Comment by kazinator

I almost can't make heads or tails of out of this scatterbrained word salad.

Let's start with this:

> Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

> Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub

What exactly does that mean? NLRB database accounts are GitHub accounts? (Surely not.) Or the same IP address accessed both, suggesting it was the same person? Define "account".

No coherent point being made here. This story needs to clearly separate the rhetoric about GitHub repositories from the NLRB access, and connect them together coherently.

The flow seems to be:

1. Some DOGE people obtained unbridled access to NLRB, with the ability to erase audit trails.

2. There is some sort of evidence that the same people downloaded tools from GitHub for distributed web scraping, suggesting intent to scrape massive amounts of data from somewhere (inferred to be the NLRB database).

There is no evidence cited in the article for the actual downloading of gigabytes of data; the "whistleblower" is quoted only as saying that DOGE required certain privileged accounts to be created and that the users of the accounts supposedly downloaded some web scraping software from GitHub.

At least mention some circumstantial evidence, like a suspicious increase in access activity, coming from distributed IP addresses in the Amazon cloud, following the download of those tools.

This:

> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”

seems neither here nor there; why include that. It may be that the tools DOGE are using are not adequately safeguarding the data, but it seems like an extraneous point, and undigestable without specifics.