BestNetTech is off for the holidays! We'll be back soon, and until then don't forget to 
DOGE’s ‘Genius’ Coders Launch Website So Full Of Holes, Anyone Can Write To It
from the this-would-get-an-intern-at-a-coffee-shop-fired dept
If you want to write something on the U.S. government’s official DOGE website, apparently you can just… do that. Not in the usual way of submitting comments through a form, mind you, but by directly injecting content into their database. This seems suboptimal.
The story here is that DOGE — Elon Musk’s collection of supposed coding “geniuses” brought in to “disrupt” government inefficiency — finally launched their official website. And what they delivered is a masterclass in how not to build government infrastructure. One possibility is that they’re brilliant disruptors breaking all the rules to make things better. Another possibility is that they have no idea what they’re doing.
The latter seems a lot more likely.
Last week, it was reported that the proud racist 25-year-old Marko Elez had been given admin access and was pushing untested code to the US government’s $6 trillion/year payment system. While the Treasury Department initially claimed (including in court filings!) that Elez had “read-only” access, others reported he had write access. After those reports came out, the Treasury Dept. “corrected” itself and said Elez had been “accidentally” given write privileges for the payments database, but only for the data, not the code. Still, they admitted that while they had put in place some security protections, it’s possible that Elez did copy some private data which “may have occasionally included screenshots of payment systems data or records.”
Yikes?
Now, you might think that having a racist twenty-something with admin access to trillion-dollar payment systems would concern people. But Musk’s defenders had a compelling counterargument: he must be a genius! Because… well, because Musk hired him, and Musk only hires geniuses. Or so we’re told.
The DOGE team’s actual coding prowess is turning out to be quite something. First, they decided that government transparency meant hiding everything from FOIA requests. When questioned about this interesting interpretation of “transparency,” Musk explained that actually DOGE was being super transparent by putting everything on their website and ExTwitter account.
There was just one small problem with this explanation. At the time he said it, the DOGE website looked like this:
That was it. That was the whole website.
On Thursday, they finally launched a real website. Sort of. If by “real website” you mean “a collection of already-public information presented in misleading ways by people who don’t seem to understand what they’re looking at.” But that’s not even the interesting part.
These supposed technical geniuses managed to build what might be the least secure government website in history. Let’s start with something basic: where does the website actually live? According to Wired, the source code actually tells search engines that ExTwitter, not DOGE.gov, is the real home of this government information:
A WIRED review of the page’s source code shows that the promotion of Musk’s own platform went deeper than replicating the posts on the homepage. The source code shows that the site’s canonical tags direct search engines to x.com rather than DOGE.gov.
A canonical tag is a snippet of code that tells search engines what the authoritative version of a website is. It is typically used by sites with multiple pages as a search engine optimization tactic, to avoid their search ranking being diluted.
In DOGE’s case, however, the code is informing search engines that when people search for content found on DOGE.gov, they should not show those pages in search results, but should instead display the posts on X.
“It is promoting the X account as the main source, with the website secondary,” Declan Chidlow, a web developer, tells WIRED. “This isn’t usually how things are handled, and it indicates that the X account is taking priority over the actual website itself.”
If you’re not a web developer, here’s what that means: When you build a website, you can tell search engines “hey, if you find copies of this content elsewhere, this version here is the real one.” It’s like telling Google “if someone copied my site, mine is the original.”
But DOGE did the opposite. They told search engines “actually, ExTwitter has the real version of this government information. Our government website is just a copy.” Which is… an interesting choice for a federal agency? It’s a bit like the Treasury Department saying “don’t look at our official reports, just check Elon’s tweets.”
You might think that a government agency directing people away from its official website and toward the private company of its leader would raise some conflict-of-interest concerns. And you’d be right!
But wait, it gets better. Or worse. Actually, yeah, it’s worse.
