In 2026, storing government credentials in a repo and not having scanners to flag it should be investigated. I am highly suspicious of anyone doing this in a professional capacity. If I worked at a foreign intelligence agency and saw this, I would first think it's a honeypot, and an unimaginative one because it's so lacking in subtlety.
Good thing we fired every competent person in government!
good thing we know DOGE has been trying to exfil all US Gov data like all gov employees, or all SSNs
under a previous administration I'd assume CISA was doing a dirty dangle, but given how corrupt and incompetent this administration is, to include firing lots of CISA, this may just be a legit fuckup.
When negligence is so bad that it looks like sabotage from a hostile agent, then criminal investigations are needed to learn more about the people who did it, the others who enabled it, and deter similar future acts.
DOGE did a lot of bad things, but it didn't force anyone to commit credentials to a repo, disable scanners to get away with it, and then make the repo public.
> When negligence is so bad that it looks like sabotage from a hostile agent
It doesn't though. There's no actual evidence for anything beyond negligence. The "sabotage" angle is just speculation in the vain hope that surely people this stupid don't work for the US government.
We doesn't need a signed affidavit on GitHub to trigger an investigation.
This already crossed the line of reasonable suspicion. The investigation is where evidence gets collected.
Who knows what other improper behavior these people have engaged in and what other secrets they have leaked, intentionally or by side effect.