DOGE staffer allegedly ran company providing services to hacking group

US Department of Government Efficiency tech advisor Edward Coristine previously ran a small infrastructure provider that offered services to a cybercriminal group, it has been alleged.

While in high school in 2022 the then-16-year-old DOGE senior advisor ran a company called DiamondCDN that supported a website used by a cybercriminal group named ‘EGodly’, Reuters reported Wednesday.

The connection between DiamondCDN and EGodly was established through digital records preserved by threat intelligence company DomainTools and online cybersecurity tool Any.Run, the Reuters report said.

It’s not clear that Coristine was aware of EGodly’s activity but in early 2023 the group thanked the company on Telegram for helping to keep its dataleak.fun website up and running:

“We extend our gratitude to our valued partners DiamondCDN for generously providing us with their amazing DDoS protection and caching systems, which allow us to securely host and safeguard our website,” read the message.

Records seen by Reuters show this support ran from October 2022 to June 2023 and that users attempting to reach the dataleak.fun site would first have to pass a DiamondCDN anti-bot ‘security check.’

Breaking into law enforcement accounts

Crimes EGodly boasted it had carried out include cryptocurrency theft, phone number hijacking, and breaking into law enforcement email accounts, Reuters said. The group also circulated personal details of an FBI agent it believed was investigating it, and engaged in swatting, the practice of calling armed police to a target’s house on false pretenses as a form of intimidation.

This is not the first time Coristine’s past has been questioned. In February Bloomberg reported that he was fired in 2022 by cybersecurity company Path Network for allegedly “leaking proprietary information.” Separately, it has been reported that Coristine was associated with a Telegram/Discord cybercriminal social network called ‘The Com.’

However, for now, the allegations against him are just that — allegations. He has not commented on any of them.

None of this would hold wider significance if Coristine, now 19 years old, wasn’t one of DOGE’s super-nerds. His celebrity has also been bolstered by DOGE booster Elon Musk himself, who in February tweeted on X that “Big Balls is awesome,” a reference to his vulgar nickname in high school.

Meanwhile, Coristine has access as part of his job to some of the most confidential servers in the US government, including ones that normally require a high level of security clearance.

It’s a reminder that every job candidate should be carefully vetted, said cybersecurity expert Graham Cluley.

“When you hire someone for a job, you’re wise to take a look at what they’ve done in the past. It gives you an idea of both their achievements, as well as, potentially, anything they might have got up to which would help shine light on their judgement, their ethics, and how they might perform in the role,” Cluley said by email.