Comment by twalkz
1 day ago
> According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.
Feels like a pretty good Occam’s razor case… but is there any legitimate reason why one would request this?
Even worse when you know more of the whistleblower's story which is that ~15 minutes after one of DOGE's accounts were made there was an attempted login with the correct password from Russia. Not many explanations for that that look good for DOGE...
That's straight up traitorous.
DOGE needs to be shutdown and everyone of them held as a flight risk while the whole thing is investigated.
Not to defend doge at be all, but the article specifically mentioned installing a bunch of proxy and scraping tools. Is this likely to be an actual Russian state attack or just extremely poor opsec / an attempt to evade internal controls, still likely very illegal. I'm all for holding all involved accountable to the fullest extent, but this is too sloppy for Russian state involvement to make me think they're on any intelligence payroll anywhere.
They work for Trump so they'll never be held to account, even if a Democrat wins the next election (assuming even have one and it's fair and free)
I never thought I'd be calling for UN observers for an election in the US but here we are
10 replies →
Citation?
Not parent but it’s here - https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...
DOGE is a complete clusterfuck. Fwiw I think there is hard to spot fraud in the govt that should be looked at (eg price inflation at the pentagon, VA, Medicaid/Medicare, SS). They should have done the hard work of uncovering that. Instead they just went for clickbait headlines.
6 replies →
Take your pick it was widely reported and you can read the original whistleblower report;
https://whistlebloweraid.org/wp-content/uploads/2025/04/2025... - page 2 & 11
"This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and – concerningly – near real-time access by users in Russia. Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (eg. Usernames/Passwords)"
"For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers."
https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
From the whistle blower.
> Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure.
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...
> all-powerful “tenant admin” accounts that were to be exempted from network logging activity
Is this normal to build this sort of functionality into a software system? Especially software systems that heavily rely on auditability?
Sometimes, depending on the situation.
My company retains all e-mails for at least 5 years, for audit purposes. But if some troublemaker were to e-mail child porn to an employee, we'd need to remove that from the audit records, because the laws against possessing child porn don't have an exception for corporate audit records.
So there's essentially always some account with the power to erase things from the audit records.
It sounds like you haven't actually had to face that situation, because it is more complicated than just having to delete an offending attachment. You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted. And there would be other records generated to document the deletion, like I'm sure a long email or slack thread from this getting discovered and sent up the chain, over to legal, then to the FBI, then back to coordinating the logistics of manually deleting something from the audit logs. So if for a completely unrelated case, a third party auditor stumbles upon that mess, they will be able to reconstruct why a single attachment cannot be found in the audit logs.
"No" is the answer to GP: there is no legitimate reason for a fully unlogged superuser account.
2 replies →
Ah man... back in the day I worked for a company that built out records management software. One of the big things on the side of the cereal box was that not even an admin could delete something flagged as a record within its retention plan. Fast forward to a company doing that for emails, messing up spam filters, and getting a blast of 'normal' porn that was all flagged as records. I believe they ended up creating security groups for those files that help keep those who were using it .. safe for work.
I don't follow this example. You could still have an account delete the email while generating a record that an email was deleted. Why would you need an account that doesn't generate deletion records?
Very true - this comes up constantly in blockchain questions - but in that case there’d at least be an audit log showing who deleted which records.
No. Never. While it’s expected to have a “root” account exempting from logging serves no honest purpose.
Of course not. It's the exact opposite and every single person here knows this.
From a an old hackers perspective disabling shell history can have positive security implications. But in today's 'cattle not pets' systems mentality I'd expect all actions to have a log and not having that seems fishy to me. Keeping logging infra secure has a dubious, the log4j fiasco comes to mind. I'm not a fan of regulation for most things, but I think we need a higher cost for data leaking since security is an afterthought for many orgs. My personal leaning is to be very choosy about who I'll do business/share data with.
> “We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”
From the previous post, they had auditor roles built in that they purposely chose to go around
It's the same as domain admin in active directory.
You always need it to setup the system initially.
It's like root on Linux: it's an implementation detail that it must be possible.
There’s no possible need for an admin-level user that bypasses logging. If anything these users should have additional logging to external systems to make it harder to hide their use.
Root on Linux isn’t exempt from logging. I also don’t know any enterprise that allows admin accounts to bypass logging.
There is no legitimate justification for this request.
