforcement Email Accounts
- Coordinating Harassment Campaigns
- Swatting Attacks: Including attempting to publish personal information of an FBI agent and orchestrating a swatting attack—a hoax emergency call intended to trigger a heavily armed police response.

A retired FBI agent has confirmed Egodly Digital's involvement in these activities, though not all claims have been independently verified.

Concerns Raised:

Korostein's Government Roles: Despite his ties to a known cybercriminal group, Korostein has held advisory roles with the State Department and the Cybersecurity and Infrastructure Security Agency (CISA).
Security Implications: Nitin Natarajan, former deputy director of CISA, expressed deep concerns about the proximity of someone with Korostein's associations to U.S. government networks.

Jim Love criticizes the oversight within government security measures, emphasizing that the issue extends beyond the individual to the lack of adequate supervision and security protocols.

"[00:01] Jim Love: ...the real problem is not the kid, it's that there are no adults in the room when it comes to U.S. government security."

Notable Quote:

"The proximity of someone with ties to a known cyber criminal group to US Government networks is deeply troubling," — Nitin Natarajan, former deputy director of CISA [28:10]

Conclusion and Host’s Remarks

"[00:01] Jim Love: The show is not political. We're about security. But I couldn't say that these weren't the biggest stories in cybersecurity today."

He invites listeners to share their opinions and engage with the content through email or comments on the podcast’s YouTube video.

Final Quote:

"I want to take a second to say I don't want to pick on some 19 year old kid who's done some stupid things... But this kid has no business working in highly secured environments." — Jim Love [30:00]