Advertisement

Drudge Retort: The Other Side of the News
Wednesday, April 16, 2025

User with Russian IP Address tried to Log into NLRB Systems Following DOGE Access, whistleblower says

A user with a Russian IP address tried to log into National Labor Relations Board systems just minutes after the Department of Government Efficiency moved to access and extract troves of sensitive data from inside the agency, according to an extensive whistleblower disclosure released Tuesday.

Posted by retort at 03:23 PM | 19 COMMENTS | permalink | Comment on This Entry |

Menu

Front Page
Breaking News
Comments
Flagged Comments
Recently Flagged
User Blogs
Write a Blog Entry
Create a Poll
Edit Account
Weekly Digest
Stats Page
RSS Feed
Back Page

Advertisement

Subscriptions

Read the Retort using RSS.

Drudge Retort RSS feed RSS Feed

Author Info

retort

Joined 2003/04/04
Visited 2003/04/04

Status: user

MORE STORIES

National Day of Action (36 comments) ...

A Deadly E. Coli Outbreak Hit 15 States, But the FDA Chose Not to Publicize It (6 comments) ...

Senator Blocked from Visiting Abrego Garcia in El Salvador (81 comments) ...

Lisa Murkowski: 'We Are All Afraid' of Retaliation (97 comments) ...

User with Russian IP Address tried to Log into NLRB Systems Following DOGE Access, whistleblower says (19 comments) ...

More

Alternate links: Google News | Twitter

A whistleblower says Elon Musk's DOGE minions may have looted data at the National Labor Relations Board (NLRB)--including sensitive info about unions, workplace complaint cases, & corporate secrets. Right after DOGE gained access to NLRB, a Russia-based I.P. address tried to log in.

[image or embed]

-- The New Republic (@newrepublic.com) April 15, 2025 at 12:59 PM

Comments

Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

Looks like Trump wanted Russia to have this data.

#1 | Posted by Zed at 2025-04-16 03:28 PM | Reply | Newsworthy 1

(That's right, Rogers... just make my Headline space envy worse!)

Trump is opening all the Gates for Vlad... the ones to Europe and Africa, and also to the US.

#2 | Posted by Corky at 2025-04-16 03:32 PM | Reply | Newsworthy 1

I have often asked what backdoor access is DOGE leaving behind as they attack Federal computer systems, and who has access to that possible backdoor access?

#3 | Posted by LampLighter at 2025-04-16 03:49 PM | Reply | Newsworthy 1

Krasnov Fats loves to leave his back door wide open for the orcs.

#4 | Posted by reinheitsgebot at 2025-04-16 06:02 PM | Reply

I foresee a whistleblower being arrested and charged with treason to emperor Trump.

#5 | Posted by ClownShack at 2025-04-16 08:41 PM | Reply

Is this a record for how quickly an administration generates a whistle-blower?

#6 | Posted by Dbt2 at 2025-04-16 09:15 PM | Reply

Trump is the traitor

#7 | Posted by LegallyYourDead at 2025-04-17 02:35 AM | Reply

DOGE seems interested in a lot more than efficiency.

#8 | Posted by cbob at 2025-04-17 06:18 AM | Reply

Musk is a spy.

Trump is a traitor.

The US is ------.

#9 | Posted by Nixon at 2025-04-17 09:57 AM | Reply

apnews.com

... On the rooftop patio of the General Services Administration headquarters, an agency staffer recently discovered something strange: a rectangular device attached to a wire that snaked across the roof, over the ledge and into the administrator's window one floor below.

It didn't take long for the employee -- an IT specialist -- to figure out the device was a transceiver that communicates with Elon Musk's vast and private Starlink satellite network. Concerned that the equipment violated federal laws designed to protect public data, staffers reported the discovery to superiors and the agency's internal watchdog.

The Starlink equipment raises a host of questions about what Musk and his efficiency czars are doing at GSA, an obscure agency that is playing an outsized role in the Trump administration's quest to slash costs and bring the federal government to heel. ...


#10 | Posted by LampLighter at 2025-04-17 12:02 PM | Reply

While that attempt was blocked, it happened to be using one of the new DOGE accounts and had the correct name and password.

Looks like they gave the username and password to a Russian.

But they forgot to change the firewall settings to allow remote access from outside the firewall.

An easy fix. Next time you won't even know!

Anyway.. just MORE evidence of their incompetence.

They can't even do evil competently.

