A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
Just months after we learned Chinese hackers had compromised US telecom systems through government-mandated backdoors, an inexperienced developer from Musk’s DOGE unit is pushing untested code directly into the Treasury’s payment infrastructure — a system that handles over $6 trillion in federal payments annually.
It seems reasonable to call it one of the most dangerous cyberattacks on the US government.
The Treasury Department wants us to believe everything is fine. When Senators Warren and Wyden — the ranking members of the Banking and Finance Committees — demanded answers about Musk’s team’s access to the payment system, Treasury responded with reassurances: just “read only” access, they claimed, with no ability to interfere with payments.
Importantly, the ongoing review of Treasury’s systems is not resulting in the suspension or rejection of any payment instructions submitted to Treasury by other federal agencies across the government. In particular, the review at the Fiscal Service has not caused payments for obligations such as Social Security and Medicare to be delayed or re-routed. To be clear, the agency responsible for making the payment always drives the payment process. Currently, Treasury staff members working with Tom Krause, a Treasury employee, will have read-only access to the coded data of the Fiscal Service’s payment systems in order to continue this operational efficiency assessment. This is similar to the kind of access that Treasury provides to individuals reviewing Treasury systems, such as auditors, and that follows practices associated with protecting the integrity of the systems and business processes.
But while Treasury was making these claims, both Wired and TPM revealed a far more alarming reality: a 25-year-old DOGE team member named Marko Elez (who had refused to give any of his brand new colleagues his last name) had been granted something far beyond “read only” access — he had full administrator privileges to the system. That’s the keys to the kingdom (or, rather, the kingdom’s payments):
Two of those sources say that Elez’s privileges include the ability not just to read but to write code on two of the most sensitive systems in the US government: The Payment Automation Manager (PAM) and Secure Payment System (SPS) at the Bureau of the Fiscal Service (BFS). Housed on a top-secret mainframe, these systems control, on a granular level, government payments that in their totality amount to more than a fifth of the US economy.
Despite reporting that suggests DOGE has access to these Treasury systems on a “read-only” level, sources say Elez, who has visited a Kansas City office housing BFS systems, has many administrator-level privileges. Typically, those admin privileges could give someone the power to log into servers through secure shell access, navigate the entire file system, change user permissions, and delete or modify critical files. That could allow someone to bypass the security measures of, and potentially cause irreversible changes to, the very systems they have access to.
And Elez’s qualifications for this extraordinary level of access to our nation’s financial infrastructure? According to Wired’s reporting, a mere three and a half years of experience since graduating Rutgers, split between SpaceX and ExTwitter’s Search AI team. Neither position involved anything remotely close to handling critical financial infrastructure or government payment systems.
But it gets worse. Josh Marshall’s reporting at TPM reveals something that I can already hear developers howling about, even through the internet: Elez isn’t just looking at the code — he’s pushing untested changes directly into production on a system that handles trillions in federal payments:
I’m told that Elez and possibly other DOGE operatives received full admin-level access on Friday, January 31st. The claim of “read only” access was either false from the start or later fell through. The DOGE team, which appears to be mainly or only Elez for the purposes of this project, has already made extensive changes to the code base for the payment system. They have not locked out the existing programmer/engineering staff but have rather leaned on them for assistance, which the staff appear to have painedly provided hoping to prevent as much damage as possible — “damage” in the sense not of preventing the intended changes but avoiding crashes or a system-wide breakdown caused by rapidly pushing new code into production with a limited knowledge of the system and its dependencies across the federal government.
Remember Treasury’s reassurance that no payments would be blocked? That appears to have been, at best, aspirational. At worst, deliberately misleading. Marshall’s sources indicate that the code changes have a very specific purpose: creating mechanisms to block payments while hiding the evidence.
