DOGE worker’s code supports NLRB whistleblower

4/23/2025 at 9:41:11 PM

> Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially. As it happens, there is a newer version of this project that was derived or “forked” from Ge0rg3’s code — called “async-ip-rotator” — and it was committed to GitHub in January 2025 by DOGE captain Marko Elez.

Original code: https://github.com/Ge0rg3/requests-ip-rotator

Forked: https://github.com/markoelez/async-ip-rotator

Code is pretty much the same, with comments removed, some `async` sprinkled in and minor changes (I bet this was just pasted into LLM with prompt to make it async, but if that worked why not).

Except... Original GPL3 license is gone. Obviously not something you would expect DOGE people to understand or respect.

by progbits

4/23/2025 at 11:26:58 PM

The repository has been deleted. In addition, 26 other repos have been removed from the account. This is in line with DOGE members' quick response scrubbing data whenever put into spotlight, as previously seen with another "teen hacker". [0]

Archived repo page: https://archive.ph/LI7tt; archived previous repo count: https://archive.ph/tgkg5

0. https://arstechnica.com/tech-policy/2025/04/i-no-longer-hack...

by 0x_rs

4/24/2025 at 5:27:47 AM

Archived repository: https://archive.softwareheritage.org/browse/origin/directory...

You can download it as a Git repository from https://archive.softwareheritage.org/api/1/vault/git-bare/sw...

by progval

4/24/2025 at 8:37:56 AM

Legally, they're allowed to modify and use GPL code internally without redistributing the source. The only mistake was publishing the source code to a public git repo without the LICENSE file, which may be a GPL violation.

I say "may", because I'm not sure if you have internal code on a public git or FTP server, is that consider "distributing"?

by jychang

4/24/2025 at 8:00:47 PM

> publishing the source code to a public git repo without the LICENSE file, which may be a GPL violation.

Great. You can get a federal judge to sign on that.

Maybe they can be ordered to facilitate some kid of resolution.

I'm sure they are trembling as I write.

by 77pt77

4/24/2025 at 1:06:39 AM

[flagged]

by grandempire

4/24/2025 at 7:19:17 AM

> speculative articles like this... speculative articles like this

But we know it isn't speculative based on these public data. You're arguing they should have covered up better. I agree. But that doesn't make (a) it okay or (b) this article speculative.

by JumpCrisscross

4/24/2025 at 1:25:10 PM

> You're arguing they should have covered up better.

No I’m arguing that they are under heavy scrutiny from the media - it’s very difficult to get any work done publicly in that environment.

> this article speculative.

Other comments have addressed the possible usage of this tool. The connection is dubious.

by grandempire

4/24/2025 at 1:26:16 AM

These are government employees, you don't get to do that.

by LiquidSky

4/24/2025 at 1:48:04 AM

You have to keep git repos public as a government employee?

by grandempire

4/24/2025 at 2:11:59 AM

Would be a good trial of the GPL.

by zeckalpha

4/24/2025 at 2:52:49 AM

You only have to give GPL source to the people who you distribute software to.

You can fork anything privately for yourself.

by grandempire

4/25/2025 at 4:13:35 AM

Distribution has a pretty low bar.

If your private fork is on GitHub, have you distributed it to GitHub?

by zeckalpha

4/24/2025 at 3:23:46 AM

[flagged]

by whoknowsidont

4/24/2025 at 3:47:02 AM

Please fill me in.

by grandempire

4/24/2025 at 2:03:26 AM

Government software can't be copywrited, but the government is under no compulsion to share it. That's what FOIA requests are for.

by spauldo

4/24/2025 at 3:21:51 AM

Actually, they are. It's really more a question of with who and of course don't apply to classified material.

But the SHARE IT act really helps formalize what was already happening. Most code is shared and made public. It's paid for by the public. Though it's usually not easily searchable as it's distributed via different platforms, means, and may even require submitting a freedom of information request first. But in more cases than not, there is obligation to share when requested.

https://www.congress.gov/bill/118th-congress/house-bill/9566

by godelski

4/24/2025 at 4:13:24 AM

The "when requested" is the point I was making. FOIA is how you request such software. If you want a copy of the elisp libraries I wrote to automate creation of field devices on military fuel farm SCADA systems, you'll have to submit an FOIA request. Unless someone at the DoD decides to share it out of the goodness of their hearts, you have to ask for it.

by spauldo

4/24/2025 at 5:15:18 AM

Sounds fascinating! Other than the FOIA bit. Do you have a blog post or something with more detail about this work?

by herewulf

4/24/2025 at 7:38:58 AM

Naw, it's not really all that interesting. A SCADA system has a bunch of field devices it needs to talk to. Most SCADA software has some method of importing lists of device information and creating objects from it.

My engineer gives me a list of (for example) valve actuators on a site. I open that list in Emacs, manipulate it a bit, and then use it as input to a function I've written. That function generates a CSV file with things like tag name, Modbus ID, polling method, etc. that I can import into Wonderware. It's considerably faster and less error prone than manually creating and configuring hundreds of instances.

I say it's not interesting because most people in my position write little bits of code like this to automate the repetitive parts of our jobs. I just do it with elisp instead of Excel or Python.

by spauldo

4/24/2025 at 4:24:59 AM

I guess I should have been clearer - the "private repository" mentioned in that bill only has to be available for government employees, and even then only on request. Public repositories are an option, but the government doesn't have to choose that option. The main point is to encourage reuse within the government, not to be a source of free public domain software for the public.

by spauldo

4/24/2025 at 5:13:39 AM

Almost everything the government makes IS public domain, including the software.

https://en.wikipedia.org/wiki/Copyright_status_of_works_by_t...

by santoshalper

4/24/2025 at 7:24:01 AM

Just because it's public domain doesn't mean they are obliged to make it available to the public. As noted above, they do have to make it available to other government agencies, but it's the government's choice to place it in a public repository. All public domain means is that if you happen to acquire a copy of it, you can do whatever you like with it.

by spauldo

4/24/2025 at 8:16:26 AM

[dead]

by amitrip

4/23/2025 at 9:43:05 PM

> On February 6, someone posted a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”

“If this were a side project, it would just be bad code,” the reviewer wrote. “But if this is representative of how you build production systems, then there are much larger concerns. This implementation is fundamentally broken, and if anything similar to this is deployed in an environment handling sensitive data, it should be audited immediately.”

by nativeit

4/24/2025 at 2:15:09 AM

The "critique" is nuts. Surely AI generated. If I didn't trust the domain, I'd assume the author to be incredible for seriously referencing something like this.

Look at the critique [0] and then look at the code [1].

[0] https://web.archive.org/web/20250423135719/https://github.co...

[1] https://github.com/ricci/async-ip-rotator/blob/master/src/as...

by deepfriedrice

4/24/2025 at 4:11:30 AM

Yea clearly AI with the keyword bolding, numbered arguments, and so on. Feel like lots of AI produced content follow this structured response pattern.

by captainkrtek

4/24/2025 at 4:31:21 AM

It's uses a simple, purpose-focused template of a type that is a common recommendation for clear communication, outline numbering, and highlights keywords using monospaced text, as is common practice in technical writing. None of that is unusual for a human, especially writing something that they know is going to be high visibility, to do.

Modestly competent presentation is now getting portrayed as an "AI tell".

by dragonwriter

4/24/2025 at 9:45:56 AM

The format doesn’t itself indicate AI, but when combined with the fact that the critique is mostly nonsense it does appear to strongly suggest it.

by odo1242

4/24/2025 at 6:30:09 AM

It has excellent presentation, excess verbosity, and is wholly nonsensical. Read the code. It uses excessive whitespace doing things like function calls/declarations with one parameter per line, and so it's probably like 100 lines "real" code of mostly tight functions -- the presentation/objections make no sense whatsoever.

I was able to generate extremely comparable output from ChatGPT by telling it to create a hyper-negative review, engage in endless hyperbole, and focus on danger, threats, and the obvious inexperience of the person who wrote it. Such is the nature of LLMs it'd happily produce the similar sort of nonsense for even the cleanest and tightest code ever written. I'll just quote its conclusion because LLM verbosity is... verbose.

---

Conclusion This code is a ticking time bomb of security vulnerabilities, AWS billing horrors, concurrency demons, and maintenance black holes. It would fail any professional code review:

Security: Fails OWASP Top 10, opens SSRF, IP spoofing, credential leakage

Reliability: Race conditions, silent failures, unbounded threading

Maintainability: Spaghetti architecture, no documentation, magic literals

Recommendation: Reject outright. Demolish and rewrite from scratch with proper layering, input validation, secure defaults, IAM roles, structured logging, and robust error handling.

---

Oooo sick burn. /eyeroll

by somenameforme

4/24/2025 at 9:28:42 AM

> I was able to generate extremely comparable output from ChatGPT by telling it

Just to check, you know that ChatGPT is fully built on human writing right?

Would it be ironic if I claim "what you write looks like what the tool can output, so you used the tool" if the tool was built to output stuff that looks like what you write.

Fun fact: anything you or me write looks like ChatGPT too. It could be surprising if people didn't spend billions and stole truckloads of scraped unlicensed content including content created by you and me to get the tool to literally do just this.

by throwaway290

4/24/2025 at 5:30:51 AM

I’m not arguing that it’s unusual for humans to write in this manner, but when you use something like chatgpt with some frequency and see that as a common response template it’s an obvious pattern..

by captainkrtek

4/24/2025 at 7:00:30 AM

People say emdashes are a signal that something's from chatgpt also — yet people forget that the cliches or patterns of LLMs are learned from real-world patterns. What is common in something like ChatGPT has a good chance to also be common outside of it, and _lots_ of false positives (and false negatives) are bound to creep up frequently when trying to do any sort of pattern-based "detection" here.

by drusepth

4/24/2025 at 5:17:21 PM

I’ve never encountered emdashes in emails from my colleagues before ChatGPT was available, and it’s obvious now where there are emdashes, the content is at least in part AI generated. Same with semicolons. Yes, proper grammar and syntax use semicolons but in most casual business communication those rules are modified for simplicity.

by op00to

4/24/2025 at 9:52:40 AM

Yes, emdashes are inserted automatically by iOS when a user inputs a double dash: —

by chongli

4/24/2025 at 4:50:48 PM

>Modestly competent presentation is now getting portrayed as an "AI tell".

This. Someone on a reddit gamedev sub the other day was showing where his game got review bombed because his own description of his game used good descriptions and bulleted lists. It seems like anytime a bulleted list is used now, people assume it's because of AI.

by Suppafly

4/24/2025 at 5:30:56 AM

I'm relatively confident this critique is AI-powered. The dead giveaways:

1. Verbosity. Developers are busy people and security researcher devs are busy even moreso. Someone so skilled wouldn't spend more than 2-3 sentences of time in critiquing this repo.

2. Hostility. Writing bug free code is hard, even impossible for most. Unless your name is Linus Torvalds, Richard Hipp, or maybe Dan Abramov, most devs are not comfortable throwing stones while knowing they live in glass houses.

3. Ownership. "Killshot" comments like this are only ever written by frustrated gatekeepers against weak PRs that would hurt "their baby". Nobody would get emotionally invested in other people's random utility projects. This is just a single python file here without much other context.

4. Author. The author is still an aspiring developer. See their starred repo highlighting adherence to SOLID/DRY principles as a primary feature of their project. Not something you'd expect to see from a seasoned security researcher. https://github.com/SSD1805/EchoFlow

5. Content. The critique is... wrong. It says the single file, utility repo is "awful" for being a "less maintainable" monolith. Hilariously, it calls the code bad because it does not need dependency injection. This was a top critique in the comment!

Regardless of political persuasion, I hope this trend of using AI to cyberbully people you don't like goes away.

by ahwelatif

4/24/2025 at 6:13:24 AM

I hope this trend of DOGE using the US Government to cyberbully people they don't like goes away.

by DonHopkins

4/24/2025 at 9:47:20 AM

Once you've read enough ChatGPT slop, you know it when you see it:

- Massive verbosity.

- Flawless spelling and grammar.

- Grandiose tone.

- Robotic cadence where every paragraph and sentence has similar length (particularly obvious in longer text.)

- Em dashes everywhere.

- The same few stock phrases or sentence structures used over and over - e.g. "This isn't X—it's Y", which that issue uses twice in two paragraphs:

    There is nothing "hardcore" about writing fragile, insecure, and unscalable code. This isn’t pushing boundaries—it’s demonstrating a lack of engineering fundamentals.

    If this is what was learned at previous jobs, then it’s time to unlearn it and start following best practices. Because right now, this is not just bad engineering—it’s reckless.

If AI didn't write that snippet then I'll permanently retire from internet commenting.

(None of what I just wrote is intended as a defence of DOGE.)

by arrowsmith

4/24/2025 at 7:43:29 AM

The point 2 makes me think you did not read what developers write on the internet, in particular in flame war, in particular when they have beef with whoever they argue with.

Verbose hostility of that kind and throwing stones, even nitpicking with exaggerated outrage are no exception. And lack of experience never stopped people from feeling and behaving like god given gift to programming profession.

by watwut

4/24/2025 at 9:46:54 AM

a propos number 2, I think this is only a feature of seasoned developers who have managed to outgrow their own high opinions of themselves. I've met plenty of younger devs who would totally write something like this taking down the work of someone whose style did not align exactly with what they considered "good".

by bryanrasmussen

4/24/2025 at 6:31:45 AM

I agree on all counts. The readme of the repo you link also smacks of an AI generated summary of the codebase. (Frankly, I don’t think the AI was able to understand what the code in that repo does, which is my guess as to why it talked much about form rather than function.)

by paulgb

4/24/2025 at 10:44:02 AM

> Developers are busy people and security researcher devs are busy even moreso.

Neither the critique, the critiquer's profile, nor even the Krebs article says that the critique is a security researcher, and it definitely isn't the case that all devs are particularly "busy people". You yourself argue later, in fact, that the signs are that the author is not an experienced dev or security researcher, so it is nonsense (even more than assuming an average rules out an exception in the group) to argue that the code is AI-written based on the assumption that normally, a security researcher would be too busy to write it.

> Hostility. Writing bug free code is hard, even impossible for most. Unless your name is Linus Torvalds, Richard Hipp, or maybe Dan Abramov, most devs are not comfortable throwing stones while knowing they live in glass houses.

If you've been online more than about 5 minutes, you know that there is no shortage of hostility, and that even if it isn't most of any given community, its a highly visible subset of any community online.

> "Killshot" comments like this are only ever written by frustrated gatekeepers against weak PRs that would hurt "their baby". Nobody would get emotionally invested in other people's random utility projects.

The only reason we are talking about this on HN is that this isn't some random "other people's random utility project". The critique was posted while the author of the code being critiqued was a high profile figure in current news stories, and the critiquer posted a more explicitly political followup the day after the original critique addressing the author's highly-publicized resignation due to the news coverage.

> The author is still an aspiring developer. See their starred repo highlighting adherence to SOLID/DRY principles as a primary feature of their project.

That...doesn't support the critique being AI. In fact, it undercuts it because it provides a simpler explanation than AI as the explanation for your next bullet point, that the critique is wrong (especially, the SOLID/DRY focus is particularly consistent combined with the "aspiring dev" status you describe is particularly consistent with the specific things you focus on the critique being wrong about.) It also undercuts your first bullet point, as already discussed, which hinges on the assumption that the critique was written by an very busy experienced security researcher, and not an aspiring dev..

I mean, if excess verbosity, a more regularized format than is typical for the venue, and being wrong together are hallmarks of an AI written critique, then I'd say your post is at least as much AI-suspicious as the critique under discussion.

by dragonwriter

4/24/2025 at 2:59:47 AM

Lol that's so funny. Can't imagine writing that. (the critique, not the code).

by krferriter

4/24/2025 at 2:40:16 AM

Seeing Krebs link to this downgrades my impression of how trustworthy his assessments are.

by mquander

4/24/2025 at 3:24:30 PM

> it should be audited immediately.

Certainly Elon made him print it out on paper to personally code review.

by dessimus

4/23/2025 at 10:03:44 PM

FYI the Fork got hidden/deleted in the last minute or so -- did anyone manage to clone it before it disappeared?

by dijksterhuis

4/23/2025 at 10:42:59 PM

I did. It's essentially just a single .py file: https://gist.github.com/whalesalad/06804fd734efe6bd2e0c84906...

by whalesalad

4/23/2025 at 10:47:23 PM

    x_forwarded_for = headers.get("X-Forwarded-For")
    if x_forwarded_for is None:
        x_forwarded_for = ipaddress.IPv4Address._string_from_ip_int(
            randint(0, MAX_IPV4)
        )

lol

by alright2565

4/23/2025 at 10:59:33 PM

The original author claims this is to prevent API gateway from leaking the true client IP.

by marcusb

4/23/2025 at 11:22:32 PM

To be fair the code actually creates a new API gateway server that acts as a proxy on to an already existing server and you're possibly meant to use this header with your own gateway service.

So, it's set as a header, sent to a user owned proxy, then to the actual external endpoint.

On the other hand I think the receiving API Gateway will be able to see and log your AWS account identifier when you do this. So your IP may not be the only identifying information that needs to be obscured for this to actually work.

by timewizard

4/24/2025 at 1:28:50 PM

The original code is explicit as to the intended purpose:

        # Auto generate random X-Forwarded-For if doesn't exist.
        # Otherwise AWS forwards true IP address in X-Forwarded-For header
        x_forwarded_for = request.headers.get("X-Forwarded-For")
        if x_forwarded_for is None:
            x_forwarded_for = ipaddress.IPv4Address._string_from_ip_int(randint(0, MAX_IPV4))

 The DOGE guy just stripped the comments out.

by marcusb

4/24/2025 at 12:09:21 AM

The code seems like a "creative" use of API gateway to turn it into a proxy for other external sites (single site, really, since you need one per site.) Wouldn't it be simpler to send the requests through a lambda (with a function URL) and get better control of the outbound requests?

by icedchai

4/24/2025 at 1:01:02 AM

This actually a very common way that hackers have used api gateway for years now.

You can take a look at plugins like IPRotate. We are currently working on bringing that into our product.

by Sytten

4/24/2025 at 12:35:45 AM

This is cheaper in that you don't have to pay for any compute time.

by timewizard

4/24/2025 at 12:34:18 AM

tbh the ip space of lambda is large, but not as large as you might think. i did some experiments ages ago with the hypothesis that lambda could be a decent proxy network (if many ip addresses are needed) but iirc the upper limit in my testing was about ~50 ip's.

Even this example if you maxx out your usage of regions appears to only give (2,4 * num_regions) or let's say 70-80 ip's maximum. And they are AWS ip's, which means it is gonna be really easy to detect and block that traffic.

But if you know your target receives lots of traffic from AWS systems all around the world ... this is a good way to mimic that.

by whalesalad

4/23/2025 at 9:57:45 PM

GPLv3 requires the license to be kept. Seems reportable to the owner of the repo and or GitHub.

by plandis

4/24/2025 at 5:08:31 AM

The only person who has standing to say anything is the original author of the code, the holder of the copyright.

It's possible, but very unlikely, the copyright license wasn't actually violated because, for example, the fork could have arranged a separate license.

The best example of this is the Qt Project's code: https://www.qt.io/qt-licensing

You can get it under a GPL license for free. You can pay them money to get it under a Commercial license that would let you modify the code without releasing changes.

So, while I doubt it happened, the person who forked it here could have contacted the original author, the copyright holder, and asked for an exemption from the GPL terms.

by TheDong

4/24/2025 at 1:05:55 AM

I'm sure the people who work for an administration that by and large flaunts court orders responsible for this will get right on that.....aaaand it's gone.

by DrillShopper

4/24/2025 at 2:35:13 AM

flouts

by amake

4/24/2025 at 9:09:34 AM

The GitHub part makes it... weird.

You are only required to keep the GPL3 license if you re-distribute it. Putting it in a GitHub repo, is ambiguous whether or not it is re-distributing it, at least morally.

If you want to delete the license in a personal copy, that is perfectly valid according to the license terms. If you then happen to upload that to a private GitHub repo, also perfectly valid.

If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?

by Ferret7446

4/24/2025 at 9:49:04 AM

Putting it on a GitHub repo IS redistributing it. By putting it on GitHub you agree in the ToS that you have the rights to distribute the code. Which you only have if you don’t violate the license.

by odo1242

4/24/2025 at 9:22:53 AM

> If you then happen to upload that to a public GitHub repo, because of, say, restrictions on free private repos, without intent to distribute, then what?

Then you keep the license eh? Distributing without an intent to distribute is distributing.

Git is free and open source. If you want version control and collaboration and NO unintended distribution completely for free you can just use Git. It even has a built in server to share with your work buddies.

by throwaway290

4/23/2025 at 10:15:37 PM

The fork has been deleted it seems.

by darknavi

4/23/2025 at 11:27:35 PM

posted above ^^

by seejayjordan

4/24/2025 at 7:50:28 PM

> I bet this was just pasted into LLM with prompt to make it async, but if that worked why not

Vibe coding

> Original GPL3 license is gone. Obviously not something you would expect DOGE people to understand or respect.

Why would they? They don't give a FF about courts.

by 77pt77

4/24/2025 at 1:50:56 AM

>not something you would expect DOGE people to understand or respect

To be fair I see in my daily life folks who copy and paste from stack overflow or random GitHub repo and move on with their day. They ignore the Creative Commons Attribution-ShareAlike or whatever license is applied to the code they copied.

I see on this very site people who will share copyrighted articles that are behind a paywall (just because it is on some archive site doesn’t make it right).

Please don’t take this as support for DOGE and the headaches they are causing. To make a cheap jab at a group of people while ignoring the group that you associate with is bad form.

by grepfru_it

4/24/2025 at 3:45:20 AM

I'd say it's wrong in both cases, but we shouldn't ignore degrees of wrongness.

Copy pasting from stack overflow without attribution is wrong but it's also harder to claim "ownership" over single lines or small snippets. It depends how "obvious" they are. You definitely can't copyright trivial functions. There's a lot of gray here but yes attribution is always good.

But things get a lot less murky when we're talking about forking a project. That's usually nontrivial and non obvious. I think what's most important is that removing a license is an active decision. Certainly that would make a critical difference in a court [0]

Then there's further escalation by who is doing the action. The more power and influence you have the greater responsibilities. All men are not created equal. Men with more power can disproportionally do more damage and require higher accountability. So yeah, I care a fuck ton more about a government employee doing something bad especially while performing official duties more than some rando. The ability to do harm is very different.

The reason I dislike your comment is because it's dismissive of the action. "Other people do it!" Is not a defense nor excuse. It is even worse by ignoring multiple points of context.

[0] though protecting open source has been traditionally hard for many reasons. Specifically it's hard for small developers to take legal action, especially against larger bodies. But isn't this something we should want to be fixed? Credit for our own contributions?!

by godelski

4/24/2025 at 2:06:02 AM

>To make a cheap jab at a group of people while ignoring the group that you associate with is bad form.

What group does the person who makes the comment associate with?

by Braxton1980

4/24/2025 at 1:54:46 AM

< To be fair

irony

by mistrial9

4/23/2025 at 11:38:19 PM

this part of the whistleblower complaint seem way worse:

" On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior week. I saw way above baseline response times, and resource utilization showed increased network output above anywhere it had been historically – as far back as I could look. I noted that this lined up closely with the data out event. I also notice increased logins blocked by access policy due to those log-ins being out of the country. For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers. "

by mythrowaway49

4/24/2025 at 12:13:08 AM

Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks.

The worst possible interpretation is straightforward - they are working for the Russians as agents and let the Russians in or installed the keyloggers for Russia.

by stevenwoo

4/24/2025 at 2:12:04 AM

Excerpt: "How much more proof do we need that this administration is completely compromised? There is zero reason for the US to relax any offensive digital actions against Russia. If anything, we should be applying more."

by breadwinner

4/24/2025 at 12:20:32 AM

I would have thought that a Russian state sponsored attack would trivially mask the IP to originate from within the USA. This is just brazen.

by 0cf8612b2e1e

4/24/2025 at 3:10:49 AM

May not be state sponsored. Could just be a Russian hacking group associated with the DOGE person.

Or it could be state sponsored and they didn’t think they needed to be covert as they could walk through the front door on invitation of the executive branch.

by kenjackson

4/24/2025 at 5:57:25 AM

There's also a chance Musk just hired a Russian citizen to work for him.

by delusional

4/24/2025 at 12:27:44 AM

Sometimes getting caught isn’t a bad thing. If you are trying to seed division between to groups, acting in a way that divides them - e.g., getting caught helping one side - is more effective than what you gain by not getting caught.

I struggle to see what Russia would gain with nlrb data, but getting caught “helping doge” furthers distrust between the two sides of our country - which is something they gain from

by avs733

4/24/2025 at 7:21:37 AM

> struggle to see what Russia would gain with nlrb data

A list of whistleblowers at American companies who presumably don't want said companies to know the details of their work.

by JumpCrisscross

4/24/2025 at 11:27:26 AM

That is a good observation

by avs733

4/24/2025 at 1:30:51 AM

Why would the Russians do this when Trump won the election. Isn't that the best outcome for them related to Ukraine?

>furthers distrust between the two sides of our country - which is something they gain from

How?

by Braxton1980

4/24/2025 at 1:38:30 AM

The best outcome for them and other potential powerful forces is an America so roiled by internal conflict that it can’t now or ever do anything.

Yeah Trump winning seems to help them in Ukraine but their need is disruption as much as different policy in the longer term.

by avs733

4/24/2025 at 2:11:32 AM

While I'm just guessing I'd think it would be better to wait until Ukraine is done and trump is out of office. Creating mistrust in Doge only helps Democrats

by Braxton1980

4/24/2025 at 11:22:41 AM

No, the two sides live in different information spheres.

This story will percolate up to many democrats who will be furious that Russia is “helping” “doge”.

Separately, it won’t (or will be dismissed as “overreacting” or “lying”) by republicans. They will see the democrats as overreacting and having trump derangement syndrome.

Meanwhile, the next doge encounter with an agency now brings greater fear of illicit acts for internal IT people and more controls for doge to demand are turned off creating more conflict within government function.

The sides believe in the evil and stupidity of the other will be further ossified. Meanwhile, Russia is effectively able to do espionage in a way where getting caught doesn’t diminish the value of the espionage work they are engaged in.

by avs733

4/25/2025 at 11:51:33 AM

This is a great take but please don’t even dignify “trump derangement syndrome” by using it in conversation like this. That’s exactly what the people who created the term wanted it to be used for, ironically sowing further division.

by lobsterthief

4/24/2025 at 7:20:40 AM

> guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks

They were accessing Github over the internet from superuser accounts they were presumably also using as their user account. Given the code quality, I doubt their opsec is put together, either.

by JumpCrisscross

4/24/2025 at 12:29:13 AM

Don't forget the third option: false flag.

The objective may not have been to obtain access or any useful data. The objective may have been to get the scary headlines about Russians and use the existing media and political agitprop to further destabilize the government you seek to color revolution away.

by tenpies

4/24/2025 at 1:08:52 AM

It doesn't make sense to me that an administration that by and large has been throating Putin would do that to throw more shade on Russia.

I'm not saying they didn't do that, just that it's not in line with their support for Putin and Russia. Maybe as a false flag it give Putin the cover to crack down on hacking groups that don't throat him.

by DrillShopper

4/24/2025 at 1:06:16 AM

I don't follow. Are you saying the DOGE boys are trying to give Trump bad press?

by lukev

4/24/2025 at 1:33:04 AM

The theory I'm seeing is that they are creating an excuse to try to drum up public support for expanding use of AI in government under the guise of security. You already have people in this very thread and every DOGE thread playing Elon's advocate. Give them a vague reason like security and I'm sure they'll be onboard with no questions asked.

by 9283409232

4/24/2025 at 5:18:14 AM

That is a really dumb theory, and I'm pretty sure you just made it up.

by santoshalper

4/24/2025 at 2:09:47 AM

Has anyone suggested AI as a replacement?

Why does it increase support for AI in government?

by Braxton1980

4/24/2025 at 1:50:32 AM

Isn't it just that the IP router happens to use IPs in Russia as part of the rotation?

If they're trying to exfiltrate data, they might want to rotate through IP addresses in order to obfuscate what's going on or otherwise circumvent restrictions. Using a simple ip rotator like the post talks about would maybe be an approach they'd use. If they're not careful with the IP addresses, once in a while one might get caught due to some restriction like being outside the US. It'd maybe appear as though you're getting these weird requests from Russia, but that's just because you're not logging the requests that are not being flagged from the US.

Maybe I'm reading the post incorrectly though (if so, please correct me!)

by pontus

4/24/2025 at 2:18:35 AM

It uses AWS API Gateway. There is not a Russian AWS region.

by cthalupa

4/24/2025 at 12:25:40 AM

Best case scenario those kids were duped into giving out credentials to the wrong (Russian) people.

by barbazoo

4/24/2025 at 9:50:04 AM

> Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers [...]

Best possible case I see would be that the whistleblower has made some mistake (or is being intentionally dishonest). Seems plausible for instance that "it appeared they had the correct username and password" based on "our no-out-of-country logins policy activating" could just be a misunderstanding of how/when the policy triggers. Not to say it's the most likely explanation, just the least concerning one.

I think less concerning than keyloggers, while still assuming the whistleblower is correct, would be that a DOGE employee was using a VPN/proxy/Tor. Probably not a great idea to have traffic going through a hostile nation state even with encryption, but less bad than keyloggers on their machines stealing and trying credentials within minutes.

Definitely concerning though, to be clear - just steelmanning/answering the question of best possible interpretation.

by Ukv

4/24/2025 at 8:49:32 AM

Yeah, like the APT that compromised O365 accounts from US gov entities a year or so ago, using residential proxies to go around Conditional Access Policies..., is now logging in straight from the Kremlin. :D

by lucasRW

4/24/2025 at 5:21:38 PM

Is there a difference between a year ago and today? Is someone else sitting behind the resolute desk?

by op00to

4/25/2025 at 10:03:39 AM

You didn't get the point.

The alleged "Russian login attempts" were blocked by CAPs.

Russian state-sponsored actors have showned in the past that they use residential relay boxes to get around that.

If you read between the lines of the whistleblower claims, a lot of stuff doesn't add up. I especially like the conclusion that a deathnote was left on his door BEFORE he blew the whistle, and that a drone was hovering over his house.

by lucasRW

4/25/2025 at 11:57:06 AM

This adds up perfectly to me.

* He could’ve gotten a death note because they suspected he might become a whistleblower, or simply because of what he knew. * This death note could have been the final straw. * Drones fly over my house all the time. If I witnessed what he did and received a death note, I may assign additional significance to it.

None of this is implausible at all.

by lobsterthief

4/24/2025 at 3:15:15 AM

How dumb would Russian hackers be to not use some kind of vpn? My friend who lives in Russia says that without vpn he can not access majority of USA sites so he has it always on be default. Something to is not right or these people are very very dumb.

by cryptoegorophy

4/24/2025 at 5:20:42 PM

They want to be seen. What are you gonna do about it? What jurisdiction do you have over Russian nationals?

by op00to

4/24/2025 at 12:41:33 AM

Spearfishing then some kind of spyware on the system would be my guess.

Though with nation state actors you can't rule out Pegasus like zero-click infiltrations.

by CSMastermind

4/24/2025 at 12:07:40 AM

The article could offer a summary of this key finding, rather than, say, the pointless paragraph near the bottom about the scraping software found in GitHub not being well written.

This is the evidence which strongly suggests that the DOGE personnel are using various cloud IP addresses to scrape.

by kazinator

4/24/2025 at 2:51:24 AM

I wonder why the "no-out-of-country logins" block happens after verifying login credentials and not before, which would make more sense to me.

by Palmik

4/24/2025 at 8:07:30 AM

While blocking before authentication seems intuitive for efficiency, checking after provides crucial context that's missing if you block pre-auth: you know which specific user account just authenticated successfully.

This context enables two important things:

- Granular exceptions: If Alice is attending a conference in Toronto, you can say "Allow Alice to log in from Canada next week" without opening Canada-wide logins for everyone. Pre-auth geo-blocking forces you into an all-or-nothing stance.

- Better threat intelligence: A valid login from an unexpected region (e.g. Moscow when Alice is normally in D.C.) is a far stronger signal of compromise than a failed attempt. Capturing "successful login + wrong location" helps you prioritize real threats. If you block pre-auth, you'd never know Alice's account was compromised.

Putting geo-checks after authentication gives you precise control over whom, exactly, is logging in from where, and offers richer data for your security monitoring.

by sReinwald

4/24/2025 at 6:06:16 AM

Since the system is hosted on Azure, I guess we are talking about an Entra ID login. So I think they set up a Conditional Access [1] that can blocks logins based on the country IP. These policies run after authentication and can be specific to a user.

[1] https://learn.microsoft.com/en-us/entra/identity/conditional...

by jabiko

4/24/2025 at 3:04:28 AM

Because then you know that credentials have been compromised

by mcoliver

4/24/2025 at 3:01:11 AM

Because you need to know who is logging in before you know what IP policy to enforce, no?

by antongribok

4/24/2025 at 12:20:41 AM

This just seems odd.

Why would they attempt a login from Russia (if it was indeed Russians)?

It is incredibly cheap to use a VPN with a US residential IP.

by bequanna

4/24/2025 at 1:01:44 AM

Maybe not everyone involved is quite the genius you might've been expecting.

by Pompidou

4/24/2025 at 1:32:23 AM

I guess I don’t buy that.

Many non technical people use VPNs to access region restricted content. It is trivial to understand and use.

Assuming this all actually happened as described, it sounds like someone wanted it to appear that these attempts were coming from Russia.

by bequanna

4/24/2025 at 2:37:20 AM

And/or they just dgaf because they know they or anyone else involved won't ever be held accountable.

by ethagnawl

4/24/2025 at 1:18:56 AM

Occam’s razor would also suggest a hoax as one of several very credible possibilities.

by frumplestlatz

4/24/2025 at 1:34:46 AM

Occam's razor would suggest someone from Russia could just use their own IP because people like you would think it's a hoax anyway.

by threeseed

4/24/2025 at 1:42:41 AM

Why does someone from Russia want access to NLRB data, and why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets when it would be trivially traceable back to them, and if they were in fact granted untraceable/unlogged admin credentials, could legitimately download the data themselves and simply hand it over to said Russian assets if that was their actual intention?

It's not behavior that makes any sense assuming even a semi-rational/intelligent actor.

by frumplestlatz

4/24/2025 at 2:48:46 AM

> Why does someone from Russia want access to NLRB data

It has details of labor disputes. Which if you’re Russia who thrives on fostering conflict in the US would be an ideal data set.

> Why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets

Because they are young, highly inexperienced engineers who have been tasked with rolling out their LLM system as quickly as possible. Their priority is not security.

by threeseed

4/24/2025 at 3:06:43 AM

Your argument is that they are so inexperienced and insufficiently monitored that they immediately leaked just-granted NLRB login credentials (how?) to Russia, while rolling out an LLM system (what system?), and the Russian assets that acquired those credentials were so inept that they risked their access — and had their logins rejected — by immediately attempting to use them directly from a Russian IP block?

Furthermore, that the NLRB data would somehow be of sufficient value to Russian state actors to justify risking burning their access to DOGE employees/data/credentials through frankly idiotic OPSEC, despite there being much higher value targets than the NLRB?

This even remotely doesn't pass the smell test.

by frumplestlatz

4/24/2025 at 3:39:47 AM

a) No one knows how Russia had the credentials but they did.

b) This system: https://www.wired.com/story/doge-is-just-getting-warmed-up-d...

c) DOGE under its current form will end in the next weeks/months as Musk moves on. So if you’re Russia the best bet is to get as much data now as you can.

by threeseed

4/24/2025 at 4:08:43 AM

[flagged]

by frumplestlatz

4/24/2025 at 9:47:16 AM

> Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating.

Explains this:

> why would DOGE be immediately leaking just-granted NLRB login credential

The implication is that the credentials were for more than this specific system. It's entirely feasible that a bad actor would immediately try to vacuum up as much data from as many systems as possible, it's just that this system had a geo block that made it clear this was happening.

I don't think we need to assume that this was a targeted attack on this specific NLRB system, just that this specific NLRB system was the one that caught the attempts.

So, what systems DIDN'T block authentication?

by anang

4/24/2025 at 5:22:41 PM

Why? They want to be noticed, causing more chaos.

by op00to

4/24/2025 at 7:50:09 AM

>Primorskiy Krai

Probably the least expected location to connect from, if it was genuine. Not saying it necessarily isn't, but it's not usual either and doesn't make much sense.

by orbital-decay

4/24/2025 at 2:14:15 PM

Right?.. Primorskiy Krai, official population 1.8M, of which the largest city of Vladivostok accounts for 600k and the next three largest cities for about 400k more, and the rest of the settlements are below 50k inhabitants each. China (Heilongjiang) to the west, North Korea to the south, Japan (Hokkaido) to the east. Literally six times closer to Tokyo than to Moscow (and only a bit closer to Moscow than to Vancouver), connected to Moscow by the longest train route in the world (six to seven days). A reputation for fierce independence and old Japanese left-hand-drive cars. That Primorskiy Krai.

by mananaysiempre

4/24/2025 at 12:04:24 AM

Wow that's insane

by superconduct123

4/23/2025 at 9:19:58 PM

> According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.

Feels like a pretty good Occam’s razor case… but is there any legitimate reason why one would request this?

by twalkz

4/23/2025 at 11:02:16 PM

Even worse when you know more of the whistleblower's story which is that ~15 minutes after one of DOGE's accounts were made there was an attempted login with the correct password from Russia. Not many explanations for that that look good for DOGE...

by rtkwe

4/24/2025 at 12:27:59 AM

That's straight up traitorous.

DOGE needs to be shutdown and everyone of them held as a flight risk while the whole thing is investigated.

by ourmandave

4/24/2025 at 9:14:18 AM

Not to defend doge at be all, but the article specifically mentioned installing a bunch of proxy and scraping tools. Is this likely to be an actual Russian state attack or just extremely poor opsec / an attempt to evade internal controls, still likely very illegal. I'm all for holding all involved accountable to the fullest extent, but this is too sloppy for Russian state involvement to make me think they're on any intelligence payroll anywhere.

by vimax

4/25/2025 at 4:04:17 PM

On the other side, why would Russia need to hide it's involvement in anything with this administration? If they're not willing collaborators they're seemingly entirely beguiled by Russia propaganda and schmoozing.

Brazenly just logging in from Russia can be a statement all its own.

by rtkwe

4/24/2025 at 1:11:46 AM

They work for Trump so they'll never be held to account, even if a Democrat wins the next election (assuming even have one and it's fair and free)

I never thought I'd be calling for UN observers for an election in the US but here we are

by DrillShopper

4/24/2025 at 7:24:26 AM

> They work for Trump so they'll never be held to account, even if a Democrat wins the next election

Why? If Democrats take the House in the midterms, which looks more likely the longer Navarro and Musk have West Wing access, they can basically turn these folks' lives into a living hell of back-to-back hearings (and contempt charges down the road). And if Democrats win the next election, they'll presumably put someone with a pulse in charge who doesn't take two years to bring the most important cases of their administration to the docket.

by JumpCrisscross

4/24/2025 at 12:31:29 PM

When Biden was elected they didn't seriously crack down on them before outside of the one case at Justice that went nowhere.

They also didn't prosecute GWB/Cheney/Rumsfeld for war crimes when they had the chance. This is a long standing policy of theirs.

by DrillShopper

4/25/2025 at 2:49:35 AM

I get the instinct and the reasoning behind it but it really has proven to just let the whole mess fester into the madness we're getting today.

by rtkwe

4/24/2025 at 12:58:31 PM

> didn't prosecute GWB/Cheney/Rumsfeld for war crimes

Not relevant to domestic crimes committed by non-Cabinet folk.

by JumpCrisscross

4/24/2025 at 3:01:26 PM

Yeah, but you'd think racking up hundreds of thousands of non-combatants deaths and flash frying Pakastani wedding parties remotely because of target misidentification would be high on the list of things to prosecute, if you're the Democrats.

