← Back to context

Comment by threeseed

20 hours ago

Occam's razor would suggest someone from Russia could just use their own IP because people like you would think it's a hoax anyway.

6 comments

threeseed

Reply
frumplestlatz  19 hours ago

Why does someone from Russia want access to NLRB data, and why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets when it would be trivially traceable back to them, and if they were in fact granted untraceable/unlogged admin credentials, could legitimately download the data themselves and simply hand it over to said Russian assets if that was their actual intention?

It's not behavior that makes any sense assuming even a semi-rational/intelligent actor.

  • threeseed  18 hours ago

    > Why does someone from Russia want access to NLRB data

    It has details of labor disputes. Which if you’re Russia who thrives on fostering conflict in the US would be an ideal data set.

    > Why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets

    Because they are young, highly inexperienced engineers who have been tasked with rolling out their LLM system as quickly as possible. Their priority is not security.

    • frumplestlatz  18 hours ago

      Your argument is that they are so inexperienced and insufficiently monitored that they immediately leaked just-granted NLRB login credentials (how?) to Russia, while rolling out an LLM system (what system?), and the Russian assets that acquired those credentials were so inept that they risked their access — and had their logins rejected — by immediately attempting to use them directly from a Russian IP block?

      Furthermore, that the NLRB data would somehow be of sufficient value to Russian state actors to justify risking burning their access to DOGE employees/data/credentials through frankly idiotic OPSEC, despite there being much higher value targets than the NLRB?

      This even remotely doesn't pass the smell test.

      2 replies →

  • anang  11 hours ago

    > Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating.

    Explains this:

    > why would DOGE be immediately leaking just-granted NLRB login credential

    The implication is that the credentials were for more than this specific system. It's entirely feasible that a bad actor would immediately try to vacuum up as much data from as many systems as possible, it's just that this system had a geo block that made it clear this was happening.

    I don't think we need to assume that this was a targeted attack on this specific NLRB system, just that this specific NLRB system was the one that caught the attempts.

    So, what systems DIDN'T block authentication?