“They get the one starving kid in Sudan that isn’t going to have a USAID bottle, and they make everything DOGE has done about the starving kid in Sudan.” — a White House official.

I’ve been a USAID contractor for most of the last 20 years. Not a federal employee; a contractor. USAID does most of its work through contractors. I’ve been a field guy, working in different locations around the world.

If you’ve been following the news at all, you probably know that Trump and Musk have decided to destroy USAID.  There’s been a firehose of disinformation and lies.  It’s pretty depressing.  

So here are a couple of true USAID stories — one political, one personal.


The political one first.  I worked for years in the small former Soviet republic of Moldova.



Moldova happened to be one of the few parts of the old USSR suitable for producing wine.  The other was Georgia, in the Caucasus.

The Soviets, in their central planning way, decided that both Moldova and Georgia would produce wine — but Georgia would produce the good stuff, intended for export and for consumption by Soviet elites.  Moldova would produce cheap sweet reds, which is what most Russians think wine is.

So for decades, Moldova produced bad wine and nothing but bad wine.  But Russians liked it, so that was okay.

Then the USSR collapsed.  And, well, Moldova continued to produce nasty cheap sweet reds, because that was all they could do.   By the turn of the century, wine was Moldova’s single biggest cash export.  And about 80% of that wine went straight to Russia.

This continued through the 1990s and into the early 2000s.  Meanwhile, Vladimir Putin came to power in Russia.  Back in 2003 or so, he wasn’t invading Russia’s neighbors… but he was already swinging a big stick in Russia’s “near abroad”, the former Soviet republics that he thought should still be under Russia’s thumb.  Which absolutely included Moldova.

So whenever the Moldovan government annoyed or offended Putin… or whenever he just wanted to yank their chain… the Russian Ministry of Health would suddenly discover that there was a “problem” with Moldovan wine.  And imports would be frozen until the “problem” could be resolved.  Since wine was Moldova’s biggest export, and most wine went to Russia, this meant that Russia could inflict crippling damage on Moldova’s economy literally at will.  

This went on for over a decade, with multiple Moldovan governments having to defer to Moscow rather than face crippling economic damage.

Enter USAID.  Over a period of a dozen years or so, USAID funded several projects to restructure the Moldovan wine industry. 

They brought in foreign instructors to teach modern methods.  They worked with the wine-growers to develop training courses.  They provided guarantees for loans so that farmers could buy new equipment.  They helped Moldovan farmers get access to new varieties of grapes… you get the idea.

(By the by, the wine project was not my project. But it was literally up the street from my project.  It was run by two people I know and deeply respect — one American, one Moldovan — so I had a ring-side seat for much of this.)

The big one was, they worked with the Moldovans on what we call market linkages.  That is, they helped them connect to buyers and distributors in Europe, and figure out ways to sell into the EU.  I say this was the big one, because on one hand the EU is the world’s largest market for wine!  But on the other hand, exporting wine into the EU is really hard.  There are a bunch of what we call NTBTs — “non-tariff barriers to trade”.  For starters, your wine has to be guaranteed clean and safe according to the EU’s very high standards.  That means it has to consistently pass a bunch of sanitary and health tests, and also your production methods have to be certified.  Then there are a bunch more requirements about bottling, labelling and packaging. 

The EU regulates the hell out of all that stuff.  Like, the “TAVA” number?  There’s a minimum font size for that.  If you print it too small, it’ll be bounced right back to you.  The glass of the bottle?   Has to be a sort that EU recycling systems can deal with.  The adhesive behind the label?  It can be rejected for being too weak (labels fall off) or too strong (recycling system can’t remove it).  There are dozens of things like that.

And then of course they had to do marketing.  Nobody in Europe had heard of Moldovan wines!  Buyers and distributors had to be talked into taking a chance on these new products.  This meant the Moldovan exporters needed lines of credit to stay afloat.  This in turn meant that Moldovan banks had to be talked into… you get the idea.

This whole effort took over a decade, from the early 2000s into the teens.

And in the end it was a huge damn success.  With USAID help, the Moldovan wine industry was completely restructured.  Moldova now exports about $150 million of wine per year, which is a lot for a small country — it’s over $50 per Moldovan.  And it went from exporting around 80% of its wine to Russia, to around 15%.  Most Moldovan wine (around 60%) now goes to the EU, with an increasing share going to Turkey and the Middle East.  



(If you’re curious: their market niche is medium to high end vins du table.  Not plonk, not fancy, just good midlist wines.  I can personally recommend the dryer reds, which are often much better than you’d expect at their price point.)

Russia tried the “ooh we found a sanitary problem” trick one last time a few years ago.  It fell completely flat.  Putting aside that it was an obvious lie — if something is safe for the EU, believe me, it is safe for Russia — Moldovan wine exporters had now diversified their markets to the point that losing Russian sales was merely a nuisance.  In fact, the attempt backfired: it encouraged the Moldovans to shift their exports even further away from Russia and towards the EU.

So that’s the political story.  Russia had Moldova on a choke chain.  Over a dozen years or so, USAID patiently filed through that chain and broke Moldova loose.  Soft power in action.  It worked.

Nobody knows this story outside Moldova, of course. 

Okay, that’s the political story.  Here’s the personal one.

Some years ago, I moved with my family to a small country that was recovering from some very unpleasant history.  They’d been under a brutal ethnically-based dictatorship for a while, and then there was a war.  So, this was a poor country where many things didn’t work very well.

