Tech

The disclosure details how DOGE might have taken sensitive labor data

admin

Privacy and Cybersecurity Concerns about the U.S. Labor Relations Board and the Department of Government Efficiency, as Declared by a Trump-Trump-Correspondence

The National Labor Relations Board’s IT employees quickly became worried when a team of advisers from President Trump’s Department of Government Efficiency arrived at their headquarters, according to a declaration filed with Congress.

Unfair labor practices are investigated and investigated by the NLRB. Its databases store reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.

It’s not clear what dogs intentions were with regard to the NLRB data. Payment or employment data in many systems of the rest of the government could be used by DOGE to determine which grants and programs to halt and who to fire.

Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do.

The labor law experts interviewed by NPR fear that data could end up in the hands of the private companies that have cases before the agency, such as Musk’s SpaceX, which may get insights into damaging testimony. It could also intimidate whistleblowers who might speak up about unfair labor practices, and it could sow distrust in the NLRB’s independence, they said.

Weeks after DOGE staffers descended on federal buildings across Washington, Trump issued an executive order urging increased data sharing “by eliminating information silos” in what’s seen by experts like McClanahan as an attempt to give DOGE engineers further top cover in accessing and amalgamating sensitive federal data, despite laws concerning privacy and cybersecurity.

The acting press secretary for the National Labor Relations Board, Tim Bearese, denied that the agency gave access to its systems and offered no request from DOGE. Bearese said the agency conducted an investigation after Berulis raised his concerns but “determined that no breach of agency systems occurred.”

A Conversation with Berulis about the First President of the United Nations Labor Relations Board (NLRB) and his “Case of Fear”

It’s a familiar story for tech nerds the world over: He methodically took the machine apart “to figure out how it works,” just like he had dissected radios from the thrift store years earlier. “I electrocuted myself once,” he recalled.

He couldn’t join the military because of a knee injury. He volunteered his time to work for the rape crisis hotline after he served as a volunteer firefighter. But, he told NPR, “I had an interest in serving my country.”

Berulis was a technical consultant for many years and used to work for the National Labor Relations Board.

Berulis found the agency’s goal to protect employees’ rights in line with his desire to help people, even though he didn’t know much about it.

He began about six months before the inauguration of President Trump. Berulis said that he hit the ground running after securing the cloud-based data server and reinforcing the idea of “zero trust” because it means that users can’t access the parts of the system they need in order to do their jobs. The attacker wouldn’t be able to access the whole system if they had a single usernames and passwords.

“When I first started, it was a dream come true,” he said. There was a chance to do some good. But after the inauguration, he described a “culture of fear” descending over the agency.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

Doing Business Inside the DOGE: A Forensic Analysis of a Security Officer’s “Kamiokande Account”

Berulis said he and several colleagues saw a black SUV and police escort enter the garage, after which building security let the DOGE staffers in. They interacted with a small number of staffers, never introducing themselves to most of the IT team.

Berulis says he was told by colleagues that DOGE employees demanded the highest level of access, what are called “tenant owner level” accounts inside the independent agency’s computer systems. Those offer essentially unrestricted permission to read, copy and alter data, according to Berulis’ disclosure to Congress.

For cybersecurity professionals, a failure to log activity is a cardinal sin and contradicts best practices as recommended by the National Institute of Standards and Technology and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as well as the FBI and the National Security Agency.

The forensic digital records are important for record-keeping requirements but they can also be used as a basis for investigations of potential breeches and even tracing the attacker’s path back to the vulnerability that let them inside a network. Experts are able to see what data might have been removed. Basic logs wouldn’t be enough to show the extent of a bad actor’s activities, but it would be a start. Cybersecurity experts say there’s no reason for anyone to turn off their security tools.

“Any chief information security officer worth his salt would look at network activity like this and assume it’s a nation-state attack from China or Russia,” said Braun, the former White House cyber official.

Massachusetts Institute of Technology graduate and DOGE engineer Jordan Wick had been sharing information about coding projects he was working on to his public account with GitHub, a website that allows developers to create, store and collaborate on code.

