> Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially. As it happens, there is a newer version of this project that was derived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was committed to GitHub in January 2025 by DOGE captain Marko Elez.
Code is pretty much the same, with comments removed, some `async` sprinkled in and minor changes (I bet this was just pasted into LLM with prompt to make it async, but if that worked why not).
Except... Original GPL3 license is gone. Obviously not something you would expect DOGE people to understand or respect.
The repository has been deleted. In addition, 26 other repos have been removed from the account. This is in line with DOGE members' quick response scrubbing data whenever put into spotlight, as previously seen with another "teen hacker". [0]
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
“If this were a side project, it would just be bad code,” the reviewer wrote. “But if this is representative of how you build production systems, then there are much larger concerns. This implementation is fundamentally broken, and if anything similar to this is deployed in an environment handling sensitive data, it should be audited immediately.”
The "critique" is nuts. Surely AI generated. If I didn't trust the domain, I'd assume the author to be incredible for seriously referencing something like this.
Look at the critique [0] and then look at the code [1].
The only person who has standing to say anything is the original author of the code, the holder of the copyright.
It's possible, but very unlikely, the copyright license wasn't actually violated because, for example, the fork could have arranged a separate license.
You can get it under a GPL license for free. You can pay them money to get it under a Commercial license that would let you modify the code without releasing changes.
So, while I doubt it happened, the person who forked it here could have contacted the original author, the copyright holder, and asked for an exemption from the GPL terms.
I'm sure the people who work for an administration that by and large flaunts court orders responsible for this will get right on that.....aaaand it's gone.
You are only required to keep the GPL3 license if you re-distribute it. Putting it in a GitHub repo, is ambiguous whether or not it is re-distributing it, at least morally.
If you want to delete the license in a personal copy, that is perfectly valid according to the license terms. If you then happen to upload that to a private GitHub repo, also perfectly valid.
If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?
Putting it on a GitHub repo IS redistributing it. By putting it on GitHub you agree in the ToS that you have the rights to distribute the code. Which you only have if you don’t violate the license.
> If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?
Then you keep the license eh? Distributing without an intent to distribute is distributing.
Git is free and open source. If you want version control and collaboration and NO unintended distribution completely for free you can just use Git. It even has a built in server to share with your work buddies.
>not something you would expect DOGE people to understand or respect
To be fair I see in my daily life folks who copy and paste from stack overflow or random GitHub repo and move on with their day. They ignore the Creative Commons Attribution-ShareAlike or whatever license is applied to the code they copied.
I see on this very site people who will share copyrighted articles that are behind a paywall (just because it is on some archive site doesn’t make it right).
Please don’t take this as support for DOGE and the headaches they are causing. To make a cheap jab at a group of people while ignoring the group that you associate with is bad form.
I'd say it's wrong in both cases, but we shouldn't ignore degrees of wrongness.
Copy pasting from stack overflow without attribution is wrong but it's also harder to claim "ownership" over single lines or small snippets. It depends how "obvious" they are. You definitely can't copyright trivial functions. There's a lot of gray here but yes attribution is always good.
But things get a lot less murky when we're talking about forking a project. That's usually nontrivial and non obvious. I think what's most important is that removing a license is an active decision. Certainly that would make a critical difference in a court [0]
Then there's further escalation by who is doing the action. The more power and influence you have the greater responsibilities. All men are not created equal. Men with more power can disproportionally do more damage and require higher accountability. So yeah, I care a fuck ton more about a government employee doing something bad especially while performing official duties more than some rando. The ability to do harm is very different.
The reason I dislike your comment is because it's dismissive of the action. "Other people do it!" Is not a defense nor excuse. It is even worse by ignoring multiple points of context.
[0] though protecting open source has been traditionally hard for many reasons. Specifically it's hard for small developers to take legal action, especially against larger bodies. But isn't this something we should want to be fixed? Credit for our own contributions?!
this part of the whistleblower complaint seem way worse:
"
On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior
week. I saw way above baseline response times, and resource utilization showed increased
network output above anywhere it had been historically – as far back as I could look. I noted that
this lined up closely with the data out event. I also notice increased logins blocked by access
policy due to those log-ins being out of the country. For example: In the days after DOGE
accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia
started trying to log in. Those attempts were blocked, but they were especially alarming.
Whoever was attempting to log in was using one of the newly created accounts that were used in
the other DOGE related activities and it appeared they had the correct username and password
due to the authentication flow only stopping them due to our no-out-of-country logins policy
activating. There were more than 20 such attempts, and what is particularly concerning is that
many of these login attempts occurred within 15 minutes of the accounts being created by DOGE
engineers.
"
Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks.
The worst possible interpretation is straightforward - they are working for the Russians as agents and let the Russians in or installed the keyloggers for Russia.
Excerpt: "How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more."
> guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks
They were accessing Github over the internet from superuser accounts they were presumably also using as their user account. Given the code quality, I doubt their opsec is put together, either.
> Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers [...]
Best possible case I see would be that the whistleblower has made some mistake (or is being intentionally dishonest). Seems plausible for instance that "it appeared they had the correct username and password" based on "our no-out-of-country logins policy activating" could just be a misunderstanding of how/when the policy triggers. Not to say it's the most likely explanation, just the least concerning one.
I think less concerning than keyloggers, while still assuming the whistleblower is correct, would be that a DOGE employee was using a VPN/proxy/Tor. Probably not a great idea to have traffic going through a hostile nation state even with encryption, but less bad than keyloggers on their machines stealing and trying credentials within minutes.
Definitely concerning though, to be clear - just steelmanning/answering the question of best possible interpretation.
Isn't it just that the IP router happens to use IPs in Russia as part of the rotation?
If they're trying to exfiltrate data, they might want to rotate through IP addresses in order to obfuscate what's going on or otherwise circumvent restrictions. Using a simple ip rotator like the post talks about would maybe be an approach they'd use. If they're not careful with the IP addresses, once in a while one might get caught due to some restriction like being outside the US. It'd maybe appear as though you're getting these weird requests from Russia, but that's just because you're not logging the requests that are not being flagged from the US.
Maybe I'm reading the post incorrectly though (if so, please correct me!)
The objective may not have been to obtain access or any useful data. The objective may have been to get the scary headlines about Russians and use the existing media and political agitprop to further destabilize the government you seek to color revolution away.
How dumb would Russian hackers be to not use some kind of vpn? My friend who lives in Russia says that without vpn he can not access majority of USA sites so he has it always on be default. Something to is not right or these people are very very dumb.
Yeah, like the APT that compromised O365 accounts from US gov entities a year or so ago, using residential proxies to go around Conditional Access Policies..., is now logging in straight from the Kremlin. :D
The article could offer a summary of this key finding, rather than, say, the pointless paragraph near the bottom about the scraping software found in GitHub not being well written.
This is the evidence which strongly suggests that the DOGE personnel are using various cloud IP addresses to scrape.
Probably the least expected location to connect from, if it was genuine. Not saying it necessarily isn't, but it's not usual either and doesn't make much sense.
While blocking before authentication seems intuitive for efficiency, checking after provides crucial context that's missing if you block pre-auth: you know which specific user account just authenticated successfully.
This context enables two important things:
- Granular exceptions: If Alice is attending a conference in Toronto, you can say "Allow Alice to log in from Canada next week" without opening Canada-wide logins for everyone. Pre-auth geo-blocking forces you into an all-or-nothing stance.
- Better threat intelligence: A valid login from an unexpected region (e.g. Moscow when Alice is normally in D.C.) is a far stronger signal of compromise than a failed attempt. Capturing "successful login + wrong location" helps you prioritize real threats. If you block pre-auth, you'd never know Alice's account was compromised.
Putting geo-checks after authentication gives you precise control over whom, exactly, is logging in from where, and offers richer data for your security monitoring.
Since the system is hosted on Azure, I guess we are talking about an Entra ID login. So I think they set up a Conditional Access [1] that can blocks logins based on the country IP. These policies run after authentication and can be specific to a user.
> According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.
Feels like a pretty good Occam’s razor case… but is there any legitimate reason why one would request this?
Even worse when you know more of the whistleblower's story which is that ~15 minutes after one of DOGE's accounts were made there was an attempted login with the correct password from Russia. Not many explanations for that that look good for DOGE...
My company retains all e-mails for at least 5 years, for audit purposes. But if some troublemaker were to e-mail child porn to an employee, we'd need to remove that from the audit records, because the laws against possessing child porn don't have an exception for corporate audit records.
So there's essentially always some account with the power to erase things from the audit records.
From a an old hackers perspective disabling shell history can have positive security implications. But in today's 'cattle not pets' systems mentality I'd expect all actions to have a log and not having that seems fishy to me. Keeping logging infra secure has a dubious, the log4j fiasco comes to mind. I'm not a fan of regulation for most things, but I think we need a higher cost for data leaking since security is an afterthought for many orgs. My personal leaning is to be very choosy about who I'll do business/share data with.
> “We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”
From the previous post, they had auditor roles built in that they purposely chose to go around
I am sure they demanded maximum access, but the logging activity phrasing sounds a little bit like spin...
I think if I wanted to describe an account with access to perform "sudo -s" as negatively as possible, I would say "an all-powerful admin account that is exempt from logging activity that would otherwise keep a detailed record of all actions taken by those accounts."
Anything musk's dogs claim to find cannot be taken at face value because of this. Because there is no audit, and no evidence that they can offer that they didn't doctor their findings.
The next time they claim that a 170-year old person is receiving SS checks, they have no way to prove that they didn't subtract a century from that person's birthdate in some table.
this guy's lawyer says: This is a difficult topic for Dan to discuss, but prior to our filing the whistle-blower disclosure this week, last week, somebody went to Dan's home and taped a threatening note, a menacing note on his door with personal information.
...
While he was at work, and it also contained photographs of him walking his dog taken by a drone.
These aren't rules made by bureaucrats. They are laws written by Congress, a coequal branch of government, in response to the Nixon administration's abuse of executive power
I don't think that "arguing that something is against the rules" is in the CIA sabotage manual, because it's not generally considered sabotage. Maybe if you argue things are against the rules that you know aren't, to slow things down?
If your logs show your actions are against the rules, pointing that out is not "sabotage". It is being good guy employee, reporting your against the rules actions.
This one is very very clear and unambiguous. There is no symmetry in your example. The Civil servant is actually in the right and doge bro in the wrong.
This doesn’t make sense unless they’re doing something illegal. They have backing from the top to audit the system. They don’t have to answer to any of the people who might complain, so the only reason they need to do this is if they’re doing something which violates federal laws where the penalties are worse then getting an angry email from someone in the security group who your boss will yell at for you.
The other big problem with this theory is that there’s no evidence of sabotage. During the first Trump administration, federal employees followed their leadership just like they had for Obama, Bush, etc. and every sign shows that would have happened again, except for the refusal to take on personal liability for breaking federal laws.
The Deep State! The government is filled with spies determined to "leak" the great work DOGE is doing is the press - so, of course, it needs "God mode" access. Totally legit.
> Setting aside legitimate (thats a matter of judgement)
By definition, a judge decides what's legitimate.
If DOGE expects their access to be blocked by a court judgement, and bum-rushes agencies to exfiltrate data ahead of the judgement, that's also criminal intent.
I am not sure what you are getting at. "Covert" isn't how I'd describe DOGE's actions. "Brazen" maybe?
1. DOGE employees access data they were not supposed to.
This fairly clear.
The story says that DOGE attained access to an account that had
huge permissions into what it could see and alter.
The person or persons from DOGE may have downloaded 10GB of data.
The person may have used this in a manner that is illegal.
Or it is illegal to start with.
With the understanding that POTUS may or may not be allowed
grand such access. (I dont think POTUS can)
2. DOGE employee downloaded code that could be used to use a huge
pool of IP addresses, from AWS to bypass forms of throtheling.
3. The code was badly written.
4. The person is a racist
How would a person from DOGE use "unlimited" number of IP adderssess
from AWS to hammer and automaticlay screenscape webpage, benefit
from it when it came to copying extremly sensetive data from an
internal National Labor Relations Board database?
