{"id":2784,"date":"2025-04-16T23:30:59","date_gmt":"2025-04-16T23:30:59","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2784"},"modified":"2025-04-16T23:30:59","modified_gmt":"2025-04-16T23:30:59","slug":"whistleblower-alleges-russian-ip-address-attempted-access-to-us-agencys-systems-via-doge-created-accounts","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2784","title":{"rendered":"Whistleblower alleges Russian IP address attempted access to US agency\u2019s systems via DOGE-created accounts"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Someone using a Russian IP address attempted to access the internal systems of the US National Labor Relations Board (NLRB) using legitimate accounts set up by staff from Elon Musk\u2019s Department of Government Efficiency (DOGE), a whistleblower inside the agency has alleged.<\/p>\n

The allegations are part of an extraordinary affidavit<\/a> submitted to Republican Senate Intelligence Committee Chairman Tom Cotton and his Democratic counterpart, Mark Warner, by NLRB IT engineer Daniel Berulis, through his lawyer.<\/p>\n

DOGE entered the Washington D.C. offices of the NLRB in early March, as it did with other high-profile agencies including the Office of Personnel Management (OPM) and the Treasury Department.<\/p>\n

This sweeping access was granted by an Executive Order signed on the day of President Trump\u2019s inauguration on January 20.\u00a0 Since then, there has been speculation<\/a> that the often chaotic and unsupervised access by DOGE risked creating the conditions for a data breach at some point.<\/p>\n

Now, according to the affidavit<\/a>, something along these lines has already occurred at the NLRB, leading to a \u201csignificant data breach\u201d that has potentially exposed the agency and its data to foreign adversaries.<\/p>\n

The most eye-popping element of the allegations is that the Russian IPs were somehow connected to the actions of DOGE employees.<\/p>\n

The access attempts, which were blocked, provided valid credentials and happened shortly after the accounts were created by DOGE staffers.<\/p>\n

The affidavit makes other allegations about unusual goings on at the agency, set up in 1935 to enforce labor regulations and monitor employment practices across the US. A subsequent long interview with NPR<\/a> offered more detail.<\/p>\n

In addition to the implication that Russian threat actors accessed NLRB systems, the affidavit said that during the week they were active, DOGE employees also \u201cexfiltrated\u201d 10GB of data from the agency to servers located in the US, and perhaps beyond.<\/p>\n

As employees grew concerned, internal records show that DOGE asked for their access not to be logged, allegedly turning off monitoring tools while deleting records of their access.<\/p>\n

\u201cAs you are certainly aware, the practical, legal, and national security implications of such an intrusion are vast,\u201d said the affidavit.<\/p>\n

\u201cMeat space\u201d<\/h2>\n

On April 7, in an unsettling development interpreted by Berulis as intimidation, someone taped a note to the door of Berulis\u2019s home, complete with photographs taken by drone that showed him walking near his house.<\/p>\n

\u201cThe threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB,\u201d said the affidavit.<\/p>\n

\u201cThis \u2018meat space\u2019 action \u2013 where a threat was physically delivered to my client\u2019s home \u2013 is absolutely disturbing in its manner and the implications suggested therein,\u201d the affidavit added.<\/p>\n

Berulis believes that law enforcement agencies and Congress should initiate an immediate investigation into DOGE\u2019s responsibility for these events, as well as its activities at other agencies where it has been granted access.\u00a0<\/p>\n

NPR and The Daily Beast both contacted the White House for reaction to Berulis\u2019s allegations and received the same evasive reply:<\/p>\n

\u201cIt is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,\u201d said deputy press secretary, Anna Kelly.<\/p>\n

\u201cTheir highly qualified team has been extremely public and transparent in its efforts to eliminate waste, fraud, and abuse across the Executive Branch, including the NLRB.\u201d<\/p>\n

Legal battle<\/h2>\n

As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.<\/p>\n

In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had \u201cdetermined that no breach of agency systems occurred.\u201d<\/p>\n

That said, it won\u2019t help allay suspicions among critics of DOGE, since Elon Musk has recently been embroiled in a legal battle<\/a> with the agency over his firing of SpaceX engineers who were critical of the entrepreneur.<\/p>\n

What is left is an information vacuum and a sense of unease about whether the previously strict rules and regulations around government cybersecurity still count when DOGE is in town.<\/p>\n

Not long ago, the accusations made by Berulis to the Congressional committee would have been viewed as far-fetched. DOGE\u2019s recent onslaught on US Government departments since February has rapidly revised assumptions about what might be possible.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Someone using a Russian IP address attempted to access the internal systems of the US National Labor Relations Board (NLRB) using legitimate accounts set up by staff from Elon Musk\u2019s Department of Government Efficiency (DOGE), a whistleblower inside the agency has alleged. The allegations are part of an extraordinary affidavit submitted to Republican Senate Intelligence […]<\/p>\n","protected":false},"author":0,"featured_media":2785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2784"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2784"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2784\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2785"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}