REVISED DRAFT DOGE’s Digital Coup no Schneier

REVISED DRAFT: DOGE’s Digital Coup

BLUF

America’s adversaries constantly scan our digital defenses for opportunities to break in. When DOGE began their sweeping digital takeover of the federal government, they handed China and Russia the keys to our most sensitive national security data.

My investigation reveals that DOGE violated fundamental cybersecurity principles by giving themselves unlimited access to nuclear secrets, Social Security records, and Treasury systems. A decorated Navy whistleblower confirms DOGE moved every American’s Social Security information to a vulnerable cloud environment. Most troubling: 19-year-old Edward “Big Balls” Coristine, who has family ties to Russian government officials and a history of hosting malware, now controls proxy networks showing classic data exfiltration patterns. The evidence suggests America’s most sensitive intelligence is being systematically funneled overseas.

2025 11:39 AM

[Big Balls Has Your Security Number. And a global “Black Box” network perfect for sending it anywhere in the world ](<./../Big-Balls-Has-Your-Security-Number.-And-a-global-Black-Box-network-perfect-for-sending-it-anywhere-in-the-world-.md> “Big Balls Has Your Security Number. And a global “Black Box” network perfect for sending it anywhere in the world “)

Government Officials and Security Experts Warn of Catastrophic National Security Threat

Security experts and even the government’s own lawyers warned that allowing DOGE staff to access federal systems without required security clearances could be catastrophic to national security. The risks are threefold:

First, DOGE staffers have opened dangerous security holes that nation-state actors like Russia and China are perfectly positioned to exploit. Second, their constant demands for “god mode” accounts with maximum privileges violates both the “need-to-know” principle for classified intelligence and core cybersecurity concepts of “least privilege” and “zero-trust.” Third, experts have been afraid to say what they’re all thinking: DOGE is moving sensitive data off federal networks to unknown locations.

DOGE bears all the markings of an insider threat, except they’re not being sneaky about it. We’ve never seen an insider threat sent by the President to execute a digital coup at every agency they touch. If I didn’t know what DOGE was, the digital evidence I’ve collected would point to a sophisticated nation-state cyber actor executing a brazen attack against American intelligence.

SSA Whistleblower Exposes Most Brazen DOGE Data Heist Yet

Charles Borges, the highest-ranking data official at the Social Security Administration, just blew the whistle on DOGE’s most dangerous operation yet. Borges, who served his country for over 20 years as a Navy veteran with deployments to Afghanistan before becoming a federal data analyst, watched in horror as DOGE seized control of the database containing every single American’s Social Security number with no oversight.

“If malicious actors gain access to this cloud environment, Americans may be vulnerable to widespread identity theft, may lose crucial health and food benefits, and the government might have to issue new Social Security numbers to every American at significant expense,” Borges warned in his whistleblower complaint.

Within 30 minutes of Borges sending his resignation letter to SSA staff, the email mysteriously vanished from recipients’ inboxes, raising immediate questions about censorship and retaliation.

The Pattern Emerges: Multiple Agencies Under Attack

The SSA whistleblower revelation follows an earlier disclosure from a whistleblower at the National Labor Relations Board, where DOGE allegedly stole 10 gigabytes of sensitive labor data. Within minutes of DOGE accessing NLRB systems, someone with a Russian IP address began attempting to log in using newly created DOGE admin credentials with the correct username and password.

Federal judges have blocked DOGE access to Treasury payment systems controlling trillions in federal spending, finding “a real possibility that sensitive information has already been shared outside of the Treasury Department, in potential violation of federal law.”

DOGE Centralizes Data and Feeds Everything Into AI With No Oversight

For the “most transparent government agency ever,” Musk and the DOGE crew go through extraordinary trouble to erase their digital tracks while accessing information that, if leaked, could destroy U.S. security and economy. DOGE has already caused lasting damage to national security by firing cybersecurity and nuclear weapons experts responsible for America’s first and last line of defense.

Most disturbingly, DOGE used AI to make these cuts by feeding detailed job descriptions and chain-of-command structures for the entire federal government into their systems, including nuclear safety workers with the highest security clearances.

Edward “Big Balls” Coristine: The Russian Connection at the Heart of DOGE

At the center of this crisis is Edward “Big Balls” Coristine, the 19-year-old who now has access to America’s most sensitive data. My investigation reveals that Coristine owns and operates Packetware (AS400495), a global network that appears designed for large-scale data smuggling rather than legitimate web hosting.

Background Check Failures

Between 2020 and late 2024, Packetware provided bulletproof hosting to Russian hackers Coristine met through “the Com,” what cybersecurity expert Brian Krebs calls the “English-language cybercriminal hacking equivalent of a violent street gang.”