#11 | Posted by donnerboy at 2025-04-17 02:03 PM | Reply

Whistleblower describes DOGE IT dept rampage at America's labor watchdog
www.theregister.com

... Democratic lawmakers are calling for an investigation after a tech staffer at the US National Labor Relations Board (NLRB) blew the whistle on the ------------ DOGE's activities at the employment watchdog -- which the staffer claims included being granted superuser status in contravention of standard operating procedures, exfiltrating data, and seemingly leaking credentials to someone with a Russian IP address. ...

According to Berulis' disclosure, DOGE operatives arrived at the agency on March 3 in a black SUV that enjoyed a police escort. The same day, he claims, an agency assistant chief information officer (ACIO) told him that DOGE aides would be given accounts "with essentially unrestricted permission to read, copy, and alter data." Creation of such accounts was not standard operating procedure, but the ACIO said those rules must be ignored and the opening of the accounts was not to be logged.

Berulis's document points out that not even his CIO enjoyed the level of access given to DOGE unit operatives, and that the NLRB already had auditor accounts set up that provided enough privileges to check data without being able to edit, copy, or remove it. The "suggestion that they use these accounts instead was not open to discussion," he wrote.

"In the same conversation it was conveyed that we were to hand over any requested accounts, stay out of DOGE's way entirely, and assist them when they asked," he recounted.

Within days, Berulis says, he began to notice worrying signs, such as alerting and monitoring tools being switched off and changes to multi-factor authentication.

He also observed "gigabytes" of data "exiting" a case management application called NxGen over the network, and claimed he later saw 10 GB of data exfiltrated from the agency. ...

[emphasis mine]


#12 | Posted by LampLighter at 2025-04-17 02:15 PM | Reply

Lol,

From your own article:

"According to Berulis, right after DOGE gained access to the NLRB, a Russia-based I.P. address tried to log in. While that attempt was blocked"

So, someone tried to hack in - which probably happens dozens of times a day, it was blocked. Why is this a story? Oh yeah, because some ------- on Bluesky linked it to the tens of the site's users.

#13 | Posted by ScottS at 2025-04-17 07:47 PM | Reply

#13 the Russian IP was using the username and password from an account created and left behind by the Doge incels. One of several they created that initially puzzled the whistleblower, until he saw the Russian trying to use one of the accounts to access the computer system. Then it became obvious. Did they also leave accounts for China and NKorea to gain access? The Doge chuds have probably left the same backdoors at every computer system they have illegally accessed, they were just unlucky that NLRB had an IT guy who knew what he was doing.

#14 | Posted by _Gunslinger_ at 2025-04-18 12:56 AM | Reply | Newsworthy 2

Oh, and it was blocked because the NLRB system blocks access from foreign IP addresses.

#15 | Posted by _Gunslinger_ at 2025-04-18 12:58 AM | Reply | Newsworthy 2

Then it became obvious.

Sure it did.

Especially because it fit right in to your narrative.

#16 | Posted by boaz at 2025-04-18 06:41 AM | Reply

@#13 ... So, someone tried to hack in - which probably happens dozens of times a day, it was blocked. Why is this a story? ...

From the link in #13 ...

... On March 11, while examining logs, Berulis says he noticed a huge spike in outside login attempts being blocked - in particular one with an IP address that has the Primorskiy Krai region in Russia's Far East listed as its location.

The person was trying to log into an account that had been set up for one of the DOGE aides, Berulis claimed. The login attempts started within 15 minutes of the account being established, and used the correct username and password, he told Congress. The login attempts were blocked because the agency does not allow access to its systems from overseas.

Berulis tried to investigate the oddities he observed after DOGE arrived, and said he found "misconfigured or missing tools" made it impossible to analyze outgoing traffic. ...


It is a story because of the above.


How did someone in Russia so quickly ("within 15 minutes") get the username and password given to a DOGE member?



#17 | Posted by LampLighter at 2025-04-18 02:33 PM | Reply | Newsworthy 1

Jesus Christ, the excuses you brainwashed MAGA traitors have for this crap never stop. Musk or Trump could kill your family, and you'd still try to explain it away. Just admit, you like having a dictator who reports to Russia.

#18 | Posted by cbob at 2025-04-18 02:36 PM | Reply | Newsworthy 1

DOGE is bad people

#19 | Posted by hamburglar at 2025-04-18 02:43 PM | Reply

Post a comment

The following HTML tags are allowed in comments: a href, b, i, p, br, ul, ol, li and blockquote. Others will be stripped out. Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

Anyone can join this site and make comments. To post this comment, you must sign it with your Drudge Retort username. If you can't remember your username or password, use the lost password form to request it.
Username:
Password:

Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy
Drudge Retort