A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency<\/strong> (CISA) is the latest exhibit in the Trump administration\u2019s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment \u2014 presumably with the password needed to view the file included in the body of the email.<\/p>\n The homepage of cisa.gov as it appeared on Monday and Tuesday afternoon.<\/p>\n<\/div>\n On March 13, a Maryland district court judge ordered<\/a> the Trump administration to reinstate more than 130 probationary CISA employees who were fired last month. On Monday, the administration announced that those dismissed employees would be reinstated but placed on paid administrative leave.<\/p>\n A notice covering the CISA homepage said the administration is making every effort to contact those who were unlawfully fired in mid-February.<\/p>\n \u201cPlease provide a password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number,\u201d the message reads. \u201cPlease, to the extent that it is available, attach any termination notice.\u201d<\/p>\n The message didn\u2019t specify how affected CISA employees should share the password for any attached files, so the implicit expectation is that employees should just include the plaintext password in their message.<\/p>\n Email is about as secure as a postcard sent through the mail, because anyone who manages to intercept the missive anywhere along its path of delivery can likely read it. In security terms, that\u2019s the equivalent of encrypting sensitive data while also attaching the secret key needed to view the information.<\/p>\n What\u2019s more, a great many antivirus and security scanners have trouble inspecting password-protected files, meaning the administration\u2019s instructions are likely to increase the risk that malware submitted by cybercriminals could be accepted and opened by U.S. government employees.<\/p>\n The message in the screenshot above was removed from the CISA homepage Tuesday evening and replaced with a much shorter notice directing former CISA employees to contact a specific email address. But a slightly different version of the same message originally posted to CISA\u2019s website still exists<\/a> at the website for the U.S. Citizenship and Immigration Services<\/strong>, which likewise instructs those fired employees who wish to be rehired and put on leave to send a password-protected email attachment with sensitive personal data.<\/p>\n A message from the White House to fired federal employees at the U.S. Citizenship and Immigration Services instructs recipients to email personal information in a password-protected attachment.<\/p>\n<\/div>\n This is hardly the first example of the administration discarding Security 101 practices in the name of expediency. Last month, the Central Intelligence Agency<\/strong> (CIA) sent an unencrypted email to the White House with the first names and first letter of the last names of recently hired CIA officers who might be easy to fire.<\/p>\n As cybersecurity journalist Shane Harris<\/strong> noted<\/a> in The Atlantic<\/em>, even those fragments of information could be useful to foreign spies.<\/p>\n \u201cOver the weekend, a former senior CIA official showed me the steps by which a foreign adversary who knew only his first name and last initial could have managed to identify him from the single line of the congressional record where his full name was published more than 20 years ago, when he became a member of the Foreign Service,\u201d Harris wrote. \u201cThe former official was undercover at the time as a State Department employee. If a foreign government had known even part of his name from a list of confirmed CIA officers, his cover would have been blown.\u201d<\/p>\n The White House has also fired at least 100 intelligence staffers from the National Security Agency <\/strong>(NSA), reportedly for using an internal NSA chat tool to discuss their personal lives and politics<\/a>. Testifying before the House Select Committee on the Communist Party earlier this month, the NSA\u2019s former top cybersecurity official said the Trump administration\u2019s attempts to mass fire probationary federal employees will be \u201cdevastating\u201d to U.S. cybersecurity operations.\u201d<\/p>\n Rob Joyce<\/strong>, who spent 34 years at the NSA, told Congress how important those employees are in sustaining an aggressive stance against China in cyberspace.<\/p>\n \u201cAt my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills,\u201d Joyce told the panel<\/a>. \u201cEliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats.\u201d<\/p>\n Both the email to fired CISA workers and DOGE\u2019s ongoing efforts to bypass vetted government networks for a faster Wi-Fi signal are emblematic of this administration\u2019s overall approach to even basic security measures: To go around them, or just pretend they don\u2019t exist for a good reason<\/a>.