Who built this government website? Through some sloppy coding, security researcher Sam Curry figured out it was DOGE employee Kyle Shutt. The same Kyle Shutt who, according to Drop Site News, has admin access to the FEMA payments system. The same Kyle Shutt who used the exact same Cloudflare ID to build Musk’s America PAC Trump campaign website. Because why maintain separate secure credentials for government systems and political campaigns when you can just… not do that?
But the real cherry on top came Thursday when people discovered something amazing about the DOGE site database: anyone can write to it. Not “anyone with proper credentials.” Not “anyone who passes security checks.” Just… anyone. As 404 Media reported, if you know basic database operations, you too can be a government website administrator:
The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”
While I imagine those will be taken down shortly, for now, the insertions are absolutely visible:
Look, there’s a reason we called this whole thing a cyberattack. When someone takes over your computer systems and leaves them wide open to anyone who wants to mess with them, we usually don’t call that “disruption” or “innovation.” We call it a cybersecurity breach.
“Feels like it was completely slapped together,” they added. “Tons of errors and details leaked in the page source code.”
Both sources said that the way the site is set up suggests that it is not running on government servers.
“Basically, doge.gov has its codebase, probably through GitHub or something,” the other developer who noticed the insecurity said. “They’re deploying the website on Cloudflare Pages from their codebase, and doge.gov is a custom domain that their pages.dev URL is set to. So rather than having a physical server or even something like Amazon Web Services, they’re deploying using Cloudflare Pages which supports custom domains.”
Here’s the thing about government computer systems: They’re under constant attack from foreign adversaries. Yes, they can be inefficient. Yes, they can be bloated. But you know what else they usually are? Not completely exposed to the entire internet. It turns out that some of that inefficient “bureaucracy” involves basic things like “security” and “not letting random people write whatever they want in federal databases.”
This isn’t some startup where “move fast and break things” is a viable strategy. This is the United States government. And it’s been handed over to people whose main qualification appears to be “posts spicy memes on 4chan.” The implications go far beyond embarrassing database injections — this level of technical negligence in federal systems creates genuine national security concerns. When your “disruption” involves ignoring decades of hard-learned lessons about government systems security, you’re not innovating — you’re inviting disaster.
Filed Under: cyberattack, doge, doge website, elon musk, kyle shutt, security holes, transparency
Companies: twitter, x
Comments on “DOGE’s ‘Genius’ Coders Launch Website So Full Of Holes, Anyone Can Write To It”
The fact that Republican senators aren’t dragging their racist little DOGEys in to demand answers about what information they accessed and what they did while they had that access is extremely telling.
Re:
Yes, but it’s not telling us anything we didn’t already know. Just verifying.
I’m sure we’re saving trillions by outsourcing building a website to such a junior-level dipshit, though!
He was just implementing the site according to one of the foundational principles of cybersecurity called ‘I hope no one notices my shit work.’
And I wouldn’t blame the ‘auditors’ either. They follow a similar tenet of cybersecurity called ‘If I don’t look at any of it, I won’t find any vulnerabilities.’
These are top-notch DEI hires, folks. Us peasants aren’t in any position to question the ‘logic’ behind this big, beautiful failure.
Re:
Also known as “Let’s hope hackers will give up trying to understand my code as fast as I did.”
Re:
In a fit of irony. I think they had of hired Chinese (nationality, not race) webdevs to do it, it probably would have been (a little) more secure. … It might have only given easy access to PRC
Re: Re:
I agree, and you brought up a great point as to why we need to import our technical talent rather than use Americans – this is the output you get from overpaid garbage named Shutt.
Re: Re:
TBH, the PRC is such a rich country that it provides loans to countries turned down by the IMF, meaning it can easily afford to hire third parties to purchase Americans’ data. Makes the case for GDPR-type legislation in the US, no?
Re:
These are top-notch DEI hires, folks. Us peasants aren’t in any position to question the ‘logic’ behind this big, beautiful failure.
