Wired<\/em> reported this week that a 19-year-old working for Elon Musk<\/strong>\u2018s so-called Department of Government Efficiency<\/strong> (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today\u2019s story explores, the DOGE teen is a former denizen of \u2018The Com<\/strong>,\u2019 an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.<\/p>\n Since President Trump\u2019s second inauguration, Musk\u2019s DOGE team has gained access to a truly staggering amount of personal and sensitive data on American citizens, moving quickly to seize control over databases at the U.S. Treasury<\/strong>, the Office of Personnel Management<\/strong>, the Department of Education<\/strong>, and the Department of Health and Human Resources<\/strong>, among others.<\/p>\n Wired<\/em> first reported on Feb. 2<\/a> that one of the technologists on Musk\u2019s crew is a 19-year-old high school graduate named Edward Coristine<\/strong>, who reportedly goes by the nickname \u201cBig Balls\u201d online. One of the companies Coristine founded, Tesla.Sexy LLC<\/strong>, was set up in 2021, when he would have been around 16 years old.<\/p>\n \u201cTesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains,\u201d Wired<\/em> reported. \u201cOne of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.\u201d<\/p>\n Mr. Coristine has not responded to requests for comment. In a follow-up story<\/a> this week, Wired<\/em> found that someone using a Telegram handle tied to Coristine solicited a DDoS-for-hire service in 2022, and that he worked for a short time at a company that specializes in protecting customers from DDoS attacks.<\/p>\n A profile photo from Coristine\u2019s WhatsApp account.<\/p>\n<\/div>\n Internet routing records show<\/a> that Coristine runs an Internet service provider called Packetware<\/strong> (AS400495). Also known as \u201cDiamondCDN<\/strong>,\u201d Packetware currently hosts<\/a> tesla[.]sexy and diamondcdn[.]com, among other domains.<\/p>\n DiamondCDN was advertised and claimed by someone who used the nickname \u201cRivage<\/strong>\u201d on several Com-based Discord channels over the years. A review of chat logs from some of those channels show other members frequently referred to Rivage as \u201cEdward.\u201d<\/p>\n From late 2020 to late 2024, Rivage\u2019s conversations would show up in multiple Com chat servers that are closely monitored by security companies. In November 2022, Rivage could be seen requesting recommendations for a reliable and powerful DDoS-for-hire service.<\/p>\n Rivage made that request in the cybercrime channel \u201cDstat<\/strong>,\u201d a core Com hub where users could buy and sell attack services. Dstat\u2019s website dstat[.]cc was seized<\/a> in 2024 as part of \u201cOperation PowerOFF,\u201d an international law enforcement action against DDoS services.<\/p>\n Coristine\u2019s LinkedIn profile said that in 2022 he worked at an anti-DDoS company called Path Networks<\/strong>, which Wired<\/em> generously described as a \u201cnetwork monitoring firm known for hiring reformed blackhat hackers.\u201d Wired<\/em> wrote:<\/p>\n \u201cAt Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn r\u00e9sum\u00e9. Path has at times listed as employees Eric Taylor<\/strong>, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It\u2019s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.\u201d<\/p>\n The founder of Path is a young man named Marshal Webb<\/strong>. I wrote about Webb back in 2016, in a story about a DDoS defense company he co-founded called BackConnect Security LLC<\/strong>. On September 20, 2016, KrebsOnSecurity published data showing that the company had a history of hijacking Internet address space that belonged to others<\/a>.<\/p>\n Less than 24 hours after that story ran, KrebsOnSecurity.com was hit with the biggest DDoS attack the Internet had ever seen at the time<\/a>. That sustained attack kept this site offline for nearly 4 days<\/a>.<\/p>\n The other founder of BackConnect Security LLC was Tucker Preston<\/strong>, a Georgia man who pleaded guilty in 2020<\/a> to paying a DDoS-for-hire service to launch attacks against others.<\/p>\n The aforementioned Path employee Eric Taylor pleaded guilty in 2017<\/a> to charges including an attack on our home in 2013<\/a>. Taylor was among several men involved in making a false report to my local police department about a supposed hostage situation at our residence in Virginia. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as \u201cswatting.