Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security

“Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level of access,” Berulis wrote of their instructions after that meeting. Tim Bearese, the NLRB’s acting press secretary, told NPR that DOGE neither requested nor received access to its systems, and that “the agency conducted an investigation after Berulis raised his concerns but ‘determined that no breach of agency systems occurred.'” The NLRB did not respond to questions from KrebsOnSecurity. Nevertheless, Berulis has shared a number of supporting screenshots showing agency email discussions about the unexplained account activity attributed to the DOGE accounts, as well as NLRB security alerts from Microsoft about network anomalies observed during the timeframes described. Berulis shared a screenshot of an agency-wide email dated April 16 from NLRB director Lasharn Hamilton saying DOGE officials had requested a meeting, and reiterating claims that the agency had no prior “official” contact with any DOGE personnel. Berulis found that on March 3 one of the DOGE accounts created an opaque, virtual environment known as a “container,” which can be used to build and run programs or scripts without revealing its activities to the rest of the world. “Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating,” Berulis wrote. The complaint documents a one-month period beginning March 3, during which DOGE officials reportedly demanded the creation of all-powerful “tenant admin” accounts in NLRB systems that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts. Berulis writes that on March 3, a black SUV accompanied by a police escort arrived at his building — the NLRB headquarters in Southeast Washington, D.C. The DOGE staffers did not speak with Berulis or anyone else in NLRB’s IT staff, but instead met with the agency leadership. The complaint alleges that by March 17 it became clear the NLRB no longer had the resources or network access needed to fully investigate the odd activity from the DOGE accounts, and that on March 24, the agency’s associate chief information officer had agreed the matter should be reported to US-CERT. A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. Berulis said he and his colleagues grew even more alarmed when they noticed nearly two dozen login attempts from a Russian Internet address (83.149.30,186) that presented valid login credentials for a DOGE employee account — one that had been created just minutes earlier. Berulis told KrebsOnSecurity he was in the process of filing a support ticket with Microsoft to request more information about the DOGE accounts when his network administrator access was restricted. On March 5, Berulis documented that a large section of logs for recently created network resources were missing, and a network watcher in Microsoft Azure was set to the “off” state, meaning it was no longer collecting and recording data like it should have. Berulis shared screenshots with KrebsOnSecurity showing that on the day the NPR published its story about his claims (April 14), the deputy CIO at NLRB sent an email stating that administrative control had been removed from all employee accounts. Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases. An email from Daniel Berulis to his colleagues dated March 28, referencing the unexplained traffic spike earlier in the month and the unauthorized changing of security controls for user accounts. “They came in and took full administrative control and locked everyone out, and said limited permission will be assigned on a need basis going forward” Berulis said of the DOGE employees. But Berulis said that between April 3 and 4, he and the associate CIO were informed that “instructions had come down to drop the US-CERT reporting and investigation and we were directed not to move forward or create an official report.” Berulis said it was at this point he decided to go public with his findings. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account. A “readme” file in one of the code bundles explained it was created to rotate connections through a large pool of cloud Internet addresses that serve “as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Brute force attacks involve automated login attempts that try many credential combinations in rapid sequence.

This Cyber News was published on krebsonsecurity.com. Publication date: Tue, 22 Apr 2025 03:00:04 +0000


Cyber News related to Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security

Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security - “Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level ...
1 month ago Krebsonsecurity.com
U.S DOGE Allegedly Hacked - Fed Whistleblower Leaked Most Disturbing Documents - A federal whistleblower “Daniel Berulis”, A senior DevSecOps architect has allegedly sent a affidavit document of a U.S DOGE significant data breach at the National Labor Relations Board (NLRB), claiming that personnel from the Department ...
1 month ago Cybersecuritynews.com
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - So far, Musk and his Department of Government Efficiency (DOGE) have accessed the computer systems of the Department of Treasury, as well as classified data from the US Agency for International Development (USAID) and the Office of Personnel ...
3 months ago Darkreading.com
DOGE Worker’s Code Supports NLRB Whistleblower – Krebs on Security - The whistleblower stated that one of the GitHub files downloaded by the DOGE employees who transferred sensitive files from an NLRB case database was an archive whose README file read: “Python library to utilize AWS API Gateway’s large IP ...
1 month ago Krebsonsecurity.com
DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News - Concerns about DOGE’s activities at the IRS are being amplified by the lack of transparency about what exactly is being accessed and why, especially since the executive order creating DOGE indicated the group would be attempting to modernize IT and ...
3 months ago Therecord.media
Elon Musk's DOGE Website Database Vulnerability Let Anyone Make Entries Directly - A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. Sam Curry, a coding expert, noted that the ...
3 months ago Cybersecuritynews.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
7 months ago Aws.amazon.com
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
2 months ago Krebsonsecurity.com
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs – Krebs on Security - An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for ...
4 weeks ago Krebsonsecurity.com
New Limitations Placed on DOGE's Access to Private Social Security Information - A federal judge has issued a preliminary injunction that significantly limits the Department of Government Efficiency’s (DOGE) access to sensitive Social Security Administration (SSA) data. The decision comes amid heightened concerns over data ...
1 month ago Cybersecuritynews.com
DOGE to Fired CISA Staff: Email Us Your Personal Data – Krebs on Security - On Monday, The New York Times reported that U.S. Secret Service agents at the White House were briefly on alert last month when a trusted captain of Elon Musk’s “Department of Government Efficiency” (DOGE) visited the roof of the ...
2 months ago Krebsonsecurity.com
SpaceX Sues US Agency That Alleged Illegal Firings - Elon Musk's SpaceX comes out swinging against US agency that accused it of illegally firing staff critical of Musk. Elon Musk is no stranger to lawsuits, as evidenced after SpaceX hit back and sued a US labour board that had logged a serious ...
1 year ago Silicon.co.uk
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - – Exploitation of zero-day vulnerabilities or watering hole attacks (compromising websites frequented by the target).Establishing a Foothold– Attackers deploy malware to create backdoors or tunnels for undetected movement within the ...
3 months ago Cybersecuritynews.com APT41
Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security - Incredibly, the president’s memo seeking to ostracize Krebs stands reality on its head, accusing Krebs of promoting the censorship of election information, “including known risks associated with certain voting practices.” Trump also ...
1 month ago Krebsonsecurity.com Hunters
Apple Violates US Labor Laws, NLRB Finds After Reviewing Employee Complaints - Apple violated US labor laws through various workplace rules and statements made by executives, National Labor Relations Board (NLRB) officials determined after reviewing allegations from two former employees. An NLRB official will file a formal ...
2 years ago Packetstormsecurity.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
7 months ago Helpnetsecurity.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
Ex-Ubiquiti Programmer Admits to Attempting to Blackmail Company - Nickolas Sharp, a former employee of Ubiquiti, a networking device maker, pleaded guilty today to stealing a large amount of data from the company's network and attempting to extort them while pretending to be an anonymous hacker and whistleblower. ...
2 years ago Bleepingcomputer.com
Enhancing firewall management with automation tools - Help Net Security - In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance. Firewall rule ...
7 months ago Helpnetsecurity.com
Security Analysis of a Thirteenth-Century Venetian Election Protocol - This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its ...
1 year ago Schneier.com
Top 10 Best Linux Firewalls - 2025 - It protects computers/networks via secure programming.1. Old PCs only boot from CDROM, while network boot requires a net card with a boot ROM.2. Its web interface is very user-friendly and makes usage easy.2. User-created rules take longer to ...
2 months ago Cybersecuritynews.com
Why We Need Cybersecurity Whistleblowers - While some see the practice as noble, others may associate it with disgruntled employees seeking revenge on their employers. Despite the potential controversy, whistleblowers are an essential part of cybersecurity. When you take an objective, ...
1 year ago Feeds.dzone.com
New FOG Ransomware Attack Mimic as DOGE Attacking Organization Via Weaponized Email - The campaign, identified through analysis of nine samples uploaded to VirusTotal between March 27 and April 2, 2025, shows a concerning evolution in ransomware tactics that blend political references with advanced technical capabilities. ...
1 month ago Cybersecuritynews.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com