Tech

There are 5 things you should know about NPR’s report on the whistleblowers at the NLRB

admin

DOGE’s Access to Data is a Problem for the Intellectual Property Conserved at the NLRB, as Informed by Berulis

The disclosures made by the whistle blower to Congress and other overseers include records of conversations with colleagues that provide evidence of DOGE’s access and activities. NPR’s extensive reporting indicates that the access to data is a major concern for DOGE. 11 sources directly familiar with internal operations within federal agencies and Congress told NPR that they are in agreement with Berulis and have seen other evidence that DOGE is dumping sensitive data for unknown reasons.

Ranking Member Gerry Connolly, D-Va., sent a letter Tuesday to Acting Inspector General at the Department of Labor Luiz Santos and Ruth Blevins, inspector general at the NLRB, expressing concern that DOGE “may be engaged in technological malfeasance and illegal activity.”

According to an official whistleblower disclosure shared with NPR, interviews with the whistleblower and records of internal communications, technical staff members at the NLRB were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency.

“I can’t attest to what their end goal was or what they’re doing with the data,” the whistleblower, Daniel Berulis, said in an interview with NPR. The bits of the puzzle that I can quantify are very frightening. This is a very bad picture we’re looking at.”

Connolly shared similar concerns in his letter, highlighting the fact that billionaire businessman and DOGE leader Elon Musk’s companies like SpaceX, Tesla and X have cases pending before the NLRB and the Department of Labor.

The DOGE Report on Labor Practice Violation: What DOGE’s Access to the NLRB Knows About US Workers and Employees Can Reveal Without Open Access

It has information about ongoing labor cases, lists of union activists, internal case notes, personal information from Social Security numbers to home addresses, proprietary corporate data and more that never gets published openly.

The letter asks the inspectors general to answer a number of questions regarding ways DOGE may have potentially violated federal law, including any NLRB networks DOGE staffers had access to and what records of DOGE’s work within NLRB systems exist.

One DOGE account was created and then deleted for use in the cloud systems of the NLRB, hosted by Microsoft.

In over a dozen lawsuits in federal courts around the United States, judges have demanded that DOGE explain why it needs such expansive access to sensitive data on Americans, from Social Security records to private medical records and tax information. But the Trump administration has been unable to give consistent and clear answers, largely dismissing cybersecurity and privacy concerns.

In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board.

The agency investigates and adjudicates complaints about labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.

He said he could also see foreign adversaries trying to recruit or pay DOGE team members for access to sensitive data. I don’t think it would surprise me if DOGE is compromised.

A Quote from Berulis about the NLRB’s “Circumculation of Fear” in the Light of Trump’s inauguration

It’s a familiar story for tech nerds the world over: He methodically took the machine apart “to figure out how it works,” just like he had dissected radios from the thrift store years earlier. He remembered that he cut himself once.

A knee injury prevented him from joining the military. He gave up time as a volunteer firefighter and as a rape crisis hotline volunteer to answer calls from victims in need of help. He told NPR that he wanted to serve his country.

Berulis had been a technical consultant for many years, including in auditing and modernizing corporate systems, when a job opened up at the National Labor Relations Board.

While Berulis didn’t know much about the agency, he found its mission to protect employees’ rights to be in line with his longstanding desire to help people.

He started about six months before President Trump was inaugurated for his second term this past January. Berulis said he hit the ground running, securing the NLRB’s cloud-based data servers and reinforcing what’s called “zero trust” principles, which means that users can get access only to the parts of the system they need in order to do their jobs — no more, no less. That way, if an attacker gets hold of a single username and password, the attacker can’t access the whole system.

He said that when he first started it was a dream. It was a chance to do some good. But after the inauguration, he described a “culture of fear” descending over the agency.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

‘Tenant Owner’: When DOGE Staffers Learned about a Cyber Security Attack, Eric Berulis, R.C. Braun

The DOGE staffers were allowed to enter the garage after Berulis said he and several colleagues saw a black SUV and police escort enter. They interacted with a small number of staffers, never introducing themselves to most of the IT team.

Berulis says he was told by colleagues that DOGE employees demanded the highest level of access, what are called “tenant owner level” accounts inside the independent agency’s computer systems. According to Berulis’ disclosure to Congress, those allow unrestricted permission to read, copy and alter data.

For cybersecurity professionals, a failure to log activity is a cardinal sin and contradicts best practices as recommended by the National Institute of Standards and Technology and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as well as the FBI and the National Security Agency.

Those forensic digital records are important for record-keeping requirements and they allow for troubleshooting, but they also allow experts to investigate potential breaches, sometimes even tracing the attacker’s path back to the vulnerability that let them inside a network. The records might show what data was removed. Basic logs would likely not be enough to demonstrate the extent of a bad actor’s activities, but it would be a start. There’s no reason for any legitimate user to turn off logging or other security tools, cybersecurity experts say.

