Whistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accounts – Source: www.csoonline.com

Someone using a Russian IP address attempted to access the internal systems of the US National Labor Relations Board (NLRB) using legitimate accounts set up by staff from Elon Musk’s Department of Government Efficiency (DOGE), a whistleblower inside the agency has alleged.

The allegations are part of an extraordinary affidavit submitted to Republican Senate Intelligence Committee Chairman Tom Cotton and his Democratic counterpart, Mark Warner, by NLRB IT engineer Daniel Berulis, through his lawyer.

DOGE entered the Washington D.C. offices of the NLRB in early March, as it did with other high-profile agencies including the Office of Personnel Management (OPM) and the Treasury Department.

This sweeping access was granted by an Executive Order signed on the day of President Trump’s inauguration on January 20.  Since then, there has been speculation that the often chaotic and unsupervised access by DOGE risked creating the conditions for a data breach at some point.

Now, according to the affidavit, something along these lines has already occurred at the NLRB, leading to a “significant data breach” that has potentially exposed the agency and its data to foreign adversaries.

The most eye-popping element of the allegations is that the Russian IPs were somehow connected to the actions of DOGE employees.

The access attempts, which were blocked, provided valid credentials and happened shortly after the accounts were created by DOGE staffers.

The affidavit makes other allegations about unusual goings on at the agency, set up in 1935 to enforce labor regulations and monitor employment practices across the US. A subsequent long interview with NPR offered more detail.

In addition to the implication that Russian threat actors accessed NLRB systems, the affidavit said that during the week they were active, DOGE employees also “exfiltrated” 10GB of data from the agency to servers located in the US, and perhaps beyond.

As employees grew concerned, internal records show that DOGE asked for their access not to be logged, allegedly turning off monitoring tools while deleting records of their access.

“As you are certainly aware, the practical, legal, and national security implications of such an intrusion are vast,” said the affidavit.

“Meat space”

On April 7, in an unsettling development interpreted by Berulis as intimidation, someone taped a note to the door of Berulis’s home, complete with photographs taken by drone that showed him walking near his house.

“The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB,” said the affidavit.

“This ‘meat space’ action – where a threat was physically delivered to my client’s home – is absolutely disturbing in its manner and the implications suggested therein,” the affidavit added.

Berulis believes that law enforcement agencies and Congress should initiate an immediate investigation into DOGE’s responsibility for these events, as well as its activities at other agencies where it has been granted access. 

NPR and The Daily Beast both contacted the White House for reaction to Berulis’s allegations and received the same evasive reply:

“It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,” said deputy press secretary, Anna Kelly.

“Their highly qualified team has been extremely public and transparent in its efforts to eliminate waste, fraud, and abuse across the Executive Branch, including the NLRB.”

Legal battle

As it stands, the allegations are being made by one individual, and the evidence behind them has yet to be examined independently.

In a statement to NPR, an NLRB representative said that while Berulis had raised concerns within the agency, an investigation had “determined that no breach of agency systems occurred.”

That said, it won’t help allay suspicions among critics of DOGE, since Elon Musk has recently been embroiled in a legal battle with the agency over his firing of SpaceX engineers who were critical of the entrepreneur.

What is left is an information vacuum and a sense of unease about whether the previously strict rules and regulations around government cybersecurity still count when DOGE is in town.

Not long ago, the accusations made by Berulis to the Congressional committee would have been viewed as far-fetched. DOGE’s recent onslaught on US Government departments since February has rapidly revised assumptions about what might be possible.