Did 10.000 sessions authenticate to the database at the same time, using
AWS UP addresses and scraped the data?
Something is pretty broken if the system with extremly sensetive data
is available from external IPs -and- allowing a single account to login
10.0000 times to concurrently scrape data off the interal database?
Of are they saying that this code was adapted to use 10.000/100 IP addresses
internal to National Labor Relations Board and scrapes using those?
The automation later noted makes a lot more sense to aid the work.
The author brings up the ip scraping but makes no effort to tie anything together. It's actually really confusing. Were they using this utility to steal the data or are these two just totally unrelated things?
We have no way to know what they were using it for, because as the article details, DOGE works hard to make sure nobody can find out what it's doing or why.
I am fairly sure it would be a crime for the President to pull up someone's VA health records on a whim, or at least it would be a crime for anyone at the VA to facilitate him doing that.
We can also add to that IRS data. The articles of impeachment against Nixon included the following:
"He has, acting personally and through his subordinates and agents, endeavoured to obtain from the Internal Revenue Service, in violation of the constitutional rights of citizens, confidential information contained in income tax returns for purposes not authorized by law" (emphasis mine).
There actually are laws regulating the handling of personal data collected by the government and it generally doesn't have a "the president wants to see it" exception.
I think the question is whether employees of an advisory group that is not an actual department of the government are on the list of people to whom can he authorize access to this type of sensitive data.
The CEO of Tesla and Space-X; a self-proclaimed high IQ individual, an alleged programmer, has apparently hired a straight-up script kiddie to their elite delta force of technical government downsizers.
I hated Elon Musk long before it was cool: I was a fan of Tesla in the early days, and when I read Musk's "super-secret master plan" for Tesla I thought "yeesh, the board chairman is an idiot, where did they find this bozo?" (I knew a bit about SpaceX but somehow didn't make the connection.)
That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible. It appears he once knew his place as an engineering manager, without LARPing as a Chief Engineer (he didn't appoint himself to CTO until quite a bit later). I worked for a really good manager who didn't know how to code, but he knew a lot about software and was very good about pulling back on coding things vs pushing forward on software design. It seemed like Musk was similar at SpaceX.
Which is all to say that celebrity is a helluva drug. I don't think Musk was ever an especially "high-IQ individual," and his first marriage suggests he's always been a misogynistic loser. But being anointed "a real life Tony Stark!" seems to have destroyed his brain. Ketamine probably doesn't help.
> That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible
He's good at having and raising money which was what SpaceX needed, I think he was probably the same then as he is now. Reading about his early days at Tesla and the PayPal stuff, I don't really buy the idea he was ever different and took a dark turn. He's the type of person that will never self-regulate and somehow has never faced any negative consequences for lying and self-aggrandizing so has kept pushing it further
I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point? That they can save billions of dollars just by having a couple of relatively normal comp sci kids (who can't even rent a car) review the most basic financial information of our government departments. These guys aren't supposed to be "delta force" they are supposed to be the interns.
Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability
Your comment assumes the conclusion that these comp sci kids were able to save billions while preserving the correct behavior of the system, i.e. if their changes cause even one person to miss one payment they should have received, then the rest of your comment is entirely baseless.
If you could prove that billions were saved in pure waste, then I’d imagine any sane citizen would agree with you, setting aside matters of decorum and human decency (e.g. RIFs that may ultimately be necessary but conducted in an inhumane way)
I’d like my tax money used efficiently, but this group does not merit the trust to carry out those changes, even on a technical level
> I would really like my tax money used more efficiently
Except by most accounts so far it was being used efficiently by the federal workforce. This whole debacle will end up costing the US tax payer more money. See cutting the IRS or USAID which will probably lead the US to bailing out farmers. And if they privatize, then it'll be even more expensive.
At the VA medical system, they word-searched for "consulting" and cancelled contracts for.... surgical equipment sterilization, medical waste removal, stuff related to air quality that's required for hospital accreditation, and local burial services for people who die in the hospital.
Then a lot of those had to be reinstated because you simply can't operate a hospital without sanitation.
Just like they had to scramble to hire back the folks at the National Nuclear Safety Association.
Yeah, efficiency is great. But this is like ordering tacos and getting... a used tire and some dirty diapers...?
> I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point?
I agree, but for a different point.
Generalising, but under the age of 25, most people don't have enough experience (business/government) to understand things such as business ethics, the consequences, auditing practises, privacy concerns, etc.
With professional experience, you develop a better understanding and build up that depth of knowledge of how things impact the wider "world" rather than the immediate task at hand. Meaning, you gain a better understanding of the ethical implications of what you're doing.
As an example - in law, it'd be easier to manipulate a law graduate than a lawyer with 20+ years experience, who would think outside the direct question or task that was asked.
> review the most basic financial information of our government departments
That is what the GAO is for https://www.gao.gov/ , and these people are much better than script kiddies.
> I would really like my tax money used more efficiently
Me too! You are on hacker news so I assume you are firm believer in https://en.wikipedia.org/wiki/Amdahl%27s_law ! If you would like your tax money used efficiently, are you willing to discuss cuts to social security, medicare, medicaid, veteran benefits, and whatever else is at the top of the budget? https://www.cbo.gov/publication/61181? What would you cut?
Personally, I would increase taxes on anyone making over $500K/year and stop nickle and diming our federal government so the US can actually become a first world country for everyone that isn't a software engineer.
> Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability
This is like the derelict father with partial custody who parachutes in one weekend a month to buy his son ice cream and a new video game to leave two days later the conquering hero. Meanwhile mom works two jobs, has to set all the expectations and responsibilities for the child, and the father is late on child support payments.
DOGE blitzkrieged government IT. It'll be years before we understand the scope of what they've done and given available evidence: these are script kiddies who worship Musk, I don't think there is ANY reason for optimism or charitable consideration.
There is a phenomena I've noticed in this industry where people who lack a skill compensate by convincing themselves that they are a savant at seeing and exploiting that skill they lack in others. They find and encircle themselves with people who they believe are the Best of the Best, at least in their imagination, and it is critical for their ego that this is never challenged. They will be blind to any evidence to the contrary because they need the people they "identify" to be extraordinary, justifying their great people curation.
I mean, I guess this really happens in all industries. Art, music, leadership, software development. People who maybe once had credibility in something and now desperately try to foist Their People as the best in the industry.
I feel like that is what is happening here. None of the people who Elon surrounds himself are notable in any way, and their skills are hugely suspect, but he has to have his harem of "Super Coders" to prop up his own mythology.
I find the following bizarre. Ignoring who this marko guy is, why would a random person post such a "take down" of the repo? I have never randomly passed by a repo and wanted to just dunk on it. Also this critique reeks of being AI generated.
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
It's only "bizarre" if you "ignore who this marko guy is." It's not a coincidence, it's somebody pointing out that DOGE's "cracked coders" are wearing no clothes.
And the follies here seem to be many. I’m not following why this Marko guy would make a publicly-visible fork of a repo (though he seems to have deleted it since this story went big), and why they would openly request to have their accounts exempted from logging when they were apparently already privileged users.
I must be missing something here; surely the level of elite technical skill implicit in his résumé would preclude this kind of thing
Well yeah they're junior developers. By all account from good schools but literally everyone here has dealt with junior developer brain.
I would say that Elmo picked a bunch of junior devs because they don't have enough maturity to talk back and will do anything they're asked but I think that's too charitable. I think he actually went this route because Elmo is a sad man in his 50s who is desperately trying to pretend that he is, and has not matured beyond, his 20s.
On February 6th, Marko Elez announced his resignation from DOGE after the WSJ discovered many racist posts he made in 2024 (which they published on the 5th). That likely made someone really interested in what his actual coding skill levels were, and they took a look at a repo he had made.
Musk did a "poll" on X that voted for rehiring Elez to DOGE, by February 20th Elez had a US Government email address again, and on Febrary 21st he was reported as working for DOGE at the Social Security Administration.
> Upon learning of your resignation, following reports that you were linked to an account advocating to “normalize Indian hatred” and for a “eugenic immigration policy,” I can’t help but address the staggering hypocrisy of these views within the context of the IT industry
the 2nd comment in the issue explains why the 1st was posted pretty clearly
Why wonder? The user who wrote it seems to be a pretty well established user, and their public repositories suggest that they work in adjacent contexts, so it's entirely plausible they attempted to use async-ip-rotator in one of their projects.
The public repos for this person that I could find that weren't forks with no activity to upstream consisted of a dice-rolling guessing game, rock-paper-scissors, and some kind of framework for downloading and transcribing audio files that does not yet download or transcribe, but implements a whole bunch of boilerplate. I find it rather difficult to believe this person engaged in a good-faith review of the async-ip-rotator code base.
It's also worth noting that Feb 6 may very well be after Marko Elez became a public figure with DOGE. The article doesn't do a great job of expanding on any of this.
Are you genuinely puzzled or just wanted an excuse to point us all toward that comment? If "the comment" is correct word for what amounts to full article in length.
The fact that they left these packages public on GitHub.. guys you do know you can make things private right? Just shows how dumb these people are honestly
Or they think what they're doing is righteous and they're proud of it. It isn't - DOGE is responsible for hundreds of thousands of deaths through cuts to health programs - but I suspect they are deluding themselves into thinking it is.
What? They reused public packages that have been public for years. One guy made a public fork with some changes. Is that not what open source is intended for?
You misunderstand, open source is bad actually, when the heckin cheeto man is the one doing it.
Just as its only worth complaining about geriatric geezers in office until the cheeto man brings in young hackers, then the problem is that "the old impaired people were good, actually".
Don't observe. Don't think. Merely repeat the approved message.
> The Party told you to ignore the evidence of your eyes and ears. It was their final, most essential command.
I think he’s saying that if their intent was to not get caught which you’d assume, they could have made a private repo instead of a public fork tied to a doge account
The people who need to see/understand this live in a different reality where uncomfortable things like this are ETL'd into righteous anger towards people they don't like.
This is the deep state they've been worried about, this is the boot that will tread on them.
EDIT: parent comment was highest ranked comment for the article and is now at the bottom?
I fully believe there's a stack of pardons in Trump's drawer for everyone involved in this debacle. I can't imagine breaking so many laws all over the government if you thought you'd ever have to face consequences. The alternative to pardons in preventing the next congress & administration from cleaning this up is too dire to really contemplate.
They are betting the system won't go after them later which is a very bad bet if they eventually give back the executive branch and an even worse bet if the power they support never gives it back. About as brilliant as being in a photo with Stalin.
The complaint alleges that DOGE was able to get unlimited-permissions admin accounts that were not subject to logging. They also downloaded external repositories that gave users of those repos lots of different IPs. The complaint further alleges that the DOGE person used the combination of these things to "download... more than 10 gigabytes of data from the agency’s case files, a database that includes reams of sensitive records including information about employees who want to form unions and proprietary business documents."
If this is all true, this is basically hacking sensitive data in the open. We already know the current administration has worked to hobble unions. So putting these things together, this act is not only wrong in and of itself, but the data is likely going to be used to harm americans' interests. So, deserving of punishment.
If you take a step back and realize that the intent is to utterly destroy the social safety net provided by social security, Medicare, etc that we have all been paying into our entire adult lives, tell me why every citizen affected should not pursue civil and criminal charges of theft and fraud with malicious intent?
And then the means to do so have involved ignoring the courts and bypassing constitutional checks and balances? Please tell me how this isn’t criminal if not treasonous?
Sensitive government data was (sure, allegedly) extracted to Russia via an account that was expressly created to hide / not create logs. This is treason. Allegedly.
If I told you someone went to your bank and demanded the right to setup accounts with permissions to do everything and to have all logging of that users activity disabled, and then a whistleblower pointed out that they downloaded everyone's bank statements, you'd probably be pretty up set.
After all, why do they need unfettered access? Why do they need your bank statements? Why do they need to hide what they're doing with the unfettered access?