If they won't even investigate the wholesale murder of civilians by the command of the White House and CIA and prosecute those reaponsbile for murder and torture then what hope is there that they'll hold Trump and co to account?

by DrillShopper

4/25/2025 at 1:53:45 AM

> you'd think racking up hundreds of thousands of non-combatants deaths and flash frying Pakastani wedding parties remotely because of target misidentification would be high on the list of things to prosecute, if you're the Democrats

A consistent mistake by the Democrats is thinking foreign policy will win votes. It doesn’t. We’re the centre of the empire and that makes us arrogant and self centred. You can’t win a national election based on war crimes.

by JumpCrisscross

4/25/2025 at 1:42:40 PM

> A consistent mistake by the Democrats is thinking foreign policy will win votes.

Trump won votes in 2024 based on how he said he would handle several foreign policy issues: NATO, Ukraine, Palestine, tariffs, China, and Iran, so I'm not sure what you're getting at here.

> You can’t win a national election based on war crimes.

This clearly is the case, so do the prosecutions after winning the election and running on domestic issues. To do anything less is to both give up the moral high ground and endorse the war crimes by not vigorously investigating them.

by DrillShopper

4/24/2025 at 8:39:44 PM

Americans dont care about Murders of foreign civilians. Not that they are all that special in that, foreigners clock less in general.

by watwut

4/24/2025 at 8:47:28 AM

I think Trump could simply pardon them, unfortunately.

by efnx

4/24/2025 at 9:07:01 AM

> Trump could simply pardon them

Ironically, one of the most useful things Trump could do is prosecute e.g. Hunter Bide so SCOTUS can strike down preëmptive pardons.

by JumpCrisscross

4/24/2025 at 9:55:52 AM

>I think Trump could simply pardon them, unfortunately.

FWIW I think you're not correct here, or rather, it's not merely irrelevant but would actually harm them. The pardon power protects against criminal prosecution by the federal government. But it doesn't protect against mere embarrassment, nor against new actions performed after the pardon. Congress isn't prosecution, their inquiries are just about information finding, and while they can result in information on crimes surfacing, whether or not the USDOJ decides to pursue that or not is completely up to them. The reason a pardon might flat out hurt in such a scenario is that there is an argument it would eliminate any claim of 5th Amendment privileges. That's commonly referred to the right to be silent, and normally that's effectively what it is, but the actual right is the right against self incrimination [0]. If you've been pardoned for something purely federal then by definition it's impossible to incriminate yourself regarding that, because no criminal case can be brought against you. So there'd be no right to refuse to cooperate with a congressional inquiry, and if you didn't that could be treated as contempt which would not be covered by any pardon for the underlying actions.

So yes if a future Administration wanted to pursue criminal prosecutions for crimes that were undertaken by the current Trump Administration, Trump's pardons could certainly put a stop to that. But in terms of "they can basically turn these folks' lives into a living hell of back-to-back hearings", pardons don't help with that one. And if the Democrats just wanted to thoroughly document exactly what went down and who was responsible to make it an indelible part of the history books, with any social consequences that'd come from that, pardons can't help with that either.

----

0: Text of the 5th Amendement: "...nor shall be compelled in any criminal case to be a witness against himself..."

by xoa

4/24/2025 at 1:17:15 PM

> in terms of "they can basically turn these folks' lives into a living hell of back-to-back hearings", pardons don't help with that one

Trump has so thoroughly poisoned the well on the "weaponized DOJ / weaponized IRS / weaponized Congressional investigations" that the Democrats, having no spine, won't bother doing any of that.

by DrillShopper

4/24/2025 at 6:25:46 PM

Trump has removed the DoJ’s independence. The precedent is set to weaponise it.

by JumpCrisscross

4/24/2025 at 1:34:42 AM

The guy in the oval wants to defund the UN… he’s one step ahead of you!

by jarym

4/23/2025 at 11:45:07 PM

Citation?

by stephenitis

4/23/2025 at 11:48:50 PM

Not parent but it’s here - https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...

DOGE is a complete clusterfuck. Fwiw I think there is hard to spot fraud in the govt that should be looked at (eg price inflation at the pentagon, VA, Medicaid/Medicare, SS). They should have done the hard work of uncovering that. Instead they just went for clickbait headlines.

by orochimaaru

4/24/2025 at 1:50:55 AM

> DOGE is a complete clusterfuck.

It depends what the objectives are. My impression is that they have been very successful pursuing their actual objectives, while providing a cover story of a 'clusterfuck'.

by mmooss

4/24/2025 at 2:38:16 AM

And conveniently gutting agencies that are or were soon to be thorns in Elon's side. FAA and EPA were annoying him around SpaceX's Starship test launches, CFPB would be annoying for his future everything app plans for Twitter, etc.

by rtkwe

4/24/2025 at 4:10:59 AM

Maybe. But none of those make him as much money as Tesla which is in the dumps with all the shenanigans. From a motivation perspective it seems more like rank stupidity than Machiavellian.

by orochimaaru

4/24/2025 at 5:41:59 AM

Their aim seems to be power, and many wealthy people in the US have jumped on the bandwagon of supporting the seizure of power while sacrificing some money. Musk will have a roof over his head regardless.

by mmooss

4/24/2025 at 3:36:48 PM

It doesn't seem rational but he's not exactly been acting that way for a while, he's made a pretty hard right turn that was always going to damage Tesla's main market.

Also if Twitter/X became a payment and banking platform that's a huge revenue source that could dwarf Tesla.

by rtkwe

4/24/2025 at 12:34:38 PM

> But none of those make him as much money as Tesla which is in the dumps with all the shenanigans.

Give Musk a year or two out of DOGE and it won't matter - Tesla will be back up after Musk isn't in the government spotlight. The voters in the US (who by and large are good little consumers) have the memory of a goldfish for things like this.

You can't even get progressives to not eat at Chick-fil-A despite their founders blantent homophobia. This incident is not going to keep people from buying Tesla in the long run.

by DrillShopper

4/24/2025 at 8:20:31 PM

> You can't even get progressives to not eat at Chick-fil-A despite their founders blantent homophobia. This incident is not going to keep people from buying Tesla in the long run.

That narrative is great at stopping people from taking action - I wonder who it comes from? In fact, companies bow to public pressure all the time. Look at those retreating from DEI or support of LGBTQ rights before Trump took office. One of the beer companies' marketing used a trans person and the transphobia, boycotts, etc. led to them firing people and dropping the trans person.

by mmooss

4/24/2025 at 1:31:47 AM

Take your pick it was widely reported and you can read the original whistleblower report;

https://whistlebloweraid.org/wp-content/uploads/2025/04/2025... - page 2 & 11

"This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and – concerningly – near real-time access by users in Russia. Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (eg. Usernames/Passwords)"

"For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers."

https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

by rtkwe

4/23/2025 at 11:47:59 PM

From the whistle blower.

> Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure.

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

by gnabgib

4/23/2025 at 9:34:55 PM

> all-powerful “tenant admin” accounts that were to be exempted from network logging activity

Is this normal to build this sort of functionality into a software system? Especially software systems that heavily rely on auditability?

by pan69

4/23/2025 at 10:58:22 PM

Sometimes, depending on the situation.

My company retains all e-mails for at least 5 years, for audit purposes. But if some troublemaker were to e-mail child porn to an employee, we'd need to remove that from the audit records, because the laws against possessing child porn don't have an exception for corporate audit records.

So there's essentially always some account with the power to erase things from the audit records.

by michaelt

4/23/2025 at 11:12:37 PM

It sounds like you haven't actually had to face that situation, because it is more complicated than just having to delete an offending attachment. You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted. And there would be other records generated to document the deletion, like I'm sure a long email or slack thread from this getting discovered and sent up the chain, over to legal, then to the FBI, then back to coordinating the logistics of manually deleting something from the audit logs. So if for a completely unrelated case, a third party auditor stumbles upon that mess, they will be able to reconstruct why a single attachment cannot be found in the audit logs.

"No" is the answer to GP: there is no legitimate reason for a fully unlogged superuser account.

by Cheer2171

4/24/2025 at 12:27:22 AM

Yeah, superuser accounts? Of course you need them to exist. Superuser accounts that produce no logs? There is never a reason for that. Anyone who claims they should have a superuser with no logging is up to no good.

by j_w

4/24/2025 at 12:43:11 AM

> You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted.

If needing things wiped from the audit logs happens often, you might indeed have an audited interface for wiping things from the audit logs.

But if it's very rare? Maybe I just request the production database password for "Incident #12345" and run some careful SQL.

> And there would be other records generated to document the deletion, like I'm sure a long email or slack thread

For sure - but the account capable of deleting entries from the audit logs exists

And if I am ordered to hand it over to someone who doesn't care to explain their actions on slack? Then there won't be any explanations in slack.

by michaelt

4/23/2025 at 11:27:25 PM

Ah man... back in the day I worked for a company that built out records management software. One of the big things on the side of the cereal box was that not even an admin could delete something flagged as a record within its retention plan. Fast forward to a company doing that for emails, messing up spam filters, and getting a blast of 'normal' porn that was all flagged as records. I believe they ended up creating security groups for those files that help keep those who were using it .. safe for work.

by heelix

4/24/2025 at 10:14:17 AM

I don't follow this example. You could still have an account delete the email while generating a record that an email was deleted. Why would you need an account that doesn't generate deletion records?

by aqme28

4/23/2025 at 11:03:30 PM

Very true - this comes up constantly in blockchain questions - but in that case there’d at least be an audit log showing who deleted which records.

by acdha

4/23/2025 at 9:48:48 PM

No. Never. While it’s expected to have a “root” account exempting from logging serves no honest purpose.

by katbyte

4/23/2025 at 9:55:55 PM

Of course not. It's the exact opposite and every single person here knows this.

by sanderjd

4/23/2025 at 11:19:27 PM

From a an old hackers perspective disabling shell history can have positive security implications. But in today's 'cattle not pets' systems mentality I'd expect all actions to have a log and not having that seems fishy to me. Keeping logging infra secure has a dubious, the log4j fiasco comes to mind. I'm not a fan of regulation for most things, but I think we need a higher cost for data leaking since security is an afterthought for many orgs. My personal leaning is to be very choosy about who I'll do business/share data with.

by sellmesoap

4/23/2025 at 9:47:29 PM

> “We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”

From the previous post, they had auditor roles built in that they purposely chose to go around

by typs

4/23/2025 at 9:44:52 PM

It's the same as domain admin in active directory.

You always need it to setup the system initially.

It's like root on Linux: it's an implementation detail that it must be possible.

by XorNot

4/23/2025 at 9:53:52 PM

There’s no possible need for an admin-level user that bypasses logging. If anything these users should have additional logging to external systems to make it harder to hide their use.

by lovehashbrowns

4/23/2025 at 9:48:06 PM

Root on Linux isn’t exempt from logging. I also don’t know any enterprise that allows admin accounts to bypass logging.

There is no legitimate justification for this request.

by tw04

4/23/2025 at 9:53:15 PM

root on Linux can just kill the log forwarder and erase the relevant logs, or refill them with junk.

by XorNot

4/23/2025 at 9:58:00 PM

Yes. A more competent hack would have been to use their superuser permissions to do that kind of thing.

But instead they requested that logging be disabled, thus outing themselves as acting in bad faith.

by sanderjd

4/23/2025 at 10:53:17 PM

At least at places I've worked, terminating the logger would cause a security incident, and the central logging service have some general heuristics that should trigger a review if a log is filled with junk. Of course with enough time and root, there's ways to avoid that. But that's also usually why those with root are limited to a small subset of users, and assuming root usually requires a reason and is time gated.

by gusgus01

4/23/2025 at 11:07:04 PM

> But that's also usually why those with root are limited to a small subset of users, and assuming root usually requires a reason and is time gated.

I mean, if we were to apply the equivalent from the article, then no they would not have had a reason nor been time gated.

by mynameisvlad

4/23/2025 at 11:09:55 PM

That still leaves highly visible log traces if you’re following most security standards (required in .gov) since you’d have the logs showing them disabling the forwarder. The difference here is that this was like an attacker but had backing from senior management to violate all of those rules which would normally get someone fired, if not criminally charged.

by acdha

4/23/2025 at 10:41:00 PM

That is a very serious design flaw, but I also believe it is a flaw that is addressed by SELinux. (Perhaps someone with a knowledge of SELinux can offer some input here.) That said, I'm not sure how widespread the use of SELinux is and doubt that it would help in this case since the people in question have or can gain physical access.

by II2II

4/23/2025 at 10:57:09 PM

If your root, you can just turn off selinux

by jmainguy

4/24/2025 at 2:16:34 AM

Not without a reboot though, and while I haven’t done that, it should be possible to protect selinux ‘s config itself with a policy, requiring boot loader access to bypass, at which point you’re dealing with a different risk level.

I’ll agree that Linux security is quite limited and primitive if compared with, say, a mainframe, but it can be made less bad with a reasonable amount of effort.

by fipar

4/24/2025 at 2:40:51 AM

What would the mainframe be running that avoids this problem?

by saagarjha

4/24/2025 at 11:25:05 AM

That’s a big rabbit hole, reading about RACF is a good place to start.

The short answer would be that mainframes come with RBAC from design, unlike Unix, which has a different security model from conception and then had rbac added on top of it in some cases (such as selinux).

by fipar

4/24/2025 at 1:34:12 AM

Assuming the Whistleblower is telling the truth, why would they make the request if they could cover their tracks themselves

by Braxton1980

4/23/2025 at 9:56:49 PM

The question is whether it needs to be possible to turn off the audit logs for that role. And of course: No.

by sanderjd

4/23/2025 at 9:47:34 PM

typically the admin account can createthings like super users, and super users can do anything with the data, but not sure there's a use case where a single account can do both, and why can any of them avoid logging?

by skeeter2020

4/23/2025 at 9:28:54 PM

There isn't one.

Anything musk's dogs claim to find cannot be taken at face value because of this. Because there is no audit, and no evidence that they can offer that they didn't doctor their findings.

The next time they claim that a 170-year old person is receiving SS checks, they have no way to prove that they didn't subtract a century from that person's birthdate in some table.

by vkou

4/23/2025 at 9:31:54 PM

Ah, this is something I haven't thought of before. This might not actually be spying, but instead just an attempt to plant fake results.

by FredPret

4/23/2025 at 11:51:31 PM

> This might not actually be spying, but instead just an attempt to plant fake results.

That statement might be (slightly) more believable had there not been access attempts from Russian IP addresses using valid (and recently created) DOGE login credentials so very shortly thereafter.

by blooalien

4/23/2025 at 11:27:50 PM

They give away the game if you pay attention and read other internal sources from other agencies. This is all about shoving AI into the loop and removing federal workers from it.

They want to prove that AI can do "just as good a job" on these data sets and arrive at "equal conclusions" with a much higher level of effiency.

This is what happens when you get high on your own supply.

by timewizard

4/23/2025 at 9:35:22 PM

And even if it's not and everyone involved is a qualified, thoughtful, unimpeachable public servant with no agenda but the general welfare of the Glorious Republic of Arstotzka in their hearts, the lack of an audit trail means that you have to seriously consider that they aren't.

Of course, given the blatant dishonesty and criminality that the rest of this administration is producing (see: every immigration law case that they are losing in court), you'd have to be a useful idiot to actually assume good intent from them.

by vkou

4/23/2025 at 9:42:21 PM

Of course, it just never occurred to me that there's a less bad but still terrible explanation for ghost admin access.

by FredPret

4/23/2025 at 9:24:01 PM

Sure, to hide your tracks because you know what you intend to do isn't right.

by Cthulhu_

4/23/2025 at 9:51:01 PM

I can’t think of any. Even if you wanted to give someone broad permissions to access and modify data, you wouldn't turn off the audit logs.

by plandis

4/23/2025 at 9:24:10 PM

There is no justification for ever creating an account like that. The only purpose is nefarious.

by patrickmay

4/23/2025 at 11:51:08 PM

I am sure they demanded maximum access, but the logging activity phrasing sounds a little bit like spin...

I think if I wanted to describe an account with access to perform "sudo -s" as negatively as possible, I would say "an all-powerful admin account that is exempt from logging activity that would otherwise keep a detailed record of all actions taken by those accounts."

by largbae

4/23/2025 at 11:21:53 PM

To allow dodgy offshore actors to snarf huge amounts of data on US citizens to prepare a huge propaganda assault for the next election?

by api

4/24/2025 at 1:17:21 AM

Interview with whistleblower detailing the attack and the threats directed against him:

https://www.pbs.org/newshour/show/nlrb-whistleblower-claims-...

by tootie

4/24/2025 at 1:48:57 AM

this guy's lawyer says: This is a difficult topic for Dan to discuss, but prior to our filing the whistle-blower disclosure this week, last week, somebody went to Dan's home and taped a threatening note, a menacing note on his door with personal information.

...

While he was at work, and it also contained photographs of him walking his dog taken by a drone.

This is mafia shit.

by cmurf

4/24/2025 at 6:49:36 AM

I just finished watching Daredevil: Born Again[0] and this incident looks shockingly familiar to what happened in the show. I don't know how the show runners knew this was going to happen but it feels like they've been spying on the future. Do they have a time machine or are they really that good (and the current administration that bad)?

[0] https://www.imdb.com/title/tt18923754/

by Corrado

4/23/2025 at 9:46:25 PM

I'm only really familiar with the 'tenant admin' concept from microsoft administration, it's commonly used otherwise?

by Suppafly

4/23/2025 at 9:21:18 PM

Obviously no

by spencerflem

4/24/2025 at 4:20:31 AM

The Deep State! The government is filled with spies determined to "leak" the great work DOGE is doing is the press - so, of course, it needs "God mode" access. Totally legit.

That's the best I could do. LOL

by jimt1234

4/23/2025 at 10:38:53 PM

very clear admission of guilt.

by 1oooqooq

4/23/2025 at 9:49:57 PM

[flagged]

by wmf

4/23/2025 at 9:54:57 PM

Thing is: Everything they're doing is against the rules. Except they aren't "rules", they are laws.

by sanderjd

4/23/2025 at 10:24:16 PM

The problem is, those tasked with upholding and enforcing the laws aren't doing their job (Congress), are swamped with a deluge of blatant lawbreaking but still have to maintain professional decorum to not open themselves up to attacks (the justice system), or are outright corrupt (higher level federal courts including, sadly, the Supreme Court).

by mschuster91

4/23/2025 at 10:37:45 PM

conflating administrative employees with congress/senate is a hint you know nothing about your own government.

also lost of the laws being broken are civil liberties protection and separation of powers, ... the only things holding the corruption under some control, which further proves you are either extremely uninformed or malicious. or worse, an "accelerationist"

by 1oooqooq

4/23/2025 at 10:09:59 PM

These aren't rules made by bureaucrats. They are laws written by Congress, a coequal branch of government, in response to the Nixon administration's abuse of executive power

by int0x29

4/24/2025 at 12:08:38 AM

And in some cases FDR's abuse of executive power. If we manage to get... Someone, I don't know who which is depressing, elected that is interested in preserving democracy above all the other current issues, I'm sure there will be a lot more laws to safeguard this happening again. Personal recommendations, nox the filibuster it creates incentive, use federal money to get all the states to switch to ranked choice voting for all federal positions. And MMP for house and electoral college. Maybe nix the filibuster as the last item of business so that the first Congress without it will have more than two parties (due to those electoral changes which lead to 4-8 parties usually).

by galangalalgol

4/23/2025 at 9:53:34 PM

I don't think that "arguing that something is against the rules" is in the CIA sabotage manual, because it's not generally considered sabotage. Maybe if you argue things are against the rules that you know aren't, to slow things down?

by aSanchezStern

4/23/2025 at 10:06:41 PM

It’s not so much arguing against the rules. It’s following them to the letter when unnecessary.

It doesn’t matter that the big boss has said that purchasing a $5 knick-knack is ok. You will have that purchase go through the full procurement process, even up to and including an exhaustive search for (cheaper) alternatives.

by Aeolun

4/23/2025 at 10:08:12 PM

I also love to unilaterally determine what is and isn’t necessary.

by only-one1701

4/23/2025 at 10:08:53 PM

Are you suggesting that’s a valuable use of time?