Phrases like “freaking out” are, not surprisingly, used to describe the reaction of the engineers who were responsible for maintaining the code base until a week ago. The changes that have been made all seem to relate to creating new paths to block payments and possibly leave less visibility into what has been blocked. I want to emphasize that the described changes are not being tested in a dev environment (i.e., a not-live environment) but have already been pushed into production. This is code that appears to be mainly the work of Elez, who was first introduced to the system probably roughly a week ago and certainly not before the second Trump inauguration. The most recent information I have is that no payments have as yet been blocked and that the incumbent engineering team was able to convince Elez to push the code live to impact only a subset of the universe of payments the system controls. I have also heard no specific information about this access being used to drill down into the private financial or proprietary information of payment recipients, though it appears that the incumbent staff has only limited visibility into what Elez is doing with the access. They have, however, looked extensively into the categories and identity of payees to see how certain payments can be blocked.
Let’s be clear about what we’re seeing: deliberately obscured payment-blocking capabilities being added to absolutely critical government infrastructure by an inexperienced developer with minimal oversight. In cybersecurity terms, that’s not just a backdoor — it’s flashing warning lights of an approaching catastrophe.
And the timing couldn’t be worse.
As you might know, we’re about to face yet another debt ceiling crisis in the near future, which might be even more chaotic given the current state of the federal government. But one of the key aspects of the whole debt ceiling thing is that, at some point, long-term civil servants at the Treasury Department are supposed to inform Congress when the government runs out of money.
Greg Sargent, over at The New Republic, has a terrifying piece on how the people who know how to do that were the people Musk just pushed out, like David Lebyk.
What also alarms these officials is that this is unfolding even as a debt ceiling crisis looms. When the government is on the verge of defaulting on its obligations, these officials tell me, it’s Lebryk and his team who carefully monitor the situation to determine, to the greatest extent possible, on what date it will no longer be able to meet its obligations. This team monitors the water levels, these officials say, noting that this is how Treasury knows what to say in those letters that periodically warn Congress that a breach is approaching.
As it happens, this is precisely why we want career, nonpolitical civil servants to be in charge of the spigots. To put it delicately, this is some really complicated shit, and we want the process to be administered in a totally nonpoliticized way. Letting someone like Musk anywhere near it risks corrupting it quite deeply.
“The payment systems are controlled by a small number of career officials precisely to protect them and the full faith and credit of the United States from political interference,” said Jesse Lee, who was a senior adviser to the National Economic Council under President Joe Biden. Or as Linden put it: “This is exactly the kind of thing you do not want political appointees getting involved in.”
And just to add an extra layer of technical recklessness to this situation, Marshall’s reporting includes this stomach-churning detail:
Adding further anxiety about the stability of the system there is, I’m told, a long-scheduled migration scheduled to take place this weekend which could interact in unpredictable ways with the code changes already described.
Cool. Cool.
Pushing untested code changes right before a major system migration is the kind of thing that gets you fired from a low-level development job. Here we’re talking about the federal government’s payment infrastructure.
All of this becomes even more alarming when you consider the broader context: sophisticated foreign adversaries have been systematically probing and compromising US government systems for years.
As we’ve been covering over the last few months, we only recently learned that the Chinese state-sponsored hacking group known as Salt Typhoon gained almost unrestricted access to the backdoors we built into the telecom system for law enforcement wiretapping. They had that access for “months or longer” and were able to do real damage. We still don’t even know if we’ve gotten them out of the system.
And what was one of Trump’s first moves upon taking office? Firing the team investigating that breach.
So here we are: an inexperienced developer, fresh from working on ExTwitter’s search tools, is implementing hidden payment-blocking capabilities in the federal government’s $6 trillion payment system, while the very experts who understand these systems are being pushed out, and the teams responsible for investigating security breaches are being disbanded.
What could go wrong?
Hopefully, for everyone’s sake, nothing goes wrong at all. It sounds like career staff are doing their best to actually protect the system from harm. But, this isn’t a rocket ship that you can have blow up a few times before you figure out the problems.
So… fingers crossed?