TZUTC: -0500
MSGID: 1107.consprcy@1:2320/105 2c875c59
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
This DOGE workers' credentials have allegedly been exposed by infostealing
malware

Date:
Mon, 12 May 2025 14:00:00 +0000

Description:
A researcher claims a DOGE employee was compromised four times but some
security pros disagree.

FULL STORY

A DOGE worker has had his personal computer infected by infostealer malware 
on multiple occasions, a researcher claims, hinting that the US governments
security lapses go way past Mike Waltzs Signal fiasco. Not everyone agrees
with this assessment, however. 

As picked up by The Register, recently a security researcher named Micah Lee
took a closer look at the security posture of one Kyle Schutt, allegedly a
37-year-old "DOGE software engineer". Wired also reported that Schutt was on
the CISA staff. 

Lee claims that Schutts personal computer was compromised by infostealer
malware at least four times so far, saying that they found his data in four
different infostealer logs. 

Stealer logs are collections of URLs paired with usernames and passwords,
compiled with the help of malware. If malware infects your device, it can do
things like log your keystrokes or record everything entered into forms in
your web browser  building a list of your usernames and passwords for various
websites  and then send this data back to the person who controls the 
malware. This is where stealer log data comes from, Lee explained. 

Lee also said that he doesnt know enough about these incidents - when they
happened, and if they occurred on Schutts personal, or work devices (or a
single device that does both). 

The media were quick to pick up on this information, but not everyone agrees
with Lees assessment. For example, Alon Gal, CTO and co-founder of Hudson
Rock, an Israeli cybersecurity company specializing in cybercrime
intelligence, thinks Schutt was not infected by malware and believes that 
Lees research means nothing: 

I checked the data myself, and this is not true, Gal said in a LinkedIn post 
. Since the article has been picked up and is currently going viral, I 
figured I'll make it clear that Kyle Schutt was in fact not infected by
malware, he added. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-doge-workers-credentials-have-alle
gedly-been-exposed-by-infostealing-malware

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426