It's unclear why #DOGE would need #access to #NLRB files that contain personally identifiable #information to complete its *mission* of improving *efficiency*, outside of employment records for potential reductions in force. The agency publishes publicly available annual performance & accountability reports & budget justifications that former NLRB members told #NPR would likely be sufficient in looking for ways to cut costs.

"The representatives have requested information about agency operations but asked us to remove any personally identifiable information from documents we provide," the email reads. "Consistent with the President's Executive Order & applicable laws, the Agency will comply with #DOGE's requests for access & information."

The email, sent to staff on behalf of #NLRB chair Marvin E. Kaplan & acting general counsel William Cowen & shared w/ #NPR by 2 NLRB employees…, said 2 #DOGE reps would be detailed to the agency from the #GSA "part-time for several months" & would largely work *remotely* [guess they’ll be using that back door].

- Rachel Maddows Pt.2 incl. vollständigem Interview mit Whistleblower Daniel Berulis zu den illegalen DOGE-Aktivitäten, zu möglicherweise russischem Zugriff auf sensibelste Daten auch anderer Institutionen, zum Zusammenhang mit Musks Starlink und den Folgen für die gesamte Sicherheitsstruktur der USA:

- Rachel Maddow: „DOGE-Mitarbeiter dringen ein, strukturieren ihren Zugang so, dass niemand sehen kann, was sie tun und während sie dort sind, werden JEDE MENGE DATEN dieser sehr sensiblen Behörde in unbekannte Bereiche gebracht. Dann lassen sie alle Türen unverschlossen und die Alarmanlagen ausgeschaltet, und dann beginnt SOFORT jemand mit einer IP-Adresse in RUS, sich mit einem der DOGE-Konten und einem scheinbar funktionierenden Usernamen und PW in das System einzuloggen.“

- Ganz schön mutig, wenn man mittlerweile davon ausgehen muss, morgen früh in El Salvador aufzuwachen...

While investigating the #data taken from #NLRB, Berulis tried to determine its ultimate destination. But whoever had exfiltrated it had disguised its destination too….

#DOGE staffers had permission to access the system, but removing data is another matter.

Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected.

Someone disabled controls to prevent insecure or unauthorized mobile devices from logging on w/o the proper #security settings. There was an interface exposed to the public internet, potentially allowing malicious actors access to #NLRB's systems. Internal alerting & monitoring systems were manually turned off. Multifactor authentication was disabled. And…an unknown user had exported a "user roster," a file w/contact information for outside lawyers who have worked w/the NLRB.

Even when external parties like lawyers or overseers like the inspector general are granted guest accounts on the system, it's only to view the files relevant to their case or investigation, explained #labor #law experts who worked with or at the #NLRB….

"None of that confidential & deliberative information should ever leave the agency," said Richard Griffin, who was the NLRB general counsel 2013–2017, in an interview w/NPR.

Regardless, that kind of spike is extremely unusual, …because #data almost never directly leaves from the #NLRB's databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, & there's only one noticeable spike of data going out. He also confirmed that no one at the NLRB had been saving backup files that week or migrating data for any projects.

From what he could see, the #data leaving, almost all text files, added up to around 10GB…. It's a sizable chunk of the total data in the #NLRB sys, though the agency itself hosts over 10TB in historical data. It's unclear which files were copied & removed or whether they were consolidated & compressed, which could mean even more data was exfiltrated. It's also possible that #DOGE ran queries looking for specific files…& took only what it was looking for….

On its own, that wouldn't be suspicious, though it did allow the engineers to work invisibly & left no trace of its activities once it was removed.

Then, Berulis started tracking sensitive #data leaving the places it's meant to live…. First, he saw a chunk of data exiting the NxGen case management system's "nucleus," inside the #NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.

But he counted on #DOGE leaving at least a few traces of its activity behind,…details he included in his ofcl disclosure.

First, at least 1 DOGE account was created & later deleted for use in #NLRB's cloud systems, hosted by Microsoft:
DogeSA_2d5c3e0446f9@nlrb.microsoft.com

Then, DOGE engineers installed what's called a "container," a kind of opaque virtual computer that can run programs…w/o revealing its activities to the rest of the network.
#law #Trump #Musk #DOGE #InfoSec #NationalSecurity

About a week after arriving, the #DOGE engineers left #NLRB & deleted their accounts….

In the office, Berulis had had limited visibility into what the DOGE team was up to in real time.

That's partly because, he said, NLRB isn't advanced when it comes to detecting insider threats…. "We as an agency have not evolved to account for those," he explained. "We were looking for [bad actors] outside," he said.

…while many of the #NLRB's records are eventually made public, the NxGen case management system hosts #proprietary #data from #corporate competitors, personal information about #union members or employees voting to join a union, & #witness testimony in ongoing cases. Access to that data is protected by numerous federal #laws, including the #Privacy Act.