5 takeaways about NPR's reporting on the whistleblower report about DOGE at the NLRB

When a team of advisers from President Trump's Department of Government Efficiency initiative arrived at the headquarters of the National Labor Relations Board, IT employees at the small, independent agency quickly became worried, according to a whistleblower declaration filed with Congress and shared with NPR.

The NLRB investigates and adjudicates complaints about unfair labor practices. Its databases store reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.

The DOGE employees, who are effectively led by Elon Musk, appeared to set their sights on accessing the NLRB's internal systems, removing sensitive data and covering their tracks.

"I can't attest to what their end goal was or what they're doing with the data," said the whistleblower, Daniel Berulis, in an interview with NPR. "But I can tell you that the bits of the puzzle that I can quantify are scary. ... This is a very bad picture we're looking at."

The whistleblower's disclosure to Congress and other federal overseers provides evidence of DOGE's access and activities. NPR's reporting across the federal government also makes it clear that DOGE's access to data is a widespread concern.

DOGE appeared to ignore standard security practices
Berulis says he was told by colleagues that DOGE employees demanded the highest level of access, what are called "tenant owner level" accounts inside the independent agency's computer systems. Those offer essentially unrestricted permission to read, copy and alter data, according to Berulis' disclosure to Congress.

When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, the IT staffers were told to stay out of DOGE's way, the disclosure continues.

For cybersecurity professionals, a failure to log activity is a cardinal sin and contradicts best practices.
"That was a huge red flag," said Berulis. "That's something that you just don't do. It violates every core concept of security and best practice."

According to the disclosure, someone had disabled controls that would prevent insecure or unauthorized mobile devices from logging on to the system without the proper security settings. There was an interface exposed to the public internet, potentially allowing malicious actors access to their systems. Internal alerting and monitoring systems were found to be manually turned off. Multifactor authentication was disabled.

Berulis tracked sensitive data leaving the agency's NxGen case management system "nucleus," inside the NLRB system. Then, he saw a large spike in outbound traffic leaving the network itself. That kind of spike is extremely unusual, he explained in the disclosure, because data almost never directly leaves from the NLRB's databases.

In fact, in the minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created DOGE accounts - and the person had the correct username and password, according to Berulis.

The NLRB's data is extremely sensitive and has little to do with DOGE's cost-cutting mission
DOGE's intentions with regard to the NLRB data remain unclear. Many of the systems DOGE embedded itself in across the rest of the government have payment or employment data - information that DOGE could use to evaluate which grants and programs to halt and whom to fire.

Elon Musk's businesses are the subject of NLRB investigations
There are multiple ongoing cases involving the NLRB and companies controlled by Musk. After a group of former SpaceX employees lodged a complaint with the NLRB, lawyers representing SpaceX, some of whom were recently hired into government jobs, filed suit against the NLRB. They argued that the agency's structure is unconstitutional.

DOGE has a pattern of seeking sensitive data and not protecting it
In over a dozen lawsuits in federal courts around the United States, judges have demanded that DOGE explain why it needs such expansive access to sensitive data on Americans, from Social Security records to private medical records and tax information. But the Trump administration has been unable to give consistent and clear answers, largely dismissing cybersecurity and privacy concerns.

The Trump administration could be trying to codify DOGE's practices into how the government shares information, said Kel McClanahan, the executive director of nonprofit public interest law firm National Security Counselors, who is representing federal employees in a lawsuit concerning the Office of Personnel Management's use of a private email server.

-------------------------
You can't spell "HATRED" without

"RED HAT"

DOGE Whistleblower Says He Was Stalked and Threatened After Raising Alarm

A federal employee whodescribed DOGE's actions within the federal government has said he was stalked and threatened by an unknown person while he was compiling his disclosure on the department.

Daniel J. Berulis, an employee at the National Labor Relations Board (NLRB), came forward against recent activity by Elon Musk's Department of Government Efficiency (DOGE) because he said he was concerned its work at NLRB "resulted in a significant cybersecurity breach that likely has and continues to expose our government to foreign intelligence and our nation's adversaries."

Berulis' lawyer, Andrew P. Bakaj from Whistleblower Aid disclosed: "While my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis' home door with photographs - taken via a drone - of him walking in his neighborhood.

"The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB systems."


-------------------------
You can't spell "HATRED" without

"RED HAT"

It seems that DOGE is just a cover for MuSSk to harvest data and possibly alter data or change code to allow backdoor access.

He ain't doing this because he is a great patriot.

The waste fraud and abuse they have reported is sketchy at best, is often wrong, and they aren't anywhere close to what they thought they could do.
It is a bust.
It would have been better not to fire the IGs and put out a directive to aggressively and thoroughly scrub each agency and mission and see what shakes out...but that would require real work and can't be done by virgin goons running AI to sort data.

They have been successful in breaking several agencies and causing much chaos in the gov't system...so that is probably a win to them.


-------------------------
If I should ever die, God forbid, let this be my epitaph: THE ONLY PROOF HE NEEDED FOR THE EXISTENCE OF GOD WAS MUSIC - KV


Edited: 04/18/2025 at 08:36 AM by Bamboo

Gotta shut down those NPR commies and their ethical reporting.
Only the billionaires know how to do it right.

Was once a maga on here opposed to regulatory capture by corporations. How does he feel about naked kleptocracy? Probably likes it because the censorship it is instituting protects his free speech from chemtrails, vaccines, brown people, and trannies.

-------------------------
...