[HN Gopher] DOGE Worker's Code Supports NLRB Whistleblower
___________________________________________________________________
DOGE Worker's Code Supports NLRB Whistleblower
Author : todsacerdoti
Score : 431 points
Date : 2025-04-23 20:48 UTC (2 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| tw04 wrote:
| Someone needs to go to prison over this. It's not just a
| misunderstanding, it is an intentional attack on every US
| citizen.
| the_optimist wrote:
| Explain please.
| dmbche wrote:
| https://krebsonsecurity.com/2025/04/whistleblower-doge-
| sipho...
| malfist wrote:
| If I told you someone went to your bank and demanded the
| right to setup accounts with permissions to do everything and
| to have all logging of that users activity disabled, and then
| a whistleblower pointed out that they downloaded everyone's
| bank statements, you'd probably be pretty up set.
|
| After all, why do they need unfettered access? Why do they
| need your bank statements? Why do they need to hide what
| they're doing with the unfettered access?
|
| That's what's happening here. There is no good explanation
| other than bad actors
| MOARDONGZPLZ wrote:
| The complaint alleges that DOGE was able to get unlimited-
| permissions admin accounts that were not subject to logging.
| They also downloaded external repositories that gave users of
| those repos lots of different IPs. The complaint further
| alleges that the DOGE person used the combination of these
| things to "download... more than 10 gigabytes of data from
| the agency's case files, a database that includes reams of
| sensitive records including information about employees who
| want to form unions and proprietary business documents."
|
| If this is all true, this is basically hacking sensitive data
| in the open. We already know the current administration has
| worked to hobble unions. So putting these things together,
| this act is not only wrong in and of itself, but the data is
| likely going to be used to harm americans' interests. So,
| deserving of punishment.
| alabastervlog wrote:
| And they _fucking illegally fired_ the IGs who are supposed
| to act as watchdogs for and light-shiners-on-of blatantly-
| illegal activity like this in the executive. The ones we
| added after Nixon 's crimes. It was one of the first
| actions of the administration, blanket firing without
| actual cause, which is supposed to be required, and without
| the required notice-period to Congress.
|
| That should have exhausted any benefit of the doubt right
| off the bat, even among those inclined to think Trump's
| maybe not great but also some ordinary amount of bad for a
| politician. You don't do that unless you fully intend to do
| some crimes. Not only that, they were so goddamn eager to
| crime that they couldn't wait the 30 days or whatever. They
| _intended to do criminal shit immediately_.
| EvanAnderson wrote:
| I wish the firings of the IGs was something that "Joe
| Sixpack" understood. Honestly, even that the IGs
| exist(ed).
|
| (It wouldn't change the opinions of anybody who matters,
| I suppose.)
| mingus88 wrote:
| If you take a step back and realize that the intent is to
| utterly destroy the social safety net provided by social
| security, Medicare, etc that we have all been paying into our
| entire adult lives, tell me why every citizen affected should
| not pursue civil and criminal charges of theft and fraud with
| malicious intent?
|
| And then the means to do so have involved ignoring the courts
| and bypassing constitutional checks and balances? Please tell
| me how this isn't criminal if not treasonous?
| Cthulhu_ wrote:
| Sensitive government data was (sure, allegedly) extracted to
| Russia via an account that was expressly created to hide /
| not create logs. This is treason. Allegedly.
| goatlover wrote:
| This administration is doing a lot of things that are
| borderline treasonous. Hopefully they get prosecuted when
| they get voted out or ideally get removed form power.
| alabastervlog wrote:
| Trump will blanket-pardon anyone who's still on his good
| side. And maybe some who aren't, just to limit the reach
| of investigations. And Trump himself's untouchable--while
| it remains technically possible to criminally prosecute a
| President for actions in office, it's in-practice
| impossible short of some unlikely hypothetical scenarios,
| thanks to the Supreme Court (the Roberts court _loves_
| leaving things technically intact, but actually not)
| candiddevmike wrote:
| The people who need to see/understand this live in a different
| reality where uncomfortable things like this are ETL'd into
| righteous anger towards people they don't like.
|
| This is the deep state they've been worried about, this is the
| boot that will tread on them.
|
| EDIT: parent comment was highest ranked comment for the article
| and is now at the bottom?
| j2kun wrote:
| A twisted justification for suggesting someone who broke
| serious laws not face consequences.
|
| We live in a nation of laws, whether or not conspiracy-minded
| individuals prefer to follow them.
| threatofrain wrote:
| We live in a nation of peers before we live in a nation of
| laws.
| Aeolun wrote:
| > We live in a nation of laws
|
| You stopped living in a nation of laws a while ago. Now you
| live in a nation of might makes right.
| bilbo0s wrote:
| We'll see.
|
| The thing about the law in the US, it's slow and heavy.
| You'll need to be pretty mighty to move it if it catches
| up to you.
| jayd16 wrote:
| Justice delayed is justice denied.
| myko wrote:
| I would have agreed years ago, but seeing trump - who
| obviously should be in prison for January 6th, among
| other crimes - back in the WH pretty much proves the US
| is not a nation of laws.
| bagels wrote:
| Supreme court gave Trump a pass on all his crimes. We
| have already seen. No more waiting is necessary to find
| out.
| tines wrote:
| All the evidence is contrary to your assertion that we live
| in a nation of laws.
| awesome_dude wrote:
| Laws are only as strong as the enforcement.
|
| One of the things that is being exposed by the current
| administration is that, even though the Judiciary is an arm
| of the government, and supposed to provide a check on the
| Executive, the reality is that the Executive has the power
| to pardon anyone it sees fit, voiding the power of the
| judiciary (the argument is that the ultimate power lies
| with the voters who can pass their judgement on the
| Executive, and its use of its powers, by voting them out,
| hopefully)
| BrenBarn wrote:
| > Laws are only as strong as the enforcement.
|
| This is one of the fundamental issues that underlies our
| broken system in the US. The gaps between what the law
| actually is, what people think it is, what people want it
| to be, and what it in practice is, are enormous.
|
| Some of the recent deportation cases highlight this. You
| have cases where people were living in the US illegally
| for decades but faced no repercussions, and now people
| are upset because they were suddenly detained and/or
| deported. Virtually all the framing I see is about how
| it's a sudden and horrible injustice that they were
| detained during a "routine" ICE check-in --- very little
| about how we have accumulated this palimpsest of rules
| and enforcement policies resting on laws which don't
| actually encode the state of affairs most people want.
|
| If we want people to be able to immigrate easily and
| safely (and I do), we need to stop breathing sighs of
| relief when a new president comes in and issues some kind
| of temporary executive order that makes things okay in
| the short term. We need to fix the laws at all levels,
| including _criminalizing_ enforcement actions that are
| contrary to the law. That would likely mean massive
| purges of many individuals in local and state governments
| and law enforcement agencies, with many of them sentenced
| to considerable prison terms for the kind of enforcement
| discretion that we currently accept as normal. It 's not
| going to be pretty. But it has to be done if we want to
| return to a system grounded in the actual rule of law and
| not the rule of law enforcement.
| awesome_dude wrote:
| > But it has to be done if we want to return to a system
| grounded in the actual rule of law and not the rule of
| law enforcement.
|
| This is never going to happen - politics aside of what
| you might or might not believe about the current
| situation.
|
| It's about as likely to happen as every religious
| individual on the planet obeying every rule in their
| sacred book.
|
| The reason that they don't happen is because peoples'
| ideas on what is acceptable and isn't in a society
| changes, sometimes quite rapidly - note that the current
| US Administration was (attempting) to use a statute from
| the 1700s, are you obeying all the laws (that haven't yet
| been repealed) from then?
|
| edit: An obvious example is the fact that the USA exists
| - it's on land that was acquired via theft, and murder.
| Therefore every person living on that land is receiving
| stolen property - let me know when that law is being
| enforced.
| padjo wrote:
| That law now officially includes an individual who is
| immune from the law and who can issue pardons to anyone for
| anything. So you live in a nation with optional laws.
| willhslade wrote:
| Federal laws only. There is some daylight there.
| aiauthoritydev wrote:
| Chances of that happening are zero right now.
| mikeyouse wrote:
| I fully believe there's a stack of pardons in Trump's drawer
| for everyone involved in this debacle. I can't imagine breaking
| _so many_ laws all over the government if you thought you 'd
| ever have to face consequences. The alternative to pardons in
| preventing the next congress & administration from cleaning
| this up is too dire to really contemplate.
| dboreham wrote:
| Time to remove the pardon powder. Has it achieved anything
| productive in the last 100 years?
| sterlind wrote:
| it's written into the Constitution very explicitly. and
| it's a really bad time to hold a Constitutional Convention.
| nativeit wrote:
| I think it's been used properly in a lot of instances,
| especially when you consider that federal law can quickly
| become out-of-step with modern sensibilities, so being able
| to relieve those harmed by laws flawed under contemporary
| standards is important. There's probably a better way of
| handling that, but it's one instance where the power of
| presidential and governors' pardons have been applied
| appropriately.
| BrenBarn wrote:
| > I think it's been used properly in a lot of instances,
| especially when you consider that federal law can quickly
| become out-of-step with modern sensibilities, so being
| able to relieve those harmed by laws flawed under
| contemporary standards is important.
|
| No, that is exactly what we don't need. When law becomes
| out of step with modern sensibilities, the law needs to
| be changed. Precisely the problem we currently have is
| that we have become too accustomed to dealing with a sort
| of "shadow law" system where the way things actually work
| is not the way they're supposed to work according to the
| law. That is a recipe for confusion, bias, favoritism,
| and inequity. What we need is a system of laws that
| actually lets the people fix things when they are broken
| instead of patching around them. (This is, in my view, a
| byproduct of other aspects of our legal system, in
| particular the grossly over-restrictive process for
| amending the constitution.)
| tcmart14 wrote:
| At the very least, it seems obvious there should be an
| asterick on the pardon power of, "you can't use it to
| pardon your employees/staff." Or pardon people for things
| they did under your direction/purview.
| Reason077 wrote:
| It's a bizarre and archaic power, which has been abused by
| presidents from both parties.
| xorcist wrote:
| It's also clearly incompatible with most (all?) modern
| definitions of democracy.
| woodruffw wrote:
| Truman and Carter used it well[1][2].
|
| [1]: https://www.newspapers.com/article/news-and-record-
| truman-ex...
|
| [2]: https://en.wikipedia.org/wiki/Proclamation_4483
| romellem wrote:
| To remove the presidential pardon power, you'd need to
| [amend the Constitution][1]. Getting [two thirds of both
| Houses of Congress][2] to pass _any_ amendment in the
| foreseeable future seems highly unlikely if not downright
| inconceivable.
|
| [1]: https://constitution.congress.gov/browse/essay/artII-S
| 2-C1-3...
|
| [2]: https://constitution.congress.gov/browse/essay/artV-1/
| ALDE_0...
| satanfirst wrote:
| They are betting the system won't go after them later which
| is a very bad bet if they eventually give back the executive
| branch and an even worse bet if the power they support never
| gives it back. About as brilliant as being in a photo with
| Stalin.
| geraldwhen wrote:
| Trump can wait until the last day in office then issue
| pardons for any possible crimes, right? Biden did something
| similar I believe
| magicalist wrote:
| > _Trump can wait until the last day in office then issue
| pardons for any possible crimes, right?_
|
| Is your mental model of the pardon process actually
| confused? Yes, the president can unilaterally issue
| pardons, and Donald Trump is president until the end of
| his term, so he can issue pardons on his last day in
| office.
| pests wrote:
| Is the hostility really required?
|
| The comment was about last-day pardons, not pardons in
| general. Its a topic many presidents have gotten flak or
| attention for.
| magicalist wrote:
| What hostility? I was asking if they were really confused
| or if they were asking rhetorically. If they were
| actually confused, the answer is yes.
|
| edit: oh, I guess "and Donald Trump is president until
| the end of his term" could come off as patronizing. I
| meant it just as a statement in a chain of reasoning
| satanfirst wrote:
| Recent untested precedent exists of blanket pardons
| needed for unqualified crimes and they are so far likely
| to be challenged on a different technicality (first?)..
| Asking what people think is not confused unless you are
| being uncharitable or know a lot of actual precedents
| that we all should know from another era.
| Aloisius wrote:
| Can't pardon state crimes nor cases of impeachment.
|
| Arguably, if you impeach someone in public office, even
| if they aren't convicted by the Senate, any pardon of
| those same acts becomes moot and they can be tried in
| court for the same offenses. At least, that's what the
| DoJ suggested in 2000.
| happyopossum wrote:
| You'd have to prove a crime here to send someone to jail,
| correct? What would the charges be?
| 9dev wrote:
| Without knowing the specifics of US law, there's a lot in
| there for a reasonable case. Improper handling of sensitive
| data, interfering with ongoing legal proceedings, abuse of
| telecommunications infrastructure (looks like the guy runs a
| _brute forcing crawler_ on a government system) and probably
| even more.
| ceejayoz wrote:
| El Salvador seems very willing to take people off our hands
| for mere allegations.
| twalkz wrote:
| > According to a whistleblower complaint filed last week by
| Daniel J. Berulis, a 38-year-old security architect at the NLRB,
| officials from DOGE met with NLRB leaders on March 3 and demanded
| the creation of several all-powerful "tenant admin" accounts that
| were to be exempted from network logging activity that would
| otherwise keep a detailed record of all actions taken by those
| accounts.
|
| Feels like a pretty good Occam's razor case... but is there any
| legitimate reason why one would request this?
| spencerflem wrote:
| Obviously no
| Cthulhu_ wrote:
| Sure, to hide your tracks because you know what you intend to
| do isn't right.
| patrickmay wrote:
| There is no justification for ever creating an account like
| that. The only purpose is nefarious.
| vkou wrote:
| There isn't one.
|
| Anything musk's dogs claim to find cannot be taken at face
| value because of this. Because there is no audit, and no
| evidence that they can offer that they didn't doctor their
| findings.
|
| The next time they claim that a 170-year old person is
| receiving SS checks, they have no way to prove that _they_ didn
| 't subtract a century from that person's birthdate in some
| table.
| FredPret wrote:
| Ah, this is something I haven't thought of before. This might
| not actually be spying, but instead just an attempt to plant
| fake results.
| vkou wrote:
| And even if it's not and everyone involved is a qualified,
| thoughtful, unimpeachable public servant with no agenda but
| the general welfare of the Glorious Republic of Arstotzka
| in their hearts, the lack of an audit trail means that you
| have to seriously consider that they aren't.
|
| Of course, given the blatant dishonesty and criminality
| that the _rest_ of this administration is producing (see:
| every immigration law case that they are losing in court),
| you 'd have to be a useful idiot to actually assume good
| intent from them.
| FredPret wrote:
| Of course, it just never occurred to me that there's a
| less bad but still terrible explanation for ghost admin
| access.
| pan69 wrote:
| > all-powerful "tenant admin" accounts that were to be exempted
| from network logging activity
|
| Is this normal to build this sort of functionality into a
| software system? Especially software systems that heavily rely
| on auditability?
| XorNot wrote:
| It's the same as domain admin in active directory.
|
| You always need it to setup the system initially.
|
| It's like root on Linux: it's an implementation detail that
| it must be possible.
| skeeter2020 wrote:
| typically the admin account can createthings like super
| users, and super users can do anything with the data, but
| not sure there's a use case where a single account can do
| both, and why can any of them avoid logging?
| tw04 wrote:
| Root on Linux isn't exempt from logging. I also don't know
| any enterprise that allows admin accounts to bypass
| logging.
|
| There is no legitimate justification for this request.
| XorNot wrote:
| root on Linux can just kill the log forwarder and erase
| the relevant logs, or refill them with junk.
| sanderjd wrote:
| Yes. A more competent hack would have been to use their
| superuser permissions to do that kind of thing.
|
| But instead they requested that logging be disabled, thus
| outing themselves as acting in bad faith.
| II2II wrote:
| That is a very serious design flaw, but I also believe it
| is a flaw that is addressed by SELinux. (Perhaps someone
| with a knowledge of SELinux can offer some input here.)
| That said, I'm not sure how widespread the use of SELinux
| is and doubt that it would help in this case since the
| people in question have or can gain physical access.
| gusgus01 wrote:
| At least at places I've worked, terminating the logger
| would cause a security incident, and the central logging
| service have some general heuristics that should trigger
| a review if a log is filled with junk. Of course with
| enough time and root, there's ways to avoid that. But
| that's also usually why those with root are limited to a
| small subset of users, and assuming root usually requires
| a reason and is time gated.
