DOGEs Digital Coup I Mapped the Global Network Big Balls is Probably Using to Sell Your Data
New BLUF
America’s adversaries constantly probe our digital defenses for weaknesses. When DOGE began its rapid takeover of federal systems, they effectively handed China and Russia the means to access our most sensitive national security information. We know that DOGE had both the motive and the opportunity to move those secrets overseas. Today, I reveal that DOGE also has the capability.
My months-long investigation of Edward “Big Balls” Coristine shows that his company, Packetware, operates a global server network built for large-scale data smuggling, not the simple web hosting he claims. Since February, I observed traffic patterns and security settings that appear designed to let co-conspirators extract data from anywhere on the planet. In fact, Packetware’s network security is worse than an average home Wi-Fi system. Foreign intelligence agencies, criminals, or anyone online can intercept or dump data at will.
Critically dangerous settings include:
No passwords or authentication needed to explore the entire network
Logs deleted every 12 hours, compared to the weeks-long retention of normal monitoring systems
Configuration that permits unlimited data extraction by any user
The network exhibits classic indicators normally associated with malware gangs stealing data/mass data exfiltration/stealing data: 26 times more data flowing out than coming in, servers spread across five countries to mask data trails, and open-access security that requires no credentials. Due to DOGE’s constant destruction of evidence, this is the closest to a smoking gun we’ll ever get that America’s most sensitive intelligence is being systematically funneled overseas.
Government Officials and Security Experts Already Warned DOGE Is Damaging National Security
Security experts https://www.crisesnotes.com/day-five-of-the-trump-musk-treasury-payments-crisis-of-2025-not-read-only-access-anymore/ and even the government’s own lawyers warned that allowing DOGE staff unchecked access to sensitive federal systems without required security clearances is a grave threat to national security. https://www.cnn.com/2025/02/06/climate/doge-energy-department-trump/index.html DOGE has never explained why such sweeping access to the Treasury’s payment systems or even nuclear secrets is needed for a routine audit. https://www.npr.org/2025/03/26/nx-s1-5339842/doge-data-access-privacy-act-social-security-treasury-opm-lawsuit
More recently, the highest-ranking data official at the Social Security Administration, Charles Borges, blew the whistle on DOGE’s most dangerous operation yet. Borges served his country for over 20 years as a Navy veteran with deployments to Afghanistan before joining the public sector. He watched in horror as DOGE seized control of the database containing every single American’s Social Security number with no oversight.
In his complaint, Borges warned:
“If malicious actors gain access to this cloud environment, Americans may be vulnerable to widespread identity theft, may lose crucial health and food benefits, and the government might have to issue new Social Security numbers to every American at significant expense,” Borges warned in his whistleblower complaint. https://whistleblower.org/wp-content/uploads/2025/08/08-26-2025-Borges-Disclosure-Sanitized.pdf
The SSA whistleblower revelation aligns with an earlier disclosure by an IT worker at the National Labor Relations Board, where DOGE allegedly stole 10 gigabytes of sensitive labor data. Within minutes of DOGE accessing NLRB systems, someone with a Russian IP address began attempting to log in using DOGE’s newly created username and password. https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
The “DOGE Approach” to Data Theft
America’s most respected cybersecurity expert just warned Congress that DOGE has “created unprecedented cybersecurity risks for the American people and government. https://ash.harvard.edu/articles/in-appearance-before-congress-bruce-schneier-raises-concerns-about-doge-data-handling-practices/ Bruce Schneier’s testimony reveals DOGE’s systematic “four pillar approach” that violates every fundamental principle of cybersecurity:
Consolidate all citizen data into one massive target
Instead of keeping Social Security records separate from tax data, separate from health records, DOGE is combining everything into one giant database. Think of it like moving all your valuables from separate safe deposit boxes into one massive vault that dozens of people can access.
The SSA whistleblower confirms DOGE seized control of every American’s Social Security information. Court documents show they accessed Treasury payment systems processing trillions in government transactions, plus health records from Veterans Affairs and Medicare.
Disable security safeguards
For the “most transparent government agency ever,” Musk and the DOGE crew go to great lengths to cover their digital tracks while accessing information that, if leaked, could destroy U.S. security and economy.
Schneier warned that DOGE routinely disables and deletes any audit trails or logs that would reveal what they’re doing to the data behind closed doors.
Feed everything into AI
DOGE used an unknown AI tool to create detailed organizational charts of the entire federal government. https://www.nbcnews.com/politics/doge/federal-workers-agencies-push-back-elon-musks-email-ultimatum-rcna193439 They even used AI in the decision to fire 300+ nuclear weapons safety experts, a workforce that holds the highest level of security clearance and forms America’s last line of defense from invasion. https://www.npr.org/2025/02/14/nx-s1-5298190/nuclear-agency-trump-firings-nnsa(‘quote about this from nnsa firing article)that holds the highest and most sensitive security clearance.
