Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the only relevant issue is that someone with prior associations with The Com may be vulnerable to extortion, but simply having been associated with the group doesn’t mean much by itself. Law enforcement hires people from “the other side” all the time as they have relevant domain knowledge, and navigational skills of such spaces. Saying that the federal government, or its contractors, should never hire such people is arbitrarily making ethical judgments in places that don’t call for them.


When the federal government does it, they approach an individual who is usually in federal custody. Then they offer a reduced penalty for whatever crime they've committed in exchange for cooperation, or acceptance of a job proposal, or something.

The individual is therefore incentivized against the organization they started at. They were just purchased away from that life. For a price that was probably reasonable. The expectation then is that the individual will cut ties with his old way of doing things and take steps to mitigate any threats from that former life.

The individual then goes through literally 250mb of PDF employment forms where they have to read and agree to a variety of legal punishments for failing the federal government in a variety of ways. They accept personal liability for the job, meaning they have some reason to follow the rules.

Not Musks team. They don't have any of that personal liability, and they get full access to data that causes these agencies to violate their own security and privacy policies. Then they go away with that data, without following any SOPs or chain of custody requirements, without any oversight, and they do whatever they want with it. They use it on personal devices that could be compromised and the government would never know because the data was taken out of scope of their IDS.

Lets say they don't get directly blackmailed, but because this person used to be in a hacker gang they have backdoors on their personal systems from the gang that they are unaware of. We just don't know, and there's no way to make sure the data is being kept safe, no way to monitor what devices it gets put on, no way to ensure anything.

It's just bad security posture all around to be doing this. But I guess that's only true if the goal is an authentic audit. That isn't the goal. Gutting federal agencies and funneling money and information to fascists is the obvious goal here.


Isn't the issue that there hasn't been any clearance issued? News reports are the vetting.


Yes, not only was there no formal vetting, the access granted was extremely wide.


Yes. We don't know who has this data, where it's stored, who has access to it, and who pays their bills.

This whole thing is built on heresay of unscrupulous people who claim to know better.


Nobody, I think, is suggesting that nobody should hire those people, but when law enforcement hires those people, they put them through extensive screening and are careful about what they give them access to.


Also "the other side" here is the NIH




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: