Thank you for your expertise, first things first. I am Getting a quote for a whole house generator. Was putting off but not now. I can get health aides and stock my pantry easy enough. I can unplug my wi-fi and even take my phone offline whenever possible. But even if I stop paying bills via my bank, and use paper checks, the bank will process through their online service, so my account number will be available through their systems, right? Also, my financial advisor direct deposits to my bank account from my retirement account, how do I get that? It seems impossible to hide, there will be a crack somewhere. This is exhausting . . . But truly appreciate your effort to inform us.
Question/concern about protecting bank accounts. Yes I have a bank account that has been used to pay or receive IRS payments. That account is also where I receive my social security payments (and pay and receive pretty much everything)
Obviously I can open another account and start transferring everything, and create backup information so I can be prepared to pay bills with checks or cash. I'm nearly 70 and even through I'm much more digitally comfortable than a lot of my peers, I do remember how to live in an analog world)
However, I figure that the social security system is also going to be hacked before too long. I'm thinking about transferring everything *except* the IRS and SS payments to another account and leaving the existing account in place for those transactions. Or (and this is the crux of my question) does the very existence of that presumably compromised account leave me and all my other accounts at risk?
I came to the comments hoping to get the answer to your exact question. If I leave the compromised account open for essential payments but then transfer the money to a new account, am I really still protected?
Thank you for raising: How do you initiate a cutover in your banking system from a compromised account to an obfuscated account to block DOGE seizure of funds.
In system architecture this would be ideally implemented via ORCHESTRATION (will elaborate on this in a later post) but for now you will be enacting changes through human requested changes in your banking systems (a manual process).
Important terms and their definitions:
- a CUTOVER is a migration of an active bank account to a new account without causing outages or incurring fees for automatic payments/ pending transactions/ min balances
- a compromised banking account is an EXISTING account that you have previously shared with the IRS in service of processing tax payments or refunds.
- an obfuscated banking account is a NEW account whose banking details have never been shared with the IRS.
Goal: CUTOVER from your EXISTING account to a NEW account without exposing sensitive details that would aid a man-in-the-middle bad actor, DOGE, to intercept the transfer and capture funds or banking account details.
RISK
A man-in-the-middle attack is what it sounds like, it characterizes a cyber attack where a bad actor has used means (either a back door or otherwise) to insert themselves in the middle of your transaction as a way to steal data. The risk of man-in-the-middle attacks for DOGE is unknown at this point so we will assume HIGH risk until proven otherwise - this is a tenant of ZERO TRUST.
Method: Use 2 cyber defense techniques: Air gap + break the chain of custody. Plan a contingency period for your cutover where you have reserve funds in the EXISTING account to allow for pending payments to process while you switch to the NEW account.
An Air Gap is a dead zone in the network, put in place for a purpose. In this case you can create an Air Gap between your EXISTING account and your NEW account by withdrawing cash from your EXISTING account, holding it, and then depositing it in your NEW account.
For extra security, consider depositing the cash in a NEW bank account at a different bank, this will break the chain of custody and all but guarantee that a man-in-the-middle attack is disarmed in the short term.
Cutover implementation process:
1. Write down all pending payments and automatic payments you have for the EXISTING account, leave that exact total in the EXISTING account + whatever minimum amount is required to keep the account active without fees.
2. Open a NEW account, either at the same bank or another bank for additional security (break the chain of custody)
3. Withdraw funds, cash, that are over the total you calculated in step 1.
4. Deposit withdrawn funds into the NEW account.
4.1. In parallel, schedule your automatic payments to switch over to the NEW account. Make sure you time this so that the NEW account has sufficient funds for automatic withdrawal.
5. Once all automatic accounts are switched over and the NEW account is sufficiently funded, CLOSE the EXISTING account.
6. Cutover is complete.
I am not a banking SME so would appreciate a peer review on this proposal for those that have specialized expertise in banking exchange (I'll request from my network as well).
Thank you for explaining and for your valuable advice and insights. This is exactly what I began doing over a week ago, including timing the automatic withdrawals.
My original set up was: my husband’s retirement accounts and my SS went into our credit union. The credit union also receives any federal tax refund automatically.
A week ago we issued new authorizations to deposit the monthly retirement funds to the “new” bank from which all bills will be paid automatically. I removed existing auto transfers between the bank and the credit union to isolate the CU.