That's what's happening here. There is no good explanation other than bad actors
The problem with prosecuting them – they are employees of a White House office, doing what their bosses told them to do, and it is clear their bosses are carrying out the President's wishes.
If Joe Blow off the street walks into a federal agency and takes all their data – open and shut case, throw the book at them, see you in a few decades.
If someone from the White House walks into a federal agency, tells the agency leadership "the President wants me to take all your data", and the agency leadership replies "sure, go right ahead" – not a scenario people were expecting, so the existing laws haven't been crafted to clearly criminalize it. Maybe some enterprising prosecutor can find a way to map it to the crimes on the statute book, maybe it is just too hard. But even if the prosecutor overcomes that hurdle, it will be far from easy to convince the jury / trial judge / appellate courts that the legal elements of the crime are actually met – and if it actually gets as far as a conviction upheld by the appellate court, what do you think the conservative SCOTUS majority are going to do with that when they get it? And many prosecutors, foreseeing those low odds of ultimate success, will stop before they even get to an indictment.
So, I think the odds of anyone ultimately being convicted over this are low, even if Trump never pardons them.
Maybe, Congress might pass a law to make it more clearly illegal, which might make it easier to prosecute if a future administration repeats the same behavior.
EDIT: if people are downvoting this because they think my analysis of the likelihood of successful criminal prosecution is wrong, it would be great if they could reply to explain where they think I got it wrong
The claim that because your boss tells you to do something illegal means that you should just do it is bullshit. It's your social responsibility to not capitulate under these circumstances.
If you don't feel that way then you deserve the world you are creating.
Without knowing the specifics of US law, there’s a lot in there for a reasonable case. Improper handling of sensitive data, interfering with ongoing legal proceedings, abuse of telecommunications infrastructure (looks like the guy runs a brute forcing crawler on a government system) and probably even more.
We only hear about the cases where a someone is taking the risk of blowing the whistle, and actually manages to get the story out. Hopefully with enough substance for people to take the information seriously. How many cases that are likely to reach public knowledge is left as an exercise to the reader, as the saying goes.
So what exactly is being alleged here? That these DOGE bros wrote and used “hacker” code from GitHub to bypass security limitations on NLRB data? Why would they even need to do that if they had superuser accounts in the system already?
I think the point of the article is that the whistleblower's original claims can be substantiated publicly. It's another datapoint indicating that the DOGE people are operating haphazardly at the absolute best and, more likely, attempting to obscure their tracks because they know that what they're doing wouldn't pass legal muster.
The lede is buried but the implication is downloading a huge amount of data on union organizers, which can then be given to a company to pre-emptively fire those individuals
Also this PDF contains a detail I haven't seen reported elsewhere:
> Furthermore, on Monday, April 7, 2025, while my client and my team were
preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
Thanks. So the tools downloaded from GitHub were allegedly used to scrape personally-identifiable information (PII), details about ongoing legal cases, union-related data, and corporate secrets. The whistleblower observed large spikes in outbound data traffic, suggesting that gigabytes of sensitive information were exfiltrated with logging disabled, so as not to leave a trail.
Isn't the ip rotator used to scrape from public websites to bypass rate limits? Not sure how that automatically means they are "siphoning sensitive case files".
The IP rotator was discovered in the analysis. The exfiltration of data was discovered by an NLRB employee and triggered the complaint. A member of their staff saw the spike in egress, found the source and that the audit log had been bleached.
To everyone saying 'where are the arrests?' This is all conjecture at this point and time will tell what was click bait and truth. Below is the statement from NLRB's acting press secretary.
"Tim Bearese, the NLRB's acting press secretary, denied that the agency granted DOGE access to its systems and said DOGE had not requested access to the agency's systems. Bearese said the agency conducted an investigation after Berulis raised his concerns but "determined that no breach of agency systems occurred."
People should not need to be conjecturing. The federal government should have clear documented reasons for the things that it does. It should have oversight, but all of the oversight has been fired, every department headed by yesmen and fox news anchors. We are all left guessing because they are doing loads of things that seem either treasonous or performed with very little thought to the consequences.
>Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially.
A little nit-picking, but that's not what open source means, especially as it relates to the GPL in this case. If you can't use the code commercially, it's neither "open source" (as defined by OSI) nor free software (as defined by the FSF).
> Berulis said he went public after higher-ups at the agency told him not to report the matter to the US-CERT, as they’d previously agreed.
If the allegation is true, what would be the motivation of the higher-ups to keep this secret from US-CERT?
It appears to be a severe compromise, and the context suggests that much of the rest of the federal government is imminently vulnerable to the same tactics by the same threat actor.
Where the higher-ups reporting the security crisis through better channels?
Or were they trying to keep it quiet entirely, so might be complicit in something bad?
So the real question is, who do you actually report this too if the fox is guarding the hen house? The only place that makes any sense is congressional oversight in some way but that will go nowhere except maybe a quick NPR story.
I almost can't make heads or tails of out of this scatterbrained word salad.
Let's start with this:
> Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.
> Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub
What exactly does that mean? NLRB database accounts are GitHub accounts? (Surely not.) Or the same IP address accessed both, suggesting it was the same person? Define "account".
No coherent point being made here. This story needs to clearly separate the rhetoric about GitHub repositories from the NLRB access, and connect them together coherently.
The flow seems to be:
1. Some DOGE people obtained unbridled access to NLRB, with the ability to erase audit trails.
2. There is some sort of evidence that the same people downloaded tools from GitHub for distributed web scraping, suggesting intent to scrape massive amounts of data from somewhere (inferred to be the NLRB database).
There is no evidence cited in the article for the actual downloading of gigabytes of data; the "whistleblower" is quoted only as saying that DOGE required certain privileged accounts to be created and that the users of the accounts supposedly downloaded some web scraping software from GitHub.
At least mention some circumstantial evidence, like a suspicious increase in access activity, coming from distributed IP addresses in the Amazon cloud, following the download of those tools.
This:
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
seems neither here nor there; why include that. It may be that the tools DOGE are using are not adequately safeguarding the data, but it seems like an extraneous point, and undigestable without specifics.
Plus in the whistleblower's actual report, there is evidence of them getting it, like logs of network output far above previous levels, and those accounts making accesses from various IP addresses (including geo-blocked attempts from Russia).
What sucks is, is that Russia and China now, almost certainly, have all this data, but they don't worry me, as much as the American oligarchs that now have it.
"The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent."
> Musk has installed Starlink terminals on the whitehouse rooftop, to bypass security
This is confirmation bias and absolutely unsubstantiated nonsense. Hedging your bets on hyperbolic dreck like this is why people don't take the serious stuff seriously.
Do you think cellphone hotspots - that everyone has in their pocket - are also part of some grand conspiracy?
Excerpt: "How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more."
Good point, why install another internet connection (starlink) when you can easily use celluar data if you wanted to avoid White House network security?
Hello, I work in incident response and cyber forensics within the private sector and as a government contractor. I'm familiar with the government contracting company that currently holds the SOCaaS contract with the NLRB - it's MindPoint Group. They share the a SOC with the DOJ. I reviewed the whistleblower’s evidence, and I have significant doubts about his claims.
Firstly, anyone claiming that "the whole government is compromised" is being conspiratorial. Breaches of this nature are reportable to CISA (US-CERT), the DOJ, local law enforcement, and the FBI. The NLRB has its own cybersecurity incident response team, which includes legal counsel. If both the NLRB and US-CERT determined that this wasn’t a reportable incident then I trust their judgment.
Secondly, I’ve seen a lot of speculative commentary about the Russian IP allegedly logging into the DOGE account. A simple OSINT investigation reveals that this IP has had a negative reputation for over a year, specifically flagged for credential stuffing and scanning activity. Credential stuffing is a common tactic when credentials have been leaked or breached, often showing up on platforms like intelx.io, DeHashed, or BreachForums.
It's also worth noting: no serious nation-state actor would use an IP with such a known bad reputation. Doing so would risk burning any operational investment they’ve made. Nation-state actors almost always use clean infrastructure or proxy chains to conceal their activity.
The timeline the whistleblower presents spans two months, yet I find his interpretation of the activity speculative without hard evidence—especially considering he admits he does not possess the actual logs. That’s a huge red flag.
Thirdly, I tried to find the whistle blower’s official title, and it’s usually hidden in the media. In his official report he states that he is a Dev Sec Ops engineer. He also claims that he lost access to privileges – but the emails in the screen shot seemed to be a zero-trust/principle of least privileges hardening effort. That’s not suspicious to me.
Fourth, the screenshots the whistleblower provided of the Azure environment appeared extremely sparse. While I don’t know the exact size of the NLRB’s infrastructure, unless it's unusually small, I would expect to see more resources. From what I reviewed, the Azure dashboards he used had no filters applied, which raises the question—why are there no other subscriptions, VMs, load balancers, WAFs, etc., visible?
Regarding the DLP policy alerts, he could have easily shown the associated data. Interestingly, the alerts were labeled “test,” which is significant—but he chose not to address or explain that. Omitting that context makes the evidence less compelling.
He also leaves out basic critical Indicators of Compromise (IOCs) like src_ip, src_port, dest_ip, dest_port, bytes, and duration. I’m not expecting him to extract mutex and environment variables but showing the basics would be convincing enough consider all they would have been accessible to him from the dashboards he screenshots in the document.
Finally, his claim that the NLRB doesn’t have a SIEM is demonstrably false. The NLRB shares a SIEM with the DOJ, which is operated by MindPoint Group under a SOCaaS contract.
Here’s my general take on the situation:
The whistleblower had only been with the organization for six months and served as a mid-level DevSecOps engineer—not a security analyst, incident responder, or SOC analyst. After DOGE was announced, the NLRB began implementing Zero Trust principles and the Principle of Least Privilege. This is typical hardening. As a result, his old admin access which was over provisioned and no longer necessary for his role—was revoked. He panicked.
Still having access to some Azure tools, he could have used a test or dev environment (referencing the sparse number of resources in the screenshot but he claimed it to be prod with no filter), toggled a few settings, took screenshot, and constructed a narrative around it. He escalated it to the CEO, who initially listened. However, the incident response team conducted an investigation and found nothing substantiating his claims. NLRB and US-CERT determined it to not be reportable, or which indicates that if it was a security event it was not an incident.
As for the Russian IP, it may be real—but it’s clearly tied to credential stuffing activity, not a sophisticated threat actor. If it genuinely accessed a DOGE account, that would indicate a breach on the DOGE side or weak password hygiene. But again—as mentioned earlier—he doesn’t have the logs to back this up, and his reasons for that are unconvincing.
#Doubt.
This is much ado about nothing. The article tries to very hard to make something ordinary sound nefarious.
This appears to be DOGE employees simply doing their job.
You may not agree with what they’re doing in a political sense, but if you were tasked with the same problem you’d come up with a nearly identical solution.
For example: “tenant admin” is probably the special role that can bypass access control (not audits!) and see and read all data.
This sounds scary but I regularly request this right from large government departments and I get it granted to me.
Its use is justified when normal access requests would be too complex / fiddly and error prone. Generally, in a large environment, there is no other way to guarantee 100% coverage because as an outsider you don’t even know what permissions to ask for if you can’t see anything due to a lack of permissions!
Seriously: sit down for a second and think about how you would go about getting access to make a full copy of an organisation’s data for an audit if you fully expect both passive resistance and even active efforts to hide the very things you’re looking for.
"7. March 3rd - I received a call during which an ACIO stated instructions were given that we were not to adhere to SOP with the doge account creation in regards to creating records. He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees."
Which part of doing an audit, or some other DOGE employee's job, requires logs or records not to be made of their accounts?
Another quote:
"They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data. Note, these permissions are above even my CIO’s access level to our systems. Well above what level of access is required to
pull metrics, efficiency reports, and any other details that would be needed to assess utilization or
usage of systems in our agency. We have built in roles that auditors can use and have used
extensively in the past but would not give the ability to make changes or access subsystems
without approval. The suggestion that they use these accounts instead was not open to
discussion."
Audits don't require being able to alter data.
