A recent investigation has revealed that Edward Coristine, a 19-year-old member of Elon Musk’s Department of Government Efficiency (DOGE), once provided technical support to a cybercrime gang.
Coristine, known online by his alias “Big Balls”, has a controversial past. Reports suggest he is the grandson of a former KGB spy, and new evidence now links him to a criminal hacking group called EGodly. The gang is accused of hijacking phone numbers, infiltrating law enforcement email accounts, and even doxxing an FBI agent investigating them.
The revelations raise serious concerns about the vetting process for individuals working on government networks. As security experts question how Coristine secured his role within DOGE, the US cybersecurity community is on high alert.
Coristine and His Connection to EGodly
Documents obtained by Reuters reveal that Coristine ran a company called DiamondCDN while still in high school. This business provided network services to various websites, including those operated by EGodly, a notorious cybercrime syndicate.
In February 2023, EGodly publicly thanked DiamondCDN for providing it with DDoS protection and caching services, allowing the gang to securely host its data-leaking website, dataleak.fun.
That same year, EGodly boasted on Telegram about committing a series of cybercrimes, including:
- Hijacking phone numbers for fraudulent activities.
- Breaking into Latin American law enforcement email accounts.
- Stealing cryptocurrency from unsuspecting victims.
- Publishing personal details of an FBI agent, including his phone number and photos of his home.
A former FBI agent, who was investigating the group, confirmed that EGodly was connected to swatting attacks, a dangerous practice where police are falsely directed to storm an innocent person’s home.
“These are bad folks,” the agent told Reuters. “They’re not a pleasant group.”
Cybersecurity Experts Raise Red Flags
The discovery that a DOGE team member had ties to cybercriminals has alarmed cybersecurity professionals.
Nitin Natarajan, former deputy director of CISA (Cybersecurity and Infrastructure Security Agency), expressed concern over Coristine’s access to sensitive government networks.
“It’s deeply worrying that someone with a history of aiding cybercriminals is now working on government systems,” Natarajan said.
A cybersecurity researcher who investigated EGodly described the group as a network of hardened fraudsters, known for exploiting weaknesses in digital security infrastructure.
Coristine’s Digital Footprint: A Pattern of Questionable Activities
Coristine’s involvement with DiamondCDN is not the only red flag in his background. His business activities and online engagement paint a concerning picture.
Tesla.Sexy LLC and Russian Web Domains
In 2021, at just 16 years old, Coristine founded Tesla.Sexy LLC, a company that manages dozens of web domains, including:
- At least two Russian-registered domains.
- A Discord AI bot specifically targeting Russian-speaking users.
Investigative journalist Jacob Silverman has suggested that Coristine’s family background may have played a role in his access to these Russian networks.
Adding to the intrigue, Coristine’s great-grandfather, Valery Fedorovich Martynov, was a KGB intelligence officer who was recruited by the FBI in 1982. He passed Soviet secrets to the US but was ultimately caught and executed as a traitor.
While there is no direct evidence linking Coristine to Russian intelligence, his connections to Russian domains and hacking circles have fueled speculation.
Previous Allegations: Fired for Leaking Insider Information
Before joining DOGE, Coristine was fired from a cybersecurity internship in 2023. According to sources, he was accused of:
- Leaking confidential company information to a competitor.
- Engaging with cybercrime-linked communities on Telegram and Discord.
His persistent involvement in these shadowy online circles has further raised questions about his trustworthiness in government-related roles.
Lax Vetting at DOGE?
The revelations about Coristine have sparked serious concerns about the Department of Government Efficiency’s hiring process. Experts are now questioning whether any background checks were conducted before his appointment to the team.
Given that Coristine had a documented history of:
- Providing network services to cybercriminals.
- Owning Russian-registered domains.
- Being dismissed from a cybersecurity internship for misconduct.
…it seems likely that DOGE’s hiring process failed to properly scrutinize his background.
What Comes Next? Investigations and Fallout
Following the publication of this report, it is expected that:
- US government agencies will launch an internal review of the DOGE hiring process.
- Cybersecurity experts will analyze whether Coristine had access to sensitive government systems.
- Law enforcement agencies may investigate his past connections with EGodly and Russian-linked networks.
Given the sensitive nature of government cybersecurity operations, the presence of a former cybercrime-linked individual on the team could pose serious national security risks.
Edward Coristine’s history of supporting cybercriminals and his alleged ties to espionage-linked individuals have raised major concerns about the vetting process at DOGE.
His involvement with DiamondCDN, EGodly, and various Russian-linked online projects suggests a pattern of behavior that should have disqualified him from government work.
As investigations unfold, the US government will need to reevaluate its hiring standards for sensitive technology roles. The Coristine case serves as a cautionary tale, demonstrating the risks of poor background checks in a world where cybersecurity threats are constantly evolving.
