Digital Graffiti on Government Website

According to researchers, the Department of Government Efficiency (DOGE) website is vulnerable to digital graffiti, as anyone who knows where to look can modify its content. Two web development experts have revealed that the site is not hosted on government servers and that its database can be accessed and altered by those who locate it. At the time of writing, a message reading "these ‘experts’ left their database open – roro" is still visible on the DOGE site.

Data Security Concerns

DOGE chief and President Trump’s advisor, Elon Musk, stated on Tuesday that his team would maintain transparency, with updates shared on an X account and the website. However, the site was initially blank and has since been hastily assembled to display a feed of posts from the entity’s X account and details about the federal workforce. Researchers have pointed out that the site appears to be built on Cloudflare Pages instead of government servers, and after examining the site’s architecture and API endpoints, they were able to locate the database containing government employee statistics and make changes to database entries that were reflected on the DOGE website.

Previous Security Issues

This is not the first instance of a federal website operating under the Trump administration appearing to be poorly secured. Earlier this week, the waste.gov website was taken offline after it was reported to be displaying a dummy WordPress page with placeholder text. The DOGE website acknowledges the potential issues with its web presence, stating that "this is an enormous effort, and there are likely some errors or omissions" and that they will strive for maximum accuracy over time.

Concerns Over Data Protection

However, the fact that a team tasked with making significant cuts to government spending and allegedly accessing federal systems containing sensitive data on federal employees and citizens cannot secure its own website raises concerns. This lack of security does not inspire confidence, particularly given the team’s intentions to access sensitive information. Perhaps the decision to reduce funding for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency was not the most prudent decision.