Also, some of the data is mentioned as being sensitive. Although granting access to the data of another agency may make sense, I have trouble believing that direct access to data such as sensitive personal information of third parties would routinely be given to people from outside of the organization. Even within the organization the group of people given access to sensitive data should be as limited as possible.
I have taken part in audits for several organizations over the years, and I can assure you that's not how audits are done at all.
In fact, should the auditor find there is a way for them to access sensitive data without it being logged, they will flag it immediately. That would be the case even under simple financial regulation.
There is absolutely the risk that the people you audit will lie to you or present you with false data. In practice that's not common, because they stand to at the very least lose their jobs. It could also be illegal. Not worth it.
> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
It would be astonishingly stupid to threaten a whistleblower in such an amateurish manner when you’re backed by the party in power and have the full and official apparatus of the state at your disposal.
In that case, you and departments you work for are either breaking the law regularly or working with public data anyway.
Besides, no one needs unmonitored write access for audit. Even less DOGE who does no audit and don't have knowledge how to do audit. Audits are supposed to he traceable.
No one needs write access, but most systems only have a read/write predefined role for tenant-wide access. If you don’t trust the department staff to give you anything but a predefined role, it’s typically the only option. Similarly if you need to fire privileged IT staff on the spot for headcount reduction you need admin-equivalent rights to lock them out. You can’t in general trust disgruntled admins to lock themselves out!
Also, in some cloud systems full read access can give you direct or indirect access to service keys / API keys which then are write equivalent permissions anyway.
Omg they also saw spikes in DNS traffic and high load during days exfiltration ahead of audit...
Clearly the (system) auditing infrastructure wasn't robust enough to still provide a lot of monitoring even in the service is being managed by someone else...
Also a several hundred line teardown of a 300line file is exactly what is wrong with some coders. Not having a CI/CL for every single short tool written once to do a job is called being productive...
If you continue reading, that question is answered. The GitHub repositories don't belong to the NLRB (or to DOGE), they were generic tools that were used to exfiltrate data from the NLRB.
That page reads completely incoherently if you understand junior level programming mental models. This is a hit piece for non technical audience meant to conjure fud.
Sorry, but the whole story just reads like a bad mystery novel; tales of Russian hackers, "suspicious" Github repos, somehow-nefarious (docker?) "containers", unspecified threats made (and I quote) in "meat space".
Also interesting to note that not only has Berulis' attorney lead multiple lawsuits against the Trump administration in the past, he was also an intern for both Chuck Schumer and Hillary Clinton. Now that obviously doesn't prove anything, but it could nonetheless be considered a strong indicator this all might be politically-motivated.
For those genuine actors here: this theoretical outrage assumes the premise of something immoral or illegal, and completely ignores the authority structure. This looks and smells like an info operation.
Just, as an exercise, list out 3 good reasons someone might want untraceable admin accounts then list 3 really bad reasons they might want that. If you manage to find 3 good reasons does the outcome of those those outweigh the risks of the potential bad reasons?
I appreciate the question. The most obvious is that this is an “audit the auditors” exercise, and they do not want to leak information toward a likely adversarial counterpart. If they have the authority to so, then they do. An adjacent complaint about “not following Treasury policy is similar.” If these systems exist, there is a governing authority structure, and that does not begin at the level contemplated in this document.
Good:
1. The account-level below that doesn't have access to certain stuff and just happened to have untraceable stuff
2. They just said "give me the highest level of access" and didn't investigate what that meant
3. Can't think of a good third atm
Bad:
1. They want to do nefarious things untraceably
2, 3. I think 1. covers pretty much everything.
Personally, if I'm put in charge of overhauling a system I don't want to waste my time waiting on approvals for BS, I just want to be given the highest level of access I can be given to get on with work.
I'm not saying this is fine, but the information here is basically a random list of things that happened and it doesn't really tell a nefarious story to my eyes.
> Upon learning of your resignation, following reports that you were linked to an account advocating to “normalize Indian hatred” and for a “eugenic immigration policy,” I can’t help but address the staggering hypocrisy of these views within the context of the IT industry.
> This field, including your own career, is built on the labor, innovation, and expertise of Indian engineers and developers. To hold such hateful beliefs about a group that forms the backbone of this industry isn’t just reprehensible—it’s a complete contradiction of the reality you benefit from every day.
> My original critique of your code addressed technical issues and provided solutions, but after learning about your expressed views, it’s clear that poor coding isn’t the root problem here. Your mindset is incompatible with the fundamental values of IT: collaboration, respect, and global interconnectedness.
> Someone who advocates for hate cannot build systems meant to serve diverse users, nor can they lead or contribute meaningfully to teams that rely on trust and mutual respect. I strongly suggest you reflect on the harm your beliefs cause—not just to others, but to your credibility and future in this profession.
It doesn't invalidate the same author's critique above it at all (the critique itself manages to do that) but how it ended up mentioned in Krebs' article is puzzling. It harkens back to the days when journalists would quote-mine random Twitter users' tweets as if it meant something. "Twitter user @john89674651684685 said…" Give me a break.
I have a theory that "business ethics" is really just "following the law." In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits. It has turned into (or perhaps always was) the govt's job to set those rules.
Now, the govt also has to create rules for itself. So it creates the Privacy Act and layers of beurocratic checks and balances. These rules are to protect the people, not to derisk or protect the govt. After all, the govt has all the power.
So when capitalist businesses leaders are given the keys to govt, the normal ways of ethical alignment don't work. If you don't follow your own rules, who cares? They're your rules! I think what we're seeing is what happens if you apply traditional capitalist business practices to govt administration.
The trouble is that money is power, so the people who succeed the most at maximizing profit end up getting a lot of influence over the rules.
In some countries, this is done with outright bribery. Here, we do it with campaign contributions and lobbying and “we’ll create jobs in your district.”
>In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits.
Honestly, if you were around watching the news 30+ years ago, you would notice a stark difference in how news is covered then versus today. You can't really blame them, they are doing what they can to survive, but coverage today much more tabloid than news.
I would say the "fake but accurate," was the death knell, but it might have been sooner.
> The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure.
I don't see anything wrong with what they did, they basically got admin accounts so they can peak into the system and used some libraries from github. What is the problem here? Got a feeling it is just politically motivated, people are not happy that the Trump administration is actually doing something to make systems more efficient and stop money waste of tax payers. I am sure they will make some mistakes along the way and I am sure not every "saving" is actually saving but when you look at so many systems and so much money some errors are expected.
> Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially. As it happens, there is a newer version of this project that was derived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was committed to GitHub in January 2025 by DOGE captain Marko Elez.
Original code: https://github.com/Ge0rg3/requests-ip-rotator
Forked: https://github.com/markoelez/async-ip-rotator
Code is pretty much the same, with comments removed, some `async` sprinkled in and minor changes (I bet this was just pasted into LLM with prompt to make it async, but if that worked why not).
Except... Original GPL3 license is gone. Obviously not something you would expect DOGE people to understand or respect.
The repository has been deleted. In addition, 26 other repos have been removed from the account. This is in line with DOGE members' quick response scrubbing data whenever put into spotlight, as previously seen with another "teen hacker". [0]
Archived repo page: https://archive.ph/LI7tt; archived previous repo count: https://archive.ph/tgkg5
0. https://arstechnica.com/tech-policy/2025/04/i-no-longer-hack...
Archived repository: https://archive.softwareheritage.org/browse/origin/directory...
You can download it as a Git repository from https://archive.softwareheritage.org/api/1/vault/git-bare/sw...
1 reply →
[flagged]
16 replies →
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
“If this were a side project, it would just be bad code,” the reviewer wrote. “But if this is representative of how you build production systems, then there are much larger concerns. This implementation is fundamentally broken, and if anything similar to this is deployed in an environment handling sensitive data, it should be audited immediately.”
The "critique" is nuts. Surely AI generated. If I didn't trust the domain, I'd assume the author to be incredible for seriously referencing something like this.
Look at the critique [0] and then look at the code [1].
[0] https://web.archive.org/web/20250423135719/https://github.co...
[1] https://github.com/ricci/async-ip-rotator/blob/master/src/as...
16 replies →
Seeing Krebs link to this downgrades my impression of how trustworthy his assessments are.
FYI the Fork got hidden/deleted in the last minute or so -- did anyone manage to clone it before it disappeared?
I did. It's essentially just a single .py file: https://gist.github.com/whalesalad/06804fd734efe6bd2e0c84906...
7 replies →
GPLv3 requires the license to be kept. Seems reportable to the owner of the repo and or GitHub.
The only person who has standing to say anything is the original author of the code, the holder of the copyright.
It's possible, but very unlikely, the copyright license wasn't actually violated because, for example, the fork could have arranged a separate license.
The best example of this is the Qt Project's code: https://www.qt.io/qt-licensing
You can get it under a GPL license for free. You can pay them money to get it under a Commercial license that would let you modify the code without releasing changes.
So, while I doubt it happened, the person who forked it here could have contacted the original author, the copyright holder, and asked for an exemption from the GPL terms.
I'm sure the people who work for an administration that by and large flaunts court orders responsible for this will get right on that.....aaaand it's gone.
1 reply →
The GitHub part makes it... weird.
You are only required to keep the GPL3 license if you re-distribute it. Putting it in a GitHub repo, is ambiguous whether or not it is re-distributing it, at least morally.
If you want to delete the license in a personal copy, that is perfectly valid according to the license terms. If you then happen to upload that to a private GitHub repo, also perfectly valid.
If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?
Putting it on a GitHub repo IS redistributing it. By putting it on GitHub you agree in the ToS that you have the rights to distribute the code. Which you only have if you don’t violate the license.
> If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?
Then you keep the license eh? Distributing without an intent to distribute is distributing.
Git is free and open source. If you want version control and collaboration and NO unintended distribution completely for free you can just use Git. It even has a built in server to share with your work buddies.
The fork has been deleted it seems.
posted above ^^
>not something you would expect DOGE people to understand or respect
To be fair I see in my daily life folks who copy and paste from stack overflow or random GitHub repo and move on with their day. They ignore the Creative Commons Attribution-ShareAlike or whatever license is applied to the code they copied.
I see on this very site people who will share copyrighted articles that are behind a paywall (just because it is on some archive site doesn’t make it right).
Please don’t take this as support for DOGE and the headaches they are causing. To make a cheap jab at a group of people while ignoring the group that you associate with is bad form.
I'd say it's wrong in both cases, but we shouldn't ignore degrees of wrongness.
Copy pasting from stack overflow without attribution is wrong but it's also harder to claim "ownership" over single lines or small snippets. It depends how "obvious" they are. You definitely can't copyright trivial functions. There's a lot of gray here but yes attribution is always good.
But things get a lot less murky when we're talking about forking a project. That's usually nontrivial and non obvious. I think what's most important is that removing a license is an active decision. Certainly that would make a critical difference in a court [0]
Then there's further escalation by who is doing the action. The more power and influence you have the greater responsibilities. All men are not created equal. Men with more power can disproportionally do more damage and require higher accountability. So yeah, I care a fuck ton more about a government employee doing something bad especially while performing official duties more than some rando. The ability to do harm is very different.
The reason I dislike your comment is because it's dismissive of the action. "Other people do it!" Is not a defense nor excuse. It is even worse by ignoring multiple points of context.
[0] though protecting open source has been traditionally hard for many reasons. Specifically it's hard for small developers to take legal action, especially against larger bodies. But isn't this something we should want to be fixed? Credit for our own contributions?!
>To make a cheap jab at a group of people while ignoring the group that you associate with is bad form.
What group does the person who makes the comment associate with?
< To be fair
irony
this part of the whistleblower complaint seem way worse:
" On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior week. I saw way above baseline response times, and resource utilization showed increased network output above anywhere it had been historically – as far back as I could look. I noted that this lined up closely with the data out event. I also notice increased logins blocked by access policy due to those log-ins being out of the country. For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers. "
Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks.
The worst possible interpretation is straightforward - they are working for the Russians as agents and let the Russians in or installed the keyloggers for Russia.
