A member of Elon Musk’s Department of Government Efficiency (DOGE) Service, a group of individuals working on “modernizing federal technology and software to maximize governmental efficiency and productivity,” has been linked to a cybercrime group that allegedly trafficked in stolen data and engaged in online harassment, according to digital records reviewed by Reuters.
Edward Coristine, a 19-year-old technologist within the DOGE initiative, reportedly operated a company that provided services to a cybercriminal group known as EGodly. This group, according to records and cybersecurity analysts, claimed responsibility for various illicit online activities, including the publication of sensitive information belonging to law enforcement officials.
Coristine has gained prominence as one of the most recognizable figures within Musk’s DOGE team, which is working to reform government processes through technology. The group has been given access to federal systems as part of its mission to reduce bureaucracy and improve efficiency. While much attention has been paid to Coristine’s young age and his online alias, “Big Balls,” recent findings suggest that prior to his government involvement, he operated a technology company called DiamondCDN. This firm reportedly offered network services, including cybersecurity tools and Distributed Denial-of-Service (DDoS) protection, which were used by a website linked to EGodly.
According to digital records from cybersecurity tools DomainTools and Any.Run, the EGodly website, dataleak.fun, was associated with internet addresses registered to DiamondCDN and other entities linked to Coristine between October 2022 and June 2023. A message posted in February 2023 on EGodly’s Telegram channel expressed gratitude to Coristine’s company. It stated, “We extend our gratitude to our valued partners DiamondCDN for generously providing us with their amazing DDoS protection and caching systems, which allow us to securely host and safeguard our website.”
Coristine has not responded to requests for comment, and Musk’s DOGE team—though widely recognized for its government-affiliated work—has not addressed inquiries regarding his role. Officials from the State Department and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed that Coristine’s name appears in their respective staff directories as a “senior adviser.” While his official role within these agencies is unclear, Coristine describes himself on LinkedIn as a “Volunteer (Intern) Plumber” for the U.S. government.
EGodly’s Telegram activity over the past year has included claims of cyberattacks, data breaches, and harassment campaigns. The group allegedly targeted an FBI agent investigating them, leaking personal details such as a phone number and home address. The agent, now retired, declined to comment on whether the FBI had investigated EGodly but confirmed that the group was linked to swatting incidents — a dangerous form of harassment where false emergency calls lead to armed law enforcement responses at victims’ homes. While Reuters could not independently verify all of EGodly’s claims, it was able to authenticate certain aspects, including a video showing an unknown individual driving past the agent’s residence in Wilmington, Delaware, and shouting an obscene remark linked to EGodly.
Cybersecurity experts have raised concerns about Coristine’s past involvement with a group like EGodly, even if the connection was temporary. Nitin Natarajan, former deputy director of CISA, stated that the recency of these alleged activities raises questions about security risks associated with individuals who have had ties to cybercriminal groups. “This stuff was not in the distant past,” Natarajan told Reuters. “The recency of the activity and the types of groups he was associated with would definitely be concerning.”
