A software engineer from the Department of Government Efficiency (DOGE) and the Cybersecurity and Infrastructure Security Agency (CISA) has had his computer infected by info-stealing malware. The stolen data, including login credentials, has been leaked online multiple times since 2023. Kyle Schutt, the software engineer in question, had access to sensitive information through his roles at both agencies.
At DOGE, he gained access to a core financial management system of the Federal Emergency Management Agency (FEMA) in February. As part of CISA, Schutt likely had access to information about the security of civilian federal government networks and critical infrastructure across the US. The steady stream of Schutt’s published credentials has raised alarms.
Since 2023, his usernames and passwords for various accounts have appeared in logs from stealer malware at least four times. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits, stealing login credentials and potentially logging keystrokes and capturing screen output.
Schutt’s malware incident raises alarms
Journalist Lee, who reported on the incident, stated, “I have no way of knowing exactly when Schutt’s computer was hacked, or how many times. He might have gotten hacked years ago, and the stealer log datasets were just published recently. But he also might have gotten hacked within the last few months.”
Credentials belonging to Schutt’s Gmail account have appeared in 51 data breaches and five pastes tracked by a breach notification service.
While the presence of an individual’s credentials in such logs doesn’t necessarily indicate weak passwords or compromised accounts, Schutt’s steady stream of published credentials suggests that his credentials have been publicly known at various points over the past decade or more. Critics of DOGE have pointed out that these findings align with other operational security lapses by the office. Representatives at CISA and the Department of Homeland Security, which oversees CISA, have not immediately responded to emails seeking confirmation of the report.
The incident adds to the growing list of controversies surrounding DOGE, which has faced scrutiny for sharing inaccurate financial information and hiring practices under Elon Musk’s leadership. As the project continues to manage both internal and public challenges, this latest data leak raises further questions about the agency’s integrity and security.
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