11 replies →
The question is whether it needs to be possible to turn off the audit logs for that role. And of course: No.
typically the admin account can createthings like super users, and super users can do anything with the data, but not sure there's a use case where a single account can do both, and why can any of them avoid logging?
Sure, to hide your tracks because you know what you intend to do isn't right.
I can’t think of any. Even if you wanted to give someone broad permissions to access and modify data, you wouldn't turn off the audit logs.
There is no justification for ever creating an account like that. The only purpose is nefarious.
I am sure they demanded maximum access, but the logging activity phrasing sounds a little bit like spin...
I think if I wanted to describe an account with access to perform "sudo -s" as negatively as possible, I would say "an all-powerful admin account that is exempt from logging activity that would otherwise keep a detailed record of all actions taken by those accounts."
There isn't one.
Anything musk's dogs claim to find cannot be taken at face value because of this. Because there is no audit, and no evidence that they can offer that they didn't doctor their findings.
The next time they claim that a 170-year old person is receiving SS checks, they have no way to prove that they didn't subtract a century from that person's birthdate in some table.
Ah, this is something I haven't thought of before. This might not actually be spying, but instead just an attempt to plant fake results.
> This might not actually be spying, but instead just an attempt to plant fake results.
That statement might be (slightly) more believable had there not been access attempts from Russian IP addresses using valid (and recently created) DOGE login credentials so very shortly thereafter.
They give away the game if you pay attention and read other internal sources from other agencies. This is all about shoving AI into the loop and removing federal workers from it.
They want to prove that AI can do "just as good a job" on these data sets and arrive at "equal conclusions" with a much higher level of effiency.
This is what happens when you get high on your own supply.
And even if it's not and everyone involved is a qualified, thoughtful, unimpeachable public servant with no agenda but the general welfare of the Glorious Republic of Arstotzka in their hearts, the lack of an audit trail means that you have to seriously consider that they aren't.
Of course, given the blatant dishonesty and criminality that the rest of this administration is producing (see: every immigration law case that they are losing in court), you'd have to be a useful idiot to actually assume good intent from them.
1 reply →
I'm only really familiar with the 'tenant admin' concept from microsoft administration, it's commonly used otherwise?
Obviously no
To allow dodgy offshore actors to snarf huge amounts of data on US citizens to prepare a huge propaganda assault for the next election?
The Deep State! The government is filled with spies determined to "leak" the great work DOGE is doing is the press - so, of course, it needs "God mode" access. Totally legit.
That's the best I could do. LOL
Interview with whistleblower detailing the attack and the threats directed against him:
https://www.pbs.org/newshour/show/nlrb-whistleblower-claims-...
this guy's lawyer says: This is a difficult topic for Dan to discuss, but prior to our filing the whistle-blower disclosure this week, last week, somebody went to Dan's home and taped a threatening note, a menacing note on his door with personal information.
...
While he was at work, and it also contained photographs of him walking his dog taken by a drone.
This is mafia shit.
I just finished watching Daredevil: Born Again[0] and this incident looks shockingly familiar to what happened in the show. I don't know how the show runners knew this was going to happen but it feels like they've been spying on the future. Do they have a time machine or are they really that good (and the current administration that bad)?
[0] https://www.imdb.com/title/tt18923754/
very clear admission of guilt.
[flagged]
Thing is: Everything they're doing is against the rules. Except they aren't "rules", they are laws.
The problem is, those tasked with upholding and enforcing the laws aren't doing their job (Congress), are swamped with a deluge of blatant lawbreaking but still have to maintain professional decorum to not open themselves up to attacks (the justice system), or are outright corrupt (higher level federal courts including, sadly, the Supreme Court).
1 reply →
These aren't rules made by bureaucrats. They are laws written by Congress, a coequal branch of government, in response to the Nixon administration's abuse of executive power
And in some cases FDR's abuse of executive power. If we manage to get... Someone, I don't know who which is depressing, elected that is interested in preserving democracy above all the other current issues, I'm sure there will be a lot more laws to safeguard this happening again. Personal recommendations, nox the filibuster it creates incentive, use federal money to get all the states to switch to ranked choice voting for all federal positions. And MMP for house and electoral college. Maybe nix the filibuster as the last item of business so that the first Congress without it will have more than two parties (due to those electoral changes which lead to 4-8 parties usually).
I don't think that "arguing that something is against the rules" is in the CIA sabotage manual, because it's not generally considered sabotage. Maybe if you argue things are against the rules that you know aren't, to slow things down?
