Thank you for getting this out there! I swear there are 10 of you getting news to us immediately. I don't know how you do it.
And holy crap. This is a huge. As someone who is studying cybersecurity this is a giant red flag. If the OPM servers were moved to the cloud and compromised, it wouldn't just be by Musk's team. It could very well be many foreign actors.
First, thank you Allison for your efforts and hard work with this because we know it has far more significance than just a little email phishing. I have no doubts federal employee privacy is extremely compromised now & this little backdoor ID numbering is just a part of The Felon Administrations Identify & Purge Program.
I wouldnt be surprised at all thst with The Felon's propaganda team( probably run by Stephen Miller) in the White House, there is no privacy.
For anyone.
Anywhere.
Anymore....
UNLESS you're an inner circle maga, RepubliFascist, multimillionaire or a billionaire & even then it's limited because they like to spy on each other.
I followed up and sent this to Rep. Khanna for the Cybersecurity, IT, and Gov innovation subcommittee of the House Oversight Committee for IP overreach. Hopefully they will look into it.
Musk has his fingers in every piece of personal data for every single American, government employee or not. Nobody is safe, and he can change, remove, or add data, both real and imagined, as needed on individuals. Does anyone still doubt that Musk and Co. changed the election results? The only answer is to take him and his team of merry men out of service, gut the computers, and start over. Everything is corrupted.
I have no doubt at all since drumpf hinted at election interference for months. What I’m puzzled about is WHY VP Harris didn’t demand inquiries into the tossed voter registrations or the votes lost from the bomb threat sites on Election Day.
Steven Spoonamore sent her a “Duty to Warn” letter about the election being stolen. He said he could prove how they did it. GregPalaste.com also has information on this.
I have to agree with you. Musk wants to rule us. Frump is too lazy and dumb to know he has been bought and paid for and in time will be in Musk's trash can.
Personally, I think we need to try to get this story to Rep. Ro Khanna, a strong Dem who’s on the Cybersecurity, IT, and Gov innovation subcommittee of the House Oversight Committee.
Hit the OPM with a FOIA as to the who authorized this expatriation of US Government systems and data, who the current cloud service provider is, and all persons having access to the data and their affiliation with the OPM and NGO’s.
A replica of that mail storage would be prime data for distribution of trackers and active surveillance. It doesn't take all that long to move that data to cloud servers with the federal government's dedicated network pipes.
Yes! And with The Felon Administration most anything at all can be procured, by whomever -- as long as their willing to cough up the right dollar amount.
I can think of many reasons why Elon and the PayPal Mafia would want to tap those fiber backbones to the Reston DCs and the entire SIPRNet infrastructure.
Thanks Allison and Jay! I am definitely not technologically inclined, so what I got out of it was Holy shit! That sounds like a whole lot of conspiracy fucktastrophy from a hostile foreign country to obtain information about our government and its employees. Am I right?
“If you think technology can solve your security problems, then you don’t understand the problems, and you don’t understand the technology.” = Bruce Schneier
Looking at WHOIS, a complete DNS records dump of opm.gov, and a TRACEROUTE, it appears everything got rehosted within Akamai Technologies domain. The tracerouted IPs were all in the US. Akamai has a healthy Federal line of business. As a whole they’ve got people experienced enough not to screw up a rehosting… unless someone dropped this on them as a rush job. The last WHOIS record change was 1/30/25, 10 minutes after midnight EST.
Akamai will be around long after Trump is gone, and if they want a get-out-of-jail-free card when subpoenaed by a Democratic-controlled House committee after the midterms, they’ll make sure they snapshot the VMs
Which cloud they moved to is important context here. If it's a cloud container that is FEDRAMP ATO'd and under the governance of an authorizing official there's not a lot to see here. Or, is it a private cloud container under no governance? If it's the later this should be treated as a PII breach as it runs counter to FISMA 2002 (Title III of the E-Government Act of 2002, Public Law 107-347); FISMA 2014 (Federal Information Security Modernization Act of 2014, Public Law 113-283); and OMB A-130r (Establishes PII protection policies for federal agencies).
Thank you for getting this out there! I swear there are 10 of you getting news to us immediately. I don't know how you do it.
And holy crap. This is a huge. As someone who is studying cybersecurity this is a giant red flag. If the OPM servers were moved to the cloud and compromised, it wouldn't just be by Musk's team. It could very well be many foreign actors.
This is going to get ugly.
