U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub

~7 hours ago, ~27 comments

That's an interesting interpretation of open source.

zombot 1 day ago |

Did they recruit their personnel from DOGE?

Forgeties79 1 day ago | |

Fun fact, despite shutting it down as an abject failure, all the people from DOGE were rolled into the government and given jobs. The irony is unbearable and par for the course with this admin.

reactordev 1 day ago |

You have to watch a video ad to read the article? First time I’ve seen that.

aerodexis 1 day ago |

No one is entertaining the possibility that this was done on purpose?

0xbadcafebee 1 day ago | |

Maybe it was UFOs that came down and hacked the gibson to leak two unimportant AWS accounts' IAM users

toss1 1 day ago | |

THIS

This is either insane levels of incompetence, or an intentional act to enable compromise by other agents.

>>"“Currently, there is no indication that any sensitive data was compromised as a result of this incident[…]"

Of forking course there is no indication of compromise. Anyone competent would use the keys and passwords to login, exfiltrate the data they wanted, and depart without being noticed. And of course, the actors leaving it there could help cover.

OFC, it is also possible that it is insane levels of incompetence since the primary and only criteria to work in this administration is loyalty, and competence is usually seen as a liability since actual skill and knowledge often conflicts with being strictly loyal.

So, Hanlon's Razor applies, but they sure test the limits of it.

One way or the other, we're fooked.

2OEH8eoCRo0 1 day ago | |

I assume it's a honeypot. Is anyone dumb enough to try to use these?

ChrisArchitect 1 day ago |

[dupe] Discussion on source: https://news.ycombinator.com/item?id=48190454

ohyoutravel 1 day ago |

You can’t spell cisappointment without CISA.

fcsuper 1 day ago |

Because of course it was.

philipallstar 1 day ago |

It's very odd that the author can't just report on this extremely basic security error without diverting on to Trump.

benoau 1 day ago | |

It's just missing some context -

https://techcrunch.com/2026/02/25/us-cybersecurity-agency-ci...

ceejayoz 1 day ago | |

https://www.nytimes.com/2025/04/05/us/politics/trump-loomer-...

> When President Trump abruptly fired the head of the National Security Agency and U.S. Cyber Command on Thursday, it was the latest in a series of moves that have torn away at the country’s cyberdefenses just as they are confronting the most sophisticated and sustained attacks in the nation’s history.

> For four years, he nurtured deep resentments about CISA, which had declared that the 2020 election was one of the best run in history, undercutting his false claims that he had been cheated of victory. Weeks after taking office this year, he began a campaign of dismantlement.

This is one of those cases where The Buck Stops Here is literally true.

philipallstar 1 day ago | | |

I can't imagine how that is connected to dumping API keys in a public repo.

ceejayoz 1 day ago | | |

You can't imagine how taking Musk's DOGE chainsaw to the organization and purging non-loyalists caused some long-term damage to the security culture inside it?

philipallstar 15 hours ago | | |

No. I can't imagine a lone developer doing that, let alone a taxpayer-funded group of security experts.

ceejayoz 14 hours ago | | |

Then in this news story we have concrete evidence it’s your imagination that is lacking.

t0mpr1c3 1 day ago | |

Not really, considering that Trump signed CISA into law, and then immediately kneecapped it by firing one of the only competent people he has ever appointed (Krebs).

jazz9k 1 day ago | |

It's because Trump fired Krebs. It's hard to trust him anymore, when it's shown he can't keep his political bias out of security.

markoman 1 day ago | | |

He fired Christopher Krebs. This is Brian Krebs, a long time cybersec blogger. They're apparently unrelated.

axus 1 day ago | |

Complaining about Trump is useful as a free-speech canary. When the complaints start being silenced, you know we're in trouble.

sublinear 1 day ago | | |

I would think a canary should be more obviously for that purpose. There's no secret committee or group understanding deciding these things.

Trump complaints function much better as a dogwhistle, so that's what they are. Everyone is very tired of them regardless of political stance. At this point, observing a lack of complaints won't mean anything other than someone catching their breath.

tuveson 1 day ago | | |

I mean, you can be tired of both the frivolous complaints and also tired of having a moron for a president. I’m tired of people complaining about stuff that is symbolic and unimportant like the ballroom but I’m much more tired of every competent person in government being fired and replaced with alcoholic podcasters.

pferde 1 day ago | | |

Getting tired of complaints about trump means what he's doing and who he is is being normalized, bit by bit. Don't get tired, get angrier.

philipallstar 14 hours ago | | |

I think people are tired because people were catastrophising things Trump did 10 years ago, and it's like when a microphone clips because the gain is too high. If you were weeping into your Tiktok in 2016 before anything happened, and even while some good things were happening, it's hard to differentiate reality from hysteria.

sublinear 1 day ago | | |

> tired of every competent person in government being fired and replaced with alcoholic podcasters

Would you prefer the alcoholic media moguls of the democrats? I didn't want to reply, but this was too funny to ignore.

As painful as it's been to watch, above all else I think what Trump has done is open people's eyes to their own biases. Hopefully we can heal and do better.