Latest news with #EdwardCoristine
Yahoo
22-04-2025
- Yahoo
Ransomware Gang Takes Page From Elon's 'What Did You Do This Week' DOGE Emails
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing. A ransomware gang is channeling Elon Musk's Department of Government Efficiency by taunting victims with ransom notes that demand to know what they've "accomplished for work" in the last week. The FOG ransomware group has been distributing the DOGE-themed notes in recent weeks, according to malware samples that cybersecurity vendor Trend Micro discovered on the file-scanning service VirusTotal. 'We observed that these samples initially dropped a note containing key names related to the Department of Government Efficiency (DOGE),' Trend Micro says. The ransom notes also allude to Edward Coristine, who uses the online alias 'Big Balls." He reportedly has a history with cybercriminal groups, but was still appointed to Musk's DOGE team. A separate cybersecurity firm, Cyble, spotted the same attack generating a pop-up on computers that says 'DOGE BIG BALLS RANSOMWARE.' The FOG ransomware gang appears to be spreading its attack through phishing emails with an attachment titled "Pay If opened, the attachment will download and execute a PowerShell script designed to load the ransomware loader in " along with other malicious programs. "It also opens politically themed YouTube videos and includes written political commentary directly in the script,' Trend Micro notes. The attack is designed to gather data on the victim's PC before encrypting the files, and then leaving a ransom note, demanding the victim pay approximately $1,000 in the Monero cryptocurrency. According to Cyble, the ransom note, titled introduces the threat actor as 'Edward Coristine,' and lists his purported home address and phone number. The note then echoes Elon Musk's recent emails to federal workers and demand that victims justify their productivity by listing their weekly accomplishments. 'Give me five bullet points on what you accomplished for work last week or you owe me a TRILLION dollars,' the ransom note from the FOG gang says. 'The use of Coristine's name and the 'DOGE' reference in the ransomware could be a tactic to malign him and the DOGE initiative,' Cyble adds. In the ransom note, the FOG group also claims they'll decrypt the files for free, but only if the victim spreads the ransomware attack to another victim. 'FOG ransomware is a relatively new ransomware family that enterprises must add to their watchlist,' Trend Micro warns. The gang claims to have attacked over 100 victims, including organizations in the education, manufacturing, and transportation sectors, since January. Meanwhile, the official "what did you do this week" emails from DOGE are reportedly a bust. The Washington Post reports that the Office of Personnel Management basically told HR officials across the government that the emails are voluntary and that the agency didn't plan to do anything with the emails that were submitted.
Yahoo
27-03-2025
- Yahoo
A DOGE staffer working as a ‘senior advisor' in the government's cybersecurity agency once provided tech support to a cybercrime ring
Edward Coristine, a 19-year-old DOGE member, has been linked to a cybercrime group through his former company, DiamondCDN. Coristine has been listed as an adviser in multiple U.S. government agencies, including the Cybersecurity and Infrastructure Security Agency. A member of Elon Musk's Department of Government Efficiency (DOGE) appears to have provided tech support to a cybercrime group known as EGodly. Edward Coristine, also known by his nickname "Big Balls," has been linked to the cybercrime group through a company he ran called DiamondCDN. According to corporate and digital records reviewed by Reuters and Telegram messages seen by Fortune, EGodly was one of the company's users. The group publicly thanked Coristine's company for its assistance in a post on its Telegram channel on Feb. 15, 2023. "We extend our gratitude to our valued partners DiamondCDN for generously providing us with their amazing DDoS protection and caching systems, which allow us to securely host and safeguard our website," the message read. An FBI agent who had contact with EGodly told Reuters the group had been investigated due to a connection with swatting, a practice of making false emergency calls in an attempt to send SWAT teams to targeted addresses. He called EGodly "not a pleasant group," referring to the members as "bad folks." In other messages shared on the Telegram channel and reviewed by Fortune, the group can also be seen selling people's private PII (Personally Identifiable Information), boasting about hacking government emails and cyberstalking an FBI agent. In one post, the group advertised "Brazil government emails" for sale, telling members they could use the addresses to get information on users by sending data requests to the support of platforms. In one video posted by the account, a car drove past what appeared to be the FBI agent's house while someone screamed out the window: "EGodly says you're a bitch!" An analysis of digital records conducted by Reuters found that between October 2022 and June 2023, the EGodly website, was linked to IP addresses associated with DiamondCDN and other businesses owned by Coristine. During this period, some visitors to the site encountered a DiamondCDN "Security check," the outlet reported. Representatives for the State Department and DiamondCDN did not immediately return requests for comment from Fortune. The department and Coristine did not reply to Reuters comment requests either. Coristine's role within the government is not entirely clear. The 19-year-old was most recently a freshman mechanical engineering and physics major at Boston's Northeastern