| lovehashbrowns wrote:
| There's no possible need for an admin-level user that
| bypasses logging. If anything these users should have
| additional logging to external systems to make it harder to
| hide their use.
| sanderjd wrote:
| The question is whether it needs to be possible to turn off
| the audit logs for that role. And of course: No.
| typs wrote:
| > "We have built in roles that auditors can use and have used
| extensively in the past but would not give the ability to
| make changes or access subsystems without approval," he
| continued. "The suggestion that they use these accounts was
| not open to discussion."
|
| From the previous post, they had auditor roles built in that
| they purposely chose to go around
| katbyte wrote:
| No. Never. While it's expected to have a "root" account
| exempting from logging serves no honest purpose.
| sanderjd wrote:
| If course not. It's the exact opposite and every single
| person here knows this.
| Suppafly wrote:
| I'm only really familiar with the 'tenant admin' concept from
| microsoft administration, it's commonly used otherwise?
| wmf wrote:
| You know the CIA sabotage manual? Now imagine you're a DOGE bro
| and every government employee is sabotaging you using every
| trick in the book. They're looking at your logs, arguing that
| every thing you do is against the rules. So what's your next
| step? Disable the logs. The bureaucrat's tools will not tear
| down the bureaucrat's house so DOGE is using hacker tools
| instead.
|
| I'm not saying who's right or wrong here. The civil servants
| believe that their actions are fully justified... and so do the
| DOGE bros.
| aSanchezStern wrote:
| I don't think that "arguing that something is against the
| rules" is in the CIA sabotage manual, because it's not
| generally considered sabotage. Maybe if you argue things are
| against the rules that you know aren't, to slow things down?
| Aeolun wrote:
| It's not so much arguing against the rules. It's following
| them to the letter when unnecessary.
|
| It doesn't matter that the big boss has said that
| purchasing a $5 knick-knack is ok. You will have that
| purchase go through the full procurement process, even up
| to and including an exhaustive search for (cheaper)
| alternatives.
| only-one1701 wrote:
| I also love to unilaterally determine what is and isn't
| necessary.
| Aeolun wrote:
| Are you suggesting that's a valuable use of time?
|
| I make decisions about such tradeoffs every day.
| only-one1701 wrote:
| I'm suggesting that a $5 purchase abs a critical
| government agency's infosec are different considerations.
| sanderjd wrote:
| Thing is: Everything they're doing _is_ against the rules.
| Except they aren 't "rules", they are laws.
| mschuster91 wrote:
| The problem is, those tasked with upholding and enforcing
| the laws aren't doing their job (Congress), are swamped
| with a deluge of blatant lawbreaking but still have to
| maintain professional decorum to not open themselves up to
| attacks (the justice system), or are outright corrupt
| (higher level federal courts including, sadly, the Supreme
| Court).
| 1oooqooq wrote:
| conflating administrative employees with congress/senate
| is a hint you know nothing about your own government.
|
| also lost of the laws being broken are civil liberties
| protection and separation of powers, ... the only things
| holding the corruption under some control, which further
| proves you are either extremely uninformed or malicious.
| or worse, an "accelerationist"
| watwut wrote:
| If your logs show your actions are against the rules,
| pointing that out is not "sabotage". It is being good guy
| employee, reporting your against the rules actions.
|
| This one is very very clear and unambiguous. There is no
| symmetry in your example. The Civil servant is actually in
| the right and doge bro in the wrong.
| only-one1701 wrote:
| What's that dril quote? There's no difference between good
| things and bad things? That's what this last sentence sounds
| like.
| Aeolun wrote:
| This is... the most reasonable explanation I've heard so far
| for everything that is happening.
|
| God knows there must be enough normally unused rules in the
| federal government.
| llm_nerd wrote:
| The idea that they need to operate -- on _hugely_ sensitive
| data and systems -- in darkness because any sort of
| accountability amounts to "sabotage" is dubious.
|
| "Rules for thee, not for me"
|
| This is some sort of "The Deep State is trying to foil
| them" nonsense.
|
| And to be clear, aside from a weird brute forcing library
| and the fact that all of the DOGE employees seem to be
| spectacularly incompetent, there are rational technical
| reasons someone might want logging temporarily disabled for
| a one-off. For instance doing an activity that is justified
| and legitimate and secure and reasonable, but that would
| yield TB of logs unnecessarily, itself which might cause
| operational or availability issues. But having a bunch of
| incompetent script kiddies using their garbage scripts
| makes that fringe justification unlikely, and they're
| likely doing very criminal things.
| int0x29 wrote:
| These aren't rules made by bureaucrats. They are laws written
| by Congress, a coequal branch of government, in response to
| the Nixon administration's abuse of executive power
| jayd16 wrote:
| This doesn't really make sense. If its in the logs, then they
| already did it. They weren't slowed at all.
|
| This doesn't really apply to the situation in the slightest.
| plandis wrote:
| I can't think of any. Even if you wanted to give someone broad
| permissions to access and modify data, you wouldn't turn off
| the audit logs.
| 1oooqooq wrote:
| very clear admission of guilt.
| mfer wrote:
| Setting aside legitimate (thats a matter of judgement)...
|
| Some previous attempts for DOGE to get data has resulted in
| data being deleted before they can look and requests for judges
| to block access to data.
|
| DOGE may be trying to be covert in order to stop these two
| activities from happening before they can get and review the
| data.