\u201d<\/p>\n CosmoTheGod rocketed to Internet infamy in 2013 when he and a number of other hackers set up the Web site exposed[dot]su<\/a>, which \u201cdoxed\u201d dozens of public officials and celebrities by publishing the address, Social Security numbers and other personal information on the former First Lady Michelle Obama, the then-director of the FBI and the U.S. attorney general, among others. The group also swatted many of the people they doxed.<\/p>\n Wired<\/em> noted that Coristine only worked at Path for a few months in 2022, but the story didn\u2019t mention why his tenure was so short. A screenshot shared on the website pathtruths.com<\/a> includes a snippet of conversations in June 2022 between Path employees discussing Coristine\u2019s firing.<\/p>\n According to that record, Path founder Marshal Webb dismissed Coristine for leaking internal documents to a competitor. Not long after Coristine\u2019s termination, someone leaked an abundance of internal Path documents and conversations. Among other things, those chats revealed that one of Path\u2019s technicians was a Canadian man named Curtis Gervais<\/strong> who was convicted in 2017 of perpetrating dozens of swatting attacks and fake bomb threats<\/a> \u2014 including at least two attempts against our home in 2014.<\/p>\n A snippet of text from an internal Path chat room, wherein members discuss the reason for Coristine\u2019s termination: Allegedly, leaking internal company information. Source: Pathtruths.com.<\/p>\n<\/div>\n <\/span><\/p>\n On May 11, 2024, Rivage posted on a Discord channel for a DDoS protection service that is chiefly marketed to members of The Com. Rivage expressed frustration with his time spent on Com-based communities, suggesting that its profitability had been oversold.<\/p>\n \u201cI don\u2019t think there\u2019s a lot of money to be made in the com,\u201d Rivage lamented. \u201cI\u2019m not buying Heztner [servers] to set up some com VPN.\u201d<\/p>\n Rivage largely stopped posting messages on Com channels after that. Wired<\/em> reports that Coristine subsequently spent three months last summer working at Neuralink<\/strong>, Elon Musk\u2019s brain implant startup.<\/p>\n The trouble with all this is that even if someone sincerely intends to exit The Com after years of consorting with cybercriminals, they are often still subject to personal attacks, harassment and hacking long after they have left the scene.<\/p>\n That\u2019s because a huge part of Com culture involves harassing, swatting and hacking other members of the community. These internecine attacks are often for financial gain, but just as frequently they are perpetrated by cybercrime groups to exact retribution from or assert dominance over rival gangs.<\/p>\n Experts say it is extremely difficult for former members of violent street gangs to gain a security clearance needed to view sensitive or classified information held by the U.S. government. That\u2019s because ex-gang members are highly susceptible to extortion and coercion from current members of the same gang, and that alone presents an unacceptable security risk for intelligence agencies.<\/p>\n And make no mistake: The Com is the English-language cybercriminal hacking equivalent of a violent street gang. KrebsOnSecurity has published numerous stories detailing how feuds within the community periodically spill over into real-world violence<\/a>.<\/p>\n When Coristine\u2019s name surfaced in Wired<\/em>\u2018s report this week, members of The Com immediately took notice.\u00a0In the following segment from a February 5, 2025 chat in a Com-affiliated hosting provider, members criticized Rivage\u2019s skills, and discussed harassing his family and notifying authorities about incriminating accusations that may or may not be true.<\/p>\n 2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man Given the speed with which Musk\u2019s DOGE team was allowed access to such critical government databases, it strains credulity that Coristine could have been properly cleared beforehand. After all, he\u2019d recently been dismissed from a job for allegedly leaking internal company information to outsiders<\/em>.<\/p>\n According to the national security adjudication guidelines<\/a> (PDF) released by the Director of National Intelligence<\/strong> (DNI), eligibility determinations take into account a person\u2019s stability, trustworthiness, reliability, discretion, character, honesty, judgement, and ability to protect classified information.<\/p>\n The DNI policy further states that \u201celigibility for covered individuals shall be granted only when facts and circumstances indicate that eligibility is clearly consistent with the national security interests of the United States, and any doubt shall be resolved in favor of national security.