A key member of Elon Musk's U.S. DOGE Service team once assisted a cybercrime gang involved in data theft and cyberstalking an FBI agent, according to digital records reviewed by Reuters.
Edward Coristine, 19, is one of the most visible figures in the DOGE initiative, which has broad access to official networks as it works to downsize the U.S. government. He has gained attention for his online persona "bigballs," a name that became a pop culture reference. Musk has publicly praised him, calling him "awesome" on his social media platform, X.
In 2022, while still in high school, Coristine ran a company called DiamondCDN, which provided network services. According to corporate and digital records, one of DiamondCDN's clients was EGodly, a cybercrime group that boasted about hacking and harassment activities. Digital records from DomainTools and the cybersecurity tool Any.Run confirm this connection.
On February 15, 2023, EGodly publicly thanked DiamondCDN on Telegram for providing DDoS protection and caching services. "We extend our gratitude to DiamondCDN for their amazing security services," the post read. Records show that the EGodly website, dataleak.fun, was linked to IP addresses registered to DiamondCDN between October 2022 and June 2023. Users trying to access the site at times encountered a DiamondCDN security check.
Coristine did not respond to requests for comment. Musk's DOGE team, which calls itself the "Department of Government Efficiency" but lacks official status, also did not respond. Coristine is listed as a "senior adviser" at the State Department and the Cybersecurity and Infrastructure Security Agency (CISA), according to officials who have seen his name in internal directories.
On LinkedIn, Coristine describes himself as a "Volunteer (Intern) Plumber" with the U.S. government. The State Department did not respond to inquiries, while CISA declined to comment. EGodly's Telegram channel has been inactive for over a year, and efforts to contact individuals associated with the group were unsuccessful.
Cybercrime Ties Raise Security Concerns
DiamondCDN's website was registered in mid-2022, according to DomainTools records. The company claimed to offer "excellent security tools" to lower infrastructure costs. It also stated it "has no business inspecting user content."
In 2023, EGodly boasted about criminal activities on Telegram. The group claimed responsibility for hijacking phone numbers, breaking into law enforcement email accounts in Latin America and Eastern Europe, and stealing cryptocurrency. It also targeted an FBI agent investigating them, sharing his personal details online, including his phone number and photos of his home.
EGodly further posted an audio recording of a prank call to the agent and a video of someone driving past his home at night, shouting obscenities. Reuters could not independently verify all of EGodly's hacking claims but confirmed the video's location by comparing it to the Wilmington, Delaware address.
Former FBI Agent Calls Group Dangerous
The FBI agent, now retired, said EGodly had been flagged for "swatting," a dangerous practice of making fake emergency calls to send armed officers to a target's home. "These are bad folks," the former agent told Reuters. "They're not a pleasant group."
He declined to discuss whether EGodly was under investigation. The FBI did not respond to requests for comment.
It remains unclear how long EGodly used DiamondCDN's services or whether it paid for them. Archived copies of the DiamondCDN website indicated the company had both free and paid users.
Experts Warn About Security Risks
A cybersecurity researcher tracking EGodly described them as "hardened fraudsters." Another individual who has been targeted by the group also confirmed their reputation. Both requested anonymity due to fear of retaliation.
Nitin Natarajan, former deputy director of CISA under President Joe Biden, warned that Coristine's past ties to EGodly are concerning. "This isn't ancient history," he said. "The recency of these activities and the people he was connected with raise serious red flags."
The revelations about Coristine's background cast doubt on the security measures of Musk's DOGE initiative. His involvement in government networks raises questions about vetting procedures and the risks associated with appointing individuals with questionable pasts to sensitive positions. The U.S. government has yet to address these concerns publicly.