Related: https://infosec.exchange/@briankrebs/114083485241630234
Excerpt: "How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more."
I would have thought that a Russian state sponsored attack would trivially mask the IP to originate from within the USA. This is just brazen.
10 replies →
> guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks
They were accessing Github over the internet from superuser accounts they were presumably also using as their user account. Given the code quality, I doubt their opsec is put together, either.
> Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers [...]
Best possible case I see would be that the whistleblower has made some mistake (or is being intentionally dishonest). Seems plausible for instance that "it appeared they had the correct username and password" based on "our no-out-of-country logins policy activating" could just be a misunderstanding of how/when the policy triggers. Not to say it's the most likely explanation, just the least concerning one.
I think less concerning than keyloggers, while still assuming the whistleblower is correct, would be that a DOGE employee was using a VPN/proxy/Tor. Probably not a great idea to have traffic going through a hostile nation state even with encryption, but less bad than keyloggers on their machines stealing and trying credentials within minutes.
Definitely concerning though, to be clear - just steelmanning/answering the question of best possible interpretation.
Isn't it just that the IP router happens to use IPs in Russia as part of the rotation?
If they're trying to exfiltrate data, they might want to rotate through IP addresses in order to obfuscate what's going on or otherwise circumvent restrictions. Using a simple ip rotator like the post talks about would maybe be an approach they'd use. If they're not careful with the IP addresses, once in a while one might get caught due to some restriction like being outside the US. It'd maybe appear as though you're getting these weird requests from Russia, but that's just because you're not logging the requests that are not being flagged from the US.
Maybe I'm reading the post incorrectly though (if so, please correct me!)
1 reply →
Don't forget the third option: false flag.
The objective may not have been to obtain access or any useful data. The objective may have been to get the scary headlines about Russians and use the existing media and political agitprop to further destabilize the government you seek to color revolution away.
5 replies →
Best case scenario those kids were duped into giving out credentials to the wrong (Russian) people.
How dumb would Russian hackers be to not use some kind of vpn? My friend who lives in Russia says that without vpn he can not access majority of USA sites so he has it always on be default. Something to is not right or these people are very very dumb.
Yeah, like the APT that compromised O365 accounts from US gov entities a year or so ago, using residential proxies to go around Conditional Access Policies..., is now logging in straight from the Kremlin. :D
Spearfishing then some kind of spyware on the system would be my guess.
Though with nation state actors you can't rule out Pegasus like zero-click infiltrations.
The article could offer a summary of this key finding, rather than, say, the pointless paragraph near the bottom about the scraping software found in GitHub not being well written.
This is the evidence which strongly suggests that the DOGE personnel are using various cloud IP addresses to scrape.
>Primorskiy Krai
Probably the least expected location to connect from, if it was genuine. Not saying it necessarily isn't, but it's not usual either and doesn't make much sense.
I wonder why the "no-out-of-country logins" block happens after verifying login credentials and not before, which would make more sense to me.
While blocking before authentication seems intuitive for efficiency, checking after provides crucial context that's missing if you block pre-auth: you know which specific user account just authenticated successfully.
This context enables two important things:
- Granular exceptions: If Alice is attending a conference in Toronto, you can say "Allow Alice to log in from Canada next week" without opening Canada-wide logins for everyone. Pre-auth geo-blocking forces you into an all-or-nothing stance.
- Better threat intelligence: A valid login from an unexpected region (e.g. Moscow when Alice is normally in D.C.) is a far stronger signal of compromise than a failed attempt. Capturing "successful login + wrong location" helps you prioritize real threats. If you block pre-auth, you'd never know Alice's account was compromised.
Putting geo-checks after authentication gives you precise control over whom, exactly, is logging in from where, and offers richer data for your security monitoring.
Since the system is hosted on Azure, I guess we are talking about an Entra ID login. So I think they set up a Conditional Access [1] that can blocks logins based on the country IP. These policies run after authentication and can be specific to a user.
[1] https://learn.microsoft.com/en-us/entra/identity/conditional...
Because then you know that credentials have been compromised
Because you need to know who is logging in before you know what IP policy to enforce, no?
This just seems odd.
Why would they attempt a login from Russia (if it was indeed Russians)?
It is incredibly cheap to use a VPN with a US residential IP.
Maybe not everyone involved is quite the genius you might've been expecting.
10 replies →
Wow that's insane
> According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.
Feels like a pretty good Occam’s razor case… but is there any legitimate reason why one would request this?
Even worse when you know more of the whistleblower's story which is that ~15 minutes after one of DOGE's accounts were made there was an attempted login with the correct password from Russia. Not many explanations for that that look good for DOGE...
That's straight up traitorous.
DOGE needs to be shutdown and everyone of them held as a flight risk while the whole thing is investigated.
8 replies →
Citation?
8 replies →
> all-powerful “tenant admin” accounts that were to be exempted from network logging activity
Is this normal to build this sort of functionality into a software system? Especially software systems that heavily rely on auditability?
Sometimes, depending on the situation.
My company retains all e-mails for at least 5 years, for audit purposes. But if some troublemaker were to e-mail child porn to an employee, we'd need to remove that from the audit records, because the laws against possessing child porn don't have an exception for corporate audit records.
So there's essentially always some account with the power to erase things from the audit records.
6 replies →
No. Never. While it’s expected to have a “root” account exempting from logging serves no honest purpose.
Of course not. It's the exact opposite and every single person here knows this.
From a an old hackers perspective disabling shell history can have positive security implications. But in today's 'cattle not pets' systems mentality I'd expect all actions to have a log and not having that seems fishy to me. Keeping logging infra secure has a dubious, the log4j fiasco comes to mind. I'm not a fan of regulation for most things, but I think we need a higher cost for data leaking since security is an afterthought for many orgs. My personal leaning is to be very choosy about who I'll do business/share data with.
> “We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”
From the previous post, they had auditor roles built in that they purposely chose to go around
It's the same as domain admin in active directory.
You always need it to setup the system initially.
It's like root on Linux: it's an implementation detail that it must be possible.
15 replies →
Sure, to hide your tracks because you know what you intend to do isn't right.
I can’t think of any. Even if you wanted to give someone broad permissions to access and modify data, you wouldn't turn off the audit logs.
I am sure they demanded maximum access, but the logging activity phrasing sounds a little bit like spin...
I think if I wanted to describe an account with access to perform "sudo -s" as negatively as possible, I would say "an all-powerful admin account that is exempt from logging activity that would otherwise keep a detailed record of all actions taken by those accounts."
There is no justification for ever creating an account like that. The only purpose is nefarious.
There isn't one.
Anything musk's dogs claim to find cannot be taken at face value because of this. Because there is no audit, and no evidence that they can offer that they didn't doctor their findings.
The next time they claim that a 170-year old person is receiving SS checks, they have no way to prove that they didn't subtract a century from that person's birthdate in some table.
Ah, this is something I haven't thought of before. This might not actually be spying, but instead just an attempt to plant fake results.
4 replies →
I'm only really familiar with the 'tenant admin' concept from microsoft administration, it's commonly used otherwise?
Obviously no
To allow dodgy offshore actors to snarf huge amounts of data on US citizens to prepare a huge propaganda assault for the next election?
Interview with whistleblower detailing the attack and the threats directed against him:
https://www.pbs.org/newshour/show/nlrb-whistleblower-claims-...
this guy's lawyer says: This is a difficult topic for Dan to discuss, but prior to our filing the whistle-blower disclosure this week, last week, somebody went to Dan's home and taped a threatening note, a menacing note on his door with personal information.
...
While he was at work, and it also contained photographs of him walking his dog taken by a drone.
This is mafia shit.
1 reply →
very clear admission of guilt.
[flagged]
Thing is: Everything they're doing is against the rules. Except they aren't "rules", they are laws.
2 replies →
These aren't rules made by bureaucrats. They are laws written by Congress, a coequal branch of government, in response to the Nixon administration's abuse of executive power
1 reply →
I don't think that "arguing that something is against the rules" is in the CIA sabotage manual, because it's not generally considered sabotage. Maybe if you argue things are against the rules that you know aren't, to slow things down?
4 replies →
What’s that dril quote? There’s no difference between good things and bad things? That’s what this last sentence sounds like.
This doesn't really make sense. If its in the logs, then they already did it. They weren't slowed at all.
This doesn't really apply to the situation in the slightest.
If your logs show your actions are against the rules, pointing that out is not "sabotage". It is being good guy employee, reporting your against the rules actions.
This one is very very clear and unambiguous. There is no symmetry in your example. The Civil servant is actually in the right and doge bro in the wrong.
This doesn’t make sense unless they’re doing something illegal. They have backing from the top to audit the system. They don’t have to answer to any of the people who might complain, so the only reason they need to do this is if they’re doing something which violates federal laws where the penalties are worse then getting an angry email from someone in the security group who your boss will yell at for you.
The other big problem with this theory is that there’s no evidence of sabotage. During the first Trump administration, federal employees followed their leadership just like they had for Obama, Bush, etc. and every sign shows that would have happened again, except for the refusal to take on personal liability for breaking federal laws.
1 reply →
> Now imagine you're a DOGE bro
What does any of this data have to do with making the department more efficient? I can't imagine doing _any_ of this if that was my actual goal.
> and so do the DOGE bros.
When I believe my actions are "fully justified" then that is _precisely_ when I want logging enabled. So no one on Earth could dispute that.
[flagged]
1 reply →
This is… the most reasonable explanation I’ve heard so far for everything that is happening.
God knows there must be enough normally unused rules in the federal government.
1 reply →
The Deep State! The government is filled with spies determined to "leak" the great work DOGE is doing is the press - so, of course, it needs "God mode" access. Totally legit.
That's the best I could do. LOL
Setting aside legitimate (thats a matter of judgement)...
Some previous attempts for DOGE to get data has resulted in data being deleted before they can look and requests for judges to block access to data.
DOGE may be trying to be covert in order to stop these two activities from happening before they can get and review the data.
> Setting aside legitimate (thats a matter of judgement)
By definition, a judge decides what's legitimate.
If DOGE expects their access to be blocked by a court judgement, and bum-rushes agencies to exfiltrate data ahead of the judgement, that's also criminal intent.
I am not sure what you are getting at. "Covert" isn't how I'd describe DOGE's actions. "Brazen" maybe?
6 replies →
1. DOGE employees access data they were not supposed to.
This fairly clear.
The story says that DOGE attained access to an account that had huge permissions into what it could see and alter. The person or persons from DOGE may have downloaded 10GB of data. The person may have used this in a manner that is illegal. Or it is illegal to start with. With the understanding that POTUS may or may not be allowed grand such access. (I dont think POTUS can)
2. DOGE employee downloaded code that could be used to use a huge pool of IP addresses, from AWS to bypass forms of throtheling. 3. The code was badly written. 4. The person is a racist
How would a person from DOGE use "unlimited" number of IP adderssess from AWS to hammer and automaticlay screenscape webpage, benefit from it when it came to copying extremly sensetive data from an internal National Labor Relations Board database?
Did 10.000 sessions authenticate to the database at the same time, using AWS UP addresses and scraped the data?
Something is pretty broken if the system with extremly sensetive data is available from external IPs -and- allowing a single account to login 10.0000 times to concurrently scrape data off the interal database?
Of are they saying that this code was adapted to use 10.000/100 IP addresses internal to National Labor Relations Board and scrapes using those?
The automation later noted makes a lot more sense to aid the work.
The author brings up the ip scraping but makes no effort to tie anything together. It's actually really confusing. Were they using this utility to steal the data or are these two just totally unrelated things?
We have no way to know what they were using it for, because as the article details, DOGE works hard to make sure nobody can find out what it's doing or why.
> I dont think POTUS can
What data in a federal agency could the chief executive not have authorization to access?
I am fairly sure it would be a crime for the President to pull up someone's VA health records on a whim, or at least it would be a crime for anyone at the VA to facilitate him doing that.
We can also add to that IRS data. The articles of impeachment against Nixon included the following:
"He has, acting personally and through his subordinates and agents, endeavoured to obtain from the Internal Revenue Service, in violation of the constitutional rights of citizens, confidential information contained in income tax returns for purposes not authorized by law" (emphasis mine).
