DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers

A young technologist known online as “Big Balls,” who works for Elon Musk’s so-called Department of Government Efficiency (DOGE), has access to sensitive US government systems. But his professional and online history call into question whether he would pass the background check typically required to obtain security clearances, security experts tell WIRED.

Edward Coristine, a 19-year-old high school graduate, established at least five different companies in the last four years, with entities registered in Connecticut, Delaware, and the United Kingdom, most of which were not listed on his now-deleted LinkedIn profile. Coristine also briefly worked in 2022 at Path Network, a network monitoring firm known for hiring reformed blackhat hackers. Someone using a Telegram handle tied to Coristine also solicited a cyberattack-for-hire service later that year.

Coristine did not respond to multiple requests for comment.

One of the companies Coristine founded, Tesla.Sexy LLC, was set up in 2021, when he would have been around 16 years old. Coristine is listed as the founder and CEO of the company, according to business records reviewed by WIRED.

Tesla.Sexy LLC controls dozens of web domains, including at least two Russian-registered domains. One of those domains, which is still active, offers a service called Helfie, which is an AI bot for Discord servers targeting the Russian market. While the operation of a Russian website would not violate US sanctions preventing Americans doing business with Russian companies, it could potentially be a factor in a security clearance review.

“Foreign connections, whether it’s foreign contacts with friends or domain names registered in foreign countries, would be flagged by any agency during the security investigation process,” Joseph Shelzi, a former US Army intelligence officer who held security clearance for a decade and managed the security clearance of other units under his command, tells WIRED.

A longtime former US intelligence analyst, who requested anonymity to speak on sensitive topics, agrees. “There’s little chance that he could have passed a background check for privileged access to government systems,” they allege.

Another domain under Coristine’s control is faster.pw. The website is currently inactive, but an archived version from October 25, 2022 shows content in Chinese that stated the service helped provide “multiple encrypted cross-border networks.”

Prior to joining DOGE, Coristine worked for several months of 2024 at Elon Musk’s Neuralink brain implant startup, and, as WIRED previously reported, is now listed in Office of Personnel Management records as an “expert” at that agency, which oversees personnel matters for the federal government. Employees of the General Services Administration say he also joined calls where they were made to justify their jobs and to review code they’ve written.

Other elements of Coristine’s personal record reviewed by WIRED, government security experts say, would also raise questions about obtaining security clearances necessary to access privileged government data. These same experts further wonder about the vetting process for DOGE staff—and, given Coristine’s history, whether he underwent any such background check.

The White House did not immediately respond to questions about what level of clearance, if any, Corisitine has and, if so, how it was granted.

At Path Network, Coristine worked as a systems engineer from April to June of 2022, according to his now-deleted LinkedIn résumé. Path has at times listed as employees Eric Taylor, also known as Cosmo the God, a well-known former cybercriminal and member of the hacker group UGNazis, as well as Matthew Flannery, an Australian convicted hacker whom police allege was a member of the hacker group LulzSec. It’s unclear whether Coristine worked at Path concurrently with those hackers, and WIRED found no evidence that either Coristine or other Path employees engaged in illegal activity while at the company.

“If I was doing the background investigation on him, I would probably have recommended against hiring him for the work he’s doing,” says EJ Hilbert, a former FBI agent who also briefly served as the CEO of Path Network prior to Coristine’s employment there. “I’m not opposed to the idea of cleaning up the government. But I am questioning the people that are doing it.”

Got a tip?

Are you a current or former US government employee? We’d like to hear from you. Using a nonwork phone or computer, contact the reporters securely on Signal at Andy.01 (Andy Greenberg), DavidGilbert.01 (David Gilbert), or +1 (347) 722-1347 (Lily Hay Newman).

Potential concerns about Coristine extend beyond his work history. Archived Telegram messages shared with WIRED show that, in November 2022, a person using the handle “JoeyCrafter” posted to a Telegram channel focused on so-called distributed denial of service (DDoS) cyberattacks that bombard victim sites with junk traffic to knock them offline. In his messages, JoeyCrafter—which records from Discord, Telegram, and the networking protocol BGP indicate was a handle used by Coristine—writes that he’s “looking for a capable, powerful and reliable L7” that accepts bitcoin payments. That line, in the context of a DDoS-for-hire Telegram channel, suggests he was looking for someone who could carry out a layer-7 attack, a certain form of DDoS. A DDoS-for-hire service with the name Dstat.cc was seized in a multinational law enforcement operation last year.

The JoeyCrafter Telegram account had previously used the name “Rivage,” a name linked to Coristine on Discord and at Path, according to Path internal communications shared with WIRED. Both the Rivage Discord and Telegram accounts at times promoted Coristine’s DiamondCDN startup. It’s not clear whether the JoeyCrafter message was followed by an actual DDoS attack. (In the internal messages among Path staff, a question is asked about Rivage, at which point an individual clarifies they are speaking about “Edward.”)

“It does depend on which government agency is sponsoring your security clearance request, but everything that you’ve just mentioned would absolutely raise red flags during the investigative process,” says Shelzi, the former US Army intelligence officer. He adds that a secret security clearance could be completed in as little as 50 days, while a top-secret security clearance could take anywhere from 90 days to a year to complete.

Coristine’s online history, including a LinkedIn account where he calls himself Big Balls, has disappeared recently. He also previously used an account on X with the username @edwardbigballer. The account had a bio that read: “Technology. Arsenal. Golden State Warriors. Space Travel.”

Prior to using the @edwardbigballer username, Coristine was linked to an account featuring the screen name “Steven French” featuring a picture of what appears to be Humpty Dumpty smoking a cigar. In multiple posts from 2020 and 2021, the account can be seen responding to posts from Musk. Coristine’s X account is currently set to private.

Davi Ottenheimer, a longtime security operations and compliance manager, says many factors about Coristine’s employment history and online footprint could raise questions about his ability to obtain security clearance.

“Limited real work experience is a risk,” says Ottenheimer, as an example. “Plus his handle is literally Big Balls.”