After journalist Roger Sollenberger started posting on X about the account, Berulis noticed something Wick was working on: a project, or repository, titled “NxGenBdoorExtract.”

What NxGen did when I realized it wasn’t a container, and why did it take me so seriously? An engineer’s shock at the LHC

“So when I saw this tool, I immediately panicked, just for lack of a better term,” he said. “I kind of had a conniption and said, ‘Whoa, whoa, whoa.'” He immediately alerted his whole team.

“It seems odd to name it that, so that we don’t jeopardize our ability to work on the government side,” said one of the engineers who built NxGen. “Or brazen, if you’re not worried about consequences.”

Access to the NxGen data might lead to easier firings of employees for union organizing or illegal activity under federal labor laws. “People are fired for attempting to organize a union all the time in this country,” said Block.

That’s partly because, he said, the NLRB isn’t advanced when it comes to detecting insider threats or potentially malicious actors inside the agency itself. He said that they as an agency had not evolved to account for those. “We were looking for bad actors outside” he said.

But he counted on DOGE leaving at least a few traces of its activity behind, puzzle pieces he could assemble to try to put together a picture of what happened — details he included in his official disclosure.

DOGE engineers installed a kind of opaque virtual computer called a “container”, which can operate on a machine without revealing its activities to the rest of the network. It wasn’t suspicious, though it did allow the engineers to work without being seen, and it left no trace of its activities after it was removed.

When Berulis asked his IT colleagues whether they knew why the data was exfiltrated or whether anyone else had been using containers to run code on the system in recent weeks, no one knew anything about it or the other unusual activities on the network, according to his disclosure. In fact, when they looked into the spike, they found that logs that were used to monitor outbound traffic from the system were absent. Some actions taken on the network, including data exfiltration, had no attribution — except to a “deleted account,” he continued. “Nobody knows who deleted the logs or how they could have gone missing,” Berulis said.

If someone printed all of the data at 10 gigabytes, it would be the equivalent of a full stack of encyclopedias. The agency alone has over 10 terabytes of historical data, but it is a large chunk of the total data. It’s unclear which files were copied and removed or whether they were consolidated and compressed, which could mean even more data was exfiltrated. It’s also possible that DOGE ran queries looking for specific files in the NLRB’s system and took only what it was looking for, according to the disclosure.

Regardless, that kind of spike is extremely unusual, Berulis explained, because data almost never directly leaves from the NLRB’s databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, and there’s only one noticeable spike of data going out. He also claimed that there was no saving of backup files or migration of data that week.

Even when external parties like lawyers or overseers like the inspector general are granted guest accounts on the system, it’s only to view the files relevant to their case or investigation, explained labor law experts who worked with or at the NLRB, in interviews with NPR.

Source: “A whistleblower’s disclosure details how DOGE may have taken sensitive labor data” by Berulis and Bakaj

They eventually launched a formal breach investigation, according to the disclosure, and prepared a request for assistance from the Cybersecurity and Infrastructure Security Agency (CISA). However, those efforts were disrupted without an explanation, Berulis said. Berulis felt he needed help in figuring out what happened and determining what new vulnerabilities might be exploited as a result.

Bakaj, Berulis’ lawyer, told NPR in a written statement: “This case has been particularly sensitive as it involves the possibility of sophisticated foreign intelligence gaining access to sensitive government systems, which is why we went to the Senate Intelligence Committee directly.”

Berulis was able to discover some frightening details about what happened while he was on the internet, which he enumerated in his declaration.

The SAS token is a high-level access key given to unknown users that allows them to access storage accounts before they’re deleted. There is no way to measure what was done with it.

Berulis said he noticed five downloads of the task automation program, which would allow engineers to run automated commands. He noticed several code libraries that appeared to have been designed to automate and mask data exfiltration. There was a tool to generate an endless number of IP addresses called “requests-ip-rotator” and a commonly uses automation tool for web developers called “browserless,” according to an archive of the DOGE engineer.

Berulis said someone was using a technique known asDNS tunneling to prevent the data from being detected. He came to that conclusion after he saw a huge spike in traffic in the opposite direction of what was happening to the data.