| willio58 wrote:
| The fact that they left these packages public on GitHub.. guys
| you do know you can make things private right? Just shows how
| dumb these people are honestly
| mingus88 wrote:
| Or they are emboldened in knowing there will be absolutely no
| consequences.
|
| Go look at the list of pardons this administration has handed
| out. These guys won't even be charged.
| dboreham wrote:
| Making a fork of a public repo private involves using the git
| cli.
| dgellow wrote:
| Not that it matters in this specific case, but on GitHub
| privated forks aren't fully private:
| https://docs.github.com/en/pull-requests/collaborating-with-...
| darknavi wrote:
| It's git. Just clone and push to a new, private repo (on or
| off of GitHub) without clicking "fork".
| vt_mruhlin wrote:
| What? They reused public packages that have been public for
| years. One guy made a public fork with some changes. Is that
| not what open source is intended for?
| 77pt77 wrote:
| > accounts created for DOGE at the NLRB downloaded three code
| repositories from GitHub
|
| Why is anything of significance on github in the first place?
|
| Edit: It's not. They just download python libraries to do "IP
| rotation" to circumvent rate limits.
|
| On the actual complaint: (https://whistlebloweraid.org/wp-
| content/uploads/2025/04/2025...)
|
| It seems that the data was stored in Azure which doesn't make it
| any better.
| Cthulhu_ wrote:
| What do you mean? It was "just" a tool to circumvent anti-
| scraping measures.
| icedchai wrote:
| If they have full access to the systems, why are they
| scraping them externally?
| Izkata wrote:
| This is the big question everyone here seems to be skipping
| over. It seems like they're using "database" in the
| colloquial sense and actually mean some sort of already
| public data that's just rate limited (for example
| https://www.nlrb.gov/advanced-search).
|
| Then depending on the order of events, either scraping
| didn't work well enough and were given "unlimited" (not
| rate limited) access, or the accounts were actually denied
| so they fell back to scraping. Or perhaps these two things
| are just unrelated despite what the story is claiming.
| teraflop wrote:
| If you continue reading, that question is answered. The GitHub
| repositories don't belong to the NLRB (or to DOGE), they were
| generic tools that were used to exfiltrate data from the NLRB.
| 77pt77 wrote:
| I noticed and wanted to delete the coment but you replying
| made it impossible.
|
| They downloaded "IP rotation" python libraries to circumvent
| rate limits.
| dizhn wrote:
| They are not. If I read the article right, they downloaded
| tools to use, mostly to do with anonymous web scraping.
| MattDaEskimo wrote:
| Untraceable and complete access to government databases. I can't
| begin to imagine the implications here.
| xorcist wrote:
| We only hear about the cases where a someone is taking the risk
| of blowing the whistle, and actually manages to get the story
| out. Hopefully with enough substance for people to take the
| information seriously. How many cases that are likely to reach
| public knowledge is left as an exercise to the reader, as the
| saying goes.
| munchler wrote:
| So what exactly is being alleged here? That these DOGE bros wrote
| and used "hacker" code from GitHub to bypass security limitations
| on NLRB data? Why would they even need to do that if they had
| superuser accounts in the system already?
| weaksauce wrote:
| they added a backdoor that is not audit logged. that's why.
| woodruffw wrote:
| I think the point of the article is that the whistleblower's
| original claims can be substantiated publicly. It's another
| datapoint indicating that the DOGE people are operating
| haphazardly at the _absolute best_ and, more likely, attempting
| to obscure their tracks because they know that what they 're
| doing wouldn't pass legal muster.
| timewizard wrote:
| The article is written very poorly. The disclosure itself is
| far more readable.
|
| https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...
| uxp100 wrote:
| Yes, this is much more clear than the article.
| munchler wrote:
| Thanks. So the tools downloaded from GitHub were allegedly
| used to scrape personally-identifiable information (PII),
| details about ongoing legal cases, union-related data, and
| corporate secrets. The whistleblower observed large spikes in
| outbound data traffic, suggesting that gigabytes of sensitive
| information were exfiltrated with logging disabled, so as not
| to leave a trail.
| underyx wrote:
| Also this PDF contains a detail I haven't seen reported
| elsewhere:
|
| > Furthermore, on Monday, April 7, 2025, while my client and
| my team were preparing this disclosure, someone physically
| taped a threatening note to Mr. Berulis' home door with
| photographs - taken via a drone - of him walking in his
| neighborhood. The threatening note made clear reference to
| this very disclosure he was preparing for you
| llm_nerd wrote:
| It's an interesting detail because if true -- and I fully
| assume it is -- the intention likely wasn't to dissuade him
| from going public, but instead to make him look like a
| conspiratorial nut. When I first saw this story and heard
| that "drone shot of him / threatening note" I admit that I
| immediately assumed it was a flake, but on further details
| I think that was actually the reason for doing that.
| pkilgore wrote:
| DOGE downloaded libraries to assist in data exfiltration, and
| did exfiltrate data (obtained via the superuser accounts).
|
| Suggest reading the complaint: https://whistlebloweraid.org/wp-
| content/uploads/2025/04/2025...
| kazinator wrote:
| I almost can't make heads or tails of out of this scatterbrained
| word salad.
|
| Let's start with this:
|
| > Berulis said the new DOGE accounts had unrestricted permission
| to read, copy, and alter information contained in NLRB databases.
|
| > Berulis said he discovered one of the DOGE accounts had
| downloaded three external code libraries from GitHub
|
| What exactly does that mean? NLRB database accounts are GitHub
| accounts? (Surely not.) Or the same IP address accessed both,
| suggesting it was the same person? Define "account".