\u201d<\/p>\n On Thursday, 25-year-old DOGE staff member Marko Elez<\/strong> resigned after being linked to a deleted social media account that advocated racism and eugenics. Elez resigned after The Wall Street Journal<\/em> asked<\/a> the White House about his connection to the account.<\/p>\n \u201cJust for the record, I was racist before it was cool,\u201d the account posted in July. \u201cYou could not pay me to marry outside of my ethnicity,\u201d the account wrote on X in September. \u201cNormalize Indian hate,\u201d the account wrote the same month, in reference to a post noting the prevalence of people from India in Silicon Valley.<\/p>\n Elez\u2019s resignation came a day after the Department of Justice agreed to limit the number of DOGE employees who have access to federal payment systems. The DOJ said access would be limited to two people, Elez and Tom Krause<\/strong>, the CEO of a company called Cloud Software Group.<\/p>\n Earlier today, Musk said he planned to rehire Elez<\/a> after President Trump<\/strong> and Vice President JD Vance<\/strong> reportedly endorsed the idea. Speaking at The White House today, Trump said he wasn\u2019t concerned about the security of personal information and other data accessed by DOGE, adding that he was \u201cvery proud of the job that this group of young people\u201d are doing.<\/p>\n A White House official told<\/a> Reuters<\/em> on Wednesday that Musk and his engineers have appropriate security clearances and are operating in \u201cfull compliance with federal law, appropriate security clearances, and as employees of the relevant agencies, not as outside advisors or entities.\u201d<\/p>\n NPR<\/em> reports<\/a> Trump added that his administration\u2019s cost-cutting efforts would soon turn to the Education Department and the Pentagon, \u201cwhere he suggested without evidence that there could be \u2018trillions\u2019 of dollars in wasted spending within the $6.75 trillion the federal government spent in fiscal year 2024.\u201d<\/p>\n GOP leaders in the Republican-controlled House and Senate have largely shrugged about Musk\u2019s ongoing efforts to seize control over federal databases, dismantle agencies mandated by Congress, freeze federal spending on a range of already-appropriated government programs, and threaten workers with layoffs.<\/p>\n Meanwhile, multiple parties have sued to stop DOGE\u2019s activities. ABC News says<\/a> a federal judge was to rule today on whether DOGE should be blocked from accessing Department of Labor records, following a lawsuit alleging Musk\u2019s team sought to illegally access highly sensitive data, including medical information, from the federal government.<\/p>\n At least 13 state attorney general say they plan to file a lawsuit to stop DOGE from accessing federal payment systems containing Americans\u2019 sensitive personal information, reports<\/a> The Associated Press<\/em>.<\/p>\n Reuters reported Thursday<\/a> that the U.S. Treasury Department had agreed not to give Musk\u2019s team access to its payment systems while a judge is hearing arguments in a lawsuit by employee unions and retirees alleging Musk illegally searched those records.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/02\/coristine.png?resize=637%2C636&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/02\/pathchat.png?resize=585%2C808&ssl=1\")
<\/p>\n\n
\n2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done
\n2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that
\n2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about
\n2025-02-05 16:29:56 UTC xewdy#0 edward
\n2025-02-05 16:29:56 UTC .yarrb#0 rivagew
\n2025-02-05 16:29:57 UTC vperked#0 Rivarge
\n2025-02-05 16:29:57 UTC xewdy#0 diamondcdm
\n2025-02-05 16:29:59 UTC vperked#0 i cant spell it
\n2025-02-05 16:30:00 UTC hebeatsme#0 rivage
\n2025-02-05 16:30:08 UTC .yarrb#0 yes
\n2025-02-05 16:30:14 UTC hebeatsme#0 i have him added
\n2025-02-05 16:30:20 UTC hebeatsme#0 hes on discord still
\n2025-02-05 16:30:47 UTC .yarrb#0 hes focused on stroking zaddy elon
\n2025-02-05 16:30:47 UTC vperked#0 https:\/\/en.wikipedia.org\/wiki\/Edward_Coristine
\n2025-02-05 16:30:50 UTC vperked#0 no fucking way
\n2025-02-05 16:30:53 UTC vperked#0 they even made a wiki for him
\n2025-02-05 16:30:55 UTC vperked#0 LOOOL
\n2025-02-05 16:31:05 UTC hebeatsme#0 no way
\n2025-02-05 16:31:08 UTC hebeatsme#0 hes not a good dev either
\n2025-02-05 16:31:14 UTC hebeatsme#0 like????
