Elon Musk and DOGE have illegally hacked the U.S. government.

In less than a month, Elon has ransacked the government, stealing personal and sensitive information on millions of Americans. This includes social security numbers, full names, dates of birth, addresses, banking details, tax records, employment records, and medical information. If you’ve ever filed your taxes, applied for a job at the government, worked at the government as an employee or a contractor, applied for student aid, received any state or federal aid such as Medicaid, Medicare, or Social Security, Elon Musk and DOGE may have stolen your personal information.

Traditional definition:

Hacking in the traditional sense is gaining unauthorized access to computers, networks, or accounts. When your uncle’s Facebook account starts sending out scam links trying to get you to buy Bitcoin, their account has been hacked and an unauthorized actor has gained access.

When the Chinese government gained unauthorized access to an Office of Personnel Management database in 2015 and stole about 22 million records of personal information, they hacked the U.S. government.

Legal definition:

Legally, hacking is broadly defined as the act of breaking into a computer system without authorization. When a 22-year-old from France breaks into corporate computer systems to steal personally identifiable information and financial information on millions of individuals, that is considered hacking. This individual was extradited from France to the U.S. and sentenced to three years in prison for their actions.

Elon Musk and DOGE have undoubtedly hacked into the government based off these definitions. To further prove this point, Musk and DOGE are being sued in at least 12 lawsuits over unauthorized access to sensitive data.

To read more about what hacking is and examples of traditional hacks, like the hack of the OPM in 2015, or how the courts handle hacking cases, go to the Hacking History section here.

Each of these items deserve an entire thread because they're insane. For the sake of brevity, I've included brief explanations here, but I strongly recommend you read the extended writeups in the Security Violations section.

Bypassed security clearances and background checks required for access to this data.

This includes gaining access to Secure Compartmented Information Facilities (SCIFs), which require the highest level of security clearance, typically a non-disclosure agreement (NDA), and need-to-know. All of which is incredibly limited and isn't possible to have processed in the time between Trump's inauguration and the unauthorized access.

Hired a DOGE member who had been previously fired from an organization for intentionally exfiltrating and leaking sensitive information.

This DOGE employee intentionally stole and leaked company secrets to competitors. After later being terminated, they later bragged about having maintained persistent access to Path Network's systems.

"I had access to all the game hosting machines for months after termination 🤣🤣🤣" and he had "access to every single machine."

But don't worry, he also said despite him having the ability to wipe (destroy all the data) on every machine, he wouldn't do it because he's too good of a person. "I never exploited it because it's just not me".

Accessed sensitive data without proper authorization.

An internal Treasury email calls DOGE's access to federal payment systems "the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced."

Musk, DOGE, and the department heads who have turned a blind eye to this are currently being sued by multiple organizations for violating privacy laws, Internal Revenue Codes, the Administrative Procedures Act, and the Constitution.

Ignored all requirements for proper notifications and disclosure to those who the records pertain to.

Exposed sensitive internal governement websites and services to the internet without proper security controls and safeguards.

A Department of Energy SFTP server that allows read and write access without requiring a username or password.

The Bureau of the Fiscal Service's Secure Payment System (SPS) was exposed to the internet without proper security controls.

Department of Energy servers allowing Remote Desktop Protocol access from the internet, which is essentially a security cardinal sin.

An internal government website with vulnerabilities as old as 2006 was exposed to the internet. This server is vulnerable to attacks that could allow an attacker to execute commands on the server without logging in.

Installed software to allow forwarding of sensitive data to Inventry.ai, an AI company that collects huge amounts of data to build AI models from.

This software explicitly states they don't require usernames or passwords to access the tool. This is objectively insecure and wouldn't pass ANY reputable security risk assessment.

Exposed sensitive government email login pages to the internet. This was the Treasury Department's Office of Inspector General's Outlook Web portal.

Plugged unauthorized devices into government servers and computers.

Regardless of how secure your system is, physical access to a device is the equivalent of a complete compromise. Once an actor gains physical access to your system, it's game over.

Bypassed standards, processes, and procedures for secure access to sensitive data.

Threatened security guards and federal employees for asking questions about DOGE's activity.

Fired or "placed on administrative leave" Security Directors, Deputies, and just about any Information Security Officer who pushes back against their requests for unlimited access.

Department of the Treasury

When: January 28, 2024 to Feb 8, 2025

Level of access: Read and write access to databases.

Read and write access to source code for 3 critical components of the Treasury payment system.