The former White House cyber official, Braun, said that any chief information security officer would look at network activity like this and think it was a nation-state attack.

An engineer from the Massachusetts Institute of Technology used the website GitHub to share information about his coding projects, which were being worked on.

Berulis noticed that a project, or repository, named ‘NxGen BdoorExtract’ was being worked on by the man, after Roger Sollenberger posted about the account.

Detecting threats inside the National Labor Relations Board: NxGen’s case management system (NxGen) is open 24/7, according to Berulis

“So when I saw this tool, I immediately panicked, just for lack of a better term,” he said. “I kind of had a conniption and said, ‘Whoa, whoa, whoa.'” He immediately told the rest of his team.

One of the engineers that built NxGen, asked for anonymity so as not to jeopardize their ability to work with the government again, said that it definitely seems rather odd to name it that. If you are not concerned about consequences, it is brazen.

According to several of the engineers who created the tool and who all spoke toNPR on condition of anonymity, NxGen was designed for the in-house team at the National Labor Relations Board.

He said that the board of regents isn’t advanced when it comes to detecting threats inside the agency. He explained that the agency had not evolved to account for those. “We were looking for [bad actors] outside,” he said.

But he counted on DOGE leaving at least a few traces of its activity behind, puzzle pieces he could assemble to try to put together a picture of what happened — details he included in his official disclosure.

The container is a kind of opaque virtual computer that can run programs on a machine without revealing its activities to the rest of the network. It would not be suspicious, since that allowed the engineers to work quietly and left no trace of what happened after it was removed.

According to his official disclosure, Berulis was tracking sensitive data leaving the places it was meant to live. First, he saw a chunk of data exiting the NxGen case management system’s “nucleus,” inside the NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.

The spike is extremely unusual because data almost never leaves the NLRB’s databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, and there’s only one noticeable spike of data going out. He confirmed that there had not been backups or migrations of data in that week.

Even if the inspector general or lawyers are granted a guest account, they won’t be allowed to view the files that are relevant to their case, labor law experts told NPR.

DOGE’s whistleblower exposes DNS tunneling in his alleged violation of the Data Protection Protection Act (Denmark Berulis)

In the days after Berulis and his colleagues prepared a request for CISA’s help investigating the breach, Berulis found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information and overhead pictures of him walking his dog, according to the cover letter attached to his official disclosure. The letter made reference to his decision to report the violation, but it’s not clear who sent it. Law enforcement is investigating the letter.

Bakaj, Berulis’ lawyer, told NPR in a written statement: “This case has been particularly sensitive as it involves the possibility of sophisticated foreign intelligence gaining access to sensitive government systems, which is why we went to the Senate Intelligence Committee directly.”

Berulis was able to uncover a lot of troubling details about what happened while DOGE was being log on, which he enumerated in his declaration.

Unknown users also gave themselves a high-level access key, what’s called a SAS token, meaning “shared access signature,” to access storage accounts, before deleting it. Berulis said there was no way to track what they did with it.

Berulis said he noticed five PowerShell downloads on the system, a task automation program that would allow engineers to run automated commands. There were several code libraries that got his attention — tools that he said appeared to be designed to automate and mask data exfiltration. There was a tool to generate a seemingly endless number of IP addresses called “requests-ip-rotator,” and a commonly used automation tool for web developers called “browserless” — both repositories starred or favorited by Wick, the DOGE engineer, according to an archive of his GitHub account reviewed by NPR.

Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected. He came to that conclusion, outlined in his disclosure, after he saw a traffic spike in requests parallel to the data being exfiltrated.

Someone who uses this kind of technique will set up a domain name that can ping their target system with questions. The attacker can steal information that has been broken down into smaller pieces by sending out packets of data from the compromised server.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

NPR, DOGE and a whistleblower: Why do they want to know what they’re doing? What DOGE wants to do about it

The researcher pointed out that they were given the keys to the front door. The researcher said it would be hard to fully verify what happened, but Berulis’ conclusions and other evidence were a cause for concern. They said that this is not standard.

Russ Handorf, who worked for the FBI for 10 years in various Cybersecurity roles, discussed his conclusions with NPR after looking at Berulis’ extensive technical forensic records.

“All of this is alarming,” he said. If this was a publicly traded company, I would have to report it to the SEC. There is a lack of respect for the institution and the data that was exfiltrated in the timelines of the events. There is no reason to expose security controls to internet in order to increase the security risk profile. They didn’t copy the data to media that was password-locked for an escort.

According to experts interviewed by NPR, there are inefficiencies in the government that warrants further review, but they do not see a reason why the data from the case management system needs to be removed.

There is no need to view the information. Could any agency be more efficient? More effective? Positively. You need people who understand what the agency does. That is not by mining data, putting algorithms in and creating a breach of security,” said Harley Shaiken, a professor emeritus at the University of California, Berkeley who specializes in labor and information technology.