A person using this technique may setup a domain that will ask questions to the target system. But they configure the compromised server so that it answers those DNS queries by sending out packets of data, allowing the attacker to steal information that has been broken down into smaller chunks.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

NLRB forensic investigation of a whistleblower’s disclosure: What have we learned about DOGE and how to expose it to the public?

The researcher said that they were given the keys to the front door. The researcher told them it was difficult to verify what happened without full access to the NLRB system, but Berulis’ conclusions were a cause for concern. “None of this is standard,” they said.

Handorf reviewed Berulis’ extensive technical forensic records and analysis and talked to NPR about his conclusions.

“All of this is alarming,” he said. If this was a public company, I’d have to report it to the SEC. The timeline of events demonstrates a lack of respect for the institution and for the sensitivity of the data that was exfiltrated. There’s no reason to expose security controls to the internet, which are less guarded, in order to increase the security risk profile. The usual way of copying data to local media for escort was not used.

It houses information about ongoing contested labor cases, lists of union activists, internal case notes, personal information from Social Security numbers to home addresses, proprietary corporate data and more information that never gets published openly.

Experts interviewed by NPR agree that there are inefficiencies in government that should be reviewed but they do not see a legitimate reason for DOGE staffers to remove the data from the case management system.

“There is no reason whatsoever for accessing the information. Is any agency more efficient? Is it more effective? Positively. But what you need for that is people who understand what the agency does. That’s not possible by mining data, putting algorithm in and creating a security risk, said Harley Shaiken, a professor of labor and information technology.

“There is nothing that I can see about what DOGE is doing that follows any of the standard procedures for how you do an audit that has integrity and that’s meaningful and will actually produce results that serve the normal auditing function, which is to look for fraud, waste and abuse,” said Sharon Block, the executive director of Harvard Law School’s Center for Labor and a Just Economy and a former NLRB board member.

“The mismatch between what they’re doing and the established, professional way to do what they say they’re doing … that just kind of gives away the store, that they are not actually about finding more efficient ways for the government to operate,” Block said.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

Accessing Employee Data and the National Labor Relations Board’s Investigation Against a Labor-Practice Complaint: An Insight on Trade Secrets and the NLRB

If sensitive records were copied, it would be a serious danger and could make it hard for an employee to get protection from the National Labor Relations Board.

“You just saying you have access to the data is intimidating,” said Kate Bronfenbrenner, co-director of the Worker Empowerment Research Network. “People are going to go, ‘I’m not going to testify before the board because, you know, my employer might get access.'”

Bronfenbrenner, the child of immigrant parents who fled the Soviet Union and Nazi-controlled Germany, said she spends a lot of time thinking about how systems can crumble under the right circumstances. “You know, there’s this belief that we have these checks and balances … but anyone who’s part of the labor movement should know that’s not true,” she told NPR.

With access to the data, it would make it easier for companies to fire employees for union organizing or keep blacklists of organizers — illegal activities under federal labor laws enforced by the NLRB. “People get fired for the lawful act of trying to organize a union all the time in this country,” said Block.

It’s not just employees who might suffer if this data got out. In the midst of labor-practice complaint proceedings, companies can give detailed statements on their internal business planning and corporate structure. It’s possible that trade secrets will come up in the board’s investigation if a company tried to fire someone who disclosed them, and was fighting an unfair labor-practice complaint. That information would be valuable to competitors, regulators and others.

“I think it is very concerning,” said University of California, Berkeley, labor scholar Harley Shaiken. “It could result in damage to individual workers, to union-organizing campaigns and to unions themselves,” he said.

There are many ongoing cases involving the companies controlled by Musk. The suit was filed against the national labor board after a group of former employees lodged a complaint. They said the agency’s structure is unconstitutional.

Trump and Musk, during an interview with Fox News’s Sean Hannity, said Musk would recuse himself from anything involving his companies. Musk said he had never asked the president for anything. I’m getting a daily proctology exam. You know, it’s not like I’ll be getting away [with] something in the dead of night.” DOGE has been granted high-level access to a lot of data that could benefit Musk, however there is no evidence that a firewall prevented misuse of that data.

