Whistleblower claims to have seen Russian login attempts with correct credentials commenced minutes after DOGE accounts were used.
Turns out the United States’ new Department of Government Efficiency or DOGE sure lives up to it’s namesake. According to a whistleblower report, it barely took a few minutes after DOGE workers had accounts created in the National Labor Relations Board (NLRB) for the system to receive login attempts from Russia featuring the correct user credentials. Now that’s efficient.
ArsTechnica has the initial report on what appears to be a pretty damning account of the Elon Musk-helmed DOGE’s activities against national security interests.
The report has been filed by NLRB employee and DevSecOps architect, Daniel Berulis, who noticed multiple redflags around DOGE’s behaviour. This included the blatant dismissal of usual procedure leading to the creation of accounts with far greater security access than what was needed for the proposed function for DOGE employees. Berulis has also reported receiving threats to his home which included drone footage of Berulis at his home address.
“Mr. Berulis is coming forward today because of his concern that recent activity by members of the Department of Government Efficiency (‘DOGE’) have resulted in a significant cybersecurity breach that likely has and continues to expose our government to foreign intelligence and our nation’s adversaries,” said a letter from the group Whistleblower Aid to the Senate Select Committee on Intelligence leaders and the US Office of Special Counsel.
The letter from Berulis and Whistleblower Aid as well as Berulis’ sworn declaration, and other supporting information are all available for public perusal.
“This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and—concerningly—near real-time access by users in Russia,” Whistleblower Aid Chief Legal Counsel Andrew Bakaj explains. “Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (e.g. Usernames/Passwords). This, combined with verifiable data being systematically exfiltrated to unknown servers within the continental United States—and perhaps abroad—merits investigation.”
“Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE-related activities, and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating,” Berulis writes in his declaration. “There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.”
But it was more than just dodgy login attempts, on March 7 Berulis writes he “started tracking what appeared to be sensitive data leaving the secured location.” The data amounted to around 10 GBs, but thanks to the odd security demands DOGE had for its accounts, he couldn’t track what the data actually was.
Bakaj also penned a letter to senators as well as the Office of Special Counsel requesting “that both law enforcement agencies and Congress initiate an immediate investigation into the cybersecurity breach and data exfiltration at NLRB and any other agencies where DOGE has accessed internal systems.” Bakaj’s statement said he was told to drop the investigation and cease reporting concerns as the NLRB denied any breach.
“Tim Bearese, the NLRB’s acting press secretary, denied that the agency granted DOGE access to its systems and said DOGE had not requested access to the agency’s systems,” according to NPR. “Bearese said the agency conducted an investigation after Berulis raised his concerns but ‘determined that no breach of agency systems occurred.'”
Furthermore it appears Berulis actions have put him in the firing line for desperate blackmail attempts. On April 7 these incidents were reported to the police, with Bakaj explaining someone “taped a threatening note to Mr. Berulis’ home door with photographs—taken via a drone—of him walking in his neighborhood.”
He continues, stating: “The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB systems.”
So far what we have developing here is a story full of twists and turns. I can’t wait to see what happens next time we get an update from this government espionage tale featuring a billionaire megalomaniac, Russian hackers, whistleblower campaigns, coverup conspiracies, and even blackmail by drone.
I can’t believe they left us on a cliffhanger like this.
Best gaming monitor: Pixel-perfect panels.
Best high refresh rate monitor: Screaming quick.
Best 4K monitor for gaming: High-res only.
Best 4K TV for gaming: Big-screen 4K PC gaming.
About Post Author
