Friendly forums for passionate Dems!
More than 93 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»THIS IS BAD! More detaile...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

Nevilledog

(54,039 posts) Fri Apr 18, 2025, 12:06 AM Yesterday

THIS IS BAD! More detailed analysis of DOGE espionage at NLRB

Last edited Fri Apr 18, 2025, 12:55 PM - Edit history (1)

https://threadreaderapp.com/thread/1913023007263543565.html

🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.

He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords

Media's coverage wasn't detailed enough so I dug into his testimony:



Who’s the whistleblower?

Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.

He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.



DOGE demanded root access.

Not auditor access. Not admin.

They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.

This is never supposed to happen.



They disabled the logs.

Berulis says DOGE demanded account creation with no recordkeeping.

They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.



And then the data started flowing out.

10+ GB spike in outbound traffic

Exfiltration from NxGen, the NLRB's legal case database

No corresponding inbound traffic

Unusual ephemeral containers and expired storage tokens



They used an external library that used AWS IP pools to rotate IPs for scraping and brute force attacks.

They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.



The most daming claim in this statement IMO:

Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.

2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.



Multi-factor authentication? Disabled.

Someone downgraded Azure conditional access rules — MFA was off for mobile.

This was not approved and not logged.



Cost spikes without new resources.

Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.



Then came the intimidation.

While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.

This was just a few days ago.



US-CERT was about to be called in.
CISA’s cyber response team.
But senior officials told them to stand down — no report, no investigation.



I'm going to cover this more as I find out more.

********
20 replies, 1032 views
20 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
THIS IS BAD! More detailed analysis of DOGE espionage at NLRB (Original Post) Nevilledog Yesterday OP
JFC!!!! alwaysinasnit Yesterday #1
Bookmarking flamingdem Yesterday #2
Explosive! Bread and Circuses Yesterday #3
Espinoage! Espinoage! Espinoage! Bluethroughu Yesterday #4
Espionage CitizenZero Yesterday #5
Author... littlemissmartypants Yesterday #6
Furthermore CitizenZero Yesterday #7
K & R for visibility. BadgerMom Yesterday #8
Is anyone doing anything about it? Meowmee Yesterday #9
This Whole Thread CitizenZero Yesterday #10
Thank you for posting this! liberalla Yesterday #11
Excellent post and I would note that we need to keep in mind that moniss Yesterday #12
Musk had meetings with putin too Hornedfrog2000 Yesterday #13
Morning kick Nevilledog 23 hrs ago #14
the republicon-russian attack on America is BoRaGard 23 hrs ago #15
This is important kick Nevilledog 21 hrs ago #16
Important! Kick! Clouds Passing 14 hrs ago #17
Nevilledog CitizenZero 14 hrs ago #18
That's fine. I want people to see it. Nevilledog 13 hrs ago #19
Cool CitizenZero 12 hrs ago #20

Bread and Circuses

(706 posts)
3. Explosive!
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 12:26 AM
Yesterday

We all suspected that Musk’s Hitler Youth Hackers were a front . Now we know!
Musk and #47 are giving backdoor access to the Russians for all our data.

Bluethroughu

(7,156 posts)
4. Espinoage! Espinoage! Espinoage!
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 12:27 AM
Yesterday

We have traitors committing espinoage against the United States and it's people.

This administration is attacking the country, its Constitution and its people.

CitizenZero

(748 posts)
5. Espionage
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 01:22 AM
Yesterday

These DOGE rats are guilty and are traitors. Musk is behind this and is probably collaborating with Russia. God help us regain control over our own government. When we do, these people are going to be facing deadly serious charges.

littlemissmartypants

(27,183 posts)
6. Author...
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 01:41 AM
Yesterday
Matt Johansen
@mattjay
Helping Secure the Internet | Long Island elder emo surviving in ATX | Expect: infosec current events, DFIR, appsec & cloudsec - and me!

Source:
https://threadreaderapp.com/user/mattjay

❤️pants
RESIST!!

CitizenZero

(748 posts)
7. Furthermore
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 01:56 AM
Yesterday

I am not very techie but I read the entire OP and was able to grasp it. It seems that the DOGE agents have a specific agenda and mission. And they apparently might be collaborating with Russian agents to accomplish this mission. Espionage. Possible Treason. This idea of government efficiency is perhaps a smokescreen for a possibly darker purpose- the destruction and takeover of the Federal Government, in collusion with Russia.

It is very good that we still have loyal Americans in these agencies like this whistleblower who can alert the public about these illegal DOGE operations that are apparently going on in the Federal Government. This is why Federal Workers should stay in government and fight for as long as they are able. If DOGE is doing this in this one agency, they are probably doing it in other agencies. We need loyalists inside the federal government to act as resistance and as agents in defense of the country.

My worst suspicion is that these DOGE operatives are directly working with Russian state agents. They could be being paid for these data exchanges with dark crypto money. This could be direct criminal collusion between DOGE, Musk, and Russia. This needs to be investigated swiftly and thoroughly, and the level of involvement of those in the Trump White House should be ultimately ascertained. This could be the greatest act of corruption and Treason in world history. These people need to be investigated and brought to justice.

CitizenZero

(748 posts)
10. This Whole Thread
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 02:12 AM
Yesterday

This whole thread should be reposted tomorrow in the day to get more visibility. I think that it is a smoking gun and it needs to be communicated to as many people as is possible.

moniss

(7,049 posts)
12. Excellent post and I would note that we need to keep in mind that
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 02:30 AM
Yesterday

at any moment of the day there are hundreds of Russian operatives crawling around DC, NYC etc. They would, like everybody else, be aware that Edolph and his bunch are crawling through system after system and there is no doubt they would try to infiltrate and as you pointed out there is of course the 2nd option.

Hornedfrog2000

(109 posts)
13. Musk had meetings with putin too
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 02:40 AM
Yesterday

Its not all by coincidence. It is obvious this is a coordinated cyberwarfare campaign, and we have been at war for a good 10 years now. The media chooses to ignore this. They could easily shut our infrastructure down as well. When hawaii had the nuke alarms go off, the sirens that all went off in houston, etc. Etc. They were showing they can hack our systems.

CitizenZero

(748 posts)
18. Nevilledog
Reply to Nevilledog (Original post)
Fri Apr 18, 2025, 07:40 PM
14 hrs ago

I hope that you don't mind, but I started another thread on the same topic because more people need to know about this. I
included a link to this thread in the new post. Here is a link to the new DU thread.--

https://www.democraticunderground.com/100220251068

CitizenZero

(748 posts)
20. Cool
Reply to Nevilledog (Reply #19)
Fri Apr 18, 2025, 09:08 PM
12 hrs ago

I do appreciate your original post. Thanks for bringing this to everyone's attention.

Reply to this discussion
Latest Discussions»General Discussion»THIS IS BAD! More detaile...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2025 Democratic Underground, LLC. Thank you for visiting.