|
| No coherent point being made here. This story needs to clearly
| separate the rhetoric about GitHub repositories from the NLRB
| access, and connect them together coherently.
|
| The flow seems to be:
|
| 1. Some DOGE people obtained unbridled access to NLRB, with the
| ability to erase audit trails.
|
| 2. There is some sort of evidence that the same people downloaded
| tools from GitHub for distributed web scraping, suggesting intent
| to scrape massive amounts of data from somewhere (inferred to be
| the NLRB database).
|
| There is no evidence cited in the article for the actual
| downloading of gigabytes of data; the "whistleblower" is quoted
| only as saying that DOGE required certain privileged accounts to
| be created and that the users of the accounts supposedly
| downloaded some web scraping software from GitHub.
|
| At least mention some circumstantial evidence, like a suspicious
| increase in access activity, coming from distributed IP addresses
| in the Amazon cloud, following the download of those tools.
|
| This:
|
| > On February 6, someone posted a lengthy and detailed critique
| of Elez's code on the GitHub "issues" page for async-ip-rotator,
| calling it "insecure, unscalable and a fundamental engineering
| failure."
|
| seems neither here nor there; why include that. It may be that
| the tools DOGE are using are not adequately safeguarding the
| data, but it seems like an extraneous point, and undigestable
| without specifics.
| dehrmann wrote:
| The only interesting part of 2 is it looks like Doge wanted all
| the data. The technical details of how they scraped it mostly
| doesn't matter.
| hahajk wrote:
| I have a theory that "business ethics" is really just "following
| the law." In capitalism, outside a few select industries like
| journalism, as long as it's legal you can - and should - do
| anything to maximize profits. It has turned into (or perhaps
| always was) the govt's job to set those rules.
|
| Now, the govt also has to create rules for itself. So it creates
| the Privacy Act and layers of beurocratic checks and balances.
| These rules are to protect the people, not to derisk or protect
| the govt. After all, the govt has all the power.
|
| So when capitalist businesses leaders are given the keys to govt,
| the normal ways of ethical alignment don't work. If you don't
| follow your own rules, who cares? They're your rules! I think
| what we're seeing is what happens if you apply traditional
| capitalist business practices to govt administration.
| BriggyDwiggs42 wrote:
| Yeah actually. I think that's about right.
| Clubber wrote:
| >In capitalism, outside a few select industries like
| journalism, as long as it's legal you can - and should - do
| anything to maximize profits.
|
| Honestly, if you were around watching the news 30+ years ago,
| you would notice a _stark_ difference in how news is covered
| then versus today. You can 't really blame them, they are doing
| what they can to survive, but coverage today much more tabloid
| than news.
|
| I would say the "fake but accurate," was the death knell, but
| it might have been sooner.
|
| https://en.wikipedia.org/wiki/Killian_documents_controversy
| wat10000 wrote:
| The trouble is that money is power, so the people who succeed
| the most at maximizing profit end up getting a lot of influence
| over the rules.
|
| In some countries, this is done with outright bribery. Here, we
| do it with campaign contributions and lobbying and "we'll
| create jobs in your district."
| the_optimist wrote:
| For those genuine actors here: this theoretical outrage assumes
| the premise of something immoral or illegal, and completely
| ignores the authority structure. This looks and smells like an
| info operation.
| polalavik wrote:
| Just, as an exercise, list out 3 good reasons someone might
| want untraceable admin accounts then list 3 really bad reasons
| they might want that. If you manage to find 3 good reasons does
| the outcome of those those outweigh the risks of the potential
| bad reasons?
| progbits wrote:
| > Ge0rg3's code is "open source," in that anyone can copy it and
| reuse it non-commercially. As it happens, there is a newer
| version of this project that was derived or "forked" from
| Ge0rg3's code -- called "async-ip-rotator" -- and it was
| committed to GitHub in January 2025 by DOGE captain Marko Elez.
|
| Original code: https://github.com/Ge0rg3/requests-ip-rotator
|
| Forked: https://github.com/markoelez/async-ip-rotator
|
| Code is pretty much the same, with comments removed, some `async`
| sprinkled in and minor changes (I bet this was just pasted into
| LLM with prompt to make it async, but if that worked why not).
|
| Except... Original GPL3 license is gone. Obviously not something
| you would expect DOGE people to understand or respect.
| nativeit wrote:
| > On February 6, someone posted a lengthy and detailed critique
| of Elez's code on the GitHub "issues" page for async-ip-
| rotator, calling it "insecure, unscalable and a fundamental
| engineering failure."
|
| "If this were a side project, it would just be bad code," the
| reviewer wrote. "But if this is representative of how you build
| production systems, then there are much larger concerns. This
| implementation is fundamentally broken, and if anything similar
| to this is deployed in an environment handling sensitive data,
| it should be audited immediately."
| plandis wrote:
| GPLv3 requires the license to be kept. Seems reportable to the
| owner of the repo and or GitHub.
| dijksterhuis wrote:
| FYI the Fork got hidden/deleted in the last minute or so -- did
| anyone manage to clone it before it disappeared?
| whalesalad wrote:
| I did. It's essentially just a single .py file: https://gist.
| github.com/whalesalad/06804fd734efe6bd2e0c84906...
| alright2565 wrote:
| x_forwarded_for = headers.get("X-Forwarded-For") if
| x_forwarded_for is None: x_forwarded_for =
| ipaddress.IPv4Address._string_from_ip_int(
| randint(0, MAX_IPV4) )
|
| lol
| darknavi wrote:
| The fork has been deleted it seems.
