In the law enforcement world, many times arrested criminals will be used (or ‘flipped’) to continue finding other criminal activity. This is similar in the cyber security world. Black Hats, Gray Hats and White Hats.
A key member of Elon Musk's US DOGE Service team once assisted a cybercrime gang involved in data theft and cyberstalking an FBI agent, according to digital records reviewed by Reuters. Edward Coristine, a 19-year-old hacker, is one of the most visible figures in the DOGE initiative, which has broad access to official networks as it works to downsize the US government. He has gained attention for his online persona "bigballs," a name that became a pop culture reference. Musk has publicly praised him, calling him "awesome" on his social media platform, X.[1]
In 2022, while still in high school, Coristine ran a company called DiamondCDN, which provided network services. According to corporate and digital records, one of DiamondCDN's clients was EGodly, a cybercrime group that boasted about hacking and harassment activities. Digital records from DomainTools and the cybersecurity tool Any.Run confirm this connection.
DiamondCDN was established in mid-2022 and aimed to offer network services with a focus on security and infrastructure cost reduction. The company gained notoriety due to its association with the cybercrime group EGodly, which was involved in various illegal activities including hacking, harassment, and DDoS attacks. Despite claiming to have no interest in inspecting user content, DiamondCDN's services were utilized by EGodly to protect their operations. The connection between DiamondCDN and EGodly was confirmed by records from DomainTools and Any.Run.
On 15 February 2023, EGodly publicly thanked DiamondCDN on Telegram for providing DDoS protection and caching services. "We extend our gratitude to DiamondCDN for their amazing security services," the post read. Records show that the EGodly website, dataleak.fun, was linked to IP addresses registered to DiamondCDN between October 2022 and June 2023. Users trying to access the site at times encountered a DiamondCDN security check.
Coristine did not respond to requests for comment. Musk's DOGE team, which calls itself the "Department of Government Efficiency" but lacks official status, also did not respond. Coristine is listed as a "senior adviser" at the State Department and the Cybersecurity and Infrastructure Security Agency (CISA), according to officials who have seen his name in internal directories.
On LinkedIn, Coristine describes himself as a "Volunteer (Intern) Plumber" with the US government. The State Department did not respond to inquiries, while CISA declined to comment. EGodly's Telegram channel has been inactive for over a year, and efforts to contact individuals associated with the group were unsuccessful.
Cybercrime Ties Raise Security Concerns - DiamondCDN's website was registered in mid-2022, according to DomainTools records. The company claimed to offer "excellent security tools" to lower infrastructure costs. It also stated it "has no business inspecting user content."
In 2023, EGodly boasted about criminal activities on Telegram. The group claimed responsibility for hijacking phone numbers, breaking into law enforcement email accounts in Latin America and Eastern Europe, and stealing cryptocurrency. It also targeted an FBI agent investigating them, sharing his personal details online, including his phone number and photos of his home.
EGodly further posted an audio recording of a prank call to the agent and a video of someone driving past his home at night, shouting obscenities. Reuters could not independently verify all of EGodly's hacking claims but confirmed the video's location by comparing it to the Wilmington, Delaware address.
Former FBI Agent Calls Group Dangerous - The FBI agent, now retired, said EGodly had been flagged for "swatting," a dangerous practice of making fake emergency calls to send armed officers to a target's home. "These are bad folks," the former agent told Reuters. "They're not a pleasant group." He declined to discuss whether EGodly was under investigation. The FBI did not respond to requests for comment. It remains unclear how long EGodly used DiamondCDN's services or whether it paid for them. Archived copies of the DiamondCDN website indicated the company had both free and paid users.
Experts Warn About Security Risks - A cybersecurity researcher tracking EGodly described them as "hardened fraudsters." Another individual who has been targeted by the group also confirmed their reputation. Both requested anonymity due to fear of retaliation.
Nitin Natarajan, former deputy director of CISA under President Joe Biden, warned that Coristine's past ties to EGodly are concerning. "This isn't ancient history," he said. "The recency of these activities and the people he was connected with raise serious red flags."
The revelations about Coristine's background cast doubt on the security measures of Musk's DOGE initiative. His involvement in government networks raises questions about vetting procedures and the risks associated with appointing individuals with questionable pasts to sensitive positions. The US government has yet to address these concerns publicly.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.ibtimes.sg/who-big-balls-meet-edward-coristine-19-year-old-doge-staffer-provided-technical-support-79202
Comments