A young technologist known online as “Big Balls,” who works for DOGE, has access to sensitive US government systems. But his professional and online history call into question whether he would pass the background check typically required to obtain security clearances, security experts tell WIRED.
While your sentiment is valid, the hiring practices for the sensitive information dealt with by individuals in government require intense scrutiny. The point you raise is true, but when someone finds a valid exploit, they can ignore it, report it to get fixed before someone exploits it, or they can exploit it themselves.
Regardless of how small the exploit, a person who does not choose to report it maybe doesn’t need any harsh penalties, but do you want them to have access to a database with your personal information including SSN, and the ability to freely access systems that control trillions in financial transactions?
Background checks for clearance purposes don’t simply look at your history and say no if you have anything on your record. They look at what is on your record, conduct interviews with you, your close contacts, identify where potential risks may lie. They compare those findings with the level and access you’d be granted and determine a risk level associated with granting you that access.
Bypassing those checks, for the systems in question, opens up the entire population to an unknown, unquantified risk, which has not been assessed. This means the risk must be assumed to be the highest level.
Hey, I agree, background checks should still be done, I’m 100% on board with that. But you should probably also know that all of our national intelligence agencies actively recruit hackers, and many with checkered pasts. It used to be that big hacker events, conferences like defcon or black hat, they would have a “spot the Fed” contest, attendees would pick out the under cover federal agents in the crowd; these days the FBI gets a booth, they’re handing out business cards, they’re taking resumes.
Yes 100%. They’re not giving them the keys to the financial systems without being certain they’re not going to abuse it. But they might pay them to find exploits in it. It’s all about being assessed for the job you’re being evaluated for.