Oh most certainly not, DEI is terrible and alongside woke is the cause of all the bad things in the world, so clearly every person President Elon hired absolutely earned their position and ability to access priceless and important-beyond-compare government systems.
Here’s the thing about government computer systems: They’re under constant attack from foreign adversaries.
Having worked extensively on a government computer system, I can confirm this. And those attacks are quite often sophisticated, sustained, and precisely targeted.
Which is why we don’t host government websites on third-rate operations like Cloudflare: the novices running that operation are very big on praising themselves in public at every opportunity, but very small on actual security.
Come on, it’s written “An official website of the United States government” on top of DOGE website, so it must be serious.
Also, doge.gov/savings only displays “Receipts coming soon, no later than Valentine’s day 💘”.
So yes, it’s pretty serious stuff.
Over/Under on Matty and/or Koby making an appearance here?
Re:
Both will inevitably be here to explain how having to do the same work more than once, and looking foolish in front of the entire planet in the process results in a cost savings.
Re: Re:
I’m guessing that it will be the fallback excuse of “investigating fraud” as a justification for anything the way 2000s Republicans tried to pass laws completely unrelated to curbing terrorism by using the boogeyman of terrorism as justification. Also sprinkled with Matt’s “(I don’t know exactly what they’re doing but) it’s all legal, nothing to see here!” hand-waving away without citations as if the president gets Ron Swanson’s “I can do what I want” permit on the first day in office.
Re: Re: Re:
Sure, but even if we just pretend it’s all legal, it’s still stupid and incompetent as fuck.
Re: Re:
Obviously it’s a honeypot to catch liberal and Chinese hackers – there’s no way Musk’s fresh out of high school with no experience coders would make sure an insecure site by accident /s
Elon’s elves are going to make North Korea considerably richer through their incompetence and arrogance. You aren’t getting the best if you hire people based on if they’re racist and dumb enough to break the law.
Re:
LO-fucking-L. We’re throwing our allies to the wind. North Korea won’t even be able to get the aid it’s used to as the rest of the world scrambles in the collapse of Pax Americana.
Re: Re:
They’re undoubtedly chomping at the bit to see what sloppy, crypto driven garbage code is added to the US treasury system by Elon et al, given how thir economy is reliant on crypto scams these days. You don’t need a functional country to loot it, a damaged nation on the decline is far, far easier, look at Russia, 80s and Post brexit Britain, Argentina and so on.??
Re: Re: Re:
THAT is a really good point. Besides being fake money for criminals, crypto has been implemented by some of the worst programmers on this planet – which is why you can just about set your watch by the regular occurrence of massive crypto exchange hacks. I suspect the only reason that there aren’t more is that it’s too target-rich an environment.
So everyone out there, not just North Korea, is eagerly waiting for Musk et.al. to sabotage the financial machinery of the federal government by introducing crypto. And why not? It’s not Musk’s money. Why should he care if Social Security and Medicare are destroyed and tens of millions of old people have their lives destroyed as a result? Why should he care if Medicaid and school lunch programs and similar are torched, and tens of millions of children stay sick and go hungry? Elon only cares about Elon, that’s all he’s ever cared about, and he will cheerfully murder as many people as he feels necessary in order to flatter his ego.
I can only hope his supporters and defenders go first. That, at least, would be some small consolation in the midst of carnage.
Re: Re: Re:
They literally have no economy. i’m utterly surprised everyone there hasn’t starved to death yet.
Don’t worry, guys! Musk is a god who’s right 99.5% of the time, and the people he hired are computer geniuses. Koby said so!
Re:
99.5% is SO close to 110%!
Until you realize that there are 8.2 billion people on earth, so Musk being right 99.5% of the time means that those final 5 out of 1000 times he is wrong can have a significant impact on the population.