It’s not so much arguing against the rules. It’s following them to the letter when unnecessary.
It doesn’t matter that the big boss has said that purchasing a $5 knick-knack is ok. You will have that purchase go through the full procurement process, even up to and including an exhaustive search for (cheaper) alternatives.
3 replies →
What’s that dril quote? There’s no difference between good things and bad things? That’s what this last sentence sounds like.
This doesn't really make sense. If its in the logs, then they already did it. They weren't slowed at all.
This doesn't really apply to the situation in the slightest.
If your logs show your actions are against the rules, pointing that out is not "sabotage". It is being good guy employee, reporting your against the rules actions.
This one is very very clear and unambiguous. There is no symmetry in your example. The Civil servant is actually in the right and doge bro in the wrong.
This doesn’t make sense unless they’re doing something illegal. They have backing from the top to audit the system. They don’t have to answer to any of the people who might complain, so the only reason they need to do this is if they’re doing something which violates federal laws where the penalties are worse then getting an angry email from someone in the security group who your boss will yell at for you.
The other big problem with this theory is that there’s no evidence of sabotage. During the first Trump administration, federal employees followed their leadership just like they had for Obama, Bush, etc. and every sign shows that would have happened again, except for the refusal to take on personal liability for breaking federal laws.
[flagged]
> Now imagine you're a DOGE bro
What does any of this data have to do with making the department more efficient? I can't imagine doing _any_ of this if that was my actual goal.
> and so do the DOGE bros.
When I believe my actions are "fully justified" then that is _precisely_ when I want logging enabled. So no one on Earth could dispute that.
[flagged]
Yeah, no.
I'm not going to go 'gentle' on the team of clowns who have done things like make employees work for 36 hours straight to issue RIF notices while shouting at them for "incompetence", or "created new admin accounts that were within minutes attempting to log in from Russian IPs, immediately after demanding all logging be turned off", or "repeatedly lied about savings and contracts on their own website" in some ... "assume good faith" type scenario.
Whatever good faith they deserved, they burned within days (hours, even) of being let loose.
They're already plenty of evidence that they've exfiltrated sensitive information to a variety of non-government entities that are not even remotely entitled to that data, either at NLRB or elsewhere.
Your claim is that "it's entirely possible that these are all just innocent bureaucratic errors" and I would put it to you that that claim, in the face of everything already known, also needs substantiation, and yes, not that thin veneer of Wikipedia-like "assume the absolute possible best intention, regardless of plausibility" that we're getting.
This is… the most reasonable explanation I’ve heard so far for everything that is happening.
God knows there must be enough normally unused rules in the federal government.
The idea that they need to operate -- on hugely sensitive data and systems -- in darkness because any sort of accountability amounts to "sabotage" is dubious.
"Rules for thee, not for me"
This is some sort of "The Deep State is trying to foil them" nonsense.
And to be clear, aside from a weird brute forcing library and the fact that all of the DOGE employees seem to be spectacularly incompetent, there are rational technical reasons someone might want logging temporarily disabled for a one-off. For instance doing an activity that is justified and legitimate and secure and reasonable, but that would yield TB of logs unnecessarily, itself which might cause operational or availability issues. But having a bunch of incompetent script kiddies using their garbage scripts makes that fringe justification unlikely, and they're likely doing very criminal things.
Setting aside legitimate (thats a matter of judgement)...
Some previous attempts for DOGE to get data has resulted in data being deleted before they can look and requests for judges to block access to data.
DOGE may be trying to be covert in order to stop these two activities from happening before they can get and review the data.
> Setting aside legitimate (thats a matter of judgement)
By definition, a judge decides what's legitimate.
If DOGE expects their access to be blocked by a court judgement, and bum-rushes agencies to exfiltrate data ahead of the judgement, that's also criminal intent.
I am not sure what you are getting at. "Covert" isn't how I'd describe DOGE's actions. "Brazen" maybe?
People have admitted in news interviews to destroying government data to prevent others from knowing what the government was doing. That’s likely criminal. This is a legitimate reason to get at information before people who might destroy have the opportunity.
What’s happening with judges is very political. We likely won’t know what’s allowed until things have gone through the appeals process. There have been cases of judges admitting they will rule against the current administration no matter the topic or law. This is messy, to say the least.
5 replies →