Sen. Chris Murphy, D-Conn. raised his concerns about Musk accessing sensitive labor investigation data on cases against his companies or competitors during the confirmation hearing for Trump’s labor secretary, Lori Chavez-DeRemer, in mid-February. He asked her if she thought the NLRB was constitutional and if she would keep sensitive data confidential. While she said she was committed to “privacy” and said she respects the NLRB’s “authority,” she insisted that Trump “has the executive power to exercise it as he sees fit.”

The purpose of the NLRB is to give workers’ rights to organize and to address problems that workers have in the workplace. The labor movement had an unusual amount of support from Washington according to he. “We’ve seen a sharp slamming of the brakes on that vehicle and putting it in reverse to show what Trump has done so far,” he said.

The board’s power to enforce labor law was undermined when the Trump administration removed its member, Gwynne Wilcox. Courts have differing opinions on whether Wilcox’s removal was illegal as presidents are supposed to show cause for dismissing independent board members.

What is a threat for DOGE or why do we need to protect ourselves?” a cybersecurity expert advises the Harvard Law’s Block

“It’s not that he’s a random person who’s getting information that a random person shouldn’t have access to,” said Harvard Law’s Block. “But if they really did get everything, then he has information about the cases the government is building against him,” she said.

“DOGE is, whether they admit it or not, headed by somebody who is the subject of active investigation and prosecution of cases. She said that it is troubling.

Musk’s company xAI could benefit if the data is taken away from DOGE. Cybersecurity experts like Bruce Schneier, a well-known cryptographer and adjunct lecturer at the Harvard Kennedy School, have pointed to this concern at length in interviews and written pieces.

According to two federal government sources who are not authorized to talk publicly about their workplace, managers have continuously been warning employees that their data could be subject to a review by artificial intelligence, including their responses to Musk’s campaign to get employees to detail what they did.

“It’s not fanciful to see DOGE staff give Musk some information that is hidden from him or his people,” said Shaiken.

“Both criminals and foreign adversaries traditionally have used information like this to enrich themselves through a variety of actions,” explained Handorf, the former FBI cyber official. Intellectual property theft for espionage or harming a company to enrich another is some of the other things that include blackmail.

cybersecurity experts said that a few failed login attempts from a Russian address aren’t a smoking gun. It is a sign that foreigners are looking for ways into government systems that DOGE engineers may have left exposed.

“When you’re moving fast and breaking things, there’s a chance to ride the coatstails of authorized access,” said Handorf. If the access points to the network were left open, it would be easy for spies and criminals to break in and steal information from DOGE.

“This is the reason why we architect systems using best practices, such as the principle of least privilege”, says Ann Lewis, who was the former director of Technology Transformation Services at the General Services Administration. ” The principle of Least Privilege is a fundamental Cybersecurity Concept and states that users should have only the minimum rights, roles and permissions required to perform their Roles and Responsibilities.” This protects access to high-value data and critical assets and helps prevent unauthorized access, accidental damage from user errors and malicious actions. “

The judge found there was a real possibility that sensitive information had already been shared outside of the Treasury Department and could have been a violation of federal law.

But government cybersecurity officials are already resigning or being fired, forced to relocate or put on administrative leave all over the federal government, from the Cybersecurity and Infrastructure Security Agency to the Interior Department. That has limited their power to respond to the ongoing disruptions or keep track of what DOGE is doing.

Erie Meyer resigned from his position at the Consumer Financial Protection Bureau after speaking out about the access to sensitive data that he was given by DOGE. She has provided testimony in the ongoing court cases surrounding the access of the dog. There is sensitive and potentially market- moving data from the CFPB. DOGE employees granted themselves “god-tier” access to the CFPB’s systems, turned off auditing and event logs, and put the cybersecurity experts who are responsible for insider threat detection on administrative leave. The experts at the CFPB were planning on conducting an after action report on DOGE but they were blocked from doing so.

She recognized a pattern when she heard about the steps the engineers took to pretend they weren’t working.

“I am trembling,” she said upon hearing about the potential exposure of data from the NLRB. “They can get every piece of whistleblower testimony, every report, everything. This is not good.