Data types:

• Taxpayer full names
• Taxpayer addresses
• Taxpayer date of births
• Social Security Numbers
• How much an individual earned
• How much an individual owes
• Property ownership information
• Child custody agreements
• Tax filing and refund data

Government lawyers claim there were security and monitoring tools on DOGE computers, however those same lawyers won't comment on whether the tools were configured properly or were actively blocking any activity. For example, they claim the laptop had the "ability" to block peripherals being plugged into the laptop, but won't comment on whether any peripherals (like USBs) were actually blocked. DOGE employees were also allowed to take screenshots of Bureau of Financial Services (BFS) data and send emails to recipients outside of the BFS, including other DOGE employees. On top of this, the BFS aren't able to determine what data was in the emails sent by DOGE employees, meaning they could have included say, screenshots of BFS data, exports of databases, or even the source code of BFS payment systems... On a final note, a week after a DOGE employee had resigned, the BFS were still reviewing logs trying to determine what exactly DOGE had accessed and changed within the system. The review of logs taking over a week demonstrates providing this access was irresponsible. Their team clearly don't have the resources or technical knowledge to review this activity and recklessly handed their source code to an unauthorized actor.

Note: Access to the BFS databases was supposed to be read-only, however they accidentally provisioned a DOGE employee with read and write access.

Source: https://ag.ny.gov/sites/default/files/court-filings/state-of-new-york-et-al-v-donald-trump-opinion-and-order-2025_0.pdf

Office of Personnel Management

When:

Level of access:

Data types:

Department of Education

When:

Level of access:

Data types:

Energy Department

When:

Level of access:

Data types:

asdf

When:

Level of access:

Data types:

Quisque vel sapien sit amet tellus elementum ultricies. Nunc vel orci turpis. Donec id malesuada metus. Nunc nulla velit, fermentum quis interdum quis, tate etiam commodo lorem ipsum dolor sit amet dolore. Quisque vel sapien sit amet tellus elementum ultricies. Nunc vel orci turpis. Donec id malesuada metus. Nunc nulla velit, fermentum quis interdum quis, convallis eu sapien. Integer sed ipsum ante.

January 20, 2025 - The Trump Administration sign an executive order provisioning security clearances without the need for background checks. This includes giving DOGE employees top-secret security clearances.

Note: This Executive Order blamed the Biden administration for creating a backlog of security clearance requests; however, the Trump administration intentionally delayed background check processes leading up to the election. Source: https://apnews.com/article/trump-transition-picks-signed-agreement-background-checks-5ea8fcde89ec2ea0549257a934dbb8a5

January 31, 2025 - Trump claims DOGE don't have any direct access to any government systems where money is dispersed.

January 31, 2025 - Katie Miller claims no classified material was accessed without proper security clearances.

February 1, 2025 - Elon Musk threatened to call the US Marshals on the Director of Security of the U.S. Agency for International Development (USAID) if they didn't allow DOGE employees access to a Secure Compartmented Information Facility (SCIF), despite them not having top-secret security clearances.

February 1, 2025 - The USAID Director of Security and their Deputy were placed on administrative leave after they tried to prevent DOGE employees from accessing secure USAID systems.

February 1, 2025 - DOGE employees were given an unknown level of access to USAID systems after the Director of Security and their Deputy were placed on administrative leave.

February 2, 2025 - Democratic members of the Senate Committee on Foreign Relations sent a letter to Secretary of State Marco Cubio claiming security guards overseeing USAID offices were threatened when asking DOGE employees questions about their activities. This letter also requested full transparency on DOGE activities in USAID.

Feburary 2, 2025 - Elon Musk posted on X "We spent the weekend feeding USAID into the wood chipper."

February 2, 2025 - Trump ordered the Treasury to grant DOGE expanded access to the Bureau of Fiscal Services (BFS) payment systems.

February 2, 2025 - Sensitive Treasury Department servers were observed being exposed to the internet on Shodan.

February 3, 2025 - AFL-CIO file a lawsuit against Musk & DOGE to protect the privacy of worker data.

February 3, 2025 - DOGE employees gain access to multiple internal systems at the Department of Education including financial aid datasets that contain the personal information of millions of students enrolled in federal student aid programs.

  This should be illegal & they're actively being sued over this. Violation of the Privacy Act of 1974. They also got access to the Department of Education's tax record information, which is a violation of the Confidentiality Provisions of the Internal Revenue Code.

February 3, 2025 - Musk claims he & Trump are "shutting down" USAID.

This is illegal. The President doesn't have the powers to defund or destroy a department created and funded by Congress.

If Trump, Elon, or DOGE attempt to starve USAID, this is illegal and a violation of the Appropriations Clause as well as the Take Care clause of the Constitution.

Disclaimer The content on this website is for informational purposes only and reflects the opinions of the author(s). While we strive for accuracy, we do not guarantee the completeness, reliability, or validity of any information provided. Any statements made about individuals, organizations, or events are based on publicly available information and personal analysis. We do not intend to harm, defame, or misrepresent any entity. If you believe any content is inaccurate or may be misleading, please contact us at [your contact info] so we can review and address concerns as appropriate.