I can’t see what DOGE is doing because they follow the same procedures as the rest of the industry and will actually produce the right results for the auditing function, which is to look for fraud, waste and abuse.

“The mismatch between what they’re doing and the established, professional way to do what they say they’re doing … that just kind of gives away the store, that they are not actually about finding more efficient ways for the government to operate,” Block said.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

The Access to Work and Trade Secrets: A Concern About NLRB’s Investigation of a Labor Law Lawyer’s Proposal

For labor law experts, the mere possibility that sensitive records were copied is a serious danger that could create a chilling effect for employees everywhere who turn to the National Labor Relations Board for protection.

KateBronfenbrenner says that it’s not intimidating to say that you have access to the data. “People are going to go, ‘I’m not going to testify before the board because, you know, my employer might get access.'”

The daughter of immigrant parents who fled to Germany during the Nazi era, she spends a lot of time thinking about how systems can be destroyed under certain circumstances. She toldNPR that anyone who is part of the labor movement shouldn’t believe that checks and balances are what they are.

With access to the data, it would make it easier for companies to fire employees for union organizing or keep blacklists of organizers — illegal activities under federal labor laws enforced by the NLRB. But “people get fired in this country all the time for the lawful act of trying to organize a union,” said Block.

It’s not just employees who might suffer if this data got out. Companies also sometimes provide detailed statements on internal business planning and corporate structure in the midst of unfair-labor-practice complaint proceedings. Trade secrets may come up in the NLRB’s investigation if a company tries to fire someone who is fighting an unfair-labor-practice complaint because of their disclosure of trade secrets. That information would be valuable to competitors, regulators and others.

Harley Shaiken is a labor scholar at University of California, Berkeley. He said that it could cause harm to individual workers, unions and their organizing campaigns.

A representative of DOGE who has been installed across the government failed to assure the public or the courts that they have taken the correct precautions to protect the data they are consuming and that it won’t be influenced by private business interests.

Sen. Chris Murphy, D-Conn. raised his concerns about Musk accessing sensitive labor investigation data on cases against his companies or competitors during the confirmation hearing for Trump’s labor secretary, Lori Chavez-DeRemer, in mid-February. He pressed her to answer whether she believed the NLRB is constitutional and to commit to keeping sensitive data confidential. She insists that Trump has the power to exercise it as he sees fit even though she said she was committed to privacy.

Workers’ rights to organize and to address problems they have in the workplace are protected by the National Labor Relations Board. He said that the labor movement received support from Washington during the tenure of President Joe Biden. “But what we have seen is a sharp slamming of the brakes to that and putting the vehicle in reverse in terms of what Trump has done so far,” he continued.

In addition to sending DOGE to the NLRB, the Trump administration tried to neutralize the board’s power to enforce labor law by removing its member Gwynne Wilcox. Courts have wrestled with the legality of Wilcox’s removal, since presidents are supposed to show cause for the dismissal of board members.

How Foreign Adversaries Are Using DOGE’s Workforce to Enrich Their Own Life: A Case Study with Harvard Law’s Block and xAI

“It’s not that he’s a random person who’s getting information that a random person shouldn’t have access to,” said Harvard Law’s Block. She said that if they did get everything, he would have information about the cases the government is building against him.

“DOGE is, whether they admit it or not, headed by somebody who is the subject of active investigation and prosecution of cases. It is incredibly troubling,” she said.

Musk’s company xAI could also benefit from sucking up all the data DOGE has collected to train its algorithms. This concern was pointed out by many Cybersecurity experts in interviews and written pieces.

According to two federal government sources who were not authorized to speak publicly about their workplaces and who shared email documentation with NPR, managers have consistently been warning employees that their data could be subject to AI review, particularly their email responses to the Musk-led campaign to get federal employees to detail “what they did last week” in five bullet points every Monday.

“It’s not a flight of imagination to see several DOGE staffers release some of that [data] surreptitiously to Musk or people close to him,” said Shaiken.

Handorf said both criminals and foreign adversaries use information like this to enrich their own lives. “That includes blackmail, targeting and prioritizing intellectual property theft for espionage or even harming a company to enrich another.”

On their own, a few failed login attempts from a Russian IP address aren’t a smoking gun, those cybersecurity experts interviewed by NPR said. But given the overall picture of activity, it’s a concerning sign that foreign adversaries may already be searching for ways into government systems that DOGE engineers may have left exposed.

The coattails of authorized access are easy to achieve when you move fast and break stuff. What he means is that if DOGE engineers left access points to the network open, it would be very easy for spies or criminals to break in and steal data behind DOGE.

