**CLASSIFIED // EYES ONLY // for YOUR SCREEN ONLY**

CLASSIFIED // EYES ONLY // FOR YOUR SCREEN ONLY

SNIPPET: “GHOST IN THE PIPELINE”

Sources with direct access to the San Francisco datacenter confirm that CISA’s official GitHub repository was not merely scraped—it was compromised at the root. A single, unredacted .env file, pushed to a public repo by a contractor on a Friday afternoon, contained live API keys, hardened SSH keys to three TSA-regulated airport cargo systems, and the raw credentials for a Department-wide AWS IAM role with AdministratorAccess.

But the real payload? A hidden branch named archive/eb-5, dated three days before the takedown, contains a full, structured dump of the 2024 National Critical Functions registry—including a previously unreported “Trigger List” of 47 private-sector backdoors. Each entry has a direct BGP community string, a CVE, and a counter-signature from a foreign state-aligned actor.

The leak wasn’t a hack. It was a simmering meltdown in the open. And the commit author’s email? A .mil address that, as of this writing, no longer exists in any directory.

The Feds are not comment-available. The repo has been force-deleted. But the clone count before the purge? 6,400+. And climbing. 🚨