Musk: I need to get out of bed today (correct)
Musk: I should put on a shirt (correct)
… 200 decisions later:
Musk: I should let that intern from Tesla create and manage a website handling all the federal data (incorrect)
One thing you should give credit Republicans for is never having to worry about cybersecurity. No hacker can cause as much damage as they already did
Re:
Say that again when the hacked treasury systems transfer out more money than has been “saved” by sacking most of the administration.
Re: Re:
That would be due to the damage already done from the inside. The point holds.
This comment has been flagged by the community. Click here to show it.
What does racism/ being raciist have to do with website coding?
My first visit here, thanks to Ground News!
Now, I’m not a coder, nor a reporter, but it just seems bizarre, to me, of identifying a person as being racist (without evidence, may I add) in a discussion about website coding. What does that have to do with the price of rice in China (as they say)?
The writer is detracting from his point about the competence of the coder.
Other than that, an interesting article on something that I have not heard anything about.
Re:
Nothing, which is why it’s pretty wild that “being racist” is the primary qualification that DOGE seems to be looking for. They certainly don’t seem to be qualified in any technical aspects of the job.
Re:
Good question.
Ask why everyone involved in the trump government is a racist and or sex abuser.
Re: Re:
Because that’s how they find the sort of top-tier talent that leaves gaping vulnerabilities on public websites.
Re:
“…identifying a person as being racist (without evidence, may I add)”
Posts of Marko Elez, a member of the DOGE team…
“You could not pay me to marry outside of my ethnicity,” the account wrote in September. “Normalize Indian hate,” a separate post from that month read.
In July of last year, the account posted: “Just for the record, I was racist before it was cool.”
In other posts, from December, the account pushed for repealing the Civil Rights Act and shared: “I just want a eugenic immigration policy, is that too much to ask.”
It matters because it shows you the character of these people.
Re: Re:
Me, either. I’d happily do that for free. Oh, wait…
Re:
Hello! You are sealioning! Trying to sound friendly while accusing others of being mean without cause when there is actually cause and you’re either ignorant or disingenuous.
First, there is evidence. This website isn’t the only source of possible news. If you haven’t been paying attention to the news about these individuals, then that’s on you.
So racists are okay as long as they’re only coding a website? Why wouldn’t you oppose racism wherever it exists rather than only in compartmentalized areas? Instead of asking others why it’s relevant to point out racism in this context, you should be asking yourself why racism doesn’t bother you.
Seriously though, it is important. If an individual who has been given admin access to sensitive database(s) is known for actively, unabashedly engaging their biases, then their judgment and neutrality in doing their job is suspect. What if he decides to delete references to Indian aid organizations because he’s on record as being racist against Indians?
You just missed that the racism angle has greater implications than just the quality of the coding.
Re: Re:
There’s a few individuals on this site that do this when they falsely accuse others of “weaponinzing” the language of inclusion or the groups they advocate for, due to either ignorant or disingenuous positions that the advocate can have no genuine interest in advocating for the minorities they’re ostensibly giving a voice to.
Re:
The claim literally links to an article laying out the evidence.
Is he? I’d say the details about the coders’ competence(or rather lack thereof) hammer it home pretty well.
Re:
Firstly: these ‘coders’ are so incompetent you could likely find better qualified interns in one of the nations better highschools.
Secondly, the alleged mission was to uncover fraud, waste and abuse — for that job you would bring in professional, certified, forensic accountants, who would carefully follow rigorous (and carefully documented) procedures, not an un-vetted, undisciplined posse of plainly unqualified, inexperienced, sketchy hackers of dubious background.
Thirdly, there are the actions actually undertaken by this bunch of wanna-be computer geniuses, which reveals their motivations and raison d’etre.
Fourthly… never mind… try reading the front page news for a bit.
Re:
There is evidence. The link in the piece leads to reporting on how Elez literally tweeted: “Just for the record, I was racist before it was cool.”
This isn’t a judgmental thing. The kid literally said publicly, just a little while ago that he is a racist. Directly.
Re:
Apparently there’s a 1:1 correlation with incompetency and racism. Good of you to point that out.
