The best-known member of Elon Musk’s U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data and cyberstalking an FBI agent, according to digital records reviewed by Reuters.
Edward Coristine is among the most visible members of the DOGE effort that has been given sweeping access to official networks as it attempts to radically downsize the U.S. government.
Get weekly news and analysis on U.S. politics and how it matters to the world with the Reuters Politics U.S. newsletter. Sign up here.
‘THESE ARE BAD FOLKS’
DiamondCDN’s website – CDN typically stands for “content delivery network” – was registered in mid-2022, according to records collected by DomainTools. It pitched itself as offering “excellent security tools” that would help “lower your infrastructure costs,” according to copies of the site, opens new tab maintained by the Internet Archive. The site said the company “has no business inspecting user content.”
In 2023, EGodly boasted on its Telegram channel of hijacking phone numbers, breaking into unspecified law enforcement email accounts in Latin America and Eastern Europe, and cryptocurrency theft. Early that year, the group distributed the personal details of an FBI agent who they said was investigating them, circulating his phone number, photographs of his house, and other private details on Telegram.
EGodly also posted an audio recording of an obscene prank call made to the agent’s phone and a video, shot from the inside of a car, of an unknown party driving by the agent’s house in Wilmington, Delaware at night and screaming out the window, “EGodly says you’re a bitch!”
Reuters could not independently verify EGodly’s boasts of cybercriminal activity, including its claims to have hijacked phone numbers or infiltrated law enforcement emails. But it was able to authenticate the video by visiting the same Wilmington address and comparing the building to the one in the footage.
The FBI agent targeted by EGodly, who is now retired, told Reuters that the group had drawn law enforcement attention because of its connection to swatting, the dangerous practice of making hoax emergency calls to send armed officers swarming targeted addresses. The agent didn’t go into detail. Reuters is not identifying him out of concern for further harassment.
“These are bad folks,” the former agent said. “They’re not a pleasant group.”
He declined to comment further about the harassment or whether EGodly had been or still was the subject of an FBI investigation. The FBI didn’t return messages seeking comment on EGodly.
Reuters was not able to ascertain how long EGodly used DiamondCDN, or whether EGodly paid Coristine’s company. Archived copies of DiamondCDN’s website said the firm envisioned having both paying and nonpaying customers.
Another individual who has been subject to abuse from EGodly and a cybercrime researcher who has followed the group said it was composed of hardened fraudsters, citing the group’s makeup and the credibility of its claims. Both asked not to be identified, citing fears of retaliation.
Even if the connection between Coristine and EGodly were fleeting, Nitin Natarajan, who served as the deputy director of CISA under former President Joe Biden, told Reuters it was worrying that someone who provided services to EGodly only two years ago was part of a group that has gained wide access to government networks.
“This stuff was not in the distant past,” he said. “The recency of the activity and the types of groups he was associated would definitely be concerning.”
