DOGE Agent: Edward Coristine

Musk Connections: former Neuralink intern

DOGE Deployments: Department of Homeland Security (DHS), United States Agency for International Development (USAID), Office of Personnel Management (OPM), General Services Administration (GSA), and the State Department

• Late-January and early-February 2025 reporting from Wired identified Edward Coristine as an employee for Elon Musk’s DOGE initiative. The 19-year old engineer is a recent high-school graduate and one of DOGE’s youngest known staffers.

• Coristine was a summer intern at Musk’s Neuralink, and reportedly views Musk as a personal “idol.” “‘He just thinks Elon [Musk] is a genius entrepreneur and admired his work and wanted to follow his tracks somewhat in the entrepreneurial space,’ the source said.”

• Coristine has no professional experience in politics or government, yet wields considerable authority across multiple agencies within the federal government. 
  • According to Wired, Coristine’s resume “lists jobs as a camp counselor and a bicycle mechanic among his professional experiences, as well as a summer role at Neuralink, Musk’s brain-computer interface company.” 

CORISTINE SITS ATOP A NUMBER OF FEDERAL AGENCIES AND HAS SEEMINGLY UNFETTERED ACCESS TO CLASSIFIED INFORMATION AND DATA SYSTEMS 

• According to Wired, Coristine is an “expert” at OPM who reports directly to the agency’s Chief of Staff Amanda Scales, another DOGE representative. 

• Coristine also reportedly enjoys “A-suite level clearance at the GSA,” meaning that he works “out of the agency’s top floor and ha[s] access to all physical spaces and IT systems.” 
  • GSA staff interviewed by Wired said that Coristine “appeared on calls where workers were made to go over code they had written and justify their jobs.” 
  • According to Bloomberg, Coristine “and other colleagues have discussed how they can use [GSA datasets] to potentially replace government employees with artificial intelligence and train chatbots to do the work.”

• Further reporting from The Washington Post and Nextgov/FCW revealed that Coristine also holds senior advisor positions at DHS and the State Department’s Bureau of Diplomatic Technology, as well as an official email associated with USAID’s Office of the Chief Information Officer. 
  • Wired, CNN, and the Associated Press have all reported that DOGE personnel were successfully able to gain access to classified information and security systems at USAID. Agency security officials that opposed DOGE’s initial attempts were forced out. 
    • According to Bloomberg, Coristine has discussed how this information could be used to “to potentially replace government employees with artificial intelligence and train chatbots to do the work.”

• Similarly, The Washington Post reported that Coristine’s position at the Bureau of Diplomatic Technology could potentially give him visibility into “all of the [State] department’s IT and data management functions.” 

CORISTINE’S HIGH-LEVEL ROLES CREATE SECURITY CONCERNS GIVEN AN ALLEGED HISTORY OF PROFESSIONAL MISCONDUCT…

• On February 7, 2025, Bloomberg reported that Coristine was allegedly fired from an internship with a cybersecurity firm for leaking proprietary information in 2022:
  • “‘Edward has been terminated for leaking internal information to the competitors,’ said a June 2022 message from an executive of the firm, Path Network, which was seen by Bloomberg News. “This is unacceptable and there is zero tolerance for this.” A spokesperson for the Arizona-based hosting and data-security firm said Thursday: ‘I can confirm that Edward Coristine’s brief contract was terminated after the conclusion of an internal investigation into the leaking of proprietary company information that coincided with his tenure.’” 

…AND POTENTIAL TIES TO ONLINE CYBERCRIMINAL COMMUNITIES UNDER THE ALIASES “RIVAGE” AND “JOEYCRAFTER”

• According to Bloomberg, Coristine used various online aliases to communicate with—and solicit services from—alleged cybercriminals: 
  • “Two US law enforcement officials who investigate cybercrimes told Bloomberg they’ve been tracking online chat rooms that Coristine and others participated in for at least a year. The officials, who requested anonymity because they are not authorized to publicly discuss their work, said they first became aware of him, under the usernames ‘Rivage’ and ‘JoeyCrafter,’ while investigating an alleged hacker who Coristine was communicating with in an online forum.”
  • “In one message from November 2022 seen by Bloomberg News, the ‘JoeyCrafter’ persona wrote: ‘Looking for capable, powerful & reliable L7.’ That message, posted in a Telegram group, refers to a type of cyber attack that knocks out websites with overwhelming internet traffic, according to three people familiar with that type of attack and its terminology, who asked not to be identified citing the sensitivity of the matter. It’s unclear whether he acquired or used the application.”

• Additional reporting from independent cybersecurity journalist Brian Krebs has further linked Coristine to “‘The Com,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.”
  • “Internet routing records show that Coristine runs an Internet service provider called Packetware (AS400495). Also known as ‘DiamondCDN,’ Packetware currently hosts tesla[.]sexy and diamondcdn[.]com, among other domains. DiamondCDN was advertised and claimed by someone who used the nickname ‘Rivage’ on several Com-based Discord channels over the years. A review of chat logs from some of those channels show other members frequently referred to Rivage as ‘Edward.’”
  • According to Krebs, Coristine solicited hacking services in an online channel that was seized by international law enforcement:
    • “In November 2022, Rivage could be seen requesting recommendations for a reliable and powerful DDoS-for-hire service. Rivage made that request in the cybercrime channel ‘Dstat,’ a core Com hub where users could buy and sell attack services. Dstat’s website dstat[.]cc was seized in 2024 as part of ‘Operation PowerOFF,’ an international law enforcement action against DDoS services.”

EQUALLY CONCERNING IS CORISTINE’S RACIST, MISOGYNISTIC, AND GENERALLY PROBLEMATIC DIGITAL FOOTPRINT.

• MuskWatch reported that Coristine created multiple URLs that referenced racist and misogynistic violence through his image hosting website, tesla.sexy:
  • “An analysis of URL traffic to tesla.sexy between April 2021 and September 2021 shows that numerous noxious URLs redirected to Coristine’s site, including, ‘children-sex.party,’ ‘child-porn.store,’ ‘kkk-is-cool.club,’ ‘[n***a].rentals,’ ‘[n***a]-sex.download,’ ‘owns-a-slave.shop,’ ‘raping-women.club,’ ‘ketamine-rape.date,’ ‘rape.business,’ and ‘rapes-wo.men.’”

• Coristine’s digital history follows a pattern of disturbing online behavior from DOGE employees, like Gavin Kliger and Marko Elez. In early-February, Elez resigned from DOGE in light of reporting on his now-deleted racist social media posts. However, Musk immediately announced his plans to rehire the staffer.

• According to Wired, Coristine referred to himself as “Big Balls” on his now-deleted Linkedin account.