This comment has been flagged by the community. Click here to show it.
this message was written by a concerntrolling bot.
Things Elon tells his 4 year old
Things Elon tells his 4 year old …
Don’t forget to SCHUTT the front door or you’ll let the DOGE out!
Thankfully, the U.S. has no geopolitical rivals like say, China, who definitely didn’t hack into the U.S. Treasury with a very sophisticated cyber attack just before the Trump admin took over… oh wait…
Re:
not forgetting the geopolitical “friends” such as India, which might, just might, take exception to the normalization of “Indian hate” … by a drip of a coder whose coding is as full of security holes as a colander isn’t full of water …
This comment has been flagged by the community. Click here to show it.
So we have Kyle Shutt, a psycho retard, working for Elon Musk, a psycho retard, working for Donald Trump, a psycho retard.
As least there’s consistency.
Musk speak
“time to confess” that the “media reports saying that @DOGE has some of world’s best software engineers are in fact true.”
Yeah, true as in, false.
It's gotten worse
Huffington Post is now reporting that classified intelligence (marked NOFORN) has been posted to that site.
I’m sure that our enemies will download all of it, once they manage to stop laughing.
Re:
I wonder at what point we’ll hear Trumpist actually admit that they didn’t vote for this.
These fascist script kiddies have you SSNs, Americans. I wonder who else might have them — and who knows what else — by this time next month.
I’m quite honestly amazed any of those fascist vermin children are still alive. Where the fuck are the sovereign citizens and their guns when their freedoms are actually being cut to shreds and sold to highest-bidder(s) in front of their eyes, in damn near real time?
Re:
SovCits are believers in this shit. They don’t have any actual principles, they just repeat stuff that sounds like it came from a principled, if incorrect and insane, reasoning position.
It’s the same position – structuring power in their own favor. For whatever reason, they don’t get that like-minded people structuring power in their own interest doesn’t actually benefit them any further than a social identity to be used as a bludgeon against those who they dislike. “Owning the libs” is frequently an own goal, but they love it, plus they still always have something to complain about, which they also love, because their demagogues don’t actually let any power or wealth trickle down. They have lackeys out their with sponges.
Those non-DoGE posting have been taken down. I scanned the DoGE “website” and didn’t find them.
So that’s the DoGE definition of “Government Efficiency” – taking down unwanted but permissible posting. The rest of the definition – taking down the federal government – is discretely hushed up, like unwanted or unlikable relatives …
Re:
No worries, I’m sure in true MAGAt/1984 fashion they’ll insist that the insecurity of the page is fake news and nothing happened, and since it’s the Dear Leader and his owner saying it it must be true.
Genius Coders
Inexperienced hotdog Coders, breaking hardened by decades code is criminal. They are running untested, insecure code code against systems that have multiple levels approval, testing, and integration before changes make it to production.
That’s what you get when you code without an idea of what your doing and not coding with security first. Now these systems have a potential backdoor to all the attached that have been kept away from this sensitive info before.
I am thinking that Musk believes the geniuses are related to the one-in-a-billion monkey banging on keyboards that could produce the code for a super secure and functional firewall.
Funny how silent it is in certain previously loud circles...