<\/p>\n On Monday, The New York Times<\/em> reported<\/a> that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk\u2019s \u201cDepartment of Government Efficiency\u201d (DOGE) visited the roof of the Eisenhower building inside the White House compound \u2014 to see about setting up a dish to receive satellite Internet access directly from Musk\u2019s Starlink<\/strong> service.<\/p>\n The White House press secretary told The Times that Starlink had \u201cdonated\u201d the service and that the gift had been vetted by the lawyer overseeing ethics issues in the White House Counsel\u2019s Office. The White House claims the service is necessary because its wireless network is too slow.<\/p>\n Jake Williams<\/strong>, vice president for research and development at the cybersecurity consulting firm Hunter Strategy<\/strong>, told The Times \u201cit\u2019s super rare\u201d to install Starlink or another internet provider as a replacement for existing government infrastructure that has been vetted and secured.<\/p>\n \u201cI can\u2019t think of a time that I have heard of that,\u201d Williams said. \u201cIt introduces another attack point,\u201d Williams said. \u201cBut why introduce that risk?\u201d<\/p>\n Meanwhile, NBC News<\/strong> reported on March 7<\/a> that Starlink is expanding its footprint across the federal government.<\/p>\n \u201cMultiple federal agencies are exploring the idea of adopting SpaceX\u2019s Starlink for internet access \u2014 and at least one agency, the General Services Administration (GSA), has done so at the request of Musk\u2019s staff, according to someone who worked at the GSA last month and is familiar with its network operations \u2014 despite a vow by Musk and Trump to slash the overall federal budget,\u201d NBC wrote.<\/span><\/p>\n The longtime Musk employee who encountered the Secret Service on the roof in the White House complex was Christopher Stanley<\/strong>, the 33-year-old senior director for security engineering at X<\/strong> and principal security engineer at SpaceX.<\/p>\n On Monday, Bloomberg broke the news that Stanley had been tapped for a seat on the board of directors at the mortgage giant Fannie Mae<\/strong>. Stanley was added to the board alongside newly confirmed Federal Housing Finance Agency director Bill Pulte<\/a>, the grandson of the late housing businessman and founder of PulteGroup \u2014 William J. Pulte.<\/p>\n In a nod to his new board role atop an agency that helps drive the nation\u2019s $12 trillion mortgage market, Stanley retweeted a Bloomberg story about the hire with a smiley emoji and the comment \u201cTech Support.\u201d<\/p>\n But earlier today, Bloomberg reported<\/a> that Stanley had abruptly resigned from the Fannie board, and that details about the reason for his quick departure weren\u2019t immediately clear. As first reported here<\/a> last month, Stanley had a brush with celebrity on Twitter in 2015 when he leaked the user database for the DDoS-for-hire service LizardStresser<\/strong>, and soon faced threats of physical violence against his family.<\/p>\n My\u00a02015 story on that leak<\/a>\u00a0did not name Stanley, but he exposed himself as the source by posting a video about it on his Youtube channel. A review of domain names registered by Stanley shows he went by the nickname \u201cenKrypt,\u201d and was the former owner of a pirated software and hacking forum called\u00a0error33[.]net<\/strong>, as well as\u00a0theC0re<\/strong>, a video game cheating community.<\/p>\n Stanley is one of more than 50 DOGE workers, mostly young men and women who have worked with one or more of Musk\u2019s companies. The Trump administration remains dogged by questions<\/a> about how many \u2014 if any \u2014 of the DOGE workers were put through the gauntlet of a thorough security background investigation before being given access to such sensitive government databases.<\/p>\n That\u2019s largely because in one of his first executive actions after being sworn in for a second term on Jan. 20, President Trump declared<\/a> that the security clearance process was simply too onerous and time-consuming, and that anyone so designated by the White House counsel would have full top secret\/sensitive compartmented information (TS\/SCI) clearances for up to six months. Translation: We accepted the risk<\/a>, so TAH-DAH! No risk!<\/p>\n Presumably, this is the same counsel who saw no ethical concerns with Musk \u201cdonating\u201d Starlink to the White House, or with President Trump summoning the media to film him hawking Cybertrucks and Teslas (a.k.a. \u201cTeslers\u201d) on the White House lawn last week.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/03\/cisa-resinstatement.png?resize=747%2C371&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/03\/uscis-probation.png?resize=750%2C490&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/03\/stanley-fannie.png?resize=750%2C676&ssl=1\")
<\/p>\n