\n2025-02-05 16:31:22 UTC hebeatsme#0 has to be fake
\n2025-02-05 16:31:24 UTC xewdy#0 and theyre saying ts
\n2025-02-05 16:31:29 UTC xewdy#0 like ok bro
\n2025-02-05 16:31:51 UTC .yarrb#0 now i wanna know what all the other devs are like\u2026
\n2025-02-05 16:32:00 UTC vperked#0 \u201c`Coristine used the moniker \u201cbigballs\u201d on LinkedIn and @Edwardbigballer on Twitter, according to The Daily Dot.[\u201c`
\n2025-02-05 16:32:05 UTC vperked#0 LOL
\n2025-02-05 16:32:06 UTC hebeatsme#0 lmfaooo
\n2025-02-05 16:32:07 UTC vperked#0 bro
\n2025-02-05 16:32:10 UTC hebeatsme#0 bro
\n2025-02-05 16:32:17 UTC hebeatsme#0 has to be fake right
\n2025-02-05 16:32:22 UTC .yarrb#0 does it mention Rivage?
\n2025-02-05 16:32:23 UTC xewdy#0 He previously worked for NeuraLink, a brain computer interface company led by Elon Musk
\n2025-02-05 16:32:26 UTC xewdy#0 bro what
\n2025-02-05 16:32:27 UTC alexaloo#0 I think your current occupation gives you a good insight of what probably goes on
\n2025-02-05 16:32:29 UTC hebeatsme#0 bullshit man
\n2025-02-05 16:32:33 UTC xewdy#0 this nigga got hella secrets
\n2025-02-05 16:32:37 UTC hebeatsme#0 rivage couldnt print hello world
\n2025-02-05 16:32:42 UTC hebeatsme#0 if his life was on the line
\n2025-02-05 16:32:50 UTC xewdy#0 nigga worked for neuralink
\n2025-02-05 16:32:54 UTC hebeatsme#0 bullshit
\n2025-02-05 16:33:06 UTC Nashville Dispatch ##0000 ||@PD Ping||
\n2025-02-05 16:33:07 UTC hebeatsme#0 must have killed all those test pigs with some bugs
\n2025-02-05 16:33:24 UTC hebeatsme#0 ur telling me the rivage who failed to start a company
\n2025-02-05 16:33:28 UTC hebeatsme#0 https:\/\/cdn.camp
\n2025-02-05 16:33:32 UTC hebeatsme#0 who didnt pay for servers
\n2025-02-05 16:33:34 UTC hebeatsme#0 ?
\n2025-02-05 16:33:42 UTC hebeatsme#0 was too cheap
\n2025-02-05 16:33:44 UTC vperked#0 yes
\n2025-02-05 16:33:50 UTC hebeatsme#0 like??
\n2025-02-05 16:33:53 UTC hebeatsme#0 it aint adding up
\n2025-02-05 16:33:56 UTC alexaloo#0 He just needed to find his calling idiot.
\n2025-02-05 16:33:58 UTC alexaloo#0 He found it.
\n2025-02-05 16:33:59 UTC hebeatsme#0 bro
\n2025-02-05 16:34:01 UTC alexaloo#0 Cope in a river dude
\n2025-02-05 16:34:04 UTC hebeatsme#0 he cant make good money right
\n2025-02-05 16:34:08 UTC hebeatsme#0 doge is about efficiency
\n2025-02-05 16:34:11 UTC hebeatsme#0 he should make $1\/he
\n2025-02-05 16:34:15 UTC hebeatsme#0 $1\/hr
\n2025-02-05 16:34:25 UTC hebeatsme#0 and be whipped for better code
\n2025-02-05 16:34:26 UTC vperked#0 prolly makes more than us
\n2025-02-05 16:34:35 UTC vperked#0 with his dad too
\n2025-02-05 16:34:52 UTC hebeatsme#0 time to report him for fraud
\n2025-02-05 16:34:54 UTC hebeatsme#0 to donald trump
\n2025-02-05 16:35:04 UTC hebeatsme#0 rivage participated in sim swap hacks in 2018
\n2025-02-05 16:35:08 UTC hebeatsme#0 put that on his wiki
\n2025-02-05 16:35:10 UTC hebeatsme#0 thanks
\n2025-02-05 16:35:15 UTC hebeatsme#0 and in 2021
\n2025-02-05 16:35:17 UTC hebeatsme#0 thanks
\n2025-02-05 16:35:19 UTC chainofcommand#0 i dont think they\u2019ll care tbh<\/p>\n<\/blockquote>\n