First, thank you Allison for your efforts and hard work with this because we know it has far more significance than just a little email phishing. I have no doubts federal employee privacy is extremely compromised now & this little backdoor ID numbering is just a part of The Felon Administrations Identify & Purge Program.
I wouldnt be surprised at all thst with The Felon's propaganda team( probably run by Stephen Miller) in the White House, there is no privacy.
For anyone.
Anywhere.
Anymore....
UNLESS you're an inner circle maga, RepubliFascist, multimillionaire or a billionaire & even then it's limited because they like to spy on each other.
I followed up and sent this to Rep. Khanna for the Cybersecurity, IT, and Gov innovation subcommittee of the House Oversight Committee for IP overreach. Hopefully they will look into it.
Musk has his fingers in every piece of personal data for every single American, government employee or not. Nobody is safe, and he can change, remove, or add data, both real and imagined, as needed on individuals. Does anyone still doubt that Musk and Co. changed the election results? The only answer is to take him and his team of merry men out of service, gut the computers, and start over. Everything is corrupted.
I have no doubt at all since drumpf hinted at election interference for months. What I’m puzzled about is WHY VP Harris didn’t demand inquiries into the tossed voter registrations or the votes lost from the bomb threat sites on Election Day.
Agreed. So frustrating.
Steven Spoonamore sent her a “Duty to Warn” letter about the election being stolen. He said he could prove how they did it. GregPalaste.com also has information on this.
I have to agree with you. Musk wants to rule us. Frump is too lazy and dumb to know he has been bought and paid for and in time will be in Musk's trash can.
Yes it is. I know… they have access to every employees most intimate details submitted in their background checks. This is scary.
Allison how can we get this immediately public for the majority of the people to see ?
Personally, I think we need to try to get this story to Rep. Ro Khanna, a strong Dem who’s on the Cybersecurity, IT, and Gov innovation subcommittee of the House Oversight Committee.
Incredible reporting Allison. Can this be brought to the attention of the employees if they are compromised? Unbelievable!
This is HUGE.
Hit the OPM with a FOIA as to the who authorized this expatriation of US Government systems and data, who the current cloud service provider is, and all persons having access to the data and their affiliation with the OPM and NGO’s.
A replica of that mail storage would be prime data for distribution of trackers and active surveillance. It doesn't take all that long to move that data to cloud servers with the federal government's dedicated network pipes.
Yes! And with The Felon Administration most anything at all can be procured, by whomever -- as long as their willing to cough up the right dollar amount.
I can think of many reasons why Elon and the PayPal Mafia would want to tap those fiber backbones to the Reston DCs and the entire SIPRNet infrastructure.
Exactly 😉
12 likes
ONE BIG YIKES!!!
Where is anonymous the group to hack these hackers?
Thanks Allison and Jay! I am definitely not technologically inclined, so what I got out of it was Holy shit! That sounds like a whole lot of conspiracy fucktastrophy from a hostile foreign country to obtain information about our government and its employees. Am I right?
If that's what it is, that's terrifying.
Nice job, Allison. Kudos to you.
“If you think technology can solve your security problems, then you don’t understand the problems, and you don’t understand the technology.” = Bruce Schneier
Looking at WHOIS, a complete DNS records dump of opm.gov, and a TRACEROUTE, it appears everything got rehosted within Akamai Technologies domain. The tracerouted IPs were all in the US. Akamai has a healthy Federal line of business. As a whole they’ve got people experienced enough not to screw up a rehosting… unless someone dropped this on them as a rush job. The last WHOIS record change was 1/30/25, 10 minutes after midnight EST.
Akamai will be around long after Trump is gone, and if they want a get-out-of-jail-free card when subpoenaed by a Democratic-controlled House committee after the midterms, they’ll make sure they snapshot the VMs
mail.opm.gov is also within Akamai’s domain.
It sure seems HUGE to me
Which cloud they moved to is important context here. If it's a cloud container that is FEDRAMP ATO'd and under the governance of an authorizing official there's not a lot to see here. Or, is it a private cloud container under no governance? If it's the later this should be treated as a PII breach as it runs counter to FISMA 2002 (Title III of the E-Government Act of 2002, Public Law 107-347); FISMA 2014 (Federal Information Security Modernization Act of 2014, Public Law 113-283); and OMB A-130r (Establishes PII protection policies for federal agencies).
Is there any way to find that out?
We can draw inferences from message headers and logs but without actual governance and oversight it's only inference - not fact.