TZUTC: -0500   
   MSGID: 1107.consprcy@1:2320/105 2c875c59   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   This DOGE workers' credentials have allegedly been exposed by infostealing   
   malware   
      
   Date:   
   Mon, 12 May 2025 14:00:00 +0000   
      
   Description:   
   A researcher claims a DOGE employee was compromised four times but some   
   security pros disagree.   
      
   FULL STORY   
      
   A DOGE worker has had his personal computer infected by infostealer malware    
   on multiple occasions, a researcher claims, hinting that the US governments   
   security lapses go way past Mike Waltzs Signal fiasco. Not everyone agrees   
   with this assessment, however.    
      
   As picked up by The Register, recently a security researcher named Micah Lee   
   took a closer look at the security posture of one Kyle Schutt, allegedly a   
   37-year-old "DOGE software engineer". Wired also reported that Schutt was on   
   the CISA staff.    
      
   Lee claims that Schutts personal computer was compromised by infostealer   
   malware at least four times so far, saying that they found his data in four   
   different infostealer logs.    
      
   Stealer logs are collections of URLs paired with usernames and passwords,   
   compiled with the help of malware. If malware infects your device, it can do   
   things like log your keystrokes or record everything entered into forms in   
   your web browser  building a list of your usernames and passwords for various   
   websites  and then send this data back to the person who controls the    
   malware. This is where stealer log data comes from, Lee explained.    
      
   Lee also said that he doesnt know enough about these incidents - when they   
   happened, and if they occurred on Schutts personal, or work devices (or a   
   single device that does both).    
      
   The media were quick to pick up on this information, but not everyone agrees   
   with Lees assessment. For example, Alon Gal, CTO and co-founder of Hudson   
   Rock, an Israeli cybersecurity company specializing in cybercrime   
   intelligence, thinks Schutt was not infected by malware and believes that    
   Lees research means nothing:    
      
   I checked the data myself, and this is not true, Gal said in a LinkedIn post    
   . Since the article has been picked up and is currently going viral, I    
   figured I'll make it clear that Kyle Schutt was in fact not infected by   
   malware, he added.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/this-doge-workers-credentials-have-alle   
   gedly-been-exposed-by-infostealing-malware   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426