Photo credit: www.govexec.com
Whistleblower Alleges Data Breach at National Labor Relations Board
A recent whistleblower revelation has raised alarms regarding a potential data breach at the National Labor Relations Board (NLRB). The claims, documented by former NLRB employee Daniel Berulis, detail attempts by an individual with a Russian IP address to access NLRB systems shortly after an initiative by the Department of Government Efficiency (DOGE) to obtain sensitive information from the agency.
Berulis has provided substantial forensic evidence and internal documents to both Congress and the U.S. Office of Special Counsel, alleging that DOGE engaged in the exfiltration of large quantities of confidential data while also disabling security monitoring systems responsible for detecting malicious activities within the NLRB’s networks. NPR first reported these troubling disclosures.
According to Berulis, the login attempts were made utilizing a newly created email account associated with DOGE, with activities occurring in “near real-time.” While the origins of the IP address suggest a Russian location, it is important to note that hackers frequently employ techniques to obscure their true locations.
Although the login attempts were thwarted, the use of valid usernames and passwords raises concerns that cyber adversaries may have already identified vulnerabilities in government systems, potentially linked to DOGE’s actions.
Berulis’ disclosures include information about a disturbing incident following his internal complaints regarding DOGE, in which he reportedly found a threat affixed to his door. This threat included personal information and photos of him in public spaces.
A spokesperson for DOGE did not respond to requests for comment on the allegations. DOGE, founded under the oversight of Elon Musk, operates outside of traditional governmental structures and was established to reform federal spending practices that were deemed wasteful.
This situation is not an isolated case. NPR reported that a Democratic minority aide on the House Oversight Committee indicated possession of numerous credible reports indicating that DOGE has extracted sensitive data from various government agencies for unclear purposes.
“The implications are particularly concerning given the potential for foreign intelligence entities to access sensitive government systems, which prompted us to escalate the matter to the Senate Intelligence Committee,” stated attorney Andrew Bakaj. Meanwhile, the offices of Senators Tom Cotton and Mark Warner have not yet provided feedback regarding the ongoing circumstances.
The allegations reflect a broader trend surrounding DOGE’s rapid expansion within federal operations, which has led to numerous legal challenges concerning its access to American citizens’ financial and personal information. There remains significant ambiguity about how this data is being safeguarded, manipulated, or utilized.
The potential for conflict of interest is also considerable, given Musk’s roles in both government initiatives and private enterprises, such as SpaceX and Tesla, which are under investigation by the NLRB. The case systems maintained by NLRB encompass sensitive topics, including union activities, instances of employee whistleblowing, legal strategies, and proprietary business information.
Berulis alleges that DOGE personnel employed dubious methods to extract sensitive information from NLRB systems. Claims include the disabling of security measures that monitor data traffic, removal of access logs, and the use of software designed to conceal their operations. Following these claims, there was a notable increase in data transfer activity from the NLRB, possibly using techniques that disguise illicit data transmission within regular internet traffic. Additionally, one engineer is reported to have worked on a tool that would enable file extraction from the NLRB’s internal systems. Security experts have indicated that such tactics bear resemblance to strategies typically employed by foreign hacking groups rather than federal employees.
Source
www.govexec.com