University until joining Elon Musk's cost-cutting team at DOGE. He also worked briefly at Musk's brain implant company Neuralink. According to Reuters, he's listed as a "senior adviser" at the State Department as well as the Cybersecurity and Infrastructure Security Agency. He's also been linked to the Department of Homeland Security by a Washington Post report. Wired has also reported that Coristine is listed as one of several 'experts' at the Office of Personnel Management, the government's HR department. Although Coristine's link to EGodly may have been brief, Nitin Natarajan—formerly the deputy director of CISA under President Joe Biden—expressed concern about the teenager now being part of a team with extensive access to government systems. "This stuff was not in the distant past," Natarajan told Reuters. "The recency of the activity and the types of groups he was associated would definitely be concerning." It's also not the first time Coristine has made headlines for his past associations. Last month, Bloomberg reported that he was previously fired from an internship at Path Network for reportedly leaking information to competitors. Coristine later denied doing anything "contractually wrong' while working at Path Network via a post on Discord, per Bloomberg. This story was originally featured on
South China Morning Post
27-02-2025
- Business
- South China Morning Post
Who is young Elon Musk hire Edward Coristine, aka Big Balls? The Doge staffer and new ‘senior adviser' at the State Department is just 19 and registered his first venture, Tesla.Sexy LLC, at 16
A 19-year-old high school graduate and Doge staffer who goes by the nickname 'Big Balls' has now been given a 'senior adviser' role at the State Department's Bureau of Diplomatic Technology, according to The Washington Post. The teenager, who has been identified as Edward Coristine, has drawn backlash and raised further concern about Elon Musk , who has been leading President Donald Trump's Department of Government Efficiency (Doge). He appears to have since launched an account on X, where he shared the news publicly. 'Honoured to announce I've secured a role at the State Department. Huge thanks to the media for the coverage and to my friends who've supported me along the way. Big things ahead. #BigBalls,' he wrote. Advertisement Edward Coristine dropped out of Northeastern University to work in Silicon Valley. Photo: @EdwardCoristine/X Here's what we know about the controversial young adult who's joining Musk's team. Who are Edward Coristine's parents? Edward Coristine's father Charles Coristine is reportedly also a controversial figure. He is a former Morgan Stanley employee who bought the failing organic popcorn company Lesser Evil for US$250,000 and grew it into a multimillion-dollar brand, per CNBC. He was later accused of false advertising by stating that the snacks were healthier than other options on the market, according to The Independent. Edward has been dubbed a 'popcorn heir' thanks to his father's dealings. Where did Edward Coristine go to college? Edward Coristine is an aspiring entrepreneur. Photo: Reddit
Yahoo
09-02-2025
- Business
- Yahoo
Musk's Teenage DOGE Minion Was Once Fired for Leaking Employer's Secrets
Edward Coristine, the youngest of Elon Musk's DOGE whiz kids at 19 years old, was previously fired from an internship after he allegedly leaked a data security firm's sensitive information to its competitor, a Bloomberg report reveals. In a June 2022 message reviewed by Bloomberg, an executive with Path Network confirmed that Coristine 'has been terminated,' and called his behavior 'unacceptable.' The exec added, 'There is zero tolerance for this.' In a quote to Bloomberg on Thursday, a spokesperson for the company added, 'I can confirm that Edward Coristine's brief contract was terminated after the conclusion of an internal investigation into the leaking of proprietary company information that coincided with his tenure.' Coristine confirmed that he had retained access to the cybersecurity firm's computers but insisted he did not abuse his privileges in a 2022 Discord message, reviewed by Bloomberg. 'I never exploited it because it's just not me,' wrote Coristine under the alias 'Rivage.' He is also known to use the alias 'JoeyCrafter,' sources told Bloomberg. 'Big Balls' is another one of his online monikers. Coristine insisted that he had done 'nothing contractually wrong' while working for Path Network. The incident didn't prevent the teen from landing an internship at Musk's Neuralink before moving on to DOGE, where his core responsibilities now include gathering datasets on government personnel, contracts and programs, according to Bloomberg, who spoke to sources familiar with his role. Bloomberg reported that at least two cybercrime investigators have been monitoring chat rooms that Coristine and others have frequented in the last year. The investigators told Bloomberg they became aware of Coristine and one of his aliases while investigating an alleged hacker he was in communication with. 'Looking for capable, powerful & reliable L7,' reads a 2022 Telegram from 'JoeyCrafter,' reviewed by Bloomberg. The message referred to a hacking tool that overwhelms websites with traffic. Washington-based lawyer Brad Moss told Bloomberg that Coristine's internet forum activities would not entirely disqualify him from obtaining security clearances. However, Moss said it would 'absolutely' raise concerns for higher-level clearance. Coristine isn't the first DOGE staffer to raise flags over his internet activity. White House spokesperson Karoline Leavitt confirmed to The Wall Street Journal that Gavin Kliger, 25, resigned from the department amid mounting questions over connections to racist and eugenics-pushing social media posts.
