U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
gizmodo.comPrevious:
https://news.ycombinator.com/item?id=48190454 CISA Admin Leaked AWS GovCloud Keys on GitHub (krebsonsecurity.com)
~7 hours ago, ~27 comments
That's an interesting interpretation of open source.
Did they recruit their personnel from DOGE?
Fun fact, despite shutting it down as an abject failure, all the people from DOGE were rolled into the government and given jobs. The irony is unbearable and par for the course with this admin.
You have to watch a video ad to read the article? First time I’ve seen that.
No one is entertaining the possibility that this was done on purpose?
THIS
This is either insane levels of incompetence, or an intentional act to enable compromise by other agents.
>>"“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…]"
Of forking course there is no indication of compromise. Anyone competent would use the keys and passwords to login, exfiltrate the data they wanted, and depart without being noticed. And of course, the actors leaving it there could help cover.
OFC, it is also possible that it is insane levels of incompetence since the primary and only criteria to work in this administration is loyalty, and competence is usually seen as a liability since actual skill and knowledge often conflicts with being strictly loyal.
So, Hanlon's Razor applies, but they sure test the limits of it.
One way or the other, we're fooked.
Maybe it was UFOs that came down and hacked the gibson to leak two unimportant AWS accounts' IAM users
I assume it's a honeypot. Is anyone dumb enough to try to use these?
[dupe] Discussion on source: https://news.ycombinator.com/item?id=48190454
You can’t spell cisappointment without CISA.
Because of course it was.
It's very odd that the author can't just report on this extremely basic security error without diverting on to Trump.
It's just missing some context -
https://techcrunch.com/2026/02/25/us-cybersecurity-agency-ci...
https://www.nytimes.com/2025/04/05/us/politics/trump-loomer-...
> When President Trump abruptly fired the head of the National Security Agency and U.S. Cyber Command on Thursday, it was the latest in a series of moves that have torn away at the country’s cyberdefenses just as they are confronting the most sophisticated and sustained attacks in the nation’s history.
> For four years, he nurtured deep resentments about CISA, which had declared that the 2020 election was one of the best run in history, undercutting his false claims that he had been cheated of victory. Weeks after taking office this year, he began a campaign of dismantlement.
This is one of those cases where The Buck Stops Here is literally true.
I can't imagine how that is connected to dumping API keys in a public repo.
You can't imagine how taking Musk's DOGE chainsaw to the organization and purging non-loyalists caused some long-term damage to the security culture inside it?
No. I can't imagine a lone developer doing that, let alone a taxpayer-funded group of security experts.
Then in this news story we have concrete evidence it’s your imagination that is lacking.
Not really, considering that Trump signed CISA into law, and then immediately kneecapped it by firing one of the only competent people he has ever appointed (Krebs).
It's because Trump fired Krebs. It's hard to trust him anymore, when it's shown he can't keep his political bias out of security.
He fired Christopher Krebs. This is Brian Krebs, a long time cybersec blogger. They're apparently unrelated.
Complaining about Trump is useful as a free-speech canary. When the complaints start being silenced, you know we're in trouble.
I would think a canary should be more obviously for that purpose. There's no secret committee or group understanding deciding these things.
Trump complaints function much better as a dogwhistle, so that's what they are. Everyone is very tired of them regardless of political stance. At this point, observing a lack of complaints won't mean anything other than someone catching their breath.
I mean, you can be tired of both the frivolous complaints and also tired of having a moron for a president. I’m tired of people complaining about stuff that is symbolic and unimportant like the ballroom but I’m much more tired of every competent person in government being fired and replaced with alcoholic podcasters.
Getting tired of complaints about trump means what he's doing and who he is is being normalized, bit by bit. Don't get tired, get angrier.
I think people are tired because people were catastrophising things Trump did 10 years ago, and it's like when a microphone clips because the gain is too high. If you were weeping into your Tiktok in 2016 before anything happened, and even while some good things were happening, it's hard to differentiate reality from hysteria.
> tired of every competent person in government being fired and replaced with alcoholic podcasters
Would you prefer the alcoholic media moguls of the democrats? I didn't want to reply, but this was too funny to ignore.
As painful as it's been to watch, above all else I think what Trump has done is open people's eyes to their own biases. Hopefully we can heal and do better.