I. The "System Override"

If you ever wondered what it looks like when billionaire “efficiency” gurus treat the most sensitive database in America like a shared Google Doc, the Department of Justice just handed us the receipt. On January 16, 2026, the DOJ filed a “Notice of Corrections” that should have every American clutching their identity like a life raft.

For over a year, Elon Musk and his “DOGE” (Department of Government Efficiency) associates—specifically Aram Moghaddassi and Steve Davis—paraded through the Social Security Administration with the swagger of a Silicon Valley frat house, promising to “root out waste.” They told the courts, the Congress, and the public that they were only looking at “high-level, de-identified data.”

They lied.

According to the DOJ’s own filing, the DOGE team wasn’t just looking at charts; they were actively bypassing security protocols to access systems containing the Personally Identifiable Information (PII) of every American. They weren’t just “auditing” the system; they were effectively hijacking the OS. While former SSA Chief Data Officer Charles Borges was sounding the alarm and being systematically retaliated against for doing his job, the DOGE crew was busy uploading sensitive records to Cloudflare—an unauthorized third-party server—creating a permanent digital ghost of your private life that the government now admits it cannot “undo.”

Elon Musk likes to talk about “First Principles.” Here is a first principle for you: You don’t save a house by burning down the walls to see if the insulation is up to code. DOGE didn’t find an epidemic of fraud; they created an epidemic of risk. They didn’t find waste; they found 300 million identities and treated them like a training set for a political experiment.

Welcome to the Friday FacePalm, where today we perform an autopsy on the day American Privacy was sacrificed on the altar of a billionaire’s weekend hobby.

II. The Architectural Autopsy: How to Breach 300 Million Lives with a Credit Card and a Dream

If this were a movie, the hackers would be in a dark basement with green text scrolling down a screen. In reality, the “hackers” were Aram Moghaddassi and a handful of other DOGE bros sitting in government offices, using the digital equivalent of a bypass key they found under a doormat.

The Cloudflare Loophole: Shadow IT as a Weapon:

Between March 7 and March 17, 2025, while the rest of the world was being told the SSA data was “walled off from the internet,” the DOGE team was busy performing a “Shadow IT” hostile takeover. Instead of using the SSA’s secured, audited, and federal-compliance-hardened data pipelines, Moghaddassi and his associates were using Cloudflare—a third-party server that is absolutely not approved for storing the PII of every American citizen. They weren’t just “sharing files”; they were using Cloudflare links to move sensitive records outside the government’s visibility.

In the world of architecture, this is like building a billion-dollar high-security vault and then carrying the gold out the back door in a mesh laundry bag because the “front door takes too long to unlock.”

The real “FacePalm” isn’t just that they used an unapproved server; it’s what they put on it. Whistleblower Charles Borges—the CDO whose job was to prevent exactly this—revealed that DOGE sought to create a replica of the Numident database. For the uninitiated, Numident is the “Master File.” It contains the name, birthdate, birthplace, parents’ names, and Social Security Number of every person ever issued a card. It is the “Source Code” for your legal identity. By copying this into an unverified, live cloud environment with zero audit mechanisms, DOGE didn’t just leak data; they created a permanent digital ghost.

The "Undo" Button Doesn't Exist:

Here is the sentence from the January 16 DOJ filing that should make your blood run cold: “SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server.” Let that sink in. The agency tasked with protecting your most sensitive information is admitting they have zero telemetry on where your data went once it hit Elon’s favorite cloud provider. In a system where “Data is Forever,” the DOJ has officially conceded that the breach is permanent.

The Logic Error: Moghaddassi claimed the “business need” for efficiency was higher than the “security risk.” But in a Zero Trust environment, Security is the Business. You can’t claim to be modernizing an IT system while simultaneously bypassing every security control that makes that system viable.

III. The Mission Creep: From "Efficiency" to "Election Subversion"

If you still believe DOGE was at the SSA to find “waste, fraud, and abuse,” I have a bridge on Mars to sell you. This wasn’t a cost-cutting mission; it was a Data-Mining Operation designed to weaponize your personal history against the ballot box.

The “Voter Data Agreement” Smoking Gun:

The January 16 DOJ filing reveals a bombshell: In March 2025, while Aram Moghaddassi and his DOGE cohorts were presumably “auditing” desks, they were secretly coordinating with a political advocacy group (widely linked to True the Vote). One DOGE staffer—acting in their capacity as a federal SSA employee—signed a “Voter Data Agreement” with this group.

The stated goal? To “analyze state voter rolls” and “overturn election results in certain states.”