I make decisions about such tradeoffs every day.

by Aeolun

4/23/2025 at 10:15:55 PM

I’m suggesting that a $5 purchase abs a critical government agency’s infosec are different considerations.

by only-one1701

4/23/2025 at 10:06:47 PM

What’s that dril quote? There’s no difference between good things and bad things? That’s what this last sentence sounds like.

by only-one1701

4/23/2025 at 10:28:56 PM

This doesn't really make sense. If its in the logs, then they already did it. They weren't slowed at all.

This doesn't really apply to the situation in the slightest.

by jayd16

4/23/2025 at 9:56:04 PM

If your logs show your actions are against the rules, pointing that out is not "sabotage". It is being good guy employee, reporting your against the rules actions.

This one is very very clear and unambiguous. There is no symmetry in your example. The Civil servant is actually in the right and doge bro in the wrong.

by watwut

4/23/2025 at 11:15:55 PM

This doesn’t make sense unless they’re doing something illegal. They have backing from the top to audit the system. They don’t have to answer to any of the people who might complain, so the only reason they need to do this is if they’re doing something which violates federal laws where the penalties are worse then getting an angry email from someone in the security group who your boss will yell at for you.

The other big problem with this theory is that there’s no evidence of sabotage. During the first Trump administration, federal employees followed their leadership just like they had for Obama, Bush, etc. and every sign shows that would have happened again, except for the refusal to take on personal liability for breaking federal laws.

by acdha

4/23/2025 at 11:33:34 PM

[flagged]

by wmf

4/23/2025 at 11:26:30 PM

> Now imagine you're a DOGE bro

What does any of this data have to do with making the department more efficient? I can't imagine doing _any_ of this if that was my actual goal.

> and so do the DOGE bros.

When I believe my actions are "fully justified" then that is _precisely_ when I want logging enabled. So no one on Earth could dispute that.

by timewizard

4/23/2025 at 10:05:55 PM

[flagged]

by bilbo0s

4/23/2025 at 10:19:29 PM

Yeah, no.

I'm not going to go 'gentle' on the team of clowns who have done things like make employees work for 36 hours straight to issue RIF notices while shouting at them for "incompetence", or "created new admin accounts that were within minutes attempting to log in from Russian IPs, immediately after demanding all logging be turned off", or "repeatedly lied about savings and contracts on their own website" in some ... "assume good faith" type scenario.

Whatever good faith they deserved, they burned within days (hours, even) of being let loose.

They're already plenty of evidence that they've exfiltrated sensitive information to a variety of non-government entities that are not even remotely entitled to that data, either at NLRB or elsewhere.

Your claim is that "it's entirely possible that these are all just innocent bureaucratic errors" and I would put it to you that that claim, in the face of everything already known, also needs substantiation, and yes, not that thin veneer of Wikipedia-like "assume the absolute possible best intention, regardless of plausibility" that we're getting.

by FireBeyond

4/23/2025 at 10:08:12 PM

This is… the most reasonable explanation I’ve heard so far for everything that is happening.

God knows there must be enough normally unused rules in the federal government.

by Aeolun

4/23/2025 at 10:37:11 PM

The idea that they need to operate -- on hugely sensitive data and systems -- in darkness because any sort of accountability amounts to "sabotage" is dubious.

"Rules for thee, not for me"

This is some sort of "The Deep State is trying to foil them" nonsense.

And to be clear, aside from a weird brute forcing library and the fact that all of the DOGE employees seem to be spectacularly incompetent, there are rational technical reasons someone might want logging temporarily disabled for a one-off. For instance doing an activity that is justified and legitimate and secure and reasonable, but that would yield TB of logs unnecessarily, itself which might cause operational or availability issues. But having a bunch of incompetent script kiddies using their garbage scripts makes that fringe justification unlikely, and they're likely doing very criminal things.

by llm_nerd

4/23/2025 at 10:47:50 PM

Setting aside legitimate (thats a matter of judgement)...

Some previous attempts for DOGE to get data has resulted in data being deleted before they can look and requests for judges to block access to data.

DOGE may be trying to be covert in order to stop these two activities from happening before they can get and review the data.

by mfer

4/23/2025 at 11:05:28 PM

> Setting aside legitimate (thats a matter of judgement)

By definition, a judge decides what's legitimate.

If DOGE expects their access to be blocked by a court judgement, and bum-rushes agencies to exfiltrate data ahead of the judgement, that's also criminal intent.

I am not sure what you are getting at. "Covert" isn't how I'd describe DOGE's actions. "Brazen" maybe?

by throwworhtthrow

4/24/2025 at 12:37:59 AM

People have admitted in news interviews to destroying government data to prevent others from knowing what the government was doing. That’s likely criminal. This is a legitimate reason to get at information before people who might destroy have the opportunity.

What’s happening with judges is very political. We likely won’t know what’s allowed until things have gone through the appeals process. There have been cases of judges admitting they will rule against the current administration no matter the topic or law. This is messy, to say the least.

by mfer

4/24/2025 at 1:36:50 AM

>There have been cases of judges admitting they will rule against the current administration no matter the topic or law

What exactly did they say and who said it?

by Braxton1980

4/24/2025 at 1:30:45 AM

>People have admitted in news interviews to destroying government data to prevent others from knowing what the government was doing. That’s likely criminal. This is a legitimate reason to get at information before people who might destroy have the opportunity.

Yes, this is precisely the accusation being made against DOGE: they are the government actors criminally trying to to prevent the public from knowing what they're doing.

>There have been cases of judges admitting they will rule against the current administration no matter the topic or law.

No, there haven't, but feel free to provide a source.

by LiquidSky

4/24/2025 at 1:39:23 AM

>What’s happening with judges is very political. We likely won’t know what’s allowed until things have gone through the appeals process.

What is very political about it?

Since appeals are also decided by judges why is that a better system?

by Braxton1980

4/24/2025 at 8:24:57 AM

In American system, appeal process is a very formal thing - it checks whether all the ts were crossed, whether process was followed. It is not checking the evidence, it is bringing new evidence, nothing like that.

That is how it was designed.

by watwut

4/24/2025 at 5:23:34 AM

Citation or you're full of shit.

by santoshalper

4/23/2025 at 10:10:47 PM

1. DOGE employees access data they were not supposed to.

This fairly clear.

The story says that DOGE attained access to an account that had huge permissions into what it could see and alter. The person or persons from DOGE may have downloaded 10GB of data. The person may have used this in a manner that is illegal. Or it is illegal to start with. With the understanding that POTUS may or may not be allowed grand such access. (I dont think POTUS can)

2. DOGE employee downloaded code that could be used to use a huge pool of IP addresses, from AWS to bypass forms of throtheling. 3. The code was badly written. 4. The person is a racist

How would a person from DOGE use "unlimited" number of IP adderssess from AWS to hammer and automaticlay screenscape webpage, benefit from it when it came to copying extremly sensetive data from an internal National Labor Relations Board database?

Did 10.000 sessions authenticate to the database at the same time, using AWS UP addresses and scraped the data?

Something is pretty broken if the system with extremly sensetive data is available from external IPs -and- allowing a single account to login 10.0000 times to concurrently scrape data off the interal database?

Of are they saying that this code was adapted to use 10.000/100 IP addresses internal to National Labor Relations Board and scrapes using those?

The automation later noted makes a lot more sense to aid the work.

by ThinkBeat

4/23/2025 at 11:29:02 PM

The author brings up the ip scraping but makes no effort to tie anything together. It's actually really confusing. Were they using this utility to steal the data or are these two just totally unrelated things?

by declan_roberts

4/24/2025 at 12:55:23 AM

We have no way to know what they were using it for, because as the article details, DOGE works hard to make sure nobody can find out what it's doing or why.

by SpicyLemonZest

4/24/2025 at 1:05:05 AM

> I dont think POTUS can

What data in a federal agency could the chief executive not have authorization to access?

by grandempire

4/24/2025 at 2:46:20 AM

I am fairly sure it would be a crime for the President to pull up someone's VA health records on a whim, or at least it would be a crime for anyone at the VA to facilitate him doing that.

We can also add to that IRS data. The articles of impeachment against Nixon included the following:

"He has, acting personally and through his subordinates and agents, endeavoured to obtain from the Internal Revenue Service, in violation of the constitutional rights of citizens, confidential information contained in income tax returns for purposes not authorized by law" (emphasis mine).

There actually are laws regulating the handling of personal data collected by the government and it generally doesn't have a "the president wants to see it" exception.

by roywiggins

4/24/2025 at 9:51:49 AM

"When the president does it, that means that it is not illegal" - Nixon

I wonder, if he was alive today would he stand by those words?

by arrowsmith

4/24/2025 at 3:49:23 AM

I would agree with that emphasis. Misusing presidential privilege is always a possible impeachment, if congress cares.

I think that he can access a health or irs record for cause - anything which would not get him impeached.

by grandempire

4/24/2025 at 4:22:16 AM

> What data in a federal agency could the chief executive not have authorization to access?

Personally? For starters, he can't access anything the Legislature's laws say he can't.

The Executive is there to implement the law, and that includes obeying them him/her-self.

A President telling other people to break the law on his behalf by threatening to fire them is also a crime of extortion.

by Terr_

4/24/2025 at 4:55:53 AM

> he can't access anything the Legislature's laws say he can't.

Can the legislature make rules for the president without constitutional amendment?

I am interested- I’ll see if I can find examples.

by grandempire

4/24/2025 at 7:12:46 AM

Well, if the legislature truly cannot make any statue affecting the President, that has some terrifying implications.

It would mean a President is is legally permitted to ignore laws against raping a child on the sidewalk outside 1600 Pennsylvania avenue Ave then murdering all of Congress by blowing up the Capitol.

Recently, a majority on the Supreme Court has claimed there's immunity for "Official Acts", but hasn't laid out any rule for when an official-looking act is actually an unofficial one... They're basically reserving the right to decide later. (Ex: Officially ordering the US military to kill Congress and Supreme Court Justices.)

Not that I want to give the current one any more evil ideas.

by Terr_

4/24/2025 at 1:31:35 PM

> cannot make any statue affecting the President,

I didn’t say affecting - I said limiting the power of.

A regulatory procedure the president is asked to follow is different than saying “we made this information off limits”.

> President is is legally permitted to ignore laws against raping

That’s been beat to death. He would face impeachment + removal from office.

by grandempire

4/24/2025 at 7:07:54 PM

> That’s been beat to death. He would face impeachment + removal from office.

Republicans didn't object to Trump's coup attempt, fraud convictions, past attempted rapes, or proven corruption. 70% of them believe that he won the 2020 election. There's no reason to believe that they'd impeach him for child rape unless she was the daughter of a prominent Republican. Trump would have the girl killed, send her parents to a gulag in El Salvador, and Fox News would call it fake news.

by throw16180339

4/25/2025 at 2:49:21 AM

> past attempted rapes

You are spreading misinformation.

by grandempire

4/25/2025 at 6:15:26 PM

How?

It's certainly possible that none of the numerous allegations or proven cases of sexual assault (https://19thnews.org/2023/10/donald-trump-associates-sexual-...) were rape attempts, but that's at best an extraordinary claim requiring extraordinary evidence.

by throw16180339

4/24/2025 at 1:01:46 PM

There was a 5 minute period after that ruling was published that I really hoped Joe would take the ruling to its logical conclusion, much as you did.

by nisegami

4/24/2025 at 4:32:09 PM

war powers resolution

Also, it's a federal crime for the president to direct the IRS to audit someone: https://www.law.cornell.edu/uscode/text/26/7217

by roywiggins

4/24/2025 at 2:48:48 AM

I think the question is whether employees of an advisory group that is not an actual department of the government are on the list of people to whom can he authorize access to this type of sensitive data.

by nulbyte

4/23/2025 at 10:02:27 PM

The CEO of Tesla and Space-X; a self-proclaimed high IQ individual, an alleged programmer, has apparently hired a straight-up script kiddie to their elite delta force of technical government downsizers.

by dfedbeef

4/23/2025 at 10:28:12 PM

There is a phenomena I've noticed in this industry where people who lack a skill compensate by convincing themselves that they are a savant at seeing and exploiting that skill they lack in others. They find and encircle themselves with people who they believe are the Best of the Best, at least in their imagination, and it is critical for their ego that this is never challenged. They will be blind to any evidence to the contrary because they need the people they "identify" to be extraordinary, justifying their great people curation.

I mean, I guess this really happens in all industries. Art, music, leadership, software development. People who maybe once had credibility in something and now desperately try to foist Their People as the best in the industry.

I feel like that is what is happening here. None of the people who Elon surrounds himself are notable in any way, and their skills are hugely suspect, but he has to have his harem of "Super Coders" to prop up his own mythology.

by llm_nerd

4/24/2025 at 1:29:49 AM

I hated Elon Musk long before it was cool: I was a fan of Tesla in the early days, and when I read Musk's "super-secret master plan" for Tesla I thought "yeesh, the board chairman is an idiot, where did they find this bozo?" (I knew a bit about SpaceX but somehow didn't make the connection.)

That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible. It appears he once knew his place as an engineering manager, without LARPing as a Chief Engineer (he didn't appoint himself to CTO until quite a bit later). I worked for a really good manager who didn't know how to code, but he knew a lot about software and was very good about pulling back on coding things vs pushing forward on software design. It seemed like Musk was similar at SpaceX.

Which is all to say that celebrity is a helluva drug. I don't think Musk was ever an especially "high-IQ individual," and his first marriage suggests he's always been a misogynistic loser. But being anointed "a real life Tony Stark!" seems to have destroyed his brain. Ketamine probably doesn't help.

by AIPedant

4/24/2025 at 1:55:51 AM

> That said, I was surprised to learn much later that, by all accounts, Elon Musk was a competent and resourceful leader in SpaceX's early days. Maybe these stories are just his personality cult in action, but I found it plausible

He's good at having and raising money which was what SpaceX needed, I think he was probably the same then as he is now. Reading about his early days at Tesla and the PayPal stuff, I don't really buy the idea he was ever different and took a dark turn. He's the type of person that will never self-regulate and somehow has never faced any negative consequences for lying and self-aggrandizing so has kept pushing it further

by sidibe

4/24/2025 at 2:21:08 AM

This is a frustrating comment. I said "I was surprised to learn" because I had the same impression you did, but then I learned something new. It seems like you're just rejecting my conclusion out of hand without bothering to learn anything.

Eric Berger's book in particular suggests that, before Falcon 1 was successful, Musk was much more humble and collaborative with the other early SpaceX hires, and typically deferred to their expertise. He was always reckless and megalomaniacal. But after Falcon 1 he became much worse.

by AIPedant

4/24/2025 at 2:06:26 AM

Having an empty life full of sycophants and scammers sounds like a negative consequence. I have a bet with my wife that Tesla will go under within 10 years so we'll see how that plays out.

by dfedbeef

4/24/2025 at 4:44:27 PM

You are discounting the possibility that he wants them to wreak havoc and cause the systems to fail. The Republican dream is for government to fail and be privatized. What better way for government to fail?

by e40

4/25/2025 at 2:02:36 PM

Idk probably a way where he doesn't look incompetent

(Btw, awesome username!)

by dfedbeef

4/23/2025 at 11:49:21 PM

Um, as best I can tell from similar articles, they're all script kiddies.

by kilna

4/24/2025 at 1:36:59 AM

Total HackForum vibes.

by arm32

4/23/2025 at 10:51:44 PM

I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point? That they can save billions of dollars just by having a couple of relatively normal comp sci kids (who can't even rent a car) review the most basic financial information of our government departments. These guys aren't supposed to be "delta force" they are supposed to be the interns.

Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability

by jppope

4/23/2025 at 11:12:05 PM

Your comment assumes the conclusion that these comp sci kids were able to save billions while preserving the correct behavior of the system, i.e. if their changes cause even one person to miss one payment they should have received, then the rest of your comment is entirely baseless.

If you could prove that billions were saved in pure waste, then I’d imagine any sane citizen would agree with you, setting aside matters of decorum and human decency (e.g. RIFs that may ultimately be necessary but conducted in an inhumane way)

I’d like my tax money used efficiently, but this group does not merit the trust to carry out those changes, even on a technical level

by frank_nitti

4/23/2025 at 11:18:39 PM

> review the most basic financial information of our government departments

That is what the GAO is for https://www.gao.gov/ , and these people are much better than script kiddies.

> I would really like my tax money used more efficiently

Me too! You are on hacker news so I assume you are firm believer in https://en.wikipedia.org/wiki/Amdahl%27s_law ! If you would like your tax money used efficiently, are you willing to discuss cuts to social security, medicare, medicaid, veteran benefits, and whatever else is at the top of the budget? https://www.cbo.gov/publication/61181? What would you cut?

Personally, I would increase taxes on anyone making over $500K/year and stop nickle and diming our federal government so the US can actually become a first world country for everyone that isn't a software engineer.

by guhidalg

4/24/2025 at 3:02:32 AM

At the VA medical system, they word-searched for "consulting" and cancelled contracts for.... surgical equipment sterilization, medical waste removal, stuff related to air quality that's required for hospital accreditation, and local burial services for people who die in the hospital.

Then a lot of those had to be reinstated because you simply can't operate a hospital without sanitation.

Just like they had to scramble to hire back the folks at the National Nuclear Safety Association.

Yeah, efficiency is great. But this is like ordering tacos and getting... a used tire and some dirty diapers...?

by kaitai

4/23/2025 at 11:14:21 PM

> Not trying to defend the means to the end, but I would really like my tax money used more efficiently. I will also say am extremely worried about the levels of access that they are being given, especially since it comes with basically no accountability

This is like the derelict father with partial custody who parachutes in one weekend a month to buy his son ice cream and a new video game to leave two days later the conquering hero. Meanwhile mom works two jobs, has to set all the expectations and responsibilities for the child, and the father is late on child support payments.

DOGE blitzkrieged government IT. It'll be years before we understand the scope of what they've done and given available evidence: these are script kiddies who worship Musk, I don't think there is ANY reason for optimism or charitable consideration.

by tmpz22

4/23/2025 at 11:52:00 PM

> I would really like my tax money used more efficiently

Except by most accounts so far it was being used efficiently by the federal workforce. This whole debacle will end up costing the US tax payer more money. See cutting the IRS or USAID which will probably lead the US to bailing out farmers. And if they privatize, then it'll be even more expensive.

by matwood

4/24/2025 at 12:20:43 AM

I mean if they privatize USAID it’s a tremendous opportunity to loot on a scale we have not seen. Same thing if they privatize the IRS or Social Security. Think about all the money that could be invested in their friends’ enterprises out of the treasury float or the SS trust fund.

by throwaway173738

4/23/2025 at 11:11:07 PM

> I would really like my tax money used more efficiently.

This is immature thinking, because, who wouldn't?

The contention comes from differing opinions on what is waste.

by joquarky

4/24/2025 at 12:22:19 AM

A lot of people seem to consider anything that doesn’t personally, immediately, and directly benefit them to be a waste of their tax dollars. God forbid you use their property taxes to build schools their adult children don’t go to.

by throwaway173738

4/24/2025 at 2:17:48 AM

It's a manipulation technique. It implies that the opposition doesn't believe this.

by Braxton1980

4/24/2025 at 11:25:14 AM

> I agree with the script kiddies comment- which is basically what the reporting has shown... but in a way isn't that part of the point?

I agree, but for a different point.

Generalising, but under the age of 25, most people don't have enough experience (business/government) to understand things such as business ethics, the consequences, auditing practises, privacy concerns, etc.

With professional experience, you develop a better understanding and build up that depth of knowledge of how things impact the wider "world" rather than the immediate task at hand. Meaning, you gain a better understanding of the ethical implications of what you're doing.

As an example - in law, it'd be easier to manipulate a law graduate than a lawyer with 20+ years experience, who would think outside the direct question or task that was asked.

by lysp

4/24/2025 at 1:46:47 PM

People under the age of 25 generally work for older people - and that’s true of DOGE as well.

by grandempire

4/24/2025 at 1:44:41 PM

> a straight-up script kiddie

Why is the age such a talking point? An insight in startup culture is that the public underestimates young people, especially when it comes to business skills with objective results and tight feedback cycles.

It just seems like now that HN is skewed older we no longer believe that?

by grandempire

4/24/2025 at 2:03:09 PM

Script kiddie isn't about age, it's just a derogatory term for someone who never learned to write their own code, instead only slightly modifying and/or straight up running someone else's code that they don't actually understand very much.

by 0x3444ac53

4/24/2025 at 2:13:42 PM

It doesn’t seem entirely separate from age - as several other reply’s to this comment are about age.