I voiced my concerns to our credit union and they instructed me to open a new checking account with them that will be kept totally separate from the original checking account. My incoming SS funds (if they still come!) will be withdrawn by check or cashed out and then deposited into the checking account for paying bills.
1. credit freeze is good but, realize that the 3 bureaus have processes in place for you to easily regain access to your credit. Each allow you to create a new account with your SSN & a new/different email address. Doge has access to all of our SSNs. Definitely since up with a service to monitor your credit.
2. Please don’t use Microsoft or Google 2FA they CANNOT be trusted! Authenticator app, yubikey or duo are much better options.
3. Secure your bank/creditunion account with a secret passcode when you talk them. Reiterate that nothing happens without this code. If you’ve received tax refund direct deposits ask the bank/CU to give you a new account number & don’t do direct tax refunds, ask for a check.
Great article otherwise… I’m also a Sr Cyber Analyst for the past 40yrs
First, you are utterly amazing! 🤩 THANK YOU. I began doing many of these things in November and sharing the knowledge with friends but I think many thought I was going off the deep end. I work in an adjacent industry and we share many understandings about what is going on and how to respond and react. I am so grateful to you for putting this into actionable tasks. Now, that said - I never thought about the direct deposit bank account the IRS has 😩 Only considered tax refunds may not come. But I spent a lovely hour admittedly stoned (the only way I can be absorbing so much THIS lately) trying to figure out where that bank account connection resides. I’ve been all over TurboTax and Intuit - I don’t believe I even have an IRS account directly. It doesn’t seem Intuit stores it and it’s not added til the return is ready to transmit. Which may mean my taxes need to get done this weekend so I can change it to sending me a check (as if). But it still feels like the IRS must have my digits stored somewhere I can’t think of right now!
Hi Kim, thank you for the feedback and reading. Are there specific points that are confusing? Would schematics help?
Cyber security has a high barrier to understanding because the terms and ideas are going to be new concepts for most. I am attempting to help decode what's pertinent to understand in order to block DOGE from doing bad things.
Does the idea of building a "moat" around your household via offline support make sense? The idea with a moat is to create distance between you and the those trying to steal your data and do bad things with it (bad actors) and then give you time to respond with additional protections.
Cyber security is most effective with as many layers of protections as possible but being offline will be the most secure posture you can adopt.
I felt similar to Kim. Your comment above outlining banking steps was more clear, so maybe having steps like that in the posts would be helpful? Or when you say kill switch do you just mean off power? With our devices, keep our phones on airplane mode unless in use? The same goes for any tech devices?
May I add here? Thank you, Lexi, this is all helpful. (And somewhere in heaven my father is muttering I told you so!) I have rudimentary understanding of what you are saying but I quickly run into issues like “we bank at a mega bank and must keep that for elderly parent reasons.” Is there value in creating new accounts at the same bank? Second, can I keep my direct deposit for salary income? What about my retirement accounts linked to this bank? What is the risk of DOGE or other bad actor being able to access retirement funds via bank account links? So my feedback is perhaps prioritizing alternative yet worthwhile actions in your schematic. Thank you.
Hi, Lexi. Following your advice, I called a couple credit unions to ask about offline contingency plans and realized I didn’t exactly know what I was referring to. Are we working under the premise that no internet will be working at all, for individuals and the banks/credit unions? And, does “cloud-based” mean “internet” for us laypeople? I’m working my way slowly through your to-do list.
Ar this point we have social security checks direct deposited. I'm assuming we should switch to paper checks and then should assume they'll never come either because of no staff there to process the change or they aren't planning on continuing to provide ss payments anyway.
So is the answer to set up an account that is used for ss/tax returns deposits ONLY and manually move funds over so there is no electronic internal transfer connection to that account?
Thank you for your expertise, first things first. I am Getting a quote for a whole house generator. Was putting off but not now. I can get health aides and stock my pantry easy enough. I can unplug my wi-fi and even take my phone offline whenever possible. But even if I stop paying bills via my bank, and use paper checks, the bank will process through their online service, so my account number will be available through their systems, right? Also, my financial advisor direct deposits to my bank account from my retirement account, how do I get that? It seems impossible to hide, there will be a crack somewhere. This is exhausting . . . But truly appreciate your effort to inform us.
PS President Carter would be so proud of you.
As far as I can seeno one else is doing anything like this, Lexi. The word will spread. Thank you.
Thank you for all this information.
