I’m telling you, and I’ve said this before, when the members of the DOGE and pony show appeared in their workplaces, federal employees should have stacked sandbags around their cubicles and locked and barricaded their offices. They should have hung bedsheets out their windows proclaiming their resistance, the way the AIM occupiers did at Alcatraz long ago. Let the bastards at least work to take over. Because nobody listens to me, look what happened. From NPR:
In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board. ... The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB’s internal systems. They’ve said their unit’s overall mission is to review agency data for compliance with the new administration’s policies and to cut costs and maximize efficiency
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It’s possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets—data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
Data leaving the agency, you say?
The employees grew concerned that the NLRB’s confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure.
Excuse me? The attempts from where?
Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing security breach or potentially illegal removal of personally identifiable information. The whistleblower believes that the suspicious activity warrants further investigation by agencies with more resources, like the Cybersecurity and Infrastructure Security Agency or the FBI.
Personally, I’d have called in Interpol, or perhaps the Avengers Initiative.
The new revelations about DOGE’s activities at the labor agency come from a whistleblower in the IT department of the NLRB, who disclosed his concerns to Congress and the U.S. Office of Special Counsel in a detailed report that was then provided to NPR. Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone “physically taping a threatening note” to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.
And it’s not just the NLRB. This legion of super-moles has spread out throughout the executive agencies, breaching security willy-nilly, gathering data, and sending it out into the world, where it could be shared and, if necessary, transliterated into Cyrillic.
The whistleblower’s story sheds further light on how DOGE is operating inside federal systems and comes on the heels of testimony in more than a dozen court cases across the United States that reveal how DOGE rapidly gained access to private financial and personal information on hundreds of millions of Americans. It’s unclear how or whether DOGE is protecting the privacy of that data. Meanwhile, the threatening note, though its origins are unknown, is reflective of the current climate of fear and intimidation toward whistleblowers.
And that’s the other half of this dung sandwich. The DOGE moles are hiding everything that they’re actually doing.
When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, the IT staffers were told to stay out of DOGE’s way, the disclosure continues. For cybersecurity professionals, a failure to log activity is a cardinal sin and contradicts best practices as recommended by the National Institute of Standards and Technology and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as well as the FBI and the National Security Agency.
That’s a red flag you can see from Mars.
DOGE, of course, is directed by Elon Musk, and it’s possible even for the most committed cyber Luddite to see how nice it would be for the Boss to have access to his employees’ confidential NLRB files. And that, at least, is the kind of plutocratic shenanigans with which we’re all pretty familiar going back to the days of the Pinkertons shaking down witnesses.
The story comes to us courtesy of a former NLRB cyber official named Daniel Berulis, who has gone wide and public with what he saw after DOGE came to call.
First, at least one DOGE account was created and later deleted for use in the NLRB’s cloud systems, hosted by Microsoft: “DogeSA_2d5c3e0446f9@nlrb.microsoft.com.” Then, DOGE engineers installed what’s called a “container,” a kind of opaque virtual computer that can run programs on a machine without revealing its activities to the rest of the network. On its own, that wouldn’t be suspicious, though it did allow the engineers to work invisibly and left no trace of its activities once it was removed. Then, Berulis started tracking sensitive data leaving the places it’s meant to live, according to his official disclosure. First, he saw a chunk of data exiting the NxGen case management system’s “nucleus,” inside the NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.
And that is a red flag you can see from Alpha Centauri.
Despite being threatened, Berulis continued to explore the strange goings-on that began when the DOGE moles arrived—strange activities involving sensitive data, and strange activities aimed at covering up the strange activities involving data.
Within minutes after DOGE accessed the NLRB’s systems, someone with an IP address in Russia started trying to log in, according to Berulis’ disclosure. The attempts were “near real-time,” according to the disclosure. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created DOGE accounts—and the person had the correct username and password, according to Berulis. While it’s possible the user was disguising their location, it’s highly unlikely they’d appear to be coming from Russia if they wanted to avoid suspicion, cybersecurity experts interviewed by NPR explained.
It’s hard to admit it, but the presidencies of Donald Trump are going to be with us for decades.