“This is exactly why we usually architect systems using best practices like the principle of least privilege,” Ann Lewis, the former director of Technology Transformation Services at the General Services Administration, told NPR in an interview. It is a concept of cybersecurity that users should only have the minimum rights, Roles and Permissions required to perform their Roles and Responsibilities. It helps prevent accidental damage from user errors, and protects access to high-value data and critical assets.

Source: A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

DoGE Engineers Obfuscate: How the NLRB Should have Protected Their Activities, But They Don’t Sufficiently Do

All over the federal government, cybersecurity officials are being forced to relocate, resign, or put on administrative leave, such as from the Cybersecurity and Infrastructure Security Agency to the Interior Department. The power they have to respond to disruptions has been limited by that.

When she heard about how DOGE engineers operated at the NLRB, particularly the steps they took to obfuscate their activities, she recognized a pattern.

“I am trembling,” she said upon hearing about the potential exposure of data from the NLRB. They can get everything, including the testimony of the whistle blower. This isn’t good.

The employee at the agency of the Interior Department who requested anonymity said that the cyber teams at their agencies are angry because they had to sit on their hands when the alarm systems went off. The employee said that the Cybersecurity teams wanted to stop new users from using the system.

The General Services Administration, one of the government agencies hardest hit by DOGE’s cost cutting efforts and that oversees nearly all federal buildings and buying, was the target of a letter on March 13 published on Federal News Network.

The reason for the Privacy Act is because Congress realized 50 years ago that the government was just overflowing with information about people and needed some guardrails in place. “The information silos are there for a reason,” he continued. “It’s astonishing to me that the very people who not a handful of years ago were screaming about the government tracking us with vaccines now cheer for feeding every piece of information about themselves into Elon Musk’s stupid Skynet.”

For Berulis, it was important to speak out, because he believes people deserve to know how the government’s data and computer systems are at risk, and to prevent further damage. Berulis, who was an IT consultant, says he would have been fired if he’d been operating like DOGE.

“I believe that this goes beyond case data, and that it is more than that,” he said. “I know that there are people at other agencies that have seen similar behavior.” This might be happening more often at other agencies.

“It was my goal by disclosing to Congress not to focus on me at all, but to give them information that they might not necessarily have, the things that you don’t necessarily look for unless you know where to look,” he continued.

Berulis’s “Summary” on the DOGE Exploration and Investigation of a Possible “Micro” Security Threat in the US Department of Justice

Berulis wanted the DOGE engineers to be transparent. Don’t be a covert if you have nothing to hide. Be open, because that’s what efficiency is really about. Try to prove that this is a huge misunderstanding. Put it out there. That’s all I’m asking.”

This could be the beginning of the operation. They still haven’t crossed that boundary where they’re plugged into every federal system out there,” he continued. “So maybe there is still time.”

According to the disclosure, someone had disabled controls that would prevent insecure or unauthorized mobile devices from logging on to the system without the proper security settings. The public internet exposes an interface that could potentially allow malicious actors to get into systems. Internal alerting and monitoring systems were turned off manually. Multifactor authentication was disabled.

Having a list of key organizers and potential members of a union would make that easier, as would having a copy of the opposing counsel’s notes as companies prepare for legal challenges, she continued.

In
Previous post Harvard does not accept the Trump administration’s demands for deep changes
Next post The judge wants to know if the White House is helping to return a wrongly deported man

More Stories

Power cuts hit Spain, France and Portugal

admin

The power outage in Spain and Portugal on Monday left hundreds of million of people without electricity, including subways, phone services, traffic lights and ATM machines. According to the Spanish government, almost 50% of the power supply in Spain had been recovered. Spanish Prime Minister Pedro Snchez said there was no sign of a cyber attack behind the power failure.

Tensions grow after a deadly Kashmir attack

admin

India has suspended the Indus Waters Treaty with Pakistan after a militant attack on Tuesday killed 26 people in Jammu and Kashmir’s Pulwama. “The Indus Waters Treaty of 1960 will be held in abeyance with immediately effect until Pakistan credibly and irrevocably abjures its support for cross border terrorism,” Foreign Secretary Vikram Misri said.

The Nintendo Switch 2 preorders at GameStop are expected to be open at 11AM

admin

Nintendo has announced a set of Joy-Con 2 controllers that attaches magnetically to the console. The controllers, which magnetically attach to the console, feature a “C-button” shortcut to Nintendo’s newGameChat feature. The standalone Switch 2 comes with a pair of Joy-Con 2 controllers, which magnetically attach to the console, and feature a new “C-button” shortcut to GameChat.

European and U.S. officials met in London for Ukrainian peace talks

admin

Russia and Ukraine have agreed on the formation of a contact group to discuss the conflict between the two countries that began on July 9, Russian President Vladimir Putin’s chief of staff Dmitry Peskov said. The group will be made up of representatives of Russia, Ukraine, France, Germany and the UK, he added. “It’s very important for us to maintain contacts,” Peskov further said.