I also think your description applies well to many startup founders.

by grandempire

4/24/2025 at 3:29:25 PM

It's not really about age. More about a specific level of impatience, maliciousness, inflated sense of skill and importance, and a general lack of integrity.

One could be a 60 year old skid.

by dfedbeef

4/25/2025 at 8:50:20 PM

There's ample evidence of incompetence from DoGE, including obvious coding security holes, firing people who ensure the safety of our nuclear arsenal, and other mistakes that you would expect from an unmotivated intern.

This is supporting evidence that they were picked for ideological reasons - namely, being young white supremacists who wouldn't ask any questions. That's why Marko Elez was rehired. Musk, Trump, and Vance all share his views, he was just dumb enough to express them in public.

by throw16180339

4/24/2025 at 3:04:44 PM

> when it comes to business skills with objective results and tight feedback cycles

Is the federal government a business or startup? Does chainsawing it have a tight-enough feedback cycle to get good results? I'm going to say No to both, but I don't have the time or expertise to try to prove it. It can be true, both that young people are great at startups and bad at the federal govt.

by zzrrt

4/25/2025 at 1:06:00 AM

Financial auditing does.

by grandempire

4/25/2025 at 9:44:14 PM

DoGE exists to dismantle branches of government that Republicans disapprove of, enrich the Republican elite, and use the federal government's data for their personal benefit.

Musk has openly reassigned some contracts to SpaceX for personal gain and fired people investigating his companies, so it's a given that they're also privately lining their pockets.

The federal data will be used to harass and disenfranchise their opponents. Musk, for example, can use the NLRB data to identify complainants about his companies, so that he can pay them off or have them sent to El Salvador. The data can also be used for the Safeguard Voting Eligibility Act (https://www.independent.co.uk/news/world/americas/us-politic...), which is intended to prevent women, blacks, and other groups from voting.

Financial auditing doesn't really enter into it.

by throw16180339

4/24/2025 at 2:40:20 PM

> Why is the age such a talking point?

Young people get convinced to do stupid things that their older selves would regret.

by tartoran

4/23/2025 at 9:41:21 PM

I find the following bizarre. Ignoring who this marko guy is, why would a random person post such a "take down" of the repo? I have never randomly passed by a repo and wanted to just dunk on it. Also this critique reeks of being AI generated.

Link from quote: https://github.com/markoelez/async-ip-rotator/issues/1

The follow comment is interesting to be a coincidental, such a weird interaction.

by nop_slide

4/23/2025 at 9:47:22 PM

It's only "bizarre" if you "ignore who this marko guy is." It's not a coincidence, it's somebody pointing out that DOGE's "cracked coders" are wearing no clothes.

by rideontime

4/23/2025 at 10:59:17 PM

And the follies here seem to be many. I’m not following why this Marko guy would make a publicly-visible fork of a repo (though he seems to have deleted it since this story went big), and why they would openly request to have their accounts exempted from logging when they were apparently already privileged users.

I must be missing something here; surely the level of elite technical skill implicit in his résumé would preclude this kind of thing

by frank_nitti

4/23/2025 at 11:24:06 PM

Well yeah they're junior developers. By all account from good schools but literally everyone here has dealt with junior developer brain.

I would say that Elmo picked a bunch of junior devs because they don't have enough maturity to talk back and will do anything they're asked but I think that's too charitable. I think he actually went this route because Elmo is a sad man in his 50s who is desperately trying to pretend that he is, and has not matured beyond, his 20s.

by Spivak

4/24/2025 at 12:24:20 AM

Not just junior developers, but zoomer junior developers. I'm guessing Marko was just following Grok's advice.

by rideontime

4/23/2025 at 10:42:23 PM

On February 6th, Marko Elez announced his resignation from DOGE after the WSJ discovered many racist posts he made in 2024 (which they published on the 5th). That likely made someone really interested in what his actual coding skill levels were, and they took a look at a repo he had made.

Musk did a "poll" on X that voted for rehiring Elez to DOGE, by February 20th Elez had a US Government email address again, and on Febrary 21st he was reported as working for DOGE at the Social Security Administration.

by mandevil

4/24/2025 at 7:31:06 AM

> Upon learning of your resignation, following reports that you were linked to an account advocating to “normalize Indian hatred” and for a “eugenic immigration policy,” I can’t help but address the staggering hypocrisy of these views within the context of the IT industry

the 2nd comment in the issue explains why the 1st was posted pretty clearly

by areyourllySorry

4/23/2025 at 10:04:38 PM

They took down the repository ~20 minutes after OP's comment. Archived link: https://web.archive.org/web/20250423135719/https://github.co...

by epoxia

4/24/2025 at 1:12:25 AM

Surely Elez is currently reading this thread right now too. Probably reveling in the attention like all the juvenile hacker boys.

by tootie

4/24/2025 at 3:10:15 PM

Are there forks of this repo out in the wild and available?

by e40

4/23/2025 at 9:45:53 PM

Why wonder? The user who wrote it seems to be a pretty well established user, and their public repositories suggest that they work in adjacent contexts, so it's entirely plausible they attempted to use async-ip-rotator in one of their projects.

by nativeit

4/23/2025 at 10:05:02 PM

???

The public repos for this person that I could find that weren't forks with no activity to upstream consisted of a dice-rolling guessing game, rock-paper-scissors, and some kind of framework for downloading and transcribing audio files that does not yet download or transcribe, but implements a whole bunch of boilerplate. I find it rather difficult to believe this person engaged in a good-faith review of the async-ip-rotator code base.

by marcusb

4/24/2025 at 9:47:45 AM

I wouldn't expect somebody to use their main non throwaway account, which probably ties to their job or school to write this today... when if someone in the gov doesn't like what you say they do things like cancel your visa or sanction your employer.

by throwaway290

4/24/2025 at 1:25:43 PM

Cool. I'd expect such a throwaway account to be a bare throwaway account and not have multiple learning-project style repos with activity spreading out over a period of a few years, such as you see with the author of the critique/rant posted on the DOGE guy's repo.

by marcusb

4/24/2025 at 1:45:11 PM

I wouldn't. I use a throwaway for multiple years myself lol. And he or she could just use some friend's anonymous account.

And I like how you request good faith review of a guy who is part of the team busy dismantling US government from the inside. Like who would even think to review that if not because of it. What matters is is it correct or not.

by throwaway290

4/24/2025 at 2:31:17 PM

I think you're bending over backwards here to rationalize this 'review'. Assuming this person does use throwaway accounts as you suggest, you'd have to believe that in February of last year, they were busy writing a dice-guessing game and a rock-paper-scissors implementation and in February of this year, they are experienced enough to write a lengthy critique of the architecture of someone else's project. A review, by the way, that is longer than the code it criticizes.

If you believe that, that's fine. I don't.

As for the correctness of the 'review', it is absolutely nuts. Total nonsense.

by marcusb

4/24/2025 at 3:30:43 PM

> you'd have to believe that in February of last year, they were busy writing a dice-guessing game and a rock-paper-scissors implementation

Or teaching their kid. Or it was their friend. Etc.

You're bending over backwards to judge it on reputation in a case where there would not be one. If it's nonsense on merit then criticize that

by throwaway290

4/23/2025 at 9:53:54 PM

It's also worth noting that Feb 6 may very well be after Marko Elez became a public figure with DOGE. The article doesn't do a great job of expanding on any of this.

by nativeit

4/24/2025 at 2:21:20 PM

Ah yeah that would make more sense

by nop_slide

4/23/2025 at 9:45:55 PM

Are you genuinely puzzled or just wanted an excuse to point us all toward that comment? If "the comment" is correct word for what amounts to full article in length.

by watwut

4/23/2025 at 10:35:08 PM

Why would they want an excuse to point everyone to that comment when it's literally linked in the article?

by sepositus

4/23/2025 at 9:21:12 PM

The fact that they left these packages public on GitHub.. guys you do know you can make things private right? Just shows how dumb these people are honestly

by willio58

4/23/2025 at 9:31:47 PM

Or they are emboldened in knowing there will be absolutely no consequences.

Go look at the list of pardons this administration has handed out. These guys won’t even be charged.

by mingus88

4/23/2025 at 11:33:10 PM

They were given a blanket pardon dating back to 2014. No crime even listed!

by declan_roberts

4/24/2025 at 3:37:17 AM

Sounds like another administration I know....

by DaSHacka

4/24/2025 at 4:47:49 PM

Ah, yes, the "both sides" argument. Yes, the Biden and Trump2 administrations are just the same. Move along...

by e40

4/24/2025 at 5:38:14 PM

When it comes to pardons, I actually believe Biden was significantly worse in that regard.

by DaSHacka

4/25/2025 at 6:06:51 PM

I don't see how you could come to that conclusion. Here are the facts:

Biden:

* Nonviolent Drug Offenders: Biden focused heavily on criminal justice reform, commuting the sentences of nearly 2,500 individuals convicted of nonviolent drug offenses.

* Death Row Inmates: He commuted the sentences of 37 federal death row inmates to life imprisonment without parole.

* Preemptive Pardons: Biden issued preemptive pardons to several individuals, including Dr. Anthony Fauci and retired Gen. Mark Milley, to protect them from potential future prosecutions.

* Hunter Biden: In a controversial move, Biden granted a sweeping pardon to his son, Hunter Biden, covering any offenses between January 1, 2014, and December 1, 2024.

Only the last one is at all controversial. I disagree with it, but it was clearly a protective pardon instigated by rhetoric and actions by Trump.

Trump:

* Political Allies: Trump frequently granted clemency to individuals with personal or political connections, such as Michael Flynn, Roger Stone, and Paul Manafort.

* Capitol Rioters: In a sweeping move, Trump pardoned over 1,500 individuals involved in the January 6 Capitol riot.

* Controversial Figures: He also pardoned individuals like former Illinois Governor Rod Blagojevich and Michele Fiore, a former Las Vegas City Council member convicted of misusing charity funds.

All 3 categories of Trump's pardons are controversial. 1 vs thousands.

by e40

4/26/2025 at 7:07:31 AM

Biden quite literally pardoned his family and cronies of any wrongdoing before leaving office.

Get back to me when you can form your own thoughts and don't need a GPT bot to write your arguments for you.

by DaSHacka

4/25/2025 at 12:54:48 AM

How is that relevant?

by garbagewoman

4/25/2025 at 6:16:31 AM

Because the topic of pardons was brought up?

Read through a discussion chain before responding to an individual reply.

by DaSHacka

4/25/2025 at 2:39:12 PM

I did read through it, i don’t generally just jump to a random point in the comment chain to start reading. The topic of something being brought up doesn’t necessarily mean its the topic being discussed. Keep your personal feelings in check and don’t react so emotionally.

by garbagewoman

4/26/2025 at 7:10:32 AM

You're missing something if you're tryijg to project feelings of emotion onto my comments based on my previous contribution to this discussion.

If you don't like a certain topic of discussion, you can always move on without being required to state your dissatisfaction.

by DaSHacka

4/23/2025 at 9:42:25 PM

Or they think what they're doing is righteous and they're proud of it. It isn't - DOGE is responsible for hundreds of thousands of deaths through cuts to health programs - but I suspect they are deluding themselves into thinking it is.

by apical_dendrite

4/23/2025 at 10:01:27 PM

> DOGE is responsible for hundreds of thousands of deaths through cuts to health programs

That seems like a lot. Source?

by cpursley

4/23/2025 at 10:14:38 PM

https://www.bu.edu/sph/news/articles/2025/tracking-anticipat...

https://www.impactcounter.com/dashboard?view=table&sort=inte...

https://www.nature.com/articles/d41586-025-01191-z

https://www.scientificamerican.com/article/usaid-funding-sav...

This is just USAID. It's not even considering the cuts to HHS or other agencies.

by apical_dendrite

4/23/2025 at 10:51:08 PM

[flagged]

by cpursley

4/23/2025 at 10:57:23 PM

Saying something is false does not magically make it so.

by pesus

4/23/2025 at 11:02:44 PM

Nor does putting random predictions out. My crazy aunt is also into horoscopes.

by cpursley

4/23/2025 at 11:05:50 PM

Data analysis is not a "random prediction". Calling it that does not make it so.

by pesus

4/23/2025 at 10:53:50 PM

[flagged]

by apical_dendrite

4/23/2025 at 11:17:47 PM

Go help them then or donate to orgs that do.

by cpursley

4/23/2025 at 11:47:59 PM

I've started donating to TB-aid organizations.

But more than just money is gone. US-led organizations formed logistical backbones of these systems. Wads of cash won't replace the networks of people and things that are able to productively bring TB meds to people who need it.

by UncleMeat

4/23/2025 at 10:12:50 PM

https://www.yahoo.com/news/count-dead-millions-133000054.htm...

by douglasisshiny

4/23/2025 at 10:49:37 PM

[flagged]

by cpursley

4/23/2025 at 10:56:34 PM

Do you have an actual rebuttal to the data?

by pesus

4/23/2025 at 10:59:58 PM

[flagged]

by cpursley

4/23/2025 at 11:01:14 PM

Do you have any evidence or analysis of this beyond your comment calling it fake? Do you honestly believe getting rid of disease prevention and treatment for children will not result in a single death? Do you have any evidence it was a "slush fund" and not actually being used for disease prevention and treatment? Do you honestly believe that people upset over children dying are lying, and instead are all upset that they are no longer able to access a supposed "slush fund"?

by pesus

4/23/2025 at 10:06:21 PM

Not that it matters in this specific case, but on GitHub privated forks aren’t fully private: https://docs.github.com/en/pull-requests/collaborating-with-...

by dgellow

4/23/2025 at 10:17:03 PM

It's git. Just clone and push to a new, private repo (on or off of GitHub) without clicking "fork".

by darknavi

4/23/2025 at 9:50:19 PM

Making a fork of a public repo private involves using the git cli.

by dboreham

4/24/2025 at 1:37:36 AM

Ooh, scary!

by arm32

4/23/2025 at 10:19:54 PM

What? They reused public packages that have been public for years. One guy made a public fork with some changes. Is that not what open source is intended for?

by vt_mruhlin

4/24/2025 at 7:13:16 AM

I think he’s saying that if their intent was to not get caught which you’d assume, they could have made a private repo instead of a public fork tied to a doge account

by dkrich

4/24/2025 at 3:44:07 AM

You misunderstand, open source is bad actually, when the heckin cheeto man is the one doing it.

Just as its only worth complaining about geriatric geezers in office until the cheeto man brings in young hackers, then the problem is that "the old impaired people were good, actually".

Don't observe. Don't think. Merely repeat the approved message.

> The Party told you to ignore the evidence of your eyes and ears. It was their final, most essential command.

by DaSHacka

4/23/2025 at 9:12:44 PM

Someone needs to go to prison over this. It’s not just a misunderstanding, it is an intentional attack on every US citizen.

by tw04

4/23/2025 at 9:25:45 PM

The people who need to see/understand this live in a different reality where uncomfortable things like this are ETL'd into righteous anger towards people they don't like.

This is the deep state they've been worried about, this is the boot that will tread on them.

EDIT: parent comment was highest ranked comment for the article and is now at the bottom?

by candiddevmike

4/23/2025 at 9:49:13 PM

A twisted justification for suggesting someone who broke serious laws not face consequences.

We live in a nation of laws, whether or not conspiracy-minded individuals prefer to follow them.

by j2kun

4/23/2025 at 10:00:10 PM

> We live in a nation of laws

You stopped living in a nation of laws a while ago. Now you live in a nation of might makes right.

by Aeolun

4/23/2025 at 10:10:06 PM

We'll see.

The thing about the law in the US, it's slow and heavy. You'll need to be pretty mighty to move it if it catches up to you.

by bilbo0s

4/23/2025 at 10:39:28 PM

I would have agreed years ago, but seeing trump - who obviously should be in prison for January 6th, among other crimes - back in the WH pretty much proves the US is not a nation of laws.

by myko

4/24/2025 at 12:06:02 AM

It's worse. SCOTUS says he's immune to any law while POTUS meaning he can have people commit crimes on his behalf and then pardon them (or simply commit them himself). See the 1/6 insurrectionists.

by matwood

4/24/2025 at 2:13:59 AM

Voters elected an abuser and now we're being abused.

This is what happens with the authoritarian faction, present in all societies, wins an election. The people who stand for the Constitutional order didn't do enough. Whether they weren't sufficiently positive persuasive or negatively persuasive, here we are with President Psycho in office.

The law didn't fail. Order didn't fail. The self-governed, the people, failed to support and defend the Constitution.

by cmurf

4/24/2025 at 1:54:10 AM

People are fighting back. It’s not over yet.

by dwaltrip

4/23/2025 at 10:14:21 PM

Justice delayed is justice denied.

by jayd16

4/23/2025 at 10:47:33 PM

Supreme court gave Trump a pass on all his crimes. We have already seen. No more waiting is necessary to find out.

by bagels

4/23/2025 at 10:15:53 PM

That law now officially includes an individual who is immune from the law and who can issue pardons to anyone for anything. So you live in a nation with optional laws.

by padjo

4/23/2025 at 10:48:41 PM

Federal laws only. There is some daylight there.

by willhslade

4/23/2025 at 10:11:47 PM

Laws are only as strong as the enforcement.

One of the things that is being exposed by the current administration is that, even though the Judiciary is an arm of the government, and supposed to provide a check on the Executive, the reality is that the Executive has the power to pardon anyone it sees fit, voiding the power of the judiciary (the argument is that the ultimate power lies with the voters who can pass their judgement on the Executive, and its use of its powers, by voting them out, hopefully)

by awesome_dude

4/23/2025 at 10:26:38 PM

> Laws are only as strong as the enforcement.

This is one of the fundamental issues that underlies our broken system in the US. The gaps between what the law actually is, what people think it is, what people want it to be, and what it in practice is, are enormous.

Some of the recent deportation cases highlight this. You have cases where people were living in the US illegally for decades but faced no repercussions, and now people are upset because they were suddenly detained and/or deported. Virtually all the framing I see is about how it's a sudden and horrible injustice that they were detained during a "routine" ICE check-in --- very little about how we have accumulated this palimpsest of rules and enforcement policies resting on laws which don't actually encode the state of affairs most people want.

If we want people to be able to immigrate easily and safely (and I do), we need to stop breathing sighs of relief when a new president comes in and issues some kind of temporary executive order that makes things okay in the short term. We need to fix the laws at all levels, including criminalizing enforcement actions that are contrary to the law. That would likely mean massive purges of many individuals in local and state governments and law enforcement agencies, with many of them sentenced to considerable prison terms for the kind of enforcement discretion that we currently accept as normal. It's not going to be pretty. But it has to be done if we want to return to a system grounded in the actual rule of law and not the rule of law enforcement.

by BrenBarn

4/24/2025 at 2:22:14 AM

>You have cases where people were living in the US illegally for decades but faced no repercussions, and now people are upset because they were suddenly detained and/or deported

I believe the concern is the cases where the person had a temporary stay.

by Braxton1980

4/24/2025 at 12:19:57 AM

Bruh, do you think people are pissed about the deportations just because they’re immigrants?

Deport them all if they came here illegally and that was _proven_, but the government just skipped all due process and as we’re seeing and as the government already admitted, people are being mistakenly deported to these camps and then the same government says they can’t do anything to reverse it.

You can’t be waxing poetic about the rule of law and how we need to enforce everything when they can’t even follow due process

by lovich

4/24/2025 at 6:26:59 AM

Following due process is part of enforcement, and yeah, it needs to be done in accordance with law. But we've had problems with due process for a long time. One example is that our court system is not remotely adequate to handle the load it actually needs to handle. The result is long delays in justice (which usually benefit those with enough resources to wait it out), as well as a heavy reliance on plea bargains (which can act as an end-run around due process by applying pressure on vulnerable accused people to essentially waive their due process rights).

I don't disagree that there are huge problems with how enforcement is currently happening. My point is that we've had those problems for a long time and the current situation is just pushing things to the breaking point along the same axis.

by BrenBarn

4/23/2025 at 10:40:07 PM

> But it has to be done if we want to return to a system grounded in the actual rule of law and not the rule of law enforcement.

