Wired on: "DOGE personnel with admin access to Federal Payment System"

post by Raemon · 2025-02-05T21:32:11.205Z · LW · GW · 8 comments

This is a link post for https://web.archive.org/web/20250205123049/https://www.wired.com/story/elon-musk-associate-bfs-federal-payment-system/

Contents

8 comments

I haven't looked into this in detail, and I'm not actually sure how unique a situation this is. But, it updated me on "institutional changes to the US that might be quite bad[1]", and it seemed good if LessWrong folk did some sort of Orient Step on it.

(Please generally be cautious on LessWrong talking about politics. I am interested in people commenting here who have read the LessWrong Political Prerequisites [? · GW] sequence. I'll be deleting or at least unhesitatingly strong downvoting comments that seem to be doing unreflective partisan dunking)

((But, that's not meant to mean "don't talk about political actions." If this is as big a deal as it sounds, I want to be able to talk about "what to do do?". But I want that talking-about-it to feel more like practically thinking through an action space, than blindly getting sucked into a political egregore))

A 25-year-old engineer named Marko Elez, who previously worked for two Elon Musk companies, has direct access to Treasury Department systems responsible for nearly all payments made by the US government, three sources tell WIRED.

Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: the Payment Automation Manager and Secure Payment System at the Bureau of the Fiscal Service (BFS). Housed on a secure mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy.

Despite reporting that suggests that Musk’s so-called Department of Government Efficiency (DOGE) task force has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log in to servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.

“You could do anything with these privileges,” says one source with knowledge of the system, who adds that they cannot conceive of a reason that anyone would need them for purposes of simply hunting down fraudulent payments or analyzing disbursement flow.

"Technically I don't see why this couldn't happen," a federal IT worker tells WIRED in a phone call late on Monday night, referring to the possibility of a DOGE employee being granted elevated access to a government server. "If you would have asked me a week ago, I'd have told you that this kind of thing would never in a million years happen. But now, who the fuck knows."

  1. ^

    I currently am more anticipating things like "institutional decay / general corruption / loss-of-trust" than "dictatorial takeover." But mostly I'm like "seems like weird and alarming things are happening and it's worth paying attention to with some scout mindset."

8 comments

Comments sorted by top scores.

comment by jbash · 2025-02-05T21:51:58.402Z · LW(p) · GW(p)

I haven't looked into this in detail, and I'm not actually sure how unique a situation this is.

It's pretty gosh-darned unheard of in the modern era.

Before the civil service system was instituted, every time you got a new President, you'd get random wholesale replacements... but the government was a lot smaller then.

To have the President,

  • creating task forces of random people apparently selected mostly for personal loyalty, and
  • sending them into legislatively established agencies,
  • with the power to stop things from getting done or change how things are done, including things central to the missions of those agencies,
  • as an intentional way of getting around the chain of command,
  • explicitly because of systemic distrust in the civil service,
  • actively tasked to suddenly and radically disrupt the prevailing procedures,
  • without thinking about legislative mandates, let alone established regulations, that assume the normal chain of command in describing how things are to be done and who's allowed to do them,
  • justified by an at-best-controversial view of what powers the President actually has?

Yeah, that's beyond unusual. It's not even slightly normal. And it is in fact very coup-like behavior if you look at coups in other countries.

On edit: Oh, and if you're asking about the approach to computer security specifically? That part is absolutely insane and goes against the way everything is done in essentially every large organization.

comment by Martin Randall (martin-randall) · 2025-02-05T22:42:16.292Z · LW(p) · GW(p)

Sample questions I would ask if I was a security auditor, which I'm not.

Does Elez have anytime admin access, or for approved time blocks for specific tasks where there is no non-admin alternative? Is his use of the system while using admin rights logged to a separate tamper proof record? What data egress controls are in place on the workstation he uses to remotely access the system as an admin? Is Elez security screened, not a spy, not vulnerable to blackmail? Is Elez trained on secure practices?

Depending on the answers this could be done in a way that would pass an audit with no concerns, or it could be illegal, or something in between.

Avoiding further commentary that would be more political.

Replies from: jbash, Raemon
comment by jbash · 2025-02-05T23:12:27.385Z · LW(p) · GW(p)

Technically anything that's authorized by the right people will pass an audit. If you're the right person or group, you can establish a set of practices and procedures that allows access with absolutely none of those things, and use the magic words "I accept the risk" if you're questioned. That applies even when the rules are actually laws; it's just that then the "right group" is a legislative body. The remedy for a policy maker accepting risks they shouldn't isn't really something an auditor gets into.

So the question for an auditor is whether the properly adopted practices and procedures legitimately allow for whatever he's doing (they probably don't). But even if somebody with appropriate authority has established policies and procedures that do allow it, the question to ask as a superior policy maker, which is really where citizens stand, is whether it was a sane system of practices and procedures to adopt.

The issues you're raising would indeed be common and appropriate elements for a sane system. But you're missing a more important question that a sane system would ask: whether he needs whatever kind of administrative access to this thing at all.

Since another almost universal element of a sane system is that software updates or configuration changes to critical systems like that have to go through a multi-person change approval process, and since there is absolutely no way whatever he's doing would qualify for a sanely-adopted emergency exception, and since there are plenty of other people available who could apply any legitimately accepted change, the answer to that is realistically always going to be "no".

Replies from: martin-randall
comment by Martin Randall (martin-randall) · 2025-02-06T01:27:23.754Z · LW(p) · GW(p)

I wasn't intending to be comprehensive with my sample questions, and I agree with your additional questions. As others have noted, the takeover is similar to the Twitter takeover in style and effect. I don't know if it is true that there are plenty of other people available to apply changes, given that many high-level employees have lost access or been removed.

comment by Raemon · 2025-02-05T22:44:02.545Z · LW(p) · GW(p)

To be clear, I think it's okay to be more political. What I don't want is "unreflectively partisanly political." (Maybe try DMing what you had in mind to me and I'll see if it feels productive)

comment by Raemon · 2025-02-05T23:15:39.944Z · LW(p) · GW(p)

I edited the OP but wanted to add for people who missed it (bold part is new)

(Please generally be cautious on LessWrong talking about politics. I am interested in people commenting here who have read the LessWrong Political Prerequisites [? · GW] sequence. I'll be deleting or at least unhesitatingly strong downvoting comments that seem to be doing unreflective partisan dunking)

((But, that's not meant to mean "don't talk about political actions." If this is as big a deal as it sounds, I want to be able to talk about "what to do do?". But I want that talking-about-it to feel more like practically thinking through an action space, than blindly getting sucked into a political egregore))

comment by Scott Dickey (scott-dickey) · 2025-02-05T22:41:47.461Z · LW(p) · GW(p)

Bureaucracy and red tape are often written into law by Congress based on actual and theoretical damage to people and systems. To bypass them is to bypass all protections. The risk is enormous.

Replies from: Raemon
comment by Raemon · 2025-02-06T00:34:51.958Z · LW(p) · GW(p)

(This isn't a flagrant violation of the norms but this comment gives me a vibe of trying to score points more than problem solve)