Question/concern about protecting bank accounts. Yes I have a bank account that has been used to pay or receive IRS payments. That account is also where I receive my social security payments (and pay and receive pretty much everything)
Obviously I can open another account and start transferring everything, and create backup information so I can be prepared to pay bills with checks or cash. I'm nearly 70 and even through I'm much more digitally comfortable than a lot of my peers, I do remember how to live in an analog world)
However, I figure that the social security system is also going to be hacked before too long. I'm thinking about transferring everything *except* the IRS and SS payments to another account and leaving the existing account in place for those transactions. Or (and this is the crux of my question) does the very existence of that presumably compromised account leave me and all my other accounts at risk?
I came to the comments hoping to get the answer to your exact question. If I leave the compromised account open for essential payments but then transfer the money to a new account, am I really still protected?
Thank you for raising: How do you initiate a cutover in your banking system from a compromised account to an obfuscated account to block DOGE seizure of funds.
In system architecture this would be ideally implemented via ORCHESTRATION (will elaborate on this in a later post) but for now you will be enacting changes through human requested changes in your banking systems (a manual process).
Important terms and their definitions:
- a CUTOVER is a migration of an active bank account to a new account without causing outages or incurring fees for automatic payments/ pending transactions/ min balances
- a compromised banking account is an EXISTING account that you have previously shared with the IRS in service of processing tax payments or refunds.
- an obfuscated banking account is a NEW account whose banking details have never been shared with the IRS.
Goal: CUTOVER from your EXISTING account to a NEW account without exposing sensitive details that would aid a man-in-the-middle bad actor, DOGE, to intercept the transfer and capture funds or banking account details.
RISK
A man-in-the-middle attack is what it sounds like, it characterizes a cyber attack where a bad actor has used means (either a back door or otherwise) to insert themselves in the middle of your transaction as a way to steal data. The risk of man-in-the-middle attacks for DOGE is unknown at this point so we will assume HIGH risk until proven otherwise - this is a tenant of ZERO TRUST.
Method: Use 2 cyber defense techniques: Air gap + break the chain of custody. Plan a contingency period for your cutover where you have reserve funds in the EXISTING account to allow for pending payments to process while you switch to the NEW account.
An Air Gap is a dead zone in the network, put in place for a purpose. In this case you can create an Air Gap between your EXISTING account and your NEW account by withdrawing cash from your EXISTING account, holding it, and then depositing it in your NEW account.
For extra security, consider depositing the cash in a NEW bank account at a different bank, this will break the chain of custody and all but guarantee that a man-in-the-middle attack is disarmed in the short term.
Cutover implementation process:
1. Write down all pending payments and automatic payments you have for the EXISTING account, leave that exact total in the EXISTING account + whatever minimum amount is required to keep the account active without fees.
2. Open a NEW account, either at the same bank or another bank for additional security (break the chain of custody)
3. Withdraw funds, cash, that are over the total you calculated in step 1.
4. Deposit withdrawn funds into the NEW account.
4.1. In parallel, schedule your automatic payments to switch over to the NEW account. Make sure you time this so that the NEW account has sufficient funds for automatic withdrawal.
5. Once all automatic accounts are switched over and the NEW account is sufficiently funded, CLOSE the EXISTING account.
6. Cutover is complete.
I am not a banking SME so would appreciate a peer review on this proposal for those that have specialized expertise in banking exchange (I'll request from my network as well).
Hope that helps in the meantime!
Thank you for explaining and for your valuable advice and insights. This is exactly what I began doing over a week ago, including timing the automatic withdrawals.
My original set up was: my husband’s retirement accounts and my SS went into our credit union. The credit union also receives any federal tax refund automatically.
A week ago we issued new authorizations to deposit the monthly retirement funds to the “new” bank from which all bills will be paid automatically. I removed existing auto transfers between the bank and the credit union to isolate the CU.
I voiced my concerns to our credit union and they instructed me to open a new checking account with them that will be kept totally separate from the original checking account. My incoming SS funds (if they still come!) will be withdrawn by check or cashed out and then deposited into the checking account for paying bills.
I hope this works.
Is cash, dollar bills, the best form to transfer, or can we use a cashier’s check or write a paper check from compromised account to the new account?
Love to you. Now I have to take notes, listing “to do”priorities, as I read your informative gifts again. Thank you
Just a couple things…
1. credit freeze is good but, realize that the 3 bureaus have processes in place for you to easily regain access to your credit. Each allow you to create a new account with your SSN & a new/different email address. Doge has access to all of our SSNs. Definitely since up with a service to monitor your credit.