In another disastrous example, a DOGE staffer used AI to make cuts to the nation’s largest integrated health care system that serves millions of veterans: the VA. Attempting to take an easy route for cutting veteran care, DOGE’s AI identified over 1,000 contracts valued at $34 million dollars each. Except it turns out that was a serious mistake. Experts found that DOGE’s AI routinely inflated the cost of flagged contracts by a factor of 10.
Schneier testified:
“Using government data sources to train AI creates a permanent, untraceable record of the data.”
Outsourcing control to private companies.
This final pillar brings us to my exclusive investigation of DOGE’s most infamous staffer, Edward “Big Balls” Coristine, and his
Edward “Big Balls” Coristine: The Russian Hacker Connection at the Heart of DOGE
REALLY NEED AN INTRO HERE
Between 2020 and late 2024, Packetware provided bulletproof hosting to Russian hackers Coristine met through “the Com,” what cybersecurity expert Brian Krebs calls the “English-language cybercriminal hacking equivalent of a violent street gang.”
YouTuber No Text To Speech discovered Discord messages where Coristine (username: rivage) admitted to having family members in the Russian government. He was fired from Path Network for leaking company secrets and moved directly to interning at Neuralink in summer 2024. Until July 2024, just months before becoming Musk’s right-hand man at DOGE, Coristine was still hosting malware sites spreading viruses across the internet.
To summarize, Trump and Musk gave the highest level security clearance and broad access to all Americans’ sensitive federal data to a hacker with a history of leaking company secrets and spreading computer viruses for fun.
Big Balls’ Network Transferred Terabytes of Data During the Height of DOGE
Packetware claims to be a small VPS hosting provider, but its traffic patterns tell a different story.
VPS hosting typically generates balanced traffic patterns as customers pull content from servers. Instead, Packetware shows the opposite: massive outbound data flows that suggest systematic data theft.
Digital Air Traffic Control for Stolen Data
In February, I discovered Packetware’s digital equivalent of an air traffic control tower hosted in Montreal. This server runs monitoring software that tracks network traffic from nodes worldwide. The traffic patterns tell a damning story:
February 6, 2025:
Inbound: 37.7 TB over 12 hours
Outbound: 55.9 TB over 12 hours
Ratio: 1.5 TB out for every 1 TB in
To put this in perspective: if you printed the data entering the network on February 6th, it would create a stack of 839,000 encyclopedias measuring 26 miles tall. The outbound data would reach 46.6 miles into the stratosphere.
Just days ago, the amount of data flowing out versus flowing in became even more lopsided.
August 29, 2025:
Inbound: ~8 GB per 12 hours
Outbound: ~216 GB per 12 hours
Ratio: 26:1 outbound bias
Network Design Perfect for International Data Smuggling
Packetware’s system provides ideal infrastructure for covertly sending government data overseas:
- Servers spread across multiple countries
- Dangerous security settings allowing anyone internet access without authentication
- Logs deleted every 12 hours (unusually short for legitimate monitoring, perfect for evidence destruction)
- Constant creation and destruction of containers, destroying all evidence
- 26:1 outbound traffic bias (opposite of normal web hosting)
How the Data Smuggling Operation Works
Based on network analysis, here’s how the operation likely functions:
Insider Access - DOGE personnel access federal networks using their unlimited privileges
Initial Transfer - Data moves from government systems to U.S.-based proxy nodes
Global Proxies - Information travels through multiple international proxy servers (Montreal, Amsterdam, Dallas, Los Angeles) to obscure its origin
Final Delivery - Data arrives at remote SSH servers in Europe, completely untraceable
The sophisticated routing makes detection nearly impossible while providing plausible deniability for any intercepted communications.
What’s at Stake: America’s Nuclear Umbrella Under Threat
Federal systems face constant attacks from countries like China and Russia, who view our nuclear databases, classified intelligence, and trade secrets as the ultimate prize. Breaches in these areas could cripple the U.S. economy or destroy the fundamental pillar of our defense against invasion.
If this network is transferring data from federal systems overseas, it’s nearly certain that hostile intelligence agencies have compromised everything in transit. Both countries extensively target U.S. public and private sectors with sophisticated cyberattacks.
Moreover, the open access settings mean other unauthorized hackers could be exploiting these same proxies, creating additional layers of compromise and data theft.
The Burden of Proof
The Montreal Cluster’s traffic patterns tell a story that Packetware’s business model cannot explain. When a “hosting company” pushes out 26 times more data than it receives, with zero visible customers and wide-open security, the burden of proof shifts to Big Balls.
If this network truly hosts legitimate websites instead of smuggling stolen government data, he should have no problem opening his logs to independent review. Until then, every day DOGE maintains access to federal systems represents an ongoing threat to American national security.