This is never going to happen - politics aside of what you might or might not believe about the current situation.

It's about as likely to happen as every religious individual on the planet obeying every rule in their sacred book.

The reason that they don't happen is because peoples' ideas on what is acceptable and isn't in a society changes, sometimes quite rapidly - note that the current US Administration was (attempting) to use a statute from the 1700s, are you obeying all the laws (that haven't yet been repealed) from then?

edit: An obvious example is the fact that the USA exists - it's on land that was acquired via theft, and murder. Therefore every person living on that land is receiving stolen property - let me know when that law is being enforced.

by awesome_dude

4/24/2025 at 1:26:35 AM

Do you believe there should be criminal prosecution for state and local government officials currently refusing to to work with ICE in its current form in the Trump administration?

by Larrikin

4/24/2025 at 6:31:26 AM

In a sense, yes. I lean more and more toward the idea that we're not going to get out of this mess without "hitting rock bottom", so to speak. That means we have to somehow confront people with the reality of the laws we actually have, not the imaginary ones we've convinced ourselves we have. If we had those kinds of criminal prosecutions we might get riots in the streets and revolutions that would result in changes to the laws. Moreover, if we had had those kinds of criminal prosecutions in the past (e.g., George Wallace), we might have been able to fix things with less pain than will be required now.

by BrenBarn

4/24/2025 at 11:05:23 AM

Do you also support criminal convictions for those going around due process, not presenting badges or any identification, and supporting a foreign concentration camp that indefinitely jails people who have not been convicted of a crime, just accused?

by Larrikin

4/24/2025 at 7:00:19 PM

Definitely.

by BrenBarn

4/24/2025 at 2:22:50 AM

What crime is that?

by Braxton1980

4/24/2025 at 2:30:15 AM

Whatever he imagines it to be with this statement

> We need to fix the laws at all levels, including criminalizing enforcement actions that are contrary to the law.

by Larrikin

4/23/2025 at 10:09:28 PM

All the evidence is contrary to your assertion that we live in a nation of laws.

by tines

4/23/2025 at 9:51:25 PM

We live in a nation of peers before we live in a nation of laws.

by threatofrain

4/23/2025 at 9:31:09 PM

Chances of that happening are zero right now.

by aiauthoritydev

4/24/2025 at 1:36:59 AM

You forget who the president is. They will get away with all of this and everything else. Doesn't mean we shouldn't try but lets be realistic here.

by 9283409232

4/23/2025 at 9:44:03 PM

I fully believe there's a stack of pardons in Trump's drawer for everyone involved in this debacle. I can't imagine breaking so many laws all over the government if you thought you'd ever have to face consequences. The alternative to pardons in preventing the next congress & administration from cleaning this up is too dire to really contemplate.

by mikeyouse

4/23/2025 at 9:47:12 PM

Time to remove the pardon powder. Has it achieved anything productive in the last 100 years?

by dboreham

4/23/2025 at 9:56:45 PM

I think it's been used properly in a lot of instances, especially when you consider that federal law can quickly become out-of-step with modern sensibilities, so being able to relieve those harmed by laws flawed under contemporary standards is important. There's probably a better way of handling that, but it's one instance where the power of presidential and governors' pardons have been applied appropriately.

by nativeit

4/23/2025 at 10:29:24 PM

> I think it's been used properly in a lot of instances, especially when you consider that federal law can quickly become out-of-step with modern sensibilities, so being able to relieve those harmed by laws flawed under contemporary standards is important.

No, that is exactly what we don't need. When law becomes out of step with modern sensibilities, the law needs to be changed. Precisely the problem we currently have is that we have become too accustomed to dealing with a sort of "shadow law" system where the way things actually work is not the way they're supposed to work according to the law. That is a recipe for confusion, bias, favoritism, and inequity. What we need is a system of laws that actually lets the people fix things when they are broken instead of patching around them. (This is, in my view, a byproduct of other aspects of our legal system, in particular the grossly over-restrictive process for amending the constitution.)

by BrenBarn

4/23/2025 at 11:03:38 PM

That's not really what I meant. Just because a law is repealed or changed, doesn't mean the people who were sentenced to prison because of its original form will receive revised sentences.

by nativeit

4/24/2025 at 6:01:03 AM

You can revise their sentences with law as well.

by BrenBarn

4/23/2025 at 10:39:44 PM

At the very least, it seems obvious there should be an asterick on the pardon power of, "you can't use it to pardon your employees/staff." Or pardon people for things they did under your direction/purview.

by tcmart14

4/24/2025 at 2:26:51 AM

Are you referring to cases where the person already served their time or are long dead?

Like a pardon for someone convicted of being gay in the early 20th century?

These are symbolic and provide no practical relief. Losing this to stop all pardons would be worth it to me

by Braxton1980

4/23/2025 at 9:53:36 PM

it's written into the Constitution very explicitly. and it's a really bad time to hold a Constitutional Convention.

by sterlind

4/23/2025 at 11:25:24 PM

I'm not actually convinced that now would be a terrible time to hold a constitutional convention. Yes, it would be messy, but the nature of the ratification requirements (3/4 of all states) means that nothing could make it through without essentially unanimous consent of the country as a whole.

by derektank

4/24/2025 at 12:53:21 AM

While we are at it we can add ranked voting and a vote of no confidence (maybe initiated by congress and voted on by the states or people).

by cgriswald

4/23/2025 at 10:46:44 PM

To remove the presidential pardon power, you'd need to [amend the Constitution][1]. Getting [two thirds of both Houses of Congress][2] to pass any amendment in the foreseeable future seems highly unlikely if not downright inconceivable.

[1]: https://constitution.congress.gov/browse/essay/artII-S2-C1-3...

[2]: https://constitution.congress.gov/browse/essay/artV-1/ALDE_0...

by romellem

4/24/2025 at 2:28:25 AM

Why?

It doesn't affect the power of congress so why would they care?

by Braxton1980

4/23/2025 at 10:04:40 PM

It's a bizarre and archaic power, which has been abused by presidents from both parties.

by Reason077

4/23/2025 at 10:36:59 PM

It's also clearly incompatible with most (all?) modern definitions of democracy.

by xorcist

4/23/2025 at 10:07:23 PM

Truman and Carter used it well[1][2].

[1]: https://www.newspapers.com/article/news-and-record-truman-ex...

[2]: https://en.wikipedia.org/wiki/Proclamation_4483

by woodruffw

4/23/2025 at 9:49:13 PM

They are betting the system won't go after them later which is a very bad bet if they eventually give back the executive branch and an even worse bet if the power they support never gives it back. About as brilliant as being in a photo with Stalin.

by satanfirst

4/23/2025 at 9:53:24 PM

Trump can wait until the last day in office then issue pardons for any possible crimes, right? Biden did something similar I believe

by geraldwhen

4/23/2025 at 10:18:38 PM

Can't pardon state crimes nor cases of impeachment.

Arguably, if you impeach someone in public office, even if they aren't convicted by the Senate, any pardon of those same acts becomes moot and they can be tried in court for the same offenses. At least, that's what the DoJ suggested in 2000.

by Aloisius

4/24/2025 at 1:37:59 AM

This Congress won't impeach Trump. If they were willing to, they would've already.

by 9283409232

4/24/2025 at 1:38:44 AM

This Congress probably won't, but the next one might.

by Aloisius

4/24/2025 at 2:45:50 AM

They could impeach again, but senate will refuse to convict. If Jan 6 didn't motivate them to stop this, nothing will.

by jmcgough

4/24/2025 at 2:02:20 AM

Most of the seats up for reelection in 2026 are Dem seats. North Carolina is the only one I can realistically see Dems flipping.

by 9283409232

4/24/2025 at 2:36:45 AM

The entire House is up for reelection. They are who impeach. The Senate is who convicts.

by Aloisius

4/24/2025 at 2:53:25 AM

Without a conviction, impeachment is just performative at this point.

by 9283409232

4/23/2025 at 10:02:24 PM

> Trump can wait until the last day in office then issue pardons for any possible crimes, right?

Is your mental model of the pardon process actually confused? Yes, the president can unilaterally issue pardons, and Donald Trump is president until the end of his term, so he can issue pardons on his last day in office.

by magicalist

4/23/2025 at 10:07:12 PM

Is the hostility really required?

The comment was about last-day pardons, not pardons in general. Its a topic many presidents have gotten flak or attention for.

by pests

4/23/2025 at 10:19:54 PM

What hostility? I was asking if they were really confused or if they were asking rhetorically. If they were actually confused, the answer is yes.

edit: oh, I guess "and Donald Trump is president until the end of his term" could come off as patronizing. I meant it just as a statement in a chain of reasoning

by magicalist

4/23/2025 at 10:45:17 PM

Recent untested precedent exists of blanket pardons needed for unqualified crimes and they are so far likely to be challenged on a different technicality (first?).. Asking what people think is not confused unless you are being uncharitable or know a lot of actual precedents that we all should know from another era.

by satanfirst

4/23/2025 at 11:59:47 PM

I am fully unaware of any challenges to recent pardons. I don’t follow politics much and just knew about the blanket pardon that I assume all presidents will use going forward unless it’s challenged in court.

by geraldwhen

4/23/2025 at 11:07:44 PM

Not really possible since they would be pardoned even if anyone was ever willing to prosecute them.

by root_axis

4/23/2025 at 9:39:59 PM

[flagged]

by threatofrain

4/23/2025 at 9:20:06 PM

[flagged]

by pluc

4/23/2025 at 9:23:10 PM

> it's fun to watch

Watching the misery of others makes me feel ill.

by MOARDONGZPLZ

4/23/2025 at 9:46:57 PM

Don’t agree with the OP how it’s fun to watch, but you have to acknowledge how citizens of basically every other country feel after being made fun of for the past few months. I have close relatives living in the states, and I feel bad for them. But your own government has been belittling your neighbours across both of your borders and calling them weak. I’m not going to say that the government does not deserve some of the repercussions of their own actions.

by tokioyoyo

4/24/2025 at 3:57:30 PM

We aren't being made fun of, we are being threatened with annexation and unprovoked economic warfare by an administration with collective the intellect of a public toilet. The entire world has lost respect for the US and I for one am glad. And before you say what they all say, "we're not all like that", you're all complicit until you run them out of the country.

by pluc

4/24/2025 at 3:53:34 PM

Watching the misery of a nation who have been hiding behind the second amendment for decades to defend mass slaughter and who now won't lift a finger to get out of authoritarian decisions and an oppressive regime is delicious hypocrisy. I can't wait for dessert.

by pluc

4/23/2025 at 9:26:23 PM

[flagged]

by the_optimist

4/23/2025 at 11:13:02 PM

Writing ai slop? Thanks !

by pyinstallwoes

4/23/2025 at 9:16:00 PM

Explain please.

by the_optimist

4/23/2025 at 9:21:16 PM

The complaint alleges that DOGE was able to get unlimited-permissions admin accounts that were not subject to logging. They also downloaded external repositories that gave users of those repos lots of different IPs. The complaint further alleges that the DOGE person used the combination of these things to "download... more than 10 gigabytes of data from the agency’s case files, a database that includes reams of sensitive records including information about employees who want to form unions and proprietary business documents."

If this is all true, this is basically hacking sensitive data in the open. We already know the current administration has worked to hobble unions. So putting these things together, this act is not only wrong in and of itself, but the data is likely going to be used to harm americans' interests. So, deserving of punishment.

by MOARDONGZPLZ

4/23/2025 at 9:32:28 PM

And they fucking illegally fired the IGs who are supposed to act as watchdogs for and light-shiners-on-of blatantly-illegal activity like this in the executive. The ones we added after Nixon's crimes. It was one of the first actions of the administration, blanket firing without actual cause, which is supposed to be required, and without the required notice-period to Congress.

That should have exhausted any benefit of the doubt right off the bat, even among those inclined to think Trump's maybe not great but also some ordinary amount of bad for a politician. You don't do that unless you fully intend to do some crimes. Not only that, they were so goddamn eager to crime that they couldn't wait the 30 days or whatever. They intended to do criminal shit immediately.

by alabastervlog

4/23/2025 at 10:16:13 PM

I wish the firings of the IGs was something that "Joe Sixpack" understood. Honestly, even that the IGs exist(ed).

(It wouldn't change the opinions of anybody who matters, I suppose.)

by EvanAnderson

4/23/2025 at 9:21:43 PM

If you take a step back and realize that the intent is to utterly destroy the social safety net provided by social security, Medicare, etc that we have all been paying into our entire adult lives, tell me why every citizen affected should not pursue civil and criminal charges of theft and fraud with malicious intent?

And then the means to do so have involved ignoring the courts and bypassing constitutional checks and balances? Please tell me how this isn’t criminal if not treasonous?

by mingus88

4/23/2025 at 10:56:04 PM

Not only did you not explain the original comment, you added more assertions that are significantly more extraordinary without explaining your reasoning for those either.

by cap1434

4/23/2025 at 9:22:56 PM

Sensitive government data was (sure, allegedly) extracted to Russia via an account that was expressly created to hide / not create logs. This is treason. Allegedly.

by Cthulhu_

4/23/2025 at 9:38:41 PM

This administration is doing a lot of things that are borderline treasonous. Hopefully they get prosecuted when they get voted out or ideally get removed form power.

by goatlover

4/23/2025 at 9:54:03 PM

Trump will blanket-pardon anyone who's still on his good side. And maybe some who aren't, just to limit the reach of investigations. And Trump himself's untouchable—while it remains technically possible to criminally prosecute a President for actions in office, it's in-practice impossible short of some unlikely hypothetical scenarios, thanks to the Supreme Court (the Roberts court loves leaving things technically intact, but actually not)

by alabastervlog

4/23/2025 at 9:18:00 PM

https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...

by dmbche

4/23/2025 at 9:23:27 PM

[flagged]

by the_optimist

4/23/2025 at 9:19:50 PM

If I told you someone went to your bank and demanded the right to setup accounts with permissions to do everything and to have all logging of that users activity disabled, and then a whistleblower pointed out that they downloaded everyone's bank statements, you'd probably be pretty up set.

After all, why do they need unfettered access? Why do they need your bank statements? Why do they need to hide what they're doing with the unfettered access?

That's what's happening here. There is no good explanation other than bad actors

by malfist

4/23/2025 at 9:25:10 PM

[flagged]

by the_optimist

4/23/2025 at 9:30:57 PM

The article specifically covers this point. They exceeded their authority.

by hedora

4/24/2025 at 1:05:50 AM

The article does not define or discuss the authority of DOGE.

by the_optimist

4/23/2025 at 9:44:04 PM

Might doesn't make right

by malfist

4/23/2025 at 9:32:53 PM

An obvious rebuttal is they should not have that authority, and the possible reasons for having gained it are nefarious.

by goatlover

4/24/2025 at 12:15:01 AM

The problem with prosecuting them – they are employees of a White House office, doing what their bosses told them to do, and it is clear their bosses are carrying out the President's wishes.

If Joe Blow off the street walks into a federal agency and takes all their data – open and shut case, throw the book at them, see you in a few decades.

If someone from the White House walks into a federal agency, tells the agency leadership "the President wants me to take all your data", and the agency leadership replies "sure, go right ahead" – not a scenario people were expecting, so the existing laws haven't been crafted to clearly criminalize it. Maybe some enterprising prosecutor can find a way to map it to the crimes on the statute book, maybe it is just too hard. But even if the prosecutor overcomes that hurdle, it will be far from easy to convince the jury / trial judge / appellate courts that the legal elements of the crime are actually met – and if it actually gets as far as a conviction upheld by the appellate court, what do you think the conservative SCOTUS majority are going to do with that when they get it? And many prosecutors, foreseeing those low odds of ultimate success, will stop before they even get to an indictment.

So, I think the odds of anyone ultimately being convicted over this are low, even if Trump never pardons them.

Maybe, Congress might pass a law to make it more clearly illegal, which might make it easier to prosecute if a future administration repeats the same behavior.

EDIT: if people are downvoting this because they think my analysis of the likelihood of successful criminal prosecution is wrong, it would be great if they could reply to explain where they think I got it wrong

by skissane

4/24/2025 at 5:24:52 AM

All public servants take the oath found in 5 USC 3331. The oath is to support and defend the Constitution of the United States. Not a person.

by cmurf

4/24/2025 at 5:51:03 AM

That's not a counterargument to my position that successful criminal prosecution is unlikely.

If you are going to charge them with a crime, which one? CFAA?

How then to prove that access is unauthorized under the CFAA given evidence that both the President and senior agency leadership authorized it? Trying to claim that those authorizations are legally invalid gets into rather murky areas of law, and is (AFAIK) without precedent. Can you point to any previous cases of a successful CFAA prosecution where the access was authorized by a senior federal official but that authorization was declared legally void?

How do you get past the fact that the law is ultimately whatever SCOTUS says it is, and it seems more likely than not that the majority of current SCOTUS will want to say that this specific situation isn't a crime?

I feel like people are rejecting my position because they don't like it or don't want it to be true. Of course, maybe I'm wrong – maybe Thomas, Alito, Gorsuch, Kavanagh, Barrett and Roberts are all secretly dreaming of sending Musk and his minions to federal prison; or maybe they'll dispassionately follow their own judicial philosophies to the logical conclusion that doing so (using CFAA or whatever) is statutorily and constitutionally required - but that doesn't seem very likely to me, given their track records. Do you really think I'm wrong about that?

by skissane

4/24/2025 at 12:35:30 AM

The claim that because your boss tells you to do something illegal means that you should just do it is bullshit. It's your social responsibility to not capitulate under these circumstances.

If you don't feel that way then you deserve the world you are creating.

by j_w

4/24/2025 at 12:50:51 AM

The problem is a lot of relevant criminal laws contain this word “unauthorized”. If you have access to a computer system, and it is authorized by the people who own the system, it isn’t a crime. These people will say that whatever they did/bypassed was (1) authorized by the President (of course if you ask Trump if he authorized them to do whatever he’ll say “yes”); (2) authorized by the senior agency leadership (because Trump has made clear that if they refuse to authorize it they’ll be fired).

So, how do you prosecute them for accessing a computer system (or data or whatever) without authorization when both the President and the senior agency leadership say they authorized it?

Well, you can’t-unless you want to argue that the President / agency leadership’s authorization is illegal and hence illegally invalid, ultra vires. But even supposing you are right about that in the abstract, will you be able to convince a judge and jury of it? And even supposing you convince a jury, trial judge and appellate court, there’s a dozen different ways SCOTUS could overturn it (from narrow questions of statutory construction to sweeping rulings about the President’s inherent constitutional power to demand information from the executive branch), and I think the main question for the current SCOTUS majority will be which of those ways they choose.

My impression is that a lot of people are mixing up what they think the law ought to be, with what it actually is. Just because something ought to be a crime doesn’t mean it actually is one - and that’s especially going to be the case with unprecedented situations, it is hard to make something a crime if nobody foresaw it would one day happen.

by skissane

4/23/2025 at 11:29:20 PM

People voted for this

by declan_roberts

4/23/2025 at 9:44:55 PM

You’d have to prove a crime here to send someone to jail, correct? What would the charges be?

by happyopossum

4/23/2025 at 10:05:37 PM

Without knowing the specifics of US law, there’s a lot in there for a reasonable case. Improper handling of sensitive data, interfering with ongoing legal proceedings, abuse of telecommunications infrastructure (looks like the guy runs a brute forcing crawler on a government system) and probably even more.

by 9dev

4/23/2025 at 10:20:00 PM

El Salvador seems very willing to take people off our hands for mere allegations.

by ceejayoz

4/23/2025 at 9:58:35 PM

[flagged]

by Alupis

4/23/2025 at 10:02:51 PM

I think surely “we want untraceable admin accounts” should be illegal in some way. If only in regard to transparency.

by Aeolun

4/23/2025 at 10:27:50 PM

[flagged]

by Alupis

4/23/2025 at 10:55:15 PM

>"Tenant-admin" isn't such a radical thing

Admin accounts without logs is extremely radical. I have literally never seen it, or had anyone request it, in my decade+ of consulting in security.

Unless you think the whistleblower, Krebs, and everyone else reporting are lying. Which, in that case, nothing anyone says is going to change your opinion (and you should just say that, if it's what you think, to save us all time).

by ziddoap

4/23/2025 at 11:12:00 PM

[flagged]

by Alupis

4/23/2025 at 11:25:28 PM

Like two lines up from your quote:

"He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees"

That sure sounds like no logs.