While we were there, my son suddenly fell ill.  Very ill.  Later we found out it was the very rapid onset of a severe bacterial infection.  At the time all we knew was that in an hour or two he went from fine to running a super high fever and being unable to stand up. Basically he just… fell over. 

Wham, emergency room.  They diagnosed him correctly, thank God, and gave correct treatment: massive and ongoing doses of antibiotics.  But he couldn’t move — he was desperately weak and barely conscious — and there was no question of taking him out of the country.  We had to put him in the local hospital for a week, on an IV drip, until he was strong enough to come home.

If you’ve ever been in a hospital in a poor, post-war country… yeah at this point someone makes a dumb joke about the NHS or something.  No.  We’re talking regular blackouts, the electricity just randomly switching off.  Rusting equipment, crumbling concrete, cracked windows.  A dozen beds crammed into a room that should hold four or five. Everything worn and patched and held together with baling wire and hope.   

We’re talking so poor that the hospital didn’t have basic supplies.  Like, you would go into town and buy the kid’s medication, and then you’d also buy syringes for injections — because the hospital didn’t have syringes — and then you’d come back and give those thing to the nurse so that your kid could get his medication. 

In the pediatric ward, they were packing the kids in two to a bed. Because they didn’t have a lot of rooms, and they didn’t have a lot of beds. And kids are small, yeah?  

But there we were.  So into the hospital he went.  Here’s a photo:

— Take a moment and zoom in there.  Red-white-and-blue sticker, there on the bed?  It says “USAID:  From The American People”.

Every hospital bed in that emergency room had been donated by USAID.  I believe they were purchased secondhand in the United States, where they were old and obsolete.  But in this country… well, they didn’t have enough beds, and the beds that they had were fifty years old.  Except for those USAID beds.  Those were (relatively) modern, light and adjustable but sturdy, and easily mobile.  The hospital staff were using them to move kids around, and they were getting a lot of mileage from them.

And of course, every USAID bed had that sticker on it.  And so did some other stuff.  There was an oxygen system that a sick toddler was breathing from.  USAID sticker.  Couple of child-sized wheelchairs.  USAID stickers.  Secondhand American stuff — USAID was under orders to Buy American whenever possible — but just making a huge, huge difference here.

As I said, it was crowded in there.  Lots of beds, lots of kids, lots of anxious parents.  So we got to talking with the other parents, as one does.  A couple of people had a little English.  And so my wife mentioned that we were here working on a USAID project…

…and god damn that place lit up like an old time juke box.  “USAID!”  “USAID!”  People were pointing at the stickers, smiling.  “USAID!”   “America, very good!”  “Thank you!”  “USA!  USA!”  “Thank you!”

This went on longer than most of us would find comfortable.  When it finally settled down… actually, it never really did entirely settle down.  For the whole time our son was there, we had people — parents, nurses, even the hospital janitor — smiling at us and saying “USAID!”  “Very good!”  “Thank you!”

I’m not prone to fits of patriotic fervor.  But I’m not going to lie: right then it felt good to be American.

Anyway, USAID stories.  I could go on at considerable length.  This is my career, after all!  I could tell more stories, or comment and gloss at greater length on these.

But this is long enough already.  More some other time, perhaps.

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

Then, we learned that uncleared DOGE personnel had gained access to classified data from the US Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

The systems that DOGE is accessing are not esoteric pieces of our nation’s infrastructure—they are the sinews of government.

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

What makes this situation unprecedented isn’t just the scope, but also the method of attack. Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks. The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process.

But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.

The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error. These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.

The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data.

This is much more critical than the initial unauthorized access. These new servers have unknown capabilities and configurations, and there’s no evidence that this new code has gone through any rigorous security testing protocols. The AIs being trained are certainly not secure enough for this kind of data. All are ideal targets for any adversary, foreign or domestic, also seeking access to federal data.

There’s a reason why every modification—hardware or software—to these systems goes through a complex planning process and includes sophisticated access-control mechanisms. The national security crisis is that these systems are now much more vulnerable to dangerous attacks at the same time that the legitimate system administrators trained to protect them have been locked out.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

Now, the technical details of how these systems operate, their security protocols, and their vulnerabilities are now potentially exposed to unknown parties without any of the usual safeguards. Instead of having to breach heavily fortified digital walls, these parties  can simply walk through doors that are being propped open—and then erase evidence of their actions.

The security implications span three critical areas.

First, system manipulation: External operators can now modify operations while also altering audit trails that would track their changes. Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure. Third, and most critically, is the issue of system control: These operators can alter core systems and authentication mechanisms while disabling the very tools designed to detect such changes. This is more than modifying operations; it is modifying the infrastructure that those operations use.

To address these vulnerabilities, three immediate steps are essential. First, unauthorized access must be revoked and proper authentication protocols restored. Next, comprehensive system monitoring and change management must be reinstated—which, given the difficulty of cleaning a compromised system, will likely require a complete system reset. Finally, thorough audits must be conducted of all system changes made during this period.

This is beyond politics—this is a matter of national security. Foreign national intelligence organizations will be quick to take advantage of both the chaos and the new insecurities to steal US data and install backdoors to allow for future access.

Each day of continued unrestricted access makes the eventual recovery more difficult and increases the risk of irreversible damage to these critical systems. While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Assuming that anyone in the government still cares.

This essay was written with Davi Ottenheimer, and originally appeared in Foreign Policy.

Click here to go see the bonus panel!

Hovertext:
In devastating news, I was informed by patreon subscribers after this comic was complete that there is a Dutch town named Winkle, permitting a Winkle Winkle-Winkle Winkel Winkle Winkel Winkel.