There actually are laws regulating the handling of personal data collected by the government and it generally doesn't have a "the president wants to see it" exception.
2 replies →
> What data in a federal agency could the chief executive not have authorization to access?
Personally? For starters, he can't access anything the Legislature's laws say he can't.
The Executive is there to implement the law, and that includes obeying them him/her-self.
A President telling other people to break the law on his behalf by threatening to fire them is also a crime of extortion.
3 replies →
I think the question is whether employees of an advisory group that is not an actual department of the government are on the list of people to whom can he authorize access to this type of sensitive data.
The CEO of Tesla and Space-X; a self-proclaimed high IQ individual, an alleged programmer, has apparently hired a straight-up script kiddie to their elite delta force of technical government downsizers.
I hated Elon Musk long before it was cool: I was a fan of Tesla in the early days, and when I read Musk's "super-secret master plan" for Tesla I thought "yeesh, the board chairman is an idiot, where did they find this bozo?" (I knew a bit about SpaceX but somehow didn't make the connection.)
That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible. It appears he once knew his place as an engineering manager, without LARPing as a Chief Engineer (he didn't appoint himself to CTO until quite a bit later). I worked for a really good manager who didn't know how to code, but he knew a lot about software and was very good about pulling back on coding things vs pushing forward on software design. It seemed like Musk was similar at SpaceX.
Which is all to say that celebrity is a helluva drug. I don't think Musk was ever an especially "high-IQ individual," and his first marriage suggests he's always been a misogynistic loser. But being anointed "a real life Tony Stark!" seems to have destroyed his brain. Ketamine probably doesn't help.
> That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible
He's good at having and raising money which was what SpaceX needed, I think he was probably the same then as he is now. Reading about his early days at Tesla and the PayPal stuff, I don't really buy the idea he was ever different and took a dark turn. He's the type of person that will never self-regulate and somehow has never faced any negative consequences for lying and self-aggrandizing so has kept pushing it further
2 replies →
Um, as best I can tell from similar articles, they're all script kiddies.
Total HackForum vibes.
I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point? That they can save billions of dollars just by having a couple of relatively normal comp sci kids (who can't even rent a car) review the most basic financial information of our government departments. These guys aren't supposed to be "delta force" they are supposed to be the interns.
Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability
Your comment assumes the conclusion that these comp sci kids were able to save billions while preserving the correct behavior of the system, i.e. if their changes cause even one person to miss one payment they should have received, then the rest of your comment is entirely baseless.
If you could prove that billions were saved in pure waste, then I’d imagine any sane citizen would agree with you, setting aside matters of decorum and human decency (e.g. RIFs that may ultimately be necessary but conducted in an inhumane way)
I’d like my tax money used efficiently, but this group does not merit the trust to carry out those changes, even on a technical level
> I would really like my tax money used more efficiently
Except by most accounts so far it was being used efficiently by the federal workforce. This whole debacle will end up costing the US tax payer more money. See cutting the IRS or USAID which will probably lead the US to bailing out farmers. And if they privatize, then it'll be even more expensive.
1 reply →
At the VA medical system, they word-searched for "consulting" and cancelled contracts for.... surgical equipment sterilization, medical waste removal, stuff related to air quality that's required for hospital accreditation, and local burial services for people who die in the hospital.
Then a lot of those had to be reinstated because you simply can't operate a hospital without sanitation.
Just like they had to scramble to hire back the folks at the National Nuclear Safety Association.
Yeah, efficiency is great. But this is like ordering tacos and getting... a used tire and some dirty diapers...?
> I would really like my tax money used more efficiently.
This is immature thinking, because, who wouldn't?
The contention comes from differing opinions on what is waste.
2 replies →
> I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point?
I agree, but for a different point.
Generalising, but under the age of 25, most people don't have enough experience (business/government) to understand things such as business ethics, the consequences, auditing practises, privacy concerns, etc.
With professional experience, you develop a better understanding and build up that depth of knowledge of how things impact the wider "world" rather than the immediate task at hand. Meaning, you gain a better understanding of the ethical implications of what you're doing.
As an example - in law, it'd be easier to manipulate a law graduate than a lawyer with 20+ years experience, who would think outside the direct question or task that was asked.
> review the most basic financial information of our government departments
That is what the GAO is for https://www.gao.gov/ , and these people are much better than script kiddies.
> I would really like my tax money used more efficiently
Me too! You are on hacker news so I assume you are firm believer in https://en.wikipedia.org/wiki/Amdahl%27s_law ! If you would like your tax money used efficiently, are you willing to discuss cuts to social security, medicare, medicaid, veteran benefits, and whatever else is at the top of the budget? https://www.cbo.gov/publication/61181? What would you cut?
Personally, I would increase taxes on anyone making over $500K/year and stop nickle and diming our federal government so the US can actually become a first world country for everyone that isn't a software engineer.
> Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability
This is like the derelict father with partial custody who parachutes in one weekend a month to buy his son ice cream and a new video game to leave two days later the conquering hero. Meanwhile mom works two jobs, has to set all the expectations and responsibilities for the child, and the father is late on child support payments.
DOGE blitzkrieged government IT. It'll be years before we understand the scope of what they've done and given available evidence: these are script kiddies who worship Musk, I don't think there is ANY reason for optimism or charitable consideration.
There is a phenomena I've noticed in this industry where people who lack a skill compensate by convincing themselves that they are a savant at seeing and exploiting that skill they lack in others. They find and encircle themselves with people who they believe are the Best of the Best, at least in their imagination, and it is critical for their ego that this is never challenged. They will be blind to any evidence to the contrary because they need the people they "identify" to be extraordinary, justifying their great people curation.
I mean, I guess this really happens in all industries. Art, music, leadership, software development. People who maybe once had credibility in something and now desperately try to foist Their People as the best in the industry.
I feel like that is what is happening here. None of the people who Elon surrounds himself are notable in any way, and their skills are hugely suspect, but he has to have his harem of "Super Coders" to prop up his own mythology.
I find the following bizarre. Ignoring who this marko guy is, why would a random person post such a "take down" of the repo? I have never randomly passed by a repo and wanted to just dunk on it. Also this critique reeks of being AI generated.
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
Link from quote: https://github.com/markoelez/async-ip-rotator/issues/1
The follow comment is interesting to be a coincidental, such a weird interaction.
It's only "bizarre" if you "ignore who this marko guy is." It's not a coincidence, it's somebody pointing out that DOGE's "cracked coders" are wearing no clothes.
And the follies here seem to be many. I’m not following why this Marko guy would make a publicly-visible fork of a repo (though he seems to have deleted it since this story went big), and why they would openly request to have their accounts exempted from logging when they were apparently already privileged users.
I must be missing something here; surely the level of elite technical skill implicit in his résumé would preclude this kind of thing
Well yeah they're junior developers. By all account from good schools but literally everyone here has dealt with junior developer brain.
I would say that Elmo picked a bunch of junior devs because they don't have enough maturity to talk back and will do anything they're asked but I think that's too charitable. I think he actually went this route because Elmo is a sad man in his 50s who is desperately trying to pretend that he is, and has not matured beyond, his 20s.
1 reply →
On February 6th, Marko Elez announced his resignation from DOGE after the WSJ discovered many racist posts he made in 2024 (which they published on the 5th). That likely made someone really interested in what his actual coding skill levels were, and they took a look at a repo he had made.
Musk did a "poll" on X that voted for rehiring Elez to DOGE, by February 20th Elez had a US Government email address again, and on Febrary 21st he was reported as working for DOGE at the Social Security Administration.
> Upon learning of your resignation, following reports that you were linked to an account advocating to “normalize Indian hatred” and for a “eugenic immigration policy,” I can’t help but address the staggering hypocrisy of these views within the context of the IT industry
the 2nd comment in the issue explains why the 1st was posted pretty clearly
They took down the repository ~20 minutes after OP's comment. Archived link: https://web.archive.org/web/20250423135719/https://github.co...
Surely Elez is currently reading this thread right now too. Probably reveling in the attention like all the juvenile hacker boys.
Why wonder? The user who wrote it seems to be a pretty well established user, and their public repositories suggest that they work in adjacent contexts, so it's entirely plausible they attempted to use async-ip-rotator in one of their projects.
???
The public repos for this person that I could find that weren't forks with no activity to upstream consisted of a dice-rolling guessing game, rock-paper-scissors, and some kind of framework for downloading and transcribing audio files that does not yet download or transcribe, but implements a whole bunch of boilerplate. I find it rather difficult to believe this person engaged in a good-faith review of the async-ip-rotator code base.
1 reply →
It's also worth noting that Feb 6 may very well be after Marko Elez became a public figure with DOGE. The article doesn't do a great job of expanding on any of this.
Are you genuinely puzzled or just wanted an excuse to point us all toward that comment? If "the comment" is correct word for what amounts to full article in length.
Why would they want an excuse to point everyone to that comment when it's literally linked in the article?
The fact that they left these packages public on GitHub.. guys you do know you can make things private right? Just shows how dumb these people are honestly
Or they are emboldened in knowing there will be absolutely no consequences.
Go look at the list of pardons this administration has handed out. These guys won’t even be charged.
They were given a blanket pardon dating back to 2014. No crime even listed!
1 reply →
Or they think what they're doing is righteous and they're proud of it. It isn't - DOGE is responsible for hundreds of thousands of deaths through cuts to health programs - but I suspect they are deluding themselves into thinking it is.
14 replies →
Not that it matters in this specific case, but on GitHub privated forks aren’t fully private: https://docs.github.com/en/pull-requests/collaborating-with-...
It's git. Just clone and push to a new, private repo (on or off of GitHub) without clicking "fork".
1 reply →
Making a fork of a public repo private involves using the git cli.
Ooh, scary!
What? They reused public packages that have been public for years. One guy made a public fork with some changes. Is that not what open source is intended for?
You misunderstand, open source is bad actually, when the heckin cheeto man is the one doing it.
Just as its only worth complaining about geriatric geezers in office until the cheeto man brings in young hackers, then the problem is that "the old impaired people were good, actually".
Don't observe. Don't think. Merely repeat the approved message.
> The Party told you to ignore the evidence of your eyes and ears. It was their final, most essential command.
I think he’s saying that if their intent was to not get caught which you’d assume, they could have made a private repo instead of a public fork tied to a doge account
Someone needs to go to prison over this. It’s not just a misunderstanding, it is an intentional attack on every US citizen.
The people who need to see/understand this live in a different reality where uncomfortable things like this are ETL'd into righteous anger towards people they don't like.
This is the deep state they've been worried about, this is the boot that will tread on them.
EDIT: parent comment was highest ranked comment for the article and is now at the bottom?
A twisted justification for suggesting someone who broke serious laws not face consequences.
We live in a nation of laws, whether or not conspiracy-minded individuals prefer to follow them.
24 replies →
Chances of that happening are zero right now.
I fully believe there's a stack of pardons in Trump's drawer for everyone involved in this debacle. I can't imagine breaking so many laws all over the government if you thought you'd ever have to face consequences. The alternative to pardons in preventing the next congress & administration from cleaning this up is too dire to really contemplate.
They are betting the system won't go after them later which is a very bad bet if they eventually give back the executive branch and an even worse bet if the power they support never gives it back. About as brilliant as being in a photo with Stalin.
13 replies →
Time to remove the pardon powder. Has it achieved anything productive in the last 100 years?
14 replies →
You forget who the president is. They will get away with all of this and everything else. Doesn't mean we shouldn't try but lets be realistic here.
Not really possible since they would be pardoned even if anyone was ever willing to prosecute them.
[flagged]
[flagged]
[flagged]
> it's fun to watch
Watching the misery of others makes me feel ill.
1 reply →
Writing ai slop? Thanks !
Explain please.