YouTuber No Text To Speech discovered Discord messages where Coristine (username: rivage) admitted having family members in the Russian government. He was fired from Path Network for leaking company secrets and moved directly to interning at Neuralink in summer 2024. Until July 2024, just months before becoming Musk’s right-hand man at DOGE, Coristine was still hosting malware sites spreading viruses across the internet.

The Packetware Network: Built for Data Exfiltration

What Packetware Claims vs. Reality

Packetware.net claims to be a small Virtual Private Server (VPS) hosting company. VPS hosting typically generates balanced traffic patterns as customers pull content from servers. Instead, Packetware shows the opposite: massive outbound data flows that suggest systematic data theft.

The Montreal Cluster: Digital Air Traffic Control for Stolen Data

In February, I discovered Packetware’s digital equivalent of an air traffic control tower hosted in Montreal. This server runs Prometheus monitoring software that tracks network traffic from nodes worldwide. The traffic patterns tell a damning story:

February 6, 2025:

• Inbound: 37.7 TB over 12 hours

• Outbound: 55.9 TB over 12 hours

• Ratio: 1.5 TB out for every 1 TB in

August 29, 2025:

• Inbound: ~8 GB per 12 hours

• Outbound: ~216 GB per 12 hours

• Ratio: 26:1 outbound bias

To put this in perspective: if you printed the data entering the network on February 6th, it would create a stack of 839,000 encyclopedias measuring 26 miles tall. The outbound data would reach 46.6 miles into the stratosphere.

Network Design Perfect for International Data Smuggling

Packetware’s system provides ideal infrastructure for covertly sending government data overseas:

• Servers spread across multiple countries, with most currently offline

• Dangerous security settings allowing anyone internet access without authentication

• Logs deleted every 12 hours (unusually short for legitimate monitoring)

• Sophisticated container technology to quickly hide data paths

• 26:1 outbound traffic bias (opposite of normal web hosting)

Methodology Disclaimer

For this investigation, I accessed only publicly available servers and metrics requiring no authentication. All server endpoints were publicly accessible at the time of observation. No hacking, credential misuse, or disruption was performed. This analysis involved only passive, open-source monitoring for transparency and public safety.

How the Data Smuggling Operation Works

Based on network analysis, here’s how the operation likely functions:

1. Insider Access: DOGE personnel access federal networks using their unlimited privileges

2. Initial Transfer: Data moves from government systems to U.S.-based proxy nodes

3. Global Bouncing: Information travels through multiple international proxy servers (Montreal, Amsterdam, Dallas, Los Angeles) to obscure its origin

4. Final Delivery: Data arrives at remote SSH servers in Europe, completely untraceable

The sophisticated routing makes detection nearly impossible while providing plausible deniability for any intercepted communications.

What’s at Stake: America’s Nuclear Umbrella Under Threat

Federal systems face constant attacks from countries like China and Russia, who view our nuclear databases, classified intelligence, and trade secrets as the ultimate prize. Breaches in these areas could cripple the U.S. economy or destroy the fundamental pillar of our defense against invasion.

If this network is transferring data from federal systems overseas, it’s nearly certain that hostile intelligence agencies have compromised everything in transit. Both countries extensively target U.S. public and private sectors with sophisticated cyberattacks.

Moreover, the open access settings mean other unauthorized hackers could be exploiting these same proxies, creating additional layers of compromise and data theft.

Conclusion: The Burden of Proof

The Montreal Cluster’s traffic patterns tell a story that Packetware’s business model cannot explain. When a “hosting company” pushes out 26 times more data than it receives, with zero visible customers and wide-open security, the burden of proof shifts to Coristine.

If this network truly hosts legitimate websites instead of smuggling stolen government data, he should have no problem opening his logs to independent review. Until then, every day DOGE maintains access to federal systems represents an ongoing threat to American national security.

The evidence is clear: we are witnessing the largest government data heist in American history, orchestrated by individuals with documented ties to Russian cybercriminals and executed with the full backing of the Trump administration. Congress must act immediately to revoke DOGE’s access before more damage is done.

---

Five Strong Conclusion Options

1. Congressional Action: “Congress must immediately investigate and revoke all DOGE access to federal systems. Every day of delay increases the risk that America’s most sensitive secrets end up in enemy hands.”

2. Security Community Alert: “I’m calling on the cybersecurity community to monitor these networks and help document this ongoing attack on American democracy. Our expertise is needed to protect the nation.”

3. Historical Context: “This makes the OPM breach look like a parking ticket. We’re witnessing the systematic compromise of every major federal database by individuals with known Russian connections.”

4. Immediate Threat: “Right now, as you read this, terabytes of American intelligence data may be flowing through proxy servers to hostile nations. This is not a future threat—it’s happening today.”

5. Call to Transparency: “If DOGE has nothing to hide, they should immediately provide independent security audits of all accessed systems and open their network logs to congressional oversight. Their refusal to do so speaks volumes.”