| nop_slide wrote:
| I find the following bizarre. Ignoring who this marko guy is, why
| would a random person post such a "take down" of the repo? I have
| never randomly passed by a repo and wanted to just dunk on it.
| Also this critique reeks of being AI generated.
|
| > On February 6, someone posted a lengthy and detailed critique
| of Elez's code on the GitHub "issues" page for async-ip-rotator,
| calling it "insecure, unscalable and a fundamental engineering
| failure."
|
| Link from quote: https://github.com/markoelez/async-ip-
| rotator/issues/1
|
| The follow comment is interesting to be a coincidental, such a
| weird interaction.
| nativeit wrote:
| Why wonder? The user who wrote it seems to be a pretty well
| established user, and their public repositories suggest that
| they work in adjacent contexts, so it's entirely plausible they
| attempted to use async-ip-rotator in one of their projects.
| nativeit wrote:
| It's also worth noting that Feb 6 may very well be after
| Marko Elez became a public figure with DOGE. The article
| doesn't do a great job of expanding on any of this.
| marcusb wrote:
| ???
|
| The public repos for this person that I could find that
| weren't forks with no activity to upstream consisted of a
| dice-rolling guessing game, rock-paper-scissors, and some
| kind of framework for downloading and transcribing audio
| files that does not yet download or transcribe, but
| implements a whole bunch of boilerplate. I find it rather
| difficult to believe this person engaged in a good-faith
| review of the async-ip-rotator code base.
| watwut wrote:
| Are you genuinely puzzled or just wanted an excuse to point us
| all toward that comment? If "the comment" is correct word for
| what amounts to full article in length.
| sepositus wrote:
| Why would they want an excuse to point everyone to that
| comment when it's literally linked in the article?
| rideontime wrote:
| It's only "bizarre" if you "ignore who this marko guy is." It's
| not a coincidence, it's somebody pointing out that DOGE's
| "cracked coders" are wearing no clothes.
| epoxia wrote:
| They took down the repository ~20 minutes after OP's comment.
| Archived link:
| https://web.archive.org/web/20250423135719/https://github.co...
| mandevil wrote:
| On February 6th, Marko Elez announced his resignation from DOGE
| after the WSJ discovered many racist posts he made in 2024
| (which they published on the 5th). That likely made someone
| really interested in what his actual coding skill levels were,
| and they took a look at a repo he had made.
|
| Musk did a "poll" on X that voted for rehiring Elez to DOGE, by
| February 20th Elez had a US Government email address again, and
| on Febrary 21st he was reported as working for DOGE at the
| Social Security Administration.
| growdark wrote:
| >Ge0rg3's code is "open source," in that anyone can copy it and
| reuse it non-commercially.
|
| A little nit-picking, but that's not what open source means,
| especially as it relates to the GPL in this case. If you can't
| use the code commercially, it's neither "open source" (as defined
| by OSI) nor free software (as defined by the FSF).
| nativeit wrote:
| Right, but the original statement isn't being mutually
| exclusive.
| jiggawatts wrote:
| This is much ado about nothing. The article tries to very hard to
| make something ordinary sound nefarious.
|
| This appears to be DOGE employees simply doing their job.
|
| You may not agree with what they're doing in a political sense,
| but if you were tasked with the same problem you'd come up with a
| nearly identical solution.
|
| For example: "tenant admin" is probably the special role that can
| bypass _access control_ (not audits!) and see and read all data.
|
| This sounds scary but I regularly request this right from large
| government departments and I get it granted to me.
|
| Its use is justified when normal access requests would be too
| complex / fiddly and error prone. Generally, in a large
| environment, there is no other way to _guarantee_ 100% coverage
| because as an outsider you don't even know what permissions to
| ask for if you can't see anything due to a lack of permissions!
|
| Seriously: sit down for a second and think about how you would go
| about getting access to make a full copy of an organisation's
| data for an audit if you fully expect both passive resistance and
| even active efforts to hide the _very things you're looking for_.
| dboreham wrote:
| Absolute balderdash.
| watwut wrote:
| In that case, you and departments you work for are either
| breaking the law regularly or working with public data anyway.
|
| Besides, no one needs unmonitored write access for audit. Even
| less DOGE who does no audit and don't have knowledge how to do
| audit. Audits are supposed to he traceable.
| apical_dendrite wrote:
| Do you also delete logs, fire the cybersecurity team, and
| stonewall breach investigations?
|
| https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
| rob_c wrote:
| Omg they also saw spikes in DNS traffic and high load during
| days exfiltration ahead of audit...
|
| Clearly the (system) auditing infrastructure wasn't robust
| enough to still provide a lot of monitoring even in the service
| is being managed by someone else...
|
| Also a several hundred line teardown of a 300line file is
| exactly what is wrong with some coders. Not having a CI/CL for
| every single short tool written once to do a job is called
| being productive...
| shakna wrote:
| > Furthermore, on Monday, April 7, 2025, while my client and my
| team were preparing this disclosure, someone physically taped a
| threatening note to Mr. Berulis' home door with photographs -
| taken via a drone - of him walking in his neighborhood. The
| threatening note made clear reference to this very disclosure
| he was preparing for you
| frumplestlatz wrote:
| It would be astonishingly stupid to threaten a whistleblower
| in such an amateurish manner when you're backed by the party
| in power and have the full and official apparatus of the
| state at your disposal.
| bdangubic wrote:
| _astonishingly stupid_ sounds about right for the people
| leading apparatus of the state :)
| frumplestlatz wrote:
| What could they possibly hope to accomplish with a
| threatening note and drone photos other than to provide
| fodder for his complaint?