If you don't believe the whistleblower, just say that, and skip the insulting me part (and I'll know to skip the replying to you part).

by ziddoap

4/23/2025 at 11:33:49 PM

[flagged]

by Alupis

4/23/2025 at 11:36:58 PM

>You are being selective in your quotation:

Rich, coming from the person who left the sentence about logs out of their comment and then said "No where in the complaint does it allege anyone asked for an audit-less account".

>Go ahead, read it again please. You have the experience to understand what this means.

Do you get some sort of weird satisfaction out of being ridiculously condescending? Do you think it makes your argument stronger? Are you just an angry person?

>This very clearly means we aren't using the normal account-creation process which itself creates logs of account creation.

You think they requested no logs about account creation, but are cool with the logging after? What on earth would the purpose of that request be?

The request was not stated in a way that implies a point-in-time request to turn off logs solely for account creation. (And, again, that would be a completely nonsense request that accomplishes literally nothing).

Anyways, I have no interest in getting into it with someone that has to throw in little personal jabs in every comment. You can believe that the DOGE team only wanted the account creation to be exempt from logs but wanted the logs turned on immediately afterwards for god knows what reason.

by ziddoap

4/23/2025 at 11:44:30 PM

[flagged]

by Alupis

4/23/2025 at 11:47:13 PM

First it was logs weren't mentioned. Then it was, well, logs were mentioned, but only to be turned off for the account creation process. Now it is, well, it was someone else who requested it and everything is speculation.

>Try to apply your experience here and calm down a bit.

Had to get one more little jab in there, didn't you? Can't have just one comment without one.

We're not going to convince each other. Hope that in the future, for other people's sake, that you can tone down your condescension and insults. It's a really unpleasant experience trying to discuss important things with someone who can't make a point without belittling the person they are talking to.

by ziddoap

4/23/2025 at 9:25:25 PM

Untraceable and complete access to government databases. I can't begin to imagine the implications here.

by MattDaEskimo

4/23/2025 at 10:50:22 PM

We only hear about the cases where a someone is taking the risk of blowing the whistle, and actually manages to get the story out. Hopefully with enough substance for people to take the information seriously. How many cases that are likely to reach public knowledge is left as an exercise to the reader, as the saying goes.

by xorcist

4/24/2025 at 2:34:42 AM

>How many cases that are likely to reach public knowledge is left as an exercise to the reader, as the saying goes.

Is this some reminder to people that bad things occur that aren't found out.

Considering how everyone is aware of this is your comment some sort of clusterbomb whataboutism?

by Braxton1980

4/24/2025 at 1:14:26 AM

Direct access to private data relating to accusations against companies Musk owns.

by tootie

4/23/2025 at 9:29:43 PM

So what exactly is being alleged here? That these DOGE bros wrote and used “hacker” code from GitHub to bypass security limitations on NLRB data? Why would they even need to do that if they had superuser accounts in the system already?

by munchler

4/23/2025 at 9:37:01 PM

I think the point of the article is that the whistleblower's original claims can be substantiated publicly. It's another datapoint indicating that the DOGE people are operating haphazardly at the absolute best and, more likely, attempting to obscure their tracks because they know that what they're doing wouldn't pass legal muster.

by woodruffw

4/23/2025 at 9:47:52 PM

DOGE downloaded libraries to assist in data exfiltration, and did exfiltrate data (obtained via the superuser accounts).

Suggest reading the complaint: https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...

by pkilgore

4/23/2025 at 9:41:21 PM

The article is written very poorly. The disclosure itself is far more readable.

https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...

by timewizard

4/23/2025 at 9:56:37 PM

Also this PDF contains a detail I haven't seen reported elsewhere:

> Furthermore, on Monday, April 7, 2025, while my client and my team were preparing this disclosure, someone physically taped a threatening note to Mr. Berulis’ home door with photographs – taken via a drone – of him walking in his neighborhood. The threatening note made clear reference to this very disclosure he was preparing for you

by underyx

4/23/2025 at 10:31:41 PM

It's an interesting detail because if true -- and I fully assume it is -- the intention likely wasn't to dissuade him from going public, but instead to make him look like a conspiratorial nut. When I first saw this story and heard that "drone shot of him / threatening note" I admit that I immediately assumed it was a flake, but on further details I think that was actually the reason for doing that.

by llm_nerd

4/23/2025 at 9:51:05 PM

Thanks. So the tools downloaded from GitHub were allegedly used to scrape personally-identifiable information (PII), details about ongoing legal cases, union-related data, and corporate secrets. The whistleblower observed large spikes in outbound data traffic, suggesting that gigabytes of sensitive information were exfiltrated with logging disabled, so as not to leave a trail.

by munchler

4/23/2025 at 9:47:48 PM

Yes, this is much more clear than the article.

by uxp100

4/24/2025 at 12:07:33 AM

The lede is buried but the implication is downloading a huge amount of data on union organizers, which can then be given to a company to pre-emptively fire those individuals

by superconduct123

4/23/2025 at 9:34:35 PM

they added a backdoor that is not audit logged. that's why.

by weaksauce

4/23/2025 at 9:55:21 PM

Isn't the ip rotator used to scrape from public websites to bypass rate limits? Not sure how that automatically means they are "siphoning sensitive case files".

by porphyra

4/24/2025 at 1:15:58 AM

The IP rotator was discovered in the analysis. The exfiltration of data was discovered by an NLRB employee and triggered the complaint. A member of their staff saw the spike in egress, found the source and that the audit log had been bleached.

by tootie

4/24/2025 at 12:25:36 AM

It doesn’t. Coupled with the whistleblower complaint, however, it is evidence.

by borski

4/23/2025 at 9:45:00 PM

>Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially.

A little nit-picking, but that's not what open source means, especially as it relates to the GPL in this case. If you can't use the code commercially, it's neither "open source" (as defined by OSI) nor free software (as defined by the FSF).

by growdark

4/23/2025 at 9:46:56 PM

Right, but the original statement isn't being mutually exclusive.

by nativeit

4/24/2025 at 2:08:10 AM

To everyone saying 'where are the arrests?' This is all conjecture at this point and time will tell what was click bait and truth. Below is the statement from NLRB's acting press secretary.

"Tim Bearese, the NLRB's acting press secretary, denied that the agency granted DOGE access to its systems and said DOGE had not requested access to the agency's systems. Bearese said the agency conducted an investigation after Berulis raised his concerns but "determined that no breach of agency systems occurred."

https://www.npr.org/2025/04/15/nx-s1-5355895/doge-musk-nlrb-...

by Sparyjerry

4/24/2025 at 2:41:55 AM

People should not need to be conjecturing. The federal government should have clear documented reasons for the things that it does. It should have oversight, but all of the oversight has been fired, every department headed by yesmen and fox news anchors. We are all left guessing because they are doing loads of things that seem either treasonous or performed with very little thought to the consequences.

by jmcgough

4/24/2025 at 12:01:26 AM

> Berulis said he went public after higher-ups at the agency told him not to report the matter to the US-CERT, as they’d previously agreed.

If the allegation is true, what would be the motivation of the higher-ups to keep this secret from US-CERT?

It appears to be a severe compromise, and the context suggests that much of the rest of the federal government is imminently vulnerable to the same tactics by the same threat actor.

Where the higher-ups reporting the security crisis through better channels?

Or were they trying to keep it quiet entirely, so might be complicit in something bad?

by neilv

4/24/2025 at 7:19:25 AM

Or they’re just fearful of retaliation/termination for making waves with this administration

by dkrich

4/25/2025 at 9:03:38 PM

Becoming complicit.

by neilv

4/23/2025 at 9:45:13 PM

This is much ado about nothing. The article tries to very hard to make something ordinary sound nefarious.

This appears to be DOGE employees simply doing their job.

You may not agree with what they’re doing in a political sense, but if you were tasked with the same problem you’d come up with a nearly identical solution.

For example: “tenant admin” is probably the special role that can bypass access control (not audits!) and see and read all data.

This sounds scary but I regularly request this right from large government departments and I get it granted to me.

Its use is justified when normal access requests would be too complex / fiddly and error prone. Generally, in a large environment, there is no other way to guarantee 100% coverage because as an outsider you don’t even know what permissions to ask for if you can’t see anything due to a lack of permissions!

Seriously: sit down for a second and think about how you would go about getting access to make a full copy of an organisation’s data for an audit if you fully expect both passive resistance and even active efforts to hide the very things you’re looking for.

by jiggawatts

4/23/2025 at 10:36:03 PM

The original complaint mentions:

"7. March 3rd - I received a call during which an ACIO stated instructions were given that we were not to adhere to SOP with the doge account creation in regards to creating records. He specifically was told that there were to be no logs or records made of the accounts created for DOGE employees."

Which part of doing an audit, or some other DOGE employee's job, requires logs or records not to be made of their accounts?

Another quote:

"They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data. Note, these permissions are above even my CIO’s access level to our systems. Well above what level of access is required to pull metrics, efficiency reports, and any other details that would be needed to assess utilization or usage of systems in our agency. We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval. The suggestion that they use these accounts instead was not open to discussion."

Audits don't require being able to alter data.

Also, some of the data is mentioned as being sensitive. Although granting access to the data of another agency may make sense, I have trouble believing that direct access to data such as sensitive personal information of third parties would routinely be given to people from outside of the organization. Even within the organization the group of people given access to sensitive data should be as limited as possible.

by Delk

4/23/2025 at 11:10:18 PM

[flagged]

by jiggawatts

4/24/2025 at 2:06:45 AM

> DOGE staffers would have been instructed not to trust any custom role, so… Tenant Admin it is.

Ok, arguing with DOGE on their own terms… I confess I’m not knowledgeable with these systems, but how do you even trust it when it tells you you’re the “Tenant Admin”? Why would the deep state be unable to fabricate such a role that looks like the real one but is still lying to you? I did enough research to assume this is a Microsoft thing, so you might be viewing a Microsoft domain signed by a Microsoft SSL cert, and trust that Microsoft is telling you you’re really the highest admin. But… we’re talking a vast conspiracy with billions on the line… why would a true-believer DOGE crusader not believe there are also deep state agents in Microsoft, the certificate authorities, and ISPs?

Asking for Tenant Admin or whatever magic term seems like a start to get “the truth”, but completely inadequate to actually take down “the deep state.”

Of course, that’s the beauty of it. A super-powerful, secret enemy can never be vanquished, so they’re always a great excuse to take the next step to demolish the real government and trample the rights of the people.

by zzrrt

4/24/2025 at 2:29:30 AM

Azure for example has a built in role (actually a checkbox) that is un-fakeable by anyone that can’t MITM the portal web site.

The NSA might be able to do this, but even they’d be finding it a challenge if forced to do so on short notice with someone looking over their shoulder.

by jiggawatts

4/24/2025 at 3:27:15 AM

Infiltrating Azure, hacking a third-world CA, or evil maiding DOGE employees’ computers would be among the easiest tasks the deep state would undertake. On one hand, sure, criminals fail at easy things all the time, but this is the supposed most powerful secret organization; you can’t assume you have a technical solution they can’t crack. Focus on data they didn’t show you just because you said “tenant admin.”

by zzrrt

4/24/2025 at 12:41:59 AM

Your argument makes sense. I still speculate they're doing malicious things.

by thrwaway438

4/24/2025 at 1:22:21 AM

DOGE was given a mandate by a President with unprecedented (hah) unitary power. They’re executing on that, roughly how you’d expect them to, given their instructions and the time and resources available to them.

I personally feel that they’re being reckless and sloppy, uncovering “waste” that is often simply an artefact of their hubris. In doing so, they’re risking exposing the internal systems of the government to outside attack.

This is the rough equivalent of the guards in a prison turning over everything in a cell looking for contraband.

It’s not nice. It’s rarely productive. It is also a tool of intimidation. That’s part of the point. The prisoner is not supposed to like it. They’re not invited politely to present what they want others to see. They’re humiliated and powerless. That’s what the MAGA and DOGE want.

by jiggawatts

4/24/2025 at 3:08:48 AM

1. DOGE is acting in this way to uncover the "deep state" (unironically).

2. DOGE is committing treason.

3. DOGE is humiliating those who were formerly in control.

A little of column A, B, and C in my opinion. At this point it doesn't matter what's true. I think all parties are involved to commit terrible acts, whether they're directly assets of a foreign power or just have something to gain. Inept, traitorous, opportunistic, inhumane, careless.. the whole party is here.

I hope when all is said and done, a true accounting is performed and those who committed the damage are held responsible. It won't matter what their associations or intent was. Manslaughter is manslaughter.

by thrwaway438

4/23/2025 at 11:03:35 PM

I have taken part in audits for several organizations over the years, and I can assure you that's not how audits are done at all.

In fact, should the auditor find there is a way for them to access sensitive data without it being logged, they will flag it immediately. That would be the case even under simple financial regulation.

There is absolutely the risk that the people you audit will lie to you or present you with false data. In practice that's not common, because they stand to at the very least lose their jobs. It could also be illegal. Not worth it.

by xorcist

4/24/2025 at 2:11:48 AM

A normal audit, sure. This isn’t that. This is the prison guards flipping the mattress looking for contraband.

All of the public complaining is by staff that don’t understand their new position in the pecking order.

There is a King in charge and he cares not for the wailing of the petty nobles.

by jiggawatts

4/24/2025 at 8:36:41 AM

>This is the prison guards flipping the mattress looking for contraband.

No its not. These prison searches in fact do tend to find knives and what not and do in fact have some role in managing prison violence.

This is not about anything like that at all.

by watwut

4/24/2025 at 9:35:51 AM

It’s an analogy about established civilised audit procedure versus whatever DOGE is doing, which is… not that.

It’s not about literal shivs.

Speaking of finding things under the mattress, they did find corruption and waste, which they feel justifies their approach.

In my opinion the tiny amount of “waste” they uncovered is arguably not worth the damage and risk done, but that’s my opinion, not theirs.

Again: the damage and humiliation is part of their agenda. They feel that departments are “disloyal” to the King… err… President and hence ill treatment is not only justified but warranted.

by jiggawatts

4/24/2025 at 1:45:38 PM

> Speaking of finding things under the mattress, they did find corruption and waste, which they feel justifies their approach.

As far as I know, they did not found much. Every time their claims were checked, it was hot air. We do not have to lie on their behalf to appear reasonable.

by watwut

4/24/2025 at 9:54:51 AM

To what extent has those findings been verified? I know the was a lot of noise about things that turned out to be mostly imaginary.

by xorcist

4/23/2025 at 10:20:21 PM

by shakna

4/23/2025 at 10:32:54 PM

It would be astonishingly stupid to threaten a whistleblower in such an amateurish manner when you’re backed by the party in power and have the full and official apparatus of the state at your disposal.

by frumplestlatz

4/23/2025 at 10:34:27 PM

astonishingly stupid sounds about right for the people leading apparatus of the state :)

by bdangubic

4/23/2025 at 10:41:04 PM

What could they possibly hope to accomplish with a threatening note and drone photos other than to provide fodder for his complaint?

Why would drone photos even be necessary when you’ve already demonstrated that you know where they live?

What possible purpose does such a threat serve?

by frumplestlatz

4/23/2025 at 11:11:49 PM

not sure if this is a serious question…? what would it accomplish if you were the whistleblower? if it was me, my family would be on the first flight out of the country

by bdangubic

4/23/2025 at 11:27:19 PM

It would convince me that whoever I was whistleblowing on was so remarkably stupid as to engage in a felonious criminal conspiracy while leaving behind physical evidence thereof.

I hope that the threatening note and photos have been turned over to the police, where they can be analyzed for fingerprints, printer microdots, et al, and the police can canvas the neighborhood for security camera footage.

As a tactical move, this kind of threat makes zero sense for anyone in the government to carry out if they are even a semi-rational actor.

by frumplestlatz

4/24/2025 at 5:56:07 AM

That assumes that legal repercussions are expected. The current administration behaves as if laws are only to be followed in case of failure, and only temporarily.

They refer to "lawfare", where you do whatever you feel necessary, and only engage in legal systems where absolutely required, and only to make whatever inciting behaviour legal in retrospect.

by shakna

4/24/2025 at 12:00:49 AM

our HIGHEST-level government people are texting each other (along with whoever else happens to be in their contacts) war plans so you know, stupid is as stupid does :)

by bdangubic

4/23/2025 at 10:57:46 PM

To intimidate. To scare into silence.

by bronson

4/23/2025 at 11:31:04 PM

Except that all you’d be doing is creating a trail of physical evidence demonstrating a felony conspiracy — and a frankly stupid one at that.

by frumplestlatz

4/24/2025 at 12:50:17 AM

From recent news it seems unlikely these guys are interested in behaving rationally.

by bronson

4/24/2025 at 1:16:19 AM

It just doesn’t pass the smell test.

- Who decided to threaten the whistleblower and why?

- Who approved such an idiotic idea?

- Who determined his home address?

- Who flew the drone, timed to capture photos of the whistleblower while on his way to/from his home?

- Who took the drone photography, printed out the images, and wrote a threatening note?

- Who then took all that and physically posted it on his door?

That’s a very involved process, with substantial risk, with no realistic upside. None of the incentives are aligned with the behavior. It simply doesn’t make sense.

Applying Occam’s razor, it seems a lot more likely to be fabricated — that’s a scenario in which incentives actually align with the behavior.

In practice, that shouldn’t make a difference to the investigation; given the physical evidence, they should investigate in great detail the origin of the threat — regardless of whether it’s a hoax or real.

by frumplestlatz

4/24/2025 at 5:00:30 AM

You don't think Big Balls can order a drone on amazon? He was already fired once for intimidating rival companies online https://newrepublic.com/post/191325/elon-musk-doge-teen-cori...

by Maxious

4/24/2025 at 5:15:29 AM

I'm not sure what you're referring to; that article says he leaked internal information to a competitor.

That's not ethically excusable, but it's worlds apart from the kind of very real-world felonies involved in this kind of intimidation.

This kind of intimidation would be an incredible and extremely stupid escalation that carries the potential for decades in federal prison, and for what? DOGE has the ruling party and the full force of the executive branch backing their actions. They have no need whatsoever to engage in behavior so ridiculous and counterproductive.

To be clear, this would have required stalking the whistleblower at and around his home, in person. It would have required creating significant physical evidence that could trivially lead back to the perpetrator. There will be cell phone location records, security camera footage, printer microdots, camera lens/sensor fingerprints.

by frumplestlatz

4/23/2025 at 9:59:21 PM

Do you also delete logs, fire the cybersecurity team, and stonewall breach investigations?

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

by apical_dendrite

4/23/2025 at 9:52:27 PM

In that case, you and departments you work for are either breaking the law regularly or working with public data anyway.

Besides, no one needs unmonitored write access for audit. Even less DOGE who does no audit and don't have knowledge how to do audit. Audits are supposed to he traceable.

by watwut

4/24/2025 at 2:19:26 AM

No one needs write access, but most systems only have a read/write predefined role for tenant-wide access. If you don’t trust the department staff to give you anything but a predefined role, it’s typically the only option. Similarly if you need to fire privileged IT staff on the spot for headcount reduction you need admin-equivalent rights to lock them out. You can’t in general trust disgruntled admins to lock themselves out!

Also, in some cloud systems full read access can give you direct or indirect access to service keys / API keys which then are write equivalent permissions anyway.

by jiggawatts

4/24/2025 at 7:05:34 AM

> If you don’t trust the department staff

I find the argument the most absurd in relation to DOGE. There is no reason to give them more trust then to anyone else in goverment ... and multiple reasons to trust them less. Starting from personal histories of some of them and how they were selected.

As such, this "I dont trust" is just reflection of their incompetence, arrogance and a lazy excuse.

by watwut

4/23/2025 at 9:55:12 PM

[flagged]

by sremani

4/23/2025 at 10:01:42 PM

Whistleblowers are protected by law. If their data is being exfiltrated then they may become targets of harassment.

by paulryanrogers

4/24/2025 at 1:56:24 PM

So this is speculation that laws "may" be broken but nothing beyond that. Might be harassed. Even by HN standards this daily Elon burning rituals are a new low.

by sremani

4/23/2025 at 10:33:54 PM

I don't believe your statement that you ask for, and successfully receive, tenant admin rights from large government departments.

