Digital records reviewed by Reuters showed that Elon Musk’s so-called “Government Efficiency Bureau” (DOGE) service team provided support to cybercrime gangs who boasted about trafficking and cyberstalking of theft data from the Department of Government Efficiency (DOGE) service team.
Edward Coristine is one of the most visible members of Doge’s efforts given drastic access to official networks that are trying to fundamentally reduce the US government. It is led by Musk, the richest man in the world, accompanied by a powerful mission from Donald Trump.
Previous reports focus on young staff members (he is 19 years old), with the nickname “Big Ball,” which became the punchline of pop culture. Musk defended the teen on his social media site X and told his followers last month that “big ball is great.”
Coristine ran a company called Diamondcdn, which still offers network services for high school students since around 2022, according to Corporate and Digital Records, reviewed by Reuters, and provided network services, according to interviews with half a dozen former associates. Some users were websites run by the cybercriminal ring, which operates under the name “Egodly,” according to digital records stored by internet intelligence company Domaintools and online cybersecurity tool Any.run.
No details on Coristine’s connection to Egodly have been reported previously.
On February 15, 2023, Egodly thanked Coristine’s company for their support in posting on the Telegram messaging app.
“We are expanding our gratitude to our valued partner Diamondcdn for generously providing us with amazing DDOS protection and cache system so that we can safely host and protect our website,” the message said.
Digital records reviewed by Reuters show that the Egodly website Dataleak.Fun is tied to an Internet protocol address registered with DiamondCDN and other Coristine-owned entities between October 2022 and June 2023, during which users attempting to access the site will hit DiamondCDN’s “security checks.”
Coristine did not reply to a message seeking comment. The mask team, which is not the official government department, did not respond to emails about Coristine.
Coristine is listed as a “senior advisor” to the State Department and the Cybersecurity and Infrastructure Security Agency. Officials from each agency told Reuters they saw his name in the staff directory of each agency.
On LinkedIn, Coristine describes herself as a “volunteer (intern) plumber” with the US government.
The State Department did not reply to a message asking about Coristine. CISA, which is responsible for protecting the federal network from cybercriminals and foreign spies, declined to comment.
Egodly’s Telegram channel has been inactive for the past year. Attempts to extract comments from the eight people who joined or interacted with Egodly failed.
dimondcdn website – CDN usually stands for “content delivery network” and was registered in mid-2022, according to records collected by domainools. According to a copy of the site maintained by the Internet Archive, he pitched himself as a “great security tool” that would help him “reduce infrastructure costs.” The company said it “has no business inspecting user content.”
In 2023, Egodly boasted on its telegram channel, hijacking phone numbers, breaking into email accounts of unspecified law enforcement agencies in Latin America and Eastern Europe, and breaking into cryptocurrency theft.
Earlier that year, the group distributed personal details of FBI agents who they had investigated and said they were circulating his phone number, his home photos, and other private details on Telegram.
Egodly also filmed an evening of indecent prank calls made to an agent’s mobile phone, video taken from inside the car, an audio recording of an unknown party driving by a home in Wilmington, Delaware.
Reuters could not independently verify that Egodry boasted of cybercriminal activity, including allegations that he hijacked his phone number and that law enforcement emails had infiltrated it. However, by accessing the same Wilmington address and comparing the building to the building in the video, I was able to authenticate the video.
The FBI agent targeted by now-retired Egodly told Reuters that the group attracted the attention of law enforcement as it is a dangerous practice for the group to make a false call to send armed officers gathering the target’s addresses. The agent did not explain in detail. Reuters is not identifying him due to concerns about further harassment.
“These are bad people,” the former agent said. “They’re not a comfortable group.”
He declined to comment further on harassment or whether Egodly was or still under the FBI investigation. The FBI did not reply to a message asking for comment to Egodly.
Reuters were unable to confirm how long they used the diamondcdn or whether they paid for the Coristine company. The Archived Copies of Diamondcdn website states that the company expects to have both paying and non-paying customers.
Another individual who was the subject of abuse from Egodly and a cybercrime researcher who followed the group said it consisted of crooked con artists, citing the group’s make-up and the credibility of its claims. Both were asked not to be identified, citing fears of retaliation.
Even if the link between Coristine and Egodly is fleeting, Nitin Natarajan, who served as CISA’s deputy director under Joe Biden, told Reuters he was worried that those who served Egodly two years ago were part of a group that had broad access to the government’s network.
“It wasn’t a distant past,” he said. “The latest in activity and the type of group he was associated with will definitely be of concern.”