The complaint alleges that DOGE was able to get unlimited-permissions admin accounts that were not subject to logging. They also downloaded external repositories that gave users of those repos lots of different IPs. The complaint further alleges that the DOGE person used the combination of these things to "download... more than 10 gigabytes of data from the agency’s case files, a database that includes reams of sensitive records including information about employees who want to form unions and proprietary business documents."
If this is all true, this is basically hacking sensitive data in the open. We already know the current administration has worked to hobble unions. So putting these things together, this act is not only wrong in and of itself, but the data is likely going to be used to harm americans' interests. So, deserving of punishment.
3 replies →
If you take a step back and realize that the intent is to utterly destroy the social safety net provided by social security, Medicare, etc that we have all been paying into our entire adult lives, tell me why every citizen affected should not pursue civil and criminal charges of theft and fraud with malicious intent?
And then the means to do so have involved ignoring the courts and bypassing constitutional checks and balances? Please tell me how this isn’t criminal if not treasonous?
1 reply →
Sensitive government data was (sure, allegedly) extracted to Russia via an account that was expressly created to hide / not create logs. This is treason. Allegedly.
2 replies →
https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...
1 reply →
If I told you someone went to your bank and demanded the right to setup accounts with permissions to do everything and to have all logging of that users activity disabled, and then a whistleblower pointed out that they downloaded everyone's bank statements, you'd probably be pretty up set.
After all, why do they need unfettered access? Why do they need your bank statements? Why do they need to hide what they're doing with the unfettered access?
That's what's happening here. There is no good explanation other than bad actors
5 replies →
The problem with prosecuting them – they are employees of a White House office, doing what their bosses told them to do, and it is clear their bosses are carrying out the President's wishes.
If Joe Blow off the street walks into a federal agency and takes all their data – open and shut case, throw the book at them, see you in a few decades.
If someone from the White House walks into a federal agency, tells the agency leadership "the President wants me to take all your data", and the agency leadership replies "sure, go right ahead" – not a scenario people were expecting, so the existing laws haven't been crafted to clearly criminalize it. Maybe some enterprising prosecutor can find a way to map it to the crimes on the statute book, maybe it is just too hard. But even if the prosecutor overcomes that hurdle, it will be far from easy to convince the jury / trial judge / appellate courts that the legal elements of the crime are actually met – and if it actually gets as far as a conviction upheld by the appellate court, what do you think the conservative SCOTUS majority are going to do with that when they get it? And many prosecutors, foreseeing those low odds of ultimate success, will stop before they even get to an indictment.
So, I think the odds of anyone ultimately being convicted over this are low, even if Trump never pardons them.
Maybe, Congress might pass a law to make it more clearly illegal, which might make it easier to prosecute if a future administration repeats the same behavior.
EDIT: if people are downvoting this because they think my analysis of the likelihood of successful criminal prosecution is wrong, it would be great if they could reply to explain where they think I got it wrong
The claim that because your boss tells you to do something illegal means that you should just do it is bullshit. It's your social responsibility to not capitulate under these circumstances.
If you don't feel that way then you deserve the world you are creating.
1 reply →
All public servants take the oath found in 5 USC 3331. The oath is to support and defend the Constitution of the United States. Not a person.
1 reply →
People voted for this
You’d have to prove a crime here to send someone to jail, correct? What would the charges be?
Without knowing the specifics of US law, there’s a lot in there for a reasonable case. Improper handling of sensitive data, interfering with ongoing legal proceedings, abuse of telecommunications infrastructure (looks like the guy runs a brute forcing crawler on a government system) and probably even more.
El Salvador seems very willing to take people off our hands for mere allegations.
[flagged]
11 replies →
Untraceable and complete access to government databases. I can't begin to imagine the implications here.
We only hear about the cases where a someone is taking the risk of blowing the whistle, and actually manages to get the story out. Hopefully with enough substance for people to take the information seriously. How many cases that are likely to reach public knowledge is left as an exercise to the reader, as the saying goes.
>How many cases that are likely to reach public knowledge is left as an exercise to the reader, as the saying goes.
Is this some reminder to people that bad things occur that aren't found out.
Considering how everyone is aware of this is your comment some sort of clusterbomb whataboutism?
Direct access to private data relating to accusations against companies Musk owns.
So what exactly is being alleged here? That these DOGE bros wrote and used “hacker” code from GitHub to bypass security limitations on NLRB data? Why would they even need to do that if they had superuser accounts in the system already?
I think the point of the article is that the whistleblower's original claims can be substantiated publicly. It's another datapoint indicating that the DOGE people are operating haphazardly at the absolute best and, more likely, attempting to obscure their tracks because they know that what they're doing wouldn't pass legal muster.
DOGE downloaded libraries to assist in data exfiltration, and did exfiltrate data (obtained via the superuser accounts).
Suggest reading the complaint: https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...
The lede is buried but the implication is downloading a huge amount of data on union organizers, which can then be given to a company to pre-emptively fire those individuals
they added a backdoor that is not audit logged. that's why.
The article is written very poorly. The disclosure itself is far more readable.
https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...
Also this PDF contains a detail I haven't seen reported elsewhere:
> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
1 reply →
Thanks. So the tools downloaded from GitHub were allegedly used to scrape personally-identifiable information (PII), details about ongoing legal cases, union-related data, and corporate secrets. The whistleblower observed large spikes in outbound data traffic, suggesting that gigabytes of sensitive information were exfiltrated with logging disabled, so as not to leave a trail.
Yes, this is much more clear than the article.
Isn't the ip rotator used to scrape from public websites to bypass rate limits? Not sure how that automatically means they are "siphoning sensitive case files".
It doesn’t. Coupled with the whistleblower complaint, however, it is evidence.
The IP rotator was discovered in the analysis. The exfiltration of data was discovered by an NLRB employee and triggered the complaint. A member of their staff saw the spike in egress, found the source and that the audit log had been bleached.
To everyone saying 'where are the arrests?' This is all conjecture at this point and time will tell what was click bait and truth. Below is the statement from NLRB's acting press secretary.
"Tim Bearese, the NLRB's acting press secretary, denied that the agency granted DOGE access to its systems and said DOGE had not requested access to the agency's systems. Bearese said the agency conducted an investigation after Berulis raised his concerns but "determined that no breach of agency systems occurred."
https://www.npr.org/2025/04/15/nx-s1-5355895/doge-musk-nlrb-...
People should not need to be conjecturing. The federal government should have clear documented reasons for the things that it does. It should have oversight, but all of the oversight has been fired, every department headed by yesmen and fox news anchors. We are all left guessing because they are doing loads of things that seem either treasonous or performed with very little thought to the consequences.
>Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially.
A little nit-picking, but that's not what open source means, especially as it relates to the GPL in this case. If you can't use the code commercially, it's neither "open source" (as defined by OSI) nor free software (as defined by the FSF).
Right, but the original statement isn't being mutually exclusive.
> Berulis said he went public after higher-ups at the agency told him not to report the matter to the US-CERT, as they’d previously agreed.
If the allegation is true, what would be the motivation of the higher-ups to keep this secret from US-CERT?
It appears to be a severe compromise, and the context suggests that much of the rest of the federal government is imminently vulnerable to the same tactics by the same threat actor.
Where the higher-ups reporting the security crisis through better channels?
Or were they trying to keep it quiet entirely, so might be complicit in something bad?
Or they’re just fearful of retaliation/termination for making waves with this administration
So the real question is, who do you actually report this too if the fox is guarding the hen house? The only place that makes any sense is congressional oversight in some way but that will go nowhere except maybe a quick NPR story.
I almost can't make heads or tails of out of this scatterbrained word salad.
Let's start with this:
> Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.
> Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub
What exactly does that mean? NLRB database accounts are GitHub accounts? (Surely not.) Or the same IP address accessed both, suggesting it was the same person? Define "account".
No coherent point being made here. This story needs to clearly separate the rhetoric about GitHub repositories from the NLRB access, and connect them together coherently.
The flow seems to be:
1. Some DOGE people obtained unbridled access to NLRB, with the ability to erase audit trails.
2. There is some sort of evidence that the same people downloaded tools from GitHub for distributed web scraping, suggesting intent to scrape massive amounts of data from somewhere (inferred to be the NLRB database).
There is no evidence cited in the article for the actual downloading of gigabytes of data; the "whistleblower" is quoted only as saying that DOGE required certain privileged accounts to be created and that the users of the accounts supposedly downloaded some web scraping software from GitHub.
At least mention some circumstantial evidence, like a suspicious increase in access activity, coming from distributed IP addresses in the Amazon cloud, following the download of those tools.
This:
> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
seems neither here nor there; why include that. It may be that the tools DOGE are using are not adequately safeguarding the data, but it seems like an extraneous point, and undigestable without specifics.
The only interesting part of 2 is it looks like Doge wanted all the data. The technical details of how they scraped it mostly doesn't matter.
Plus in the whistleblower's actual report, there is evidence of them getting it, like logs of network output far above previous levels, and those accounts making accesses from various IP addresses (including geo-blocked attempts from Russia).
>The new accounts also could restrict log visibility, delay retention, route
Guessing those are the same accounts that got accessed by Russian IPs?
Genuinely wondering whether the US democracy is going to make it to December.
> Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially.
That isn't what "open source" means.
Unfortunately about what you should come to expect from Brian Krebs.
What sucks is, is that Russia and China now, almost certainly, have all this data, but they don't worry me, as much as the American oligarchs that now have it.
Related: 2016 thread on Hillary Clinton’s internet connected printer and her unauthorized private server containing classified information:
https://news.ycombinator.com/item?id=11782383
Musk has installed Starlink terminals on the whitehouse rooftop, to bypass security:
https://www.wired.com/story/white-house-starlink-wifi/
"The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent."
> Musk has installed Starlink terminals on the whitehouse rooftop, to bypass security
This is confirmation bias and absolutely unsubstantiated nonsense. Hedging your bets on hyperbolic dreck like this is why people don't take the serious stuff seriously.
Do you think cellphone hotspots - that everyone has in their pocket - are also part of some grand conspiracy?
Right. But then it is part of a pattern:
See: https://infosec.exchange/@briankrebs/114083485241630234
Excerpt: "How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more."
Good point, why install another internet connection (starlink) when you can easily use celluar data if you wanted to avoid White House network security?
Very weird
The government dogs are literally script kiddies, go figure.
Hello, I work in incident response and cyber forensics within the private sector and as a government contractor. I'm familiar with the government contracting company that currently holds the SOCaaS contract with the NLRB - it's MindPoint Group. They share the a SOC with the DOJ. I reviewed the whistleblower’s evidence, and I have significant doubts about his claims.
Firstly, anyone claiming that "the whole government is compromised" is being conspiratorial. Breaches of this nature are reportable to CISA (US-CERT), the DOJ, local law enforcement, and the FBI. The NLRB has its own cybersecurity incident response team, which includes legal counsel. If both the NLRB and US-CERT determined that this wasn’t a reportable incident then I trust their judgment.
Secondly, I’ve seen a lot of speculative commentary about the Russian IP allegedly logging into the DOGE account. A simple OSINT investigation reveals that this IP has had a negative reputation for over a year, specifically flagged for credential stuffing and scanning activity. Credential stuffing is a common tactic when credentials have been leaked or breached, often showing up on platforms like intelx.io, DeHashed, or BreachForums.
It's also worth noting: no serious nation-state actor would use an IP with such a known bad reputation. Doing so would risk burning any operational investment they’ve made. Nation-state actors almost always use clean infrastructure or proxy chains to conceal their activity.
The timeline the whistleblower presents spans two months, yet I find his interpretation of the activity speculative without hard evidence—especially considering he admits he does not possess the actual logs. That’s a huge red flag.
Thirdly, I tried to find the whistle blower’s official title, and it’s usually hidden in the media. In his official report he states that he is a Dev Sec Ops engineer. He also claims that he lost access to privileges – but the emails in the screen shot seemed to be a zero-trust/principle of least privileges hardening effort. That’s not suspicious to me.