So about those claims a few years back about how National Security Threatening Hilary having a private email servers was and how she deserved to be thrown in a cell as a result…
Their aim is to reduce waste eg waste is having property security protocols ,employing security experts and staff to main tain and update websites to be secure is not the most important policy they intend to sack as much federal employees as they can this will make regulations of environmental and financial consumer protection impossible
These people are either stupid or reckless or they don not care about trivial matters like following established security rules like making websites read only on the open web or responding to foi requests by keeping
Proper records and following established security procedures
Imagine the damage they can do by making changes or deleting data on websites that are
Connected to the trillion dollar federal payment system
It takes years to build a secure nationwide payment system the problem is it do.esnt take long to destroy government it systems that are interconnected in 50 states
This system is under constant attack by foreign hackers
Security is a 24/7 job if doge sacks 1000s of workers it,ll have negative effects on the it infrastructure of America
Highly paid security professionals are hard to train and replace if they choose to take early retirement
One example faa traffic controllers received offers to retire even though airports are at least ten per cent below the normal staffing levels of aur traffic controllers staff
The line comes to mind doge may save money in the short term but a what cost to the American taxpayer and citizen who is not as rich as musk
The federal government has a legal duty to keep digital records of all taxs payments salarys and pensions and medicare Medicare and to follow 1000s of health and and safety regulations and fund agencys to maintain roads public services and emergency aid in case if disaster citizens have a 👍 right to know how money is spent on federal agencys and public services
If doge just sacks 1000s of employees it’s hard to see how the federal agencys will be able to function normally and in a secure fashion for the public and as laid down in the laws passed by Congress
We can’t expects federal agencys to make a profit or reduce spending without with negative effects on services or even protecting government and military databases
Business study’s have shown dei is good it helps company’s hire a wide range of employees that make services more responsive to the public or customers and enable a higher return on investment than just hiring middle class white workers look at twitter x musk fired alot of moderators that previously would remove or block extreme racist content
The result advertisers are leaving x resulting in loss of revenue
Doge is magical thinking if we sack 1000s of federal workers we,ll save money
Ignoring the fact that federal government provides essential services and supports Medicare and Medicaid and services like paying pensions of retired policemen military staff who are on a pension
Unless trump does not care about the environment and services needed in case if fire flooding and to prevent the spread I’d disease bird flu etc
Should there ever be legal consequences for DOGE, I’m guessing these dipshits likely will be set up to take a huge part of the fall.
Re:
If Trump fucks up enough, the Democrats have a chance at winning back either the House and/or the Senate in the midterms. They can launch investigations and then the DOJ can refuse to prosecute. Then we wait another two years for the next election. Honestly, it will be stupid, but it’s better to wait to launch investigations or even hint at them until Trump is gone so he doesn’t prematurely pardon everyone before we get a chance to investigate and prosecute.
This may be a tad self-serving, but so be it. In all this talk of website manipulation and code-crafting, would somebody PLEASE go in there & write something to prevent Muck and his teen-ninjarats from reducing, in any way, the Social Security payments so depended upon by many of us who spent forty or fifty years paying into–and are now just too fucking old and physically dilapidated to go back to work at, say, Taco Bell, to be ordered around by some pimply-faced joy-boy who’s younger than our t-shirts? Some of us may, as well, just not be psychologically well-versed enough to avoid, say, flipping out and showering everybody in the room with 1800-degree frying grease. Overlaying all this, and at the risk of redundancy, IS the fact that we (as a class) HAVE spent decades upon decades paying faithfully into a system, as crafted by Mr. Roosevelt, that PROMISED to be there until our bitter individual ends, to at least keep us from having to subsist on Gravy Train. The thoughts of fat trump and his fellow cocksucking billionaires (many of whom should be OLD enough to know better!) draining these funds off to buy their fourth or fifth houses, larger yachts and younger wives, is physically sickening, at the very best. Please someone, show that you’re a true patriot–code into Muskrat’s site & booger it up to where, at least, life-supporting Social Security payments are protected! – Military, Billionaires, Speed-Limo exhibitions at the Daytona 500 and Marjorrhea Traitor Greed all be damned to the unforgiving fires of hell!
Fighting Trump
Greetings, We need a Democratic Party Judicial Go-Fund-Me to build up a warchest of cash to finance all of the legal efforts we need. I will not donate to the general Democratic Party Fund. Even though I am a Democratic Party member, I disagree with over half of the issues they fight for. We need a fund dedicated strickly to this legal battle that can’t be siphoned off for somebodies campaign. We need cases running in every single Federal Court Room in the USA. Please create this.