DOGE employees aren't simply doing their job. They are actively subverting the government to fatally wound it.

by dekhn

4/23/2025 at 10:00:57 PM

Omg they also saw spikes in DNS traffic and high load during days exfiltration ahead of audit...

Clearly the (system) auditing infrastructure wasn't robust enough to still provide a lot of monitoring even in the service is being managed by someone else...

Also a several hundred line teardown of a 300line file is exactly what is wrong with some coders. Not having a CI/CL for every single short tool written once to do a job is called being productive...

by rob_c

4/24/2025 at 1:00:22 AM

> This sounds scary but I regularly request this right from large government departments and I get it granted to me.

Prove it. I want you to give examples of where you did something like this.

by fzeroracer

4/24/2025 at 2:15:58 AM

It’s not publicly provable for many obvious reasons such as the delegation being time bound.

by jiggawatts

4/24/2025 at 3:39:26 AM

Anything is publicly provable. And I think you can publicly prove it too. As another poster put it, if that's how you've dealt with systems before then either you were working with publicly available data or you were party to a crime.

by fzeroracer

4/23/2025 at 9:52:24 PM

Absolute balderdash.

by dboreham

4/23/2025 at 9:23:54 PM

> accounts created for DOGE at the NLRB downloaded three code repositories from GitHub

Why is anything of significance on github in the first place?

Edit: It's not. They just download python libraries to do "IP rotation" to circumvent rate limits.

On the actual complaint: (https://whistlebloweraid.org/wp-content/uploads/2025/04/2025...)

It seems that the data was stored in Azure which doesn't make it any better.

by 77pt77

4/23/2025 at 9:25:47 PM

If you continue reading, that question is answered. The GitHub repositories don't belong to the NLRB (or to DOGE), they were generic tools that were used to exfiltrate data from the NLRB.

by teraflop

4/23/2025 at 9:27:10 PM

I noticed and wanted to delete the coment but you replying made it impossible.

They downloaded "IP rotation" python libraries to circumvent rate limits.

by 77pt77

4/23/2025 at 9:24:55 PM

What do you mean? It was "just" a tool to circumvent anti-scraping measures.

by Cthulhu_

4/23/2025 at 10:07:08 PM

If they have full access to the systems, why are they scraping them externally?

by icedchai

4/23/2025 at 10:38:43 PM

This is the big question everyone here seems to be skipping over. It seems like they're using "database" in the colloquial sense and actually mean some sort of already public data that's just rate limited (for example https://www.nlrb.gov/advanced-search).

Then depending on the order of events, either scraping didn't work well enough and were given "unlimited" (not rate limited) access, or the accounts were actually denied so they fell back to scraping. Or perhaps these two things are just unrelated despite what the story is claiming.

by Izkata

4/23/2025 at 11:40:45 PM

Or maybe, even with access, they couldn't figure out how to query the actual database, so they resorted to scraping? Even with full "tenant" access, it could take some time to figure out where to look.

by icedchai

4/23/2025 at 9:30:50 PM

They are not. If I read the article right, they downloaded tools to use, mostly to do with anonymous web scraping.

by dizhn

4/23/2025 at 11:02:45 PM

The government dogs are literally script kiddies, go figure.

by xyst

4/24/2025 at 10:09:21 AM

Related: 2016 thread on Hillary Clinton’s internet connected printer and her unauthorized private server containing classified information:

https://news.ycombinator.com/item?id=11782383

by briandear

4/24/2025 at 1:09:12 AM

So the real question is, who do you actually report this too if the fox is guarding the hen house? The only place that makes any sense is congressional oversight in some way but that will go nowhere except maybe a quick NPR story.

by jmward01

4/23/2025 at 9:50:09 PM

What sucks is, is that Russia and China now, almost certainly, have all this data, but they don't worry me, as much as the American oligarchs that now have it.

by ChrisMarshallNY

4/23/2025 at 11:13:04 PM

>The new accounts also could restrict log visibility, delay retention, route

Guessing those are the same accounts that got accessed by Russian IPs?

Genuinely wondering whether the US democracy is going to make it to December.

by Havoc

4/23/2025 at 11:26:20 PM

> Ge0rg3’s code is “open source,” in that anyone can copy it and reuse it non-commercially.

That isn't what "open source" means.

by blendergeek

4/24/2025 at 3:47:10 AM

Unfortunately about what you should come to expect from Brian Krebs.

by DaSHacka

4/23/2025 at 9:30:00 PM

I almost can't make heads or tails of out of this scatterbrained word salad.

Let's start with this:

> Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

> Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub

What exactly does that mean? NLRB database accounts are GitHub accounts? (Surely not.) Or the same IP address accessed both, suggesting it was the same person? Define "account".

No coherent point being made here. This story needs to clearly separate the rhetoric about GitHub repositories from the NLRB access, and connect them together coherently.

The flow seems to be:

1. Some DOGE people obtained unbridled access to NLRB, with the ability to erase audit trails.

2. There is some sort of evidence that the same people downloaded tools from GitHub for distributed web scraping, suggesting intent to scrape massive amounts of data from somewhere (inferred to be the NLRB database).

There is no evidence cited in the article for the actual downloading of gigabytes of data; the "whistleblower" is quoted only as saying that DOGE required certain privileged accounts to be created and that the users of the accounts supposedly downloaded some web scraping software from GitHub.

At least mention some circumstantial evidence, like a suspicious increase in access activity, coming from distributed IP addresses in the Amazon cloud, following the download of those tools.

This:

seems neither here nor there; why include that. It may be that the tools DOGE are using are not adequately safeguarding the data, but it seems like an extraneous point, and undigestable without specifics.

by kazinator

4/23/2025 at 10:42:54 PM

The only interesting part of 2 is it looks like Doge wanted all the data. The technical details of how they scraped it mostly doesn't matter.

by dehrmann

4/24/2025 at 12:12:32 AM

Plus in the whistleblower's actual report, there is evidence of them getting it, like logs of network output far above previous levels, and those accounts making accesses from various IP addresses (including geo-blocked attempts from Russia).

by kazinator

4/24/2025 at 2:15:08 AM

Musk has installed Starlink terminals on the whitehouse rooftop, to bypass security:

https://www.wired.com/story/white-house-starlink-wifi/

"The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent."

by breadwinner

4/24/2025 at 2:22:33 AM

> Musk has installed Starlink terminals on the whitehouse rooftop, to bypass security

This is confirmation bias and absolutely unsubstantiated nonsense. Hedging your bets on hyperbolic dreck like this is why people don't take the serious stuff seriously.

Do you think cellphone hotspots - that everyone has in their pocket - are also part of some grand conspiracy?

by donnachangstein

4/24/2025 at 2:28:07 AM

Right. But then it is part of a pattern:

See: https://infosec.exchange/@briankrebs/114083485241630234

by breadwinner

4/24/2025 at 2:37:38 AM

Good point, why install another internet connection (starlink) when you can easily use celluar data if you wanted to avoid White House network security?

Very weird

by Braxton1980

4/23/2025 at 11:11:27 PM

That page reads completely incoherently if you understand junior level programming mental models. This is a hit piece for non technical audience meant to conjure fud.

by pyinstallwoes

4/23/2025 at 11:48:31 PM

It’s not at all about programming

by bryancoxwell

4/24/2025 at 6:12:26 AM

From the "critique"[0]:

> This field, including your own career, is built on the labor, innovation, and expertise of Indian engineers and developers. To hold such hateful beliefs about a group that forms the backbone of this industry isn’t just reprehensible—it’s a complete contradiction of the reality you benefit from every day.

> My original critique of your code addressed technical issues and provided solutions, but after learning about your expressed views, it’s clear that poor coding isn’t the root problem here. Your mindset is incompatible with the fundamental values of IT: collaboration, respect, and global interconnectedness.

> Someone who advocates for hate cannot build systems meant to serve diverse users, nor can they lead or contribute meaningfully to teams that rely on trust and mutual respect. I strongly suggest you reflect on the harm your beliefs cause—not just to others, but to your credibility and future in this profession.

It doesn't invalidate the same author's critique above it at all (the critique itself manages to do that) but how it ended up mentioned in Krebs' article is puzzling. It harkens back to the days when journalists would quote-mine random Twitter users' tweets as if it meant something. "Twitter user @john89674651684685 said…" Give me a break.

[0] https://web.archive.org/web/20250423135719/https://github.co...

by brigandish

4/23/2025 at 9:32:56 PM

For those genuine actors here: this theoretical outrage assumes the premise of something immoral or illegal, and completely ignores the authority structure. This looks and smells like an info operation.

by the_optimist

4/23/2025 at 9:42:58 PM

Just, as an exercise, list out 3 good reasons someone might want untraceable admin accounts then list 3 really bad reasons they might want that. If you manage to find 3 good reasons does the outcome of those those outweigh the risks of the potential bad reasons?

by polalavik

4/24/2025 at 12:57:30 AM

I appreciate the question. The most obvious is that this is an “audit the auditors” exercise, and they do not want to leak information toward a likely adversarial counterpart. If they have the authority to so, then they do. An adjacent complaint about “not following Treasury policy is similar.” If these systems exist, there is a governing authority structure, and that does not begin at the level contemplated in this document.

by the_optimist

4/23/2025 at 11:37:21 PM

Good: 1. The account-level below that doesn't have access to certain stuff and just happened to have untraceable stuff 2. They just said "give me the highest level of access" and didn't investigate what that meant 3. Can't think of a good third atm

Bad: 1. They want to do nefarious things untraceably 2, 3. I think 1. covers pretty much everything.

Personally, if I'm put in charge of overhauling a system I don't want to waste my time waiting on approvals for BS, I just want to be given the highest level of access I can be given to get on with work.

I'm not saying this is fine, but the information here is basically a random list of things that happened and it doesn't really tell a nefarious story to my eyes.

by rockemsockem

4/24/2025 at 6:12:45 AM

I honestly don't understand the defenses of these actions here. Forget about the nature of data we're talking about here. If I was an engineer working at say google, and I put in mechanisms to access a bunch of data and bypass both auth and audit, I'd get fired instantly.

by yibg

4/24/2025 at 9:01:52 PM

If those mechanisms already existed and you requested and were granted access to them then there wouldn't be anything to comment on really? There would be no firing, nothing would happen.

I'm not defending anything, I'm trying very hard to see what the specific problem is here and all I see is "now things XYZ might happen" and I'm just thinking that I'd be far more interested in an article about XYZ actually happening than this "reporting" on "maybe things ABC happened and maybe things XYZ will happen".

by rockemsockem

4/23/2025 at 10:10:41 PM

Haha, and the Github repo is now offline. lol.

by hashstring

4/24/2025 at 5:20:01 AM

Hello, I work in incident response and cyber forensics within the private sector and as a government contractor. I'm familiar with the government contracting company that currently holds the SOCaaS contract with the NLRB - it's MindPoint Group. They share the a SOC with the DOJ. I reviewed the whistleblower’s evidence, and I have significant doubts about his claims.

Firstly, anyone claiming that "the whole government is compromised" is being conspiratorial. Breaches of this nature are reportable to CISA (US-CERT), the DOJ, local law enforcement, and the FBI. The NLRB has its own cybersecurity incident response team, which includes legal counsel. If both the NLRB and US-CERT determined that this wasn’t a reportable incident then I trust their judgment.

Secondly, I’ve seen a lot of speculative commentary about the Russian IP allegedly logging into the DOGE account. A simple OSINT investigation reveals that this IP has had a negative reputation for over a year, specifically flagged for credential stuffing and scanning activity. Credential stuffing is a common tactic when credentials have been leaked or breached, often showing up on platforms like intelx.io, DeHashed, or BreachForums.

It's also worth noting: no serious nation-state actor would use an IP with such a known bad reputation. Doing so would risk burning any operational investment they’ve made. Nation-state actors almost always use clean infrastructure or proxy chains to conceal their activity.

The timeline the whistleblower presents spans two months, yet I find his interpretation of the activity speculative without hard evidence—especially considering he admits he does not possess the actual logs. That’s a huge red flag.

Thirdly, I tried to find the whistle blower’s official title, and it’s usually hidden in the media. In his official report he states that he is a Dev Sec Ops engineer. He also claims that he lost access to privileges – but the emails in the screen shot seemed to be a zero-trust/principle of least privileges hardening effort. That’s not suspicious to me.

Fourth, the screenshots the whistleblower provided of the Azure environment appeared extremely sparse. While I don’t know the exact size of the NLRB’s infrastructure, unless it's unusually small, I would expect to see more resources. From what I reviewed, the Azure dashboards he used had no filters applied, which raises the question—why are there no other subscriptions, VMs, load balancers, WAFs, etc., visible?

Regarding the DLP policy alerts, he could have easily shown the associated data. Interestingly, the alerts were labeled “test,” which is significant—but he chose not to address or explain that. Omitting that context makes the evidence less compelling. He also leaves out basic critical Indicators of Compromise (IOCs) like src_ip, src_port, dest_ip, dest_port, bytes, and duration. I’m not expecting him to extract mutex and environment variables but showing the basics would be convincing enough consider all they would have been accessible to him from the dashboards he screenshots in the document.

Finally, his claim that the NLRB doesn’t have a SIEM is demonstrably false. The NLRB shares a SIEM with the DOJ, which is operated by MindPoint Group under a SOCaaS contract.

Here’s my general take on the situation: The whistleblower had only been with the organization for six months and served as a mid-level DevSecOps engineer—not a security analyst, incident responder, or SOC analyst. After DOGE was announced, the NLRB began implementing Zero Trust principles and the Principle of Least Privilege. This is typical hardening. As a result, his old admin access which was over provisioned and no longer necessary for his role—was revoked. He panicked. Still having access to some Azure tools, he could have used a test or dev environment (referencing the sparse number of resources in the screenshot but he claimed it to be prod with no filter), toggled a few settings, took screenshot, and constructed a narrative around it. He escalated it to the CEO, who initially listened. However, the incident response team conducted an investigation and found nothing substantiating his claims. NLRB and US-CERT determined it to not be reportable, or which indicates that if it was a security event it was not an incident.

As for the Russian IP, it may be real—but it’s clearly tied to credential stuffing activity, not a sophisticated threat actor. If it genuinely accessed a DOGE account, that would indicate a breach on the DOGE side or weak password hygiene. But again—as mentioned earlier—he doesn’t have the logs to back this up, and his reasons for that are unconvincing. #Doubt.

by cyberjerkXX

4/24/2025 at 7:32:03 AM

Can you explain why a GitHub repo for IP rotating and tied to a prominent DOGE member was downloaded and then deleted?

by dkrich

4/24/2025 at 12:50:00 PM

I can explain why I doubt him.

The evidence supporting his claim is a screenshot of an Excel spreadsheet with several columns excluded. It appears to have been exported from the DeviceProcessEvents table within the advanced threat hunting schema. However, he failed to provide the threat hunting dashboard view, which would include critical context such as the process tree, MD5 hash, account SID, account domain, and process creation time. Given that he clearly has access to Microsoft Defender XDR or Defender for Endpoint, he has the capability to conduct a thorough investigation. Yet, he did not do so, nor did he include that information in his legal submission. As a result, I find his claims unconvincing.

As for the forked repo deletion - I have no clue. It seems like the repo was already well known. I'm not a dev so I'd defer to a dev's opinion here. The system owner could be function testing, fuzzing, performance testing, ect. Why didn’t he show the process tree, the system name, and netflow to prove that system running code was interacting with prod? – He clearly has access to Azure tools that would allow him to do that.

by cyberjerkXX

4/23/2025 at 9:31:13 PM

I have a theory that "business ethics" is really just "following the law." In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits. It has turned into (or perhaps always was) the govt's job to set those rules.

Now, the govt also has to create rules for itself. So it creates the Privacy Act and layers of beurocratic checks and balances. These rules are to protect the people, not to derisk or protect the govt. After all, the govt has all the power.

So when capitalist businesses leaders are given the keys to govt, the normal ways of ethical alignment don't work. If you don't follow your own rules, who cares? They're your rules! I think what we're seeing is what happens if you apply traditional capitalist business practices to govt administration.

by hahajk

4/23/2025 at 10:12:44 PM

The trouble is that money is power, so the people who succeed the most at maximizing profit end up getting a lot of influence over the rules.

In some countries, this is done with outright bribery. Here, we do it with campaign contributions and lobbying and “we’ll create jobs in your district.”

by wat10000

4/23/2025 at 9:44:02 PM

Yeah actually. I think that’s about right.

by BriggyDwiggs42

4/23/2025 at 10:11:02 PM

>In capitalism, outside a few select industries like journalism, as long as it's legal you can - and should - do anything to maximize profits.

Honestly, if you were around watching the news 30+ years ago, you would notice a stark difference in how news is covered then versus today. You can't really blame them, they are doing what they can to survive, but coverage today much more tabloid than news.

I would say the "fake but accurate," was the death knell, but it might have been sooner.

https://en.wikipedia.org/wiki/Killian_documents_controversy

by Clubber

4/23/2025 at 10:57:45 PM

[dead]

by TacticalCoder

4/24/2025 at 12:00:25 AM

[dead]

by tonetheman

4/24/2025 at 8:02:31 AM

[dead]

by fnckd0geb0ys

4/23/2025 at 10:06:13 PM

the doge guys are truely living the script kiddie dream

by ceo_tim_crook

4/23/2025 at 9:11:27 PM

[flagged]

by 1a527dd5

4/23/2025 at 9:49:41 PM

[flagged]

by wnevets

4/23/2025 at 10:02:46 PM

In what way (other than people not liking it)? And I'm serious, what is illegal about it from a law standpoint. Educate me.

by cpursley

4/23/2025 at 10:05:20 PM

Whistleblowers are claiming it's sedition: https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

> The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure.

by bigyabai

4/23/2025 at 10:19:50 PM

[flagged]

by ein0p

4/23/2025 at 10:37:20 PM

Without making any statement on whether I believe DOGE is being seditious, it's not hard to interpret their underlying intent as being wholly compatible with the definition you pasted. DOGE intends to hurt the government in ways that cause people to trust it less, with the goal of eliminating large parts of the government.

by dekhn

4/23/2025 at 10:44:17 PM

[flagged]

by ein0p

4/23/2025 at 10:48:18 PM

Yes, a part of the government can try to hurt the government, that is true.

by dekhn

4/23/2025 at 10:15:28 PM

They're stopping congressionally mandated (i.e. legislation) payments to services, violating the Impoundment Control Act of 1974.

by douglasisshiny

4/23/2025 at 10:52:10 PM

That doesn't sound like it would hold up in court. Which services?

by cpursley

4/23/2025 at 10:57:05 PM

I'm not sure if you've been reading the news at all, but I would guess no? The most talked about has been USAID -- namely because they started with it, which is odd because it's one of the smallest government programs and Musk promised to cut $2 trillion -- wait, sorry $1 trillion -- wait, no, $150 Billion by 2026 -- wait, the actual amount is likely much smaller [1].

1. https://www.nytimes.com/2025/04/13/us/politics/doge-contract...

by douglasisshiny

4/23/2025 at 10:11:18 PM

in the way they commit crimes

by wnevets

4/23/2025 at 10:14:18 PM

I don't see anything wrong with what they did, they basically got admin accounts so they can peak into the system and used some libraries from github. What is the problem here? Got a feeling it is just politically motivated, people are not happy that the Trump administration is actually doing something to make systems more efficient and stop money waste of tax payers. I am sure they will make some mistakes along the way and I am sure not every "saving" is actually saving but when you look at so many systems and so much money some errors are expected.

by golemiprague

4/23/2025 at 11:33:26 PM

[flagged]

by zombiwoof

4/24/2025 at 1:50:44 AM

Sorry, but the whole story just reads like a bad mystery novel; tales of Russian hackers, "suspicious" Github repos, somehow-nefarious (docker?) "containers", unspecified threats made (and I quote) in "meat space".

Also interesting to note that not only has Berulis' attorney lead multiple lawsuits against the Trump administration in the past, he was also an intern for both Chuck Schumer and Hillary Clinton. Now that obviously doesn't prove anything, but it could nonetheless be considered a strong indicator this all might be politically-motivated.

by af3d