Source URL: https://www.rawstory.com/musk-treasury-doge/
Source: Hacker News
Title: Onlookers freak out as 25-year-old set loose on Treasury computer system
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:** The article discusses concerns over Marko Elez, a 25-year-old engineer previously associated with Elon Musk, gaining “read-and-write” access to fundamental U.S. Treasury Department systems that handle Social Security payments and tax returns. Experts express alarm over this unprecedented privilege, fearing potential security breaches and significant disruptions due to Elez’s lack of experience with complex legacy COBOL systems.
**Detailed Description:**
– **Background of Access Granted:**
– Marko Elez has acquired complete control over critical U.S. Treasury systems, notably the Payment Automation Manager and Secure Payment System.
– This access allows him to alter the code that governs substantial government payments, presenting risks associated with financial and operational integrity.
– **Concerns Raised:**
– **Alarming Privileges:**
– Sources within the Treasury Department note that Elez’s access could enable significant manipulation of payment operations, creating potential for “irrevocable changes” to the system.
– Experts emphasize that his privileges are far beyond what is necessary for addressing fraudulent payments or analyzing system flow.
– **Technical Complexity:**
– The existing systems rely on legacy COBOL code, which is intricate and poorly documented due to decades of evolution with varied coding pathways. This complexity heightens the risk of unintended disruptions or abuses of the code.
– **Anxiety Among Staff:**
– Treasury staff are reportedly anxious, expressing uncertainty about who to approach regarding security breaches in this “chaotic” environment.
– There is a sentiment that the governance of technological access has faltered, leaving no clear pathway for reporting concerns.
– **Expert Opinions:**
– Nathan Tankus, a researcher, tagged the access as “terrifying” and characterized it risks as “apocalyptic” due to the lack of controls surrounding Elez’s capabilities.
– Staffers expressed worry that working alongside Elez could lead to significant unintended consequences due to his insufficient familiarity with the codebase.
– **Implications for Governance and Security:**
– This situation brings forth broader concerns regarding the oversight of IT access and the security of government systems.
– The administrative privileges provided to Elez may bypass established security protocols, leading to vulnerabilities in critical government operations.
Overall, this situation illustrates the necessity for stringent access controls, comprehensive security oversight, and the dire consequences of lax protocols in handling sensitive payment and financial systems within the federal government. This incident serves as a cautionary tale for security professionals regarding the management of access to vital infrastructure in AI, cloud computing, and information security domains.