Source URL: https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
Source: Krebs on Security
Title: Whistleblower: DOGE Siphoned NLRB Case Data
Feedly Summary: A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk’s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
AI Summary and Description: Yes
Summary: Daniel J. Berulis, a security architect at the National Labor Relations Board (NLRB), alleges that an intervention by Elon Musk’s Department of Government Efficiency (DOGE) facilitated unauthorized access and data exfiltration from NLRB databases. His claims raise significant implications for information security practices within federal agencies, emphasizing vulnerabilities especially related to privileged account management, logging, and external threat attempts.
Detailed Description:
This text documents a serious whistleblower allegation made by Daniel J. Berulis regarding potential misuse of NLRB’s systems by the DOGE, representing various implications for information security, compliance, and the handling of sensitive data:
– **Suspected Data Exfiltration**: Berulis claims that users from DOGE transferred around 10 gigabytes of sensitive data from NLRB without proper authorization or logging, raising alarms over data privacy and security protocols.
– **Privilege Escalation Concerns**: The creation of “tenant admin” accounts exempt from standard logging procedures appears to undermine operational transparency and create an opportunity for unauthorized data manipulation and access.
– **Network Anomalies**: Berulis reported suspicious outbound traffic coinciding with login attempts from a Russian IP address, suggesting a potential external cyber threat and raising flags over cybersecurity defenses in place at the NLRB.
– **Blockage of Investigation**: The situation was exacerbated by directives to halt investigations into the matter, suggestive of possible cover-up attempts or conflicts of interest that could hinder compliance with federal cybersecurity protocols.
– **Concerns Over Accountability**: With the removal of administrative controls from NLRB IT personnel, Berulis highlights a significant risk to accountability and a lack of normal operational procedures that could leave the agency’s systems vulnerable.
– **Response to Whistleblower Fallout**: The backlash Berulis faced, including intimidation, emphasizes the risks individuals may encounter when attempting to expose security breaches or compliance violations, raising issues about organizational culture and protection for whistleblowers.
– **Broader Implications**: This incident reflects on the need for stringent oversight of privileged accounts and reinforces the necessity of having robust auditing mechanisms and controls, particularly when dealing with sensitive government data.
This case underscores the importance of adhering to best practices for security architecture within governmental agencies, ensuring compliance with federal regulations, and establishing a culture of transparency and support for employees who raise concerns about security practices. It also demonstrates a critical need for appropriate incident response capabilities, especially in light of external threats attempting to exploit vulnerabilities.