A recent incident involving the National Labor Relations Board (NLRB) and Elon Musk’s Department of Government Efficiency (DOGE) has raised concerns about data security and potential unauthorized access to sensitive information. The allegations were brought forward in a whistleblower complaint by Daniel J. Berulis, a security architect at the NLRB, who claimed that DOGE employees transferred gigabytes of data from agency case files using short-lived accounts designed to evade network activity detection.
According to Berulis, the suspicious activities occurred in early March and coincided with blocked login attempts from a Russian IP address trying to access DOGE user accounts with valid credentials. The complaint details a series of events starting on March 3, when DOGE officials requested the creation of high-level “tenant admin” accounts with unrestricted access to NLRB databases, bypassing standard logging protocols.
Berulis noted that the new accounts had capabilities to modify, copy, and conceal information within the NLRB systems, actions that were beyond his and his supervisor’s authorization levels. The whistleblower further revealed that on March 4, a significant spike in outgoing network traffic was detected, leading to the transfer of approximately 10 gigabytes of data from the NLRB’s NxGen case management system by one of the DOGE accounts.
The complaint also highlighted multiple login attempts from a Russian IP address using valid DOGE employee credentials, which were fortunately blocked due to security protocols prohibiting foreign logins. The naming structure of the DOGE-related Microsoft user accounts, such as “DogeSA_2d5c3e0446f9@nlrb.microsoft.com,” raised suspicions along with the involvement of external code libraries downloaded from GitHub for connection rotation and IP masking purposes.
As the investigation progressed, it was noted that logs for network resources were missing, and the monitoring tool in Microsoft Azure was deactivated, hindering further analysis of the unauthorized activities. Despite Berulis’s efforts to escalate the issue to US-CERT for assistance, he was instructed to halt the investigation, prompting him to share his findings publicly to raise awareness.
In response to the allegations, the NLRB denied any breach of its systems and initiated an internal investigation following Berulis’s concerns. However, screenshots provided by the whistleblower revealed internal communications discussing the unusual account activities associated with DOGE, as well as security alerts from Microsoft regarding network anomalies during the reported incidents.
The news of this security breach comes amidst ongoing legal battles between the NLRB, Amazon, SpaceX, and Elon Musk, with disputes over workers’ rights and union organizing. The NLRB has faced challenges in its operations since President Trump dismissed three board members, leaving the agency without a quorum and impacting its ability to function effectively.
Despite facing threats and intimidation, Berulis remains committed to exposing potential security risks and advocating for transparency within the NLRB. His decision to come forward has sparked support from colleagues and the public, underscoring the importance of whistleblowers in safeguarding data integrity and accountability in government agencies.
As the investigation unfolds, lawmakers are urged to seek further information from Microsoft to shed light on the nature and extent of the data breach at the NLRB. With the security and privacy of sensitive information at stake, the need for robust cybersecurity measures and oversight mechanisms remains paramount to prevent future breaches and uphold public trust in government institutions.