“Our cyber teams are pissed because they have to sit on their hands when every single alarm system we have regarding insider threats is going off,” said one employee at an agency of the Interior Department who requested anonymity, fearing retribution. Cybersecurity teams wanted to shut off new users’ access to the system, the employee continued, but were ordered to stand down.

The General Services Administration, one of the government agencies most affected by the cost-cutting efforts, wrote in a letter published on March 13 that they believed it to be highly-sensitive IT.

Kel, the executive director of National Security Counselors, said that the Trump administration could be trying to codify DOGE’s practices into how the government shares information.

According to NPR, the Privacy Act stems from Congress realizing in the 50’s that the federal government was just overflowing with information about normal everyday people. “The information silos are there for a reason,” he continued.

The former general counsel of the NLRB said that it shocks the conscience. “And if DOGE operatives captured and removed case files, it could constitute a violation of the Privacy Act.”

Berulis believes that people should be able to see how the government’s computer systems are in danger and if they can be saved. Berulis was an IT consultant and said he would have been fired if he operated like DOGE.

“I believe this goes beyond just case data to something much more,” he said. “I know there are [people] at other agencies who have seen similar behavior. I firmly believe that this is happening more and more at other agencies.

“It was my goal by disclosing to Congress not to focus on me at all, but to give them information that they might not necessarily have, the things that you don’t necessarily look for unless you know where to look,” he continued.

A simple request to DOGE engineers: Be transparent, be transparent, and keep your logs if you’re going to lose your money

Berulis had a simple request for the DOGE engineers: “Be transparent. If you have nothing to hide, don’t delete logs, don’t be covert. … Be open, because that’s what efficiency is really about. If this is a big misunderstanding, then just prove it. Put it out there. That’s all I’m asking.”

This could be the beginning of the operation. They still haven’t crossed that boundary where they’re plugged into every federal system out there,” he continued. “Maybe there’s time left.”

There is a disclosure that says that someone disabled controls that would prevent unauthorized mobile devices from logging on to the system. There was an interface exposed to the public internet, potentially allowing malicious actors access to their systems. Internal alerting and monitoring systems were found to be manually turned off. Multifactor authentication was disabled.

Having a list of key organizers and potential members of a union would make that easier, as would having a copy of the opposing counsel’s notes as companies prepare for legal challenges, she continued.

In, ,
Previous post Harvard does not agree with the Trump administration’s demands
Next post This is the most popular papers of the twenty-first century

More Stories

Power cuts hit Spain, France and Portugal

admin

The power outage in Spain and Portugal on Monday left hundreds of million of people without electricity, including subways, phone services, traffic lights and ATM machines. According to the Spanish government, almost 50% of the power supply in Spain had been recovered. Spanish Prime Minister Pedro Snchez said there was no sign of a cyber attack behind the power failure.

Tensions grow after a deadly Kashmir attack

admin

India has suspended the Indus Waters Treaty with Pakistan after a militant attack on Tuesday killed 26 people in Jammu and Kashmir’s Pulwama. “The Indus Waters Treaty of 1960 will be held in abeyance with immediately effect until Pakistan credibly and irrevocably abjures its support for cross border terrorism,” Foreign Secretary Vikram Misri said.

The Nintendo Switch 2 preorders at GameStop are expected to be open at 11AM

admin

Nintendo has announced a set of Joy-Con 2 controllers that attaches magnetically to the console. The controllers, which magnetically attach to the console, feature a “C-button” shortcut to Nintendo’s newGameChat feature. The standalone Switch 2 comes with a pair of Joy-Con 2 controllers, which magnetically attach to the console, and feature a new “C-button” shortcut to GameChat.

European and U.S. officials met in London for Ukrainian peace talks

admin

Russia and Ukraine have agreed on the formation of a contact group to discuss the conflict between the two countries that began on July 9, Russian President Vladimir Putin’s chief of staff Dmitry Peskov said. The group will be made up of representatives of Russia, Ukraine, France, Germany and the UK, he added. “It’s very important for us to maintain contacts,” Peskov further said.