Fourth, the screenshots the whistleblower provided of the Azure environment appeared extremely sparse. While I don’t know the exact size of the NLRB’s infrastructure, unless it's unusually small, I would expect to see more resources. From what I reviewed, the Azure dashboards he used had no filters applied, which raises the question—why are there no other subscriptions, VMs, load balancers, WAFs, etc., visible?
Regarding the DLP policy alerts, he could have easily shown the associated data. Interestingly, the alerts were labeled “test,” which is significant—but he chose not to address or explain that. Omitting that context makes the evidence less compelling. He also leaves out basic critical Indicators of Compromise (IOCs) like src_ip, src_port, dest_ip, dest_port, bytes, and duration. I’m not expecting him to extract mutex and environment variables but showing the basics would be convincing enough consider all they would have been accessible to him from the dashboards he screenshots in the document.
Finally, his claim that the NLRB doesn’t have a SIEM is demonstrably false. The NLRB shares a SIEM with the DOJ, which is operated by MindPoint Group under a SOCaaS contract.
Here’s my general take on the situation: The whistleblower had only been with the organization for six months and served as a mid-level DevSecOps engineer—not a security analyst, incident responder, or SOC analyst. After DOGE was announced, the NLRB began implementing Zero Trust principles and the Principle of Least Privilege. This is typical hardening. As a result, his old admin access which was over provisioned and no longer necessary for his role—was revoked. He panicked. Still having access to some Azure tools, he could have used a test or dev environment (referencing the sparse number of resources in the screenshot but he claimed it to be prod with no filter), toggled a few settings, took screenshot, and constructed a narrative around it. He escalated it to the CEO, who initially listened. However, the incident response team conducted an investigation and found nothing substantiating his claims. NLRB and US-CERT determined it to not be reportable, or which indicates that if it was a security event it was not an incident.
As for the Russian IP, it may be real—but it’s clearly tied to credential stuffing activity, not a sophisticated threat actor. If it genuinely accessed a DOGE account, that would indicate a breach on the DOGE side or weak password hygiene. But again—as mentioned earlier—he doesn’t have the logs to back this up, and his reasons for that are unconvincing. #Doubt.
Can you explain why a GitHub repo for IP rotating and tied to a prominent DOGE member was downloaded and then deleted?
This is much ado about nothing. The article tries to very hard to make something ordinary sound nefarious.
This appears to be DOGE employees simply doing their job.
You may not agree with what they’re doing in a political sense, but if you were tasked with the same problem you’d come up with a nearly identical solution.
For example: “tenant admin” is probably the special role that can bypass access control (not audits!) and see and read all data.
This sounds scary but I regularly request this right from large government departments and I get it granted to me.
Its use is justified when normal access requests would be too complex / fiddly and error prone. Generally, in a large environment, there is no other way to guarantee 100% coverage because as an outsider you don’t even know what permissions to ask for if you can’t see anything due to a lack of permissions!
Seriously: sit down for a second and think about how you would go about getting access to make a full copy of an organisation’s data for an audit if you fully expect both passive resistance and even active efforts to hide the very things you’re looking for.
The original complaint mentions:
"7. March 3rd - I received a call during which an ACIO stated instructions were given that we were not to adhere to SOP with the doge account creation in regards to creating records. He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees."
Which part of doing an audit, or some other DOGE employee's job, requires logs or records not to be made of their accounts?
Another quote:
"They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data. Note, these permissions are above even my CIO’s access level to our systems. Well above what level of access is required to pull metrics, efficiency reports, and any other details that would be needed to assess utilization or usage of systems in our agency. We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval. The suggestion that they use these accounts instead was not open to discussion."
Audits don't require being able to alter data.
Also, some of the data is mentioned as being sensitive. Although granting access to the data of another agency may make sense, I have trouble believing that direct access to data such as sensitive personal information of third parties would routinely be given to people from outside of the organization. Even within the organization the group of people given access to sensitive data should be as limited as possible.
[flagged]
6 replies →
I have taken part in audits for several organizations over the years, and I can assure you that's not how audits are done at all.
In fact, should the auditor find there is a way for them to access sensitive data without it being logged, they will flag it immediately. That would be the case even under simple financial regulation.
There is absolutely the risk that the people you audit will lie to you or present you with false data. In practice that's not common, because they stand to at the very least lose their jobs. It could also be illegal. Not worth it.
A normal audit, sure. This isn’t that. This is the prison guards flipping the mattress looking for contraband.
All of the public complaining is by staff that don’t understand their new position in the pecking order.
There is a King in charge and he cares not for the wailing of the petty nobles.
3 replies →
> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
It would be astonishingly stupid to threaten a whistleblower in such an amateurish manner when you’re backed by the party in power and have the full and official apparatus of the state at your disposal.
12 replies →
I don't believe your statement that you ask for, and successfully receive, tenant admin rights from large government departments.
DOGE employees aren't simply doing their job. They are actively subverting the government to fatally wound it.
Do you also delete logs, fire the cybersecurity team, and stonewall breach investigations?
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
In that case, you and departments you work for are either breaking the law regularly or working with public data anyway.
Besides, no one needs unmonitored write access for audit. Even less DOGE who does no audit and don't have knowledge how to do audit. Audits are supposed to he traceable.
No one needs write access, but most systems only have a read/write predefined role for tenant-wide access. If you don’t trust the department staff to give you anything but a predefined role, it’s typically the only option. Similarly if you need to fire privileged IT staff on the spot for headcount reduction you need admin-equivalent rights to lock them out. You can’t in general trust disgruntled admins to lock themselves out!
Also, in some cloud systems full read access can give you direct or indirect access to service keys / API keys which then are write equivalent permissions anyway.
1 reply →
[flagged]
1 reply →
> This sounds scary but I regularly request this right from large government departments and I get it granted to me.
Prove it. I want you to give examples of where you did something like this.
It’s not publicly provable for many obvious reasons such as the delegation being time bound.
1 reply →
Omg they also saw spikes in DNS traffic and high load during days exfiltration ahead of audit...
Clearly the (system) auditing infrastructure wasn't robust enough to still provide a lot of monitoring even in the service is being managed by someone else...
Also a several hundred line teardown of a 300line file is exactly what is wrong with some coders. Not having a CI/CL for every single short tool written once to do a job is called being productive...
Absolute balderdash.
> accounts created for DOGE at the NLRB downloaded three code repositories from GitHub
Why is anything of significance on github in the first place?
Edit: It's not. They just download python libraries to do "IP rotation" to circumvent rate limits.
On the actual complaint: (https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...)
It seems that the data was stored in Azure which doesn't make it any better.
If you continue reading, that question is answered. The GitHub repositories don't belong to the NLRB (or to DOGE), they were generic tools that were used to exfiltrate data from the NLRB.
I noticed and wanted to delete the coment but you replying made it impossible.
They downloaded "IP rotation" python libraries to circumvent rate limits.
What do you mean? It was "just" a tool to circumvent anti-scraping measures.
If they have full access to the systems, why are they scraping them externally?
2 replies →
They are not. If I read the article right, they downloaded tools to use, mostly to do with anonymous web scraping.
That page reads completely incoherently if you understand junior level programming mental models. This is a hit piece for non technical audience meant to conjure fud.
It’s not at all about programming
Haha, and the Github repo is now offline. lol.
Sorry, but the whole story just reads like a bad mystery novel; tales of Russian hackers, "suspicious" Github repos, somehow-nefarious (docker?) "containers", unspecified threats made (and I quote) in "meat space".
Also interesting to note that not only has Berulis' attorney lead multiple lawsuits against the Trump administration in the past, he was also an intern for both Chuck Schumer and Hillary Clinton. Now that obviously doesn't prove anything, but it could nonetheless be considered a strong indicator this all might be politically-motivated.
For those genuine actors here: this theoretical outrage assumes the premise of something immoral or illegal, and completely ignores the authority structure. This looks and smells like an info operation.
Just, as an exercise, list out 3 good reasons someone might want untraceable admin accounts then list 3 really bad reasons they might want that. If you manage to find 3 good reasons does the outcome of those those outweigh the risks of the potential bad reasons?
I appreciate the question. The most obvious is that this is an “audit the auditors” exercise, and they do not want to leak information toward a likely adversarial counterpart. If they have the authority to so, then they do. An adjacent complaint about “not following Treasury policy is similar.” If these systems exist, there is a governing authority structure, and that does not begin at the level contemplated in this document.
Good: 1. The account-level below that doesn't have access to certain stuff and just happened to have untraceable stuff 2. They just said "give me the highest level of access" and didn't investigate what that meant 3. Can't think of a good third atm
Bad: 1. They want to do nefarious things untraceably 2, 3. I think 1. covers pretty much everything.
Personally, if I'm put in charge of overhauling a system I don't want to waste my time waiting on approvals for BS, I just want to be given the highest level of access I can be given to get on with work.
I'm not saying this is fine, but the information here is basically a random list of things that happened and it doesn't really tell a nefarious story to my eyes.
1 reply →
From the "critique"[0]:
> Upon learning of your resignation, following reports that you were linked to an account advocating to “normalize Indian hatred” and for a “eugenic immigration policy,” I can’t help but address the staggering hypocrisy of these views within the context of the IT industry.
> This field, including your own career, is built on the labor, innovation, and expertise of Indian engineers and developers. To hold such hateful beliefs about a group that forms the backbone of this industry isn’t just reprehensible—it’s a complete contradiction of the reality you benefit from every day.
> My original critique of your code addressed technical issues and provided solutions, but after learning about your expressed views, it’s clear that poor coding isn’t the root problem here. Your mindset is incompatible with the fundamental values of IT: collaboration, respect, and global interconnectedness.
> Someone who advocates for hate cannot build systems meant to serve diverse users, nor can they lead or contribute meaningfully to teams that rely on trust and mutual respect. I strongly suggest you reflect on the harm your beliefs cause—not just to others, but to your credibility and future in this profession.
It doesn't invalidate the same author's critique above it at all (the critique itself manages to do that) but how it ended up mentioned in Krebs' article is puzzling. It harkens back to the days when journalists would quote-mine random Twitter users' tweets as if it meant something. "Twitter user @john89674651684685 said…" Give me a break.
[0] https://web.archive.org/web/20250423135719/https://github.co...
I have a theory that "business ethics" is really just "following the law." In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits. It has turned into (or perhaps always was) the govt's job to set those rules.
Now, the govt also has to create rules for itself. So it creates the Privacy Act and layers of beurocratic checks and balances. These rules are to protect the people, not to derisk or protect the govt. After all, the govt has all the power.
So when capitalist businesses leaders are given the keys to govt, the normal ways of ethical alignment don't work. If you don't follow your own rules, who cares? They're your rules! I think what we're seeing is what happens if you apply traditional capitalist business practices to govt administration.
The trouble is that money is power, so the people who succeed the most at maximizing profit end up getting a lot of influence over the rules.
In some countries, this is done with outright bribery. Here, we do it with campaign contributions and lobbying and “we’ll create jobs in your district.”
Yeah actually. I think that’s about right.
>In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits.
Honestly, if you were around watching the news 30+ years ago, you would notice a stark difference in how news is covered then versus today. You can't really blame them, they are doing what they can to survive, but coverage today much more tabloid than news.
I would say the "fake but accurate," was the death knell, but it might have been sooner.
https://en.wikipedia.org/wiki/Killian_documents_controversy
[dead]
[dead]
[dead]
the doge guys are truely living the script kiddie dream
[flagged]
[flagged]
[flagged]
In what way (other than people not liking it)? And I'm serious, what is illegal about it from a law standpoint. Educate me.
They're stopping congressionally mandated (i.e. legislation) payments to services, violating the Impoundment Control Act of 1974.
2 replies →
Whistleblowers are claiming it's sedition: https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
> The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure.
4 replies →
in the way they commit crimes
I don't see anything wrong with what they did, they basically got admin accounts so they can peak into the system and used some libraries from github. What is the problem here? Got a feeling it is just politically motivated, people are not happy that the Trump administration is actually doing something to make systems more efficient and stop money waste of tax payers. I am sure they will make some mistakes along the way and I am sure not every "saving" is actually saving but when you look at so many systems and so much money some errors are expected.