2. Please don’t use Microsoft or Google 2FA they CANNOT be trusted! Authenticator app, yubikey or duo are much better options.
3. Secure your bank/creditunion account with a secret passcode when you talk them. Reiterate that nothing happens without this code. If you’ve received tax refund direct deposits ask the bank/CU to give you a new account number & don’t do direct tax refunds, ask for a check.
Great article otherwise… I’m also a Sr Cyber Analyst for the past 40yrs
Hi UnkleClyde— I’m new to all of this. Isn’t Google’s 2FA their Authenticator app?
Thank you. Let’s connect sometime if you like.
- CISSP and cyber risk professional here 🙏🛡️
Very helpful, but very terrifying. I had no idea the extent of danger we are in (cyber security wise). Thank you so much.
First, you are utterly amazing! 🤩 THANK YOU. I began doing many of these things in November and sharing the knowledge with friends but I think many thought I was going off the deep end. I work in an adjacent industry and we share many understandings about what is going on and how to respond and react. I am so grateful to you for putting this into actionable tasks. Now, that said - I never thought about the direct deposit bank account the IRS has 😩 Only considered tax refunds may not come. But I spent a lovely hour admittedly stoned (the only way I can be absorbing so much THIS lately) trying to figure out where that bank account connection resides. I’ve been all over TurboTax and Intuit - I don’t believe I even have an IRS account directly. It doesn’t seem Intuit stores it and it’s not added til the return is ready to transmit. Which may mean my taxes need to get done this weekend so I can change it to sending me a check (as if). But it still feels like the IRS must have my digits stored somewhere I can’t think of right now!
Thank you so much for this knowledge transfer. I’ll be taking the steps you indicated.
I am a pretty smart person and I understand very little of what you’ve said here.
Hi Kim, thank you for the feedback and reading. Are there specific points that are confusing? Would schematics help?
Cyber security has a high barrier to understanding because the terms and ideas are going to be new concepts for most. I am attempting to help decode what's pertinent to understand in order to block DOGE from doing bad things.
Does the idea of building a "moat" around your household via offline support make sense? The idea with a moat is to create distance between you and the those trying to steal your data and do bad things with it (bad actors) and then give you time to respond with additional protections.
Cyber security is most effective with as many layers of protections as possible but being offline will be the most secure posture you can adopt.
I felt similar to Kim. Your comment above outlining banking steps was more clear, so maybe having steps like that in the posts would be helpful? Or when you say kill switch do you just mean off power? With our devices, keep our phones on airplane mode unless in use? The same goes for any tech devices?
May I add here? Thank you, Lexi, this is all helpful. (And somewhere in heaven my father is muttering I told you so!) I have rudimentary understanding of what you are saying but I quickly run into issues like “we bank at a mega bank and must keep that for elderly parent reasons.” Is there value in creating new accounts at the same bank? Second, can I keep my direct deposit for salary income? What about my retirement accounts linked to this bank? What is the risk of DOGE or other bad actor being able to access retirement funds via bank account links? So my feedback is perhaps prioritizing alternative yet worthwhile actions in your schematic. Thank you.
Also: what if cash is no good? All changed to crypto?
I have this same question!
Hi, Lexi. Following your advice, I called a couple credit unions to ask about offline contingency plans and realized I didn’t exactly know what I was referring to. Are we working under the premise that no internet will be working at all, for individuals and the banks/credit unions? And, does “cloud-based” mean “internet” for us laypeople? I’m working my way slowly through your to-do list.
Thank you!
Thank you for posting. I’m the designated knowledge transfer for my extended family. A few questions:
- thoughts on VPN, do you see this as a means for encryption or will their capabilities just hack any VPN we use?
- does anyone know what Elon is doing to/with the systems i.e. system/image/data replication to a cloud? Installing XAi?
- should we be actively scrubbing data? What would this look like?
- what “canaries” should we be looking for?
Thanks!
Ar this point we have social security checks direct deposited. I'm assuming we should switch to paper checks and then should assume they'll never come either because of no staff there to process the change or they aren't planning on continuing to provide ss payments anyway.
I don’t think SS will even do checks anymore. I believe there’s a requirement that all payments be electronic.
So is the answer to set up an account that is used for ss/tax returns deposits ONLY and manually move funds over so there is no electronic internal transfer connection to that account?
What is the drop dead date for getting these tasks accomplished? Thank for all of your work!
3/14 I think
I thought I saw that but went back to confirm and couldn't find it. Thanks!