If a person lives in a safe neighborhood, they start taking safety for granted. But survival instincts kick in if the same person enters a dangerous environment.
There are no such instincts in the cyber world. If you don’t have a technical background or training, it is easy to end up in unsafe corners of the internet.
Making a technical mistake isn’t a requirement to get hacked. You could make the mistake of trusting a certain company or an organization. What if the domain name registrar you buy domains from gets hacked?
Related: Amazon’s latest big bet may flop
You get an email saying they were hacked. You have no clue what data was stolen, so it is best to assume the worst. Now, you have to call your bank and tell them to cancel your card. It is not a pleasant experience. As a bonus, you find out it didn’t take a genius to hack them. They were running ancient software.
What if you are putting your trust into an entity that has a lot more enemies than an infamous domain registrar? What if they have a similar attitude to security?
Welcome to last week’s cyber madness.
U.S. water facilities machines were accessible from the internet.
Shutterstock/TheStreet
This must be a cyber prank
On June 5th, cybersecurity company Censys released a research paper revealing that in October 2024, its researchers discovered almost 400 human-machine interfaces for U.S. water facilities were accessible from the Internet.
When I said madness, I was not joking. The company said in its report: “We initially assumed someone was playing a prank on us.”
All the exposed systems use browser-based software, some needed credentials for access, some were viewable but without control, and 40 offered access without credentials. Even those “only viewable” presented a security problem, as they revealed the details about the infrastructure to potential attackers.
Related: Samsung Galaxy phones add creepy AI feature
Censys informed the HMI vendor and the Environmental Protection Agency for coordinated remediation. The company stated that “Within nine days, 24% of the systems had been secured, and a few weeks later, this rose to 58%. As of May 2025, fewer than 6% of systems remain online in a read-only or unauthenticated state.”
While this security hole has mostly been fixed, it’s just one we know about. God knows how many more are waiting to be found and exploited. Even if there are “no” obvious problems with how the system is protected, that does not mean the system is not vulnerable.
The US Government Accountability Office released a performance audit report on the General Services Administration’s Login.gov website on June 3. The report discovered that Login.gov hasn’t fully implemented procedures to test the integrity of its backup data.
I wouldn’t be able to sleep if I were in charge of that system, knowing that there is a small but non-insignificant chance I won’t be able to get it back up in case of a breach.
More AI Stocks:
Wall Street veteran doubles down on PalantirAnalysts double price target of new AI stock backed by NvidiaOpenAI teams up with legendary Apple exec
Sometimes you don’t need to wait for hackers to make a mess; you can just ask artificial intelligence to help you. And DOGE did just that.
DOGE lets AI review Veteran Affairs contracts
President Trump issued an executive order in February requesting that agencies complete a review of contracts and grants within 30 days. This presented the Department of Veterans Affairs with the daunting task of reviewing about 90,000 contracts.
A software engineer from the Department of Government Efficiency was tasked with helping the VA review the contracts. He wrote an AI tool to determine which contracts were not essential.
As you can expect, the tool hallucinated quite a lot.
Most importantly, the size of contracts was often inflated a thousand times. It also had no clue how the VA works or which contracts are required by federal law.
Related: Popular cloud storage service might be oversharing your data
“The DOGE AI tool flagged more than 2,000 contracts for “munching.” It’s unclear how many have been or are on track to be canceled — the Trump administration’s decisions on VA contracts have largely been a black box,” reported ProPublica.
The task that the engineer got was impossible. Even if he had a better understanding of what VA does and access to the best AI models, he would have failed anyway.
While it is easy to say that somebody had to do it, quitting the job would have been more honest. In a way, he did. He open-sourced the code with permission from Elon Musk. He was fired, and this open-sourcing probably had something to do with it.
