Comment by Ukv

> Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers [...]

Best possible case I see would be that the whistleblower has made some mistake (or is being intentionally dishonest). Seems plausible for instance that "it appeared they had the correct username and password" based on "our no-out-of-country logins policy activating" could just be a misunderstanding of how/when the policy triggers. Not to say it's the most likely explanation, just the least concerning one.

I think less concerning than keyloggers, while still assuming the whistleblower is correct, would be that a DOGE employee was using a VPN/proxy/Tor. Probably not a great idea to have traffic going through a hostile nation state even with encryption, but less bad than keyloggers on their machines stealing and trying credentials within minutes.

Definitely concerning though, to be clear - just steelmanning/answering the question of best possible interpretation.