Comment by munchler
19 hours ago
So what exactly is being alleged here? That these DOGE bros wrote and used “hacker” code from GitHub to bypass security limitations on NLRB data? Why would they even need to do that if they had superuser accounts in the system already?
I think the point of the article is that the whistleblower's original claims can be substantiated publicly. It's another datapoint indicating that the DOGE people are operating haphazardly at the absolute best and, more likely, attempting to obscure their tracks because they know that what they're doing wouldn't pass legal muster.
DOGE downloaded libraries to assist in data exfiltration, and did exfiltrate data (obtained via the superuser accounts).
Suggest reading the complaint: https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...
The lede is buried but the implication is downloading a huge amount of data on union organizers, which can then be given to a company to pre-emptively fire those individuals
they added a backdoor that is not audit logged. that's why.
The article is written very poorly. The disclosure itself is far more readable.
https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...
Also this PDF contains a detail I haven't seen reported elsewhere:
> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you
It's an interesting detail because if true -- and I fully assume it is -- the intention likely wasn't to dissuade him from going public, but instead to make him look like a conspiratorial nut. When I first saw this story and heard that "drone shot of him / threatening note" I admit that I immediately assumed it was a flake, but on further details I think that was actually the reason for doing that.
Thanks. So the tools downloaded from GitHub were allegedly used to scrape personally-identifiable information (PII), details about ongoing legal cases, union-related data, and corporate secrets. The whistleblower observed large spikes in outbound data traffic, suggesting that gigabytes of sensitive information were exfiltrated with logging disabled, so as not to leave a trail.
Yes, this is much more clear than the article.