Yahoo
08-02-2025
- Business
- Yahoo
DOGE team member fired from cybersecurity internship for leaking company information
A 19-year-old member of Elon Musk's Department of Government Efficiency (DOGE) was fired from an internship at a cybersecurity firm after he was accused of leaking company secrets to a competitor, Bloomberg News reports. Edward Coristine was 'terminated for leaking internal information,' a message from June 2022 from an executive at Path Network stated, according to the outlet. 'This is unacceptable and there is zero tolerance for this,' the message stated. 'I can confirm that Edward Coristine's brief contract was terminated after the conclusion of an internal investigation into the leaking of proprietary company information that coincided with his tenure,' a spokesperson for the company told Bloomberg on Thursday. Coristine wrote that he still had access to the company's computers after leaving the firm, but he added that he hadn't taken advantage of it. In a Discord chat in late 2022, he wrote that he had 'access to every single machine.' Using the online moniker 'Rivage,' the teenager said he could have wiped the company's servers if he had wanted to. "I never exploited it because it's just not me,' said Coristine. The comments were shared in a Discord server that focused on a competitor, which concerned executives at Path Network, who thought there was no reason a former employee should have access to their system, a source told Bloomberg. Following his removal, Coristine said on Discord that he had done 'nothing contractually wrong' during his time at Path Network. An anonymous White House official told Bloomberg that all DOGE staffers are employees of federal agencies and that they have security clearances. The official added that their work adheres to federal law and that they're not outside advisers. While the official noted that some of DOGE's work is seen by some government employees as causing disorder, the official argued that the work was required to carry out President Donald Trump's agenda. Democratic lawmakers, however, have questioned if any of the DOGE workers have been vetted, have official security clearance or are even following the law. 'No information has been provided to Congress or the public as to who has been formally hired under DOGE, under what authority or regulations DOGE is operating, or how DOGE is vetting and monitoring its staff and representatives before providing them seemingly unfettered access to classified materials and Americans' personal information,' Democrats on the Senate Intelligence Committee wrote Trump Chief of Staff Susie Wiles in a letter Wednesday. Coristine also interned at Neuralink, which is also operated by Musk. The 19-year-old is part of a number of DOGE staffers who are collecting data on government personnel, contracts, and programs, Bloomberg noted. He and other colleagues took part in meetings at the U.S. Agency for International Development (USAID) and the General Services Administration, discussing how they can use the data to replace government employees with artificial intelligence. It remains unclear what security clearance Coristine has, but on Trump's first day back in the White House, he signed an executive order to hand top secret and sensitive compartmented information security clearances for a period of six months to some people to allow them to 'immediately access the facilities and technology.' Two U.S. law enforcement officials anonymously told Bloomberg that they had been looking into online chat rooms that Coristine was taking part in for over a year. They said they became aware of Coristine during an investigation into an alleged hacker that the teenager was speaking to. Another DOGE staffer, computer scientist Gavin Kliger, has been supportive of white supremacists and misogynists online, Reuters has reported. On LinkedIn, Kliger states that his job as "Special Advisor to the Director" at the Office of Personnel Management. The office has been the tip of the spear in Musk's efforts to dismantle parts of the federal government. The news agency and other outlets have identified about a dozen men who have been recruited to work for Musk at DOGE. In social media comments between October last year and January, Kliger reposted posts by white supremacist Nick Fuentes and misogynist Andrew Tate. Fuentes has faced social media bans for hate speech. Kliger responded to a post about New York Mayor Eric Adams maybe closing a migrant shelter in November, writing: 'Just leave them be for a few more months. Will be much more convenient to deport them all if they are in one spot.' Fellow DOGE staffer Marko Elez left his post on Thursday following questions from The Wall Street Journal about connections to a deleted social media account that supported racism and eugenics. 'You could not pay me to marry outside of my ethnicity,' Elez wrote in September. That same month, he urged users to 'normalize Indian hate' in reference to the large number of Indian immigrants working in tech in Silicon Valley. But on Friday, Musk announced that Elez would be 'brought back.' This came after an X post by Vice President JD Vance, who wrote that he disagrees 'with some of Elez's posts, but I don't think stupid social media activity should ruin a kid's life. We shouldn't reward journalists who try to destroy people. Ever. So I say bring him back. If he's a bad dude or a terrible member of the team, fire him for that.' 'He will be brought back,' said Musk. 'To err is human, to forgive divine.' Trump was asked about restoring Elez to his post during a press conference with the Japanese Prime Minister on Friday. 'I don't know about the particular thing, but if the vice president said that … I'm with the vice president,' said Trump.