In the world of data architecture, “matching” is everything. By getting their hands on the Numident database (the master file of every American) and trying to cross-reference it with state voter rolls, DOGE wasn’t looking for “ghost voters.” They were looking for False Positives. SSA citizenship data is notoriously outdated—it’s full of naturalized citizens who haven’t updated their records in 40 years. By “matching” this flawed data against voter rolls, DOGE could generate massive lists of “suspected non-citizens” to trigger aggressive voter purges. They didn’t need the data to be accurate; they just needed it to be available to justify a purge.

The SSA has officially referred these staffers for Hatch Act review, which is the polite government way of saying they’ve been caught using taxpayer-funded resources to run a partisan political campaign. This isn’t “efficiency”; it’s Federal Election Interference.

The Elon Connection:

Let’s be clear: Moghaddassi and the DOGE team didn’t go rogue on a whim. They are Musk’s hand-picked lieutenants. While Elon was posting about “transparency,” his team was signing secret agreements to hand over your Social Security data to election-denial groups. They treated the SSA like a private data-scraping project for the MAGA movement.

The Logic Error: You can’t claim to be “saving democracy” by secretly siphoning the most sensitive records of 300 million Americans to a group of partisan activists. That’s not a “disruption” of government; it’s a Systemic Breach of the Social Contract.

IV. The Human Cost: The Retaliation Autopsy and the “Disloyalty Scans”

In any high-performing architecture, the most critical component isn’t the server or the code; it’s the Human Firewall. At the SSA, that firewall was Charles Borges. Borges, a career data expert, did exactly what his job description required: he saw a massive security breach and reported it. The response from the Musk-aligned leadership—specifically Aram Moghaddassi and the newly installed “DOGE-friendly” Acting Commissioner Leland Dudek—wasn’t to fix the leak. It was to delete the whistleblower. Borges was “frozen out” of his own meetings, isolated from his team, and effectively stripped of the telemetry needed to do his job. The DOJ filing essentially confirms that, while Borges was begging for visibility into the Cloudflare uploads, SSA leadership instructed employees to ignore his inquiries. This wasn’t just “organizational friction”; it was a coordinated blackout designed to hide the data-mining operation from the very person legally responsible for its oversight. Borges was eventually forced into a “constructive discharge”—resigning because it became impossible to perform his duties ethically.

The “Disloyalty Scans” - AI-Powered Witch Hunts:

But the rot went deeper than just one man. Report after report has surfaced of DOGE operatives using AI tools to scan internal communications for “disloyalty.” They weren’t looking for bugs or inefficiencies; they were looking for career civil servants who voiced concerns about data privacy.

This created a “Culture of Panic and Dread” within the agency. When you have armed guards posted outside the DOGE “War Room” and leadership discussing mass terminations of IT staff, you don’t get “efficiency”—you get Systemic Paralysis. By pushing out 7,000 career employees (12% of the workforce), including the cybersecurity experts who actually understood the legacy systems, DOGE ensured that there was no one left to say “No” when they decided to mirror the entire Numident database.

We call this an Institutional Lobotomy. You’ve removed the “Prefrontal Cortex” of the agency—the parts responsible for judgment, caution, and ethics—and replaced them with a “Doge-brain” that only cares about speed and political matching. The SSA is now flying blind, managed by mid-level sycophants who were under investigation for the very leaks they were eventually promoted to manage.

The Logic Error: You can’t claim to “modernize” an agency by firing the people who know where the bodies are buried. All you’ve done is ensure that when the system finally crashes—and it will—there won’t be anyone left who knows how to reboot it.

V. The Federal Zero Trust FacePalm: Policy vs. The Billionaire Bypass

In the world of federal cybersecurity, we have a mandate called M-22-09. It’s the “Zero Trust” directive that basically says: Don’t trust anyone, verify everything, and for the love of all that is holy, keep the data in encrypted, audited, and authorized environments.

Then came Aram Moghaddassi and the DOGE brigade, who treated M-22-09 like a “Terms of Service” agreement that you click “Accept” on without reading.

NIST SP 800-53 -The Rules They Set on Fire:

Federal agencies live and die by NIST standards. These aren’t just suggestions; they are the “Civil Engineering” codes for data. By using Cloudflare—an unauthorized third-party server—to share SSA records, DOGE committed a series of technical felonies. They bypassed Identity and Access Management (IAM), ignored Audit and Accountability (AU), and effectively deleted the System and Communications Protection (SC) layer.

In architecture terms, they decided that since the “High-Security Elevator” was too slow, they’d just cut a hole in the floor and use a rope.