|
| Why would drone photos even be necessary when you've
| already demonstrated that you know where they live?
|
| What possible purpose does such a threat serve?
| dekhn wrote:
| I don't believe your statement that you ask for, and
| successfully receive, tenant admin rights from large government
| departments.
|
| DOGE employees aren't simply doing their job. They are actively
| subverting the government to fatally wound it.
| Delk wrote:
| The original complaint mentions:
|
| "7. March 3rd - I received a call during which an ACIO stated
| instructions were given that we were not to adhere to SOP with
| the doge account creation in regards to creating records. He
| specifically was told that there were to be no logs or records
| made of the accounts created for DOGE employees."
|
| Which part of doing an audit, or some other DOGE employee's
| job, requires logs or records not to be made of their accounts?
|
| Another quote:
|
| "They were to be given what are referred to as "tenant owner"
| level accounts, with essentially unrestricted permission to
| read, copy, and alter data. Note, these permissions are above
| even my CIO's access level to our systems. Well above what
| level of access is required to pull metrics, efficiency
| reports, and any other details that would be needed to assess
| utilization or usage of systems in our agency. We have built in
| roles that auditors can use and have used extensively in the
| past but would not give the ability to make changes or access
| subsystems without approval. The suggestion that they use these
| accounts instead was not open to discussion."
|
| Audits don't require being able to alter data.
|
| Also, some of the data is mentioned as being sensitive.
| Although granting access to the data of another agency may make
| sense, I have trouble believing that direct access to data such
| as sensitive personal information of third parties would
| routinely be given to people from outside of the organization.
| Even within the organization the group of people given access
| to sensitive data should be as limited as possible.
| ChrisMarshallNY wrote:
| What sucks is, is that Russia and China now, almost certainly,
| have all this data, but they don't worry me, as much as the
| American oligarchs that now have it.
| porphyra wrote:
| Isn't the ip rotator used to scrape from public websites to
| bypass rate limits? Not sure how that automatically means they
| are "siphoning sensitive case files".
| dfedbeef wrote:
| The CEO of Tesla and Space-X; a self-proclaimed high IQ
| individual, an alleged programmer, has apparently hired a
| straight-up script kiddie to their elite delta force of technical
| government downsizers.
| llm_nerd wrote:
| There is a phenomena I've noticed in this industry where people
| who lack a skill compensate by convincing themselves that they
| are a savant at seeing and exploiting that skill they lack in
| others. They find and encircle themselves with people who they
| believe are the Best of the Best, at least in their
| imagination, and it is critical for their ego that this is
| never challenged. They will be blind to any evidence to the
| contrary because they _need_ the people they "identify" to be
| extraordinary, justifying their great people curation.
|
| I mean, I guess this really happens in all industries. Art,
| music, leadership, software development. People who maybe once
| had credibility in something and now desperately try to foist
| Their People as the best in the industry.
|
| I feel like that is what is happening here. None of the people
| who Elon surrounds himself are notable in any way, and their
| skills are hugely suspect, but he has to have his harem of
| "Super Coders" to prop up his own mythology.
| jppope wrote:
| I agree with the script kiddies comment- which is basically
| what the reporting has shown... but in a way isn't that part of
| the point? That they can save billions of dollars just by
| having a couple of relatively normal comp sci kids (who can't
| even rent a car) review the most basic financial information of
| our government departments. These guys aren't supposed to be
| "delta force" they are supposed to be the interns.
|
| Not trying to defend the means to the end, but I would really
| like my tax money used more efficiently. I will also say am
| extremely worried about the levels of access that they are
| being given, especially since it comes with basically no
| accountability
| ceo_tim_crook wrote:
| the doge guys are truely living the script kiddie dream
| hashstring wrote:
| Haha, and the Github repo is now offline. lol.
| ThinkBeat wrote:
| 1. DOGE employees access data they were not supposed to.
|
| This fairly clear.
|
| The story says that DOGE attained access to an account that had
| huge permissions into what it could see and alter. The person or
| persons from DOGE may have downloaded 10GB of data. The person
| may have used this in a manner that is illegal. Or it is illegal
| to start with. With the understanding that POTUS may or may not
| be allowed grand such access. (I dont think POTUS can)
|
| 2. DOGE employee downloaded code that could be used to use a huge
| pool of IP addresses, from AWS to bypass forms of throtheling. 3.
| The code was badly written. 4. The person is a racist
|
| How would a person from DOGE use "unlimited" number of IP
| adderssess from AWS to hammer and automaticlay screenscape
| webpage, benefit from it when it came to copying extremly
| sensetive data from an internal National Labor Relations Board
| database?
|
| Did 10.000 sessions authenticate to the database at the same
| time, using AWS UP addresses and scraped the data?
|
| Something is pretty broken if the system with extremly sensetive
| data is available from external IPs -and- allowing a single
| account to login 10.0000 times to concurrently scrape data off
| the interal database?
|
| Of are they saying that this code was adapted to use 10.000/100
| IP addresses internal to National Labor Relations Board and
| scrapes using those?
|
| The automation later noted makes a lot more sense to aid the
| work.
| golemiprague wrote:
| I don't see anything wrong with what they did, they basically got
| admin accounts so they can peak into the system and used some
| libraries from github. What is the problem here? Got a feeling it
| is just politically motivated, people are not happy that the
| Trump administration is actually doing something to make systems
| more efficient and stop money waste of tax payers. I am sure they
| will make some mistakes along the way and I am sure not every
| "saving" is actually saving but when you look at so many systems
| and so much money some errors are expected.
___________________________________________________________________
(page generated 2025-04-23 23:00 UTC)