Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years.
Kyle Schutt is a 30-something-year-old software engineer who, according to Dropsite News, gained access in February to a “core financial management system” belonging to the Federal Emergency Management Agency. As an employee of DOGE, Schutt accessed FEMA’s proprietary software for managing both disaster and non-disaster funding grants. Under his role at CISA, he likely is privy
10 Comments
chneu
I don't think this is on accident. It just happens that Russia leaked the information that DOGE has been giving them.
This is what, the 3rd or 4th time we've seen strong evidence that Russia has direct access to multiple DOGE devices? Their logins keep leaking within minutes of DOGE accessing sensitive government databases.
At this point there is no way this is on accident or it's a "hack".
Remember Hillary's emails? They never gave a shit about those.
ndsipa_pomu
Does the USA have an authority that can deny privileged data access to someone that has such poor operational security? Revoke security clearances, that kind of thing.
dev_l1x_be
> a strong indication that devices belonging to him have been hacked in recent years.
I like these kind of speculative articles. The click bait title states something with certanity than the first sentence clarifies that it is a speculation. I am not sure why we are falling for this click baity garbage, over and over.
whacko_quacko
I don't see any evidence that this should be the case. My email appears in dumps on haveibeenpwnd too, because of database dumps. How is that evidence that there's a key logger on my system?
Actually critisizing DOGE for their major gaffes (like putting up easily defaceable websites, or their incompetence when it comes to reading numbers accurately) is important, but this kind of article is just sad and diminishes the credibility of news journalism
hereme888
[flagged]
joejoo
Now imagine how many normie, computer-illiterate federal employees in fairly sensitive roles have had various credentials leaked over the past few years.
epanchin
This article is reaching.
I’ve logged onto secondary email accounts from PC’s that weren’t mine and could well have been infected. That’s what 2FA is for.
I wouldn’t use a PC which isn’t mine to login to anything sensitive. A password in a leak isn’t evidence of anything.
amelius
> “At this point it's difficult not to suspect their awful 0pSec is a choice, and that there are specific people (ahem cough cough the Russians cough) to whom they're leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda,” one critic wrote on Mastodon.
Good point.
palata
Seems like people here assume that passwords were found on Have I Been Pwned. It's more than that, it's about "stealer malware":
> […] user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits.
gitroom
Honestly, stuff like this always makes me double check my own passwords and habits. Bunch of people just roll with the same easy setup for years and act surprised later. Gotta be careful, for real.