The FISMA Meltdown:

Under the Federal Information Security Modernization Act (FISMA), an agency must have “continuous monitoring” of its data. The DOJ’s January 16 admission that the SSA “cannot determine what data were shared or whether it still exists” on Cloudflare is the ultimate FISMA failure. It means the “Chain of Custody” is broken. If this were a private bank, the regulators would have shut them down by noon. But because it’s DOGE, they called it “agile.”

The “High-Risk” Acceptance -Efficiency as an Excuse:

Internal documents show that career officials flagged the creation of the DOGE “private cloud” as “High-Risk” because it contained the Numident (master file) data. Moghaddassi and DOGE-affiliated CIO Michael Russo approved it anyway. This is the “Logic Error” that defines the whole saga: they prioritized the “Business Need” of a billionaire’s fishing expedition over the “Security Requirement” of 300 million people.

My Final Thoughts:

You can’t build a “Modern Government” by ignoring the physics of cybersecurity. Zero Trust is built on the idea that even the “service accounts” at the top are restricted. DOGE acted like they were the “Root Users” of the entire United States, and in doing so, they left the back door open for every adversary on the planet. This isn’t just a FacePalm; it’s a Systemic Infrastructure Failure.

We were promised a 'DOGE' that would save us money. Instead, we got a group of billionaire-funded amateurs who leaked our Social Security numbers, violated the Hatch Act to interfere with our elections, and retaliated against the only experts who tried to stop them. They didn't fix the government; they broke the vault and walked away with the keys. It’s time to stop calling this 'efficiency' and start calling it what it is: The Great Identity Heist of 2026.

The “Master File” References:

1. The “Smoking Gun” (Department of Justice Filings)

• “Notice of Corrections to the Record” (Jan 16, 2026) – AFSCME v. SSA, No. 1:25-cv-00596-ELH.

  • The Key Fact: This is the primary document where the DOJ admits that DOGE staff used Cloudflare (an unauthorized server), bypassed security protocols to access PII, and that the agency cannot verify if the data has been deleted.

  • Source: Democracy Forward: DOJ Notice of Corrections Analysis

2. The Whistleblower Evidence (Charles Borges)

• “Whistleblower Disclosure: Grave Allegations of Data Security Lapses” (August 26, 2025) – Submitted to the Office of Special Counsel and Congressional Committees.

  • The Key Fact: Charles Borges, the former Chief Data Officer, details how DOGE officials (Aram Moghaddassi, Michael Russo) created a live copy of the Numident database in a cloud environment that circumvented OIS (Office of Information Security) oversight.

  • Source: Government Accountability Project: Whistleblower Warns of Possible Risks

3. The “Election Interference” Trail

• “DOGE Officials Face Hatch Act Referrals for Work with Org Aiming to ‘Overturn Election Results’” (January 20, 2026) – Nextgov/FCW.

  • The Key Fact: Details the specific “Voter Data Agreement” signed by a DOGE staffer in their capacity as a federal employee, which coordinated with an outside group (identified in context as linked to election-denial efforts) to match SSA Numident data against voter rolls.

  • Source: Nextgov: DOGE Hatch Act Referrals

4. Congressional Investigations & Oversight

• “DOGE_REPORT_FINAL_7.pdf” (September 23, 2025) – Senate Committee on Homeland Security and Governmental Affairs.

  • The Key Fact: This report documents that DOGE associates—specifically Edward Coristine—had “unfettered access” to SSA data despite having been previously fired from a private job for sharing sensitive data with competitors.

  • Source: Senate HSGAC: DOGE Report Final

• “GOP Senator Presses SSA Over Data Proteions Following Whistleblower Complaint” (September 2025) – FedScoop.

  • The Key Fact: Senate Finance Committee Chair Mike Crapo’s formal inquiry into the “Risk Acceptance Request Form” approved by Moghaddassi to bypass security for a “virtual private cloud.”

  • Source: FedScoop: Senate Finance Inquiry

5. Technical Analysis of the Breach

• “SSA Confirms DOGE Misuse of Data, as New SORNs Expand Data-Sharing” (January 30, 2026) – Empire Justice Center.

  • The Key Fact: Provides a deep dive into the “System of Records Notices” (SORNs) and how the SSA’s citizenship data is too flawed to be used for the voter-roll matching DOGE attempted.

  • Source: Empire Justice: SSA Data Misuse Confirmation

Leave a comment

Join James McCabe | ModernCYPH3R’s subscriber chat

Available in the Substack app and on web

Join chat

Copyright © 2017-2026 James McCabe | ModernCYPH3R. All rights reserved. No part of this publication—including text, original data analysis, or visual assets—may be reproduced, distributed, or transmitted in any form or by any means, including electronic or mechanical methods, without including credit to the author. ModernCYPH3R and ModernCYPH3R.com are the exclusive intellectual property of JMc Associates, LLC.