Maki-Wolf
@maki-wolf.bsky.social
To be worked on in the future I'm 25 and an 18+ account
Reposted by Maki-Wolf
Sharing with everyone reading this thread the story breaking this news and putting it into context:
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
A whistleblower's disclosure details how DOGE may have taken sensitive labor data
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.
www.npr.org
April 18, 2025 at 2:06 AM
Sharing with everyone reading this thread the story breaking this news and putting it into context:
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
Reposted by Maki-Wolf
US-CERT was about to be called in.
CISA’s cyber response team.
But senior officials told them to stand down — no report, no investigation.
CISA’s cyber response team.
But senior officials told them to stand down — no report, no investigation.
April 18, 2025 at 12:12 AM
US-CERT was about to be called in.
CISA’s cyber response team.
But senior officials told them to stand down — no report, no investigation.
CISA’s cyber response team.
But senior officials told them to stand down — no report, no investigation.
Reposted by Maki-Wolf
Then came the intimidation.
While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.
This was just a few days ago.
While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.
This was just a few days ago.
April 18, 2025 at 12:12 AM
Then came the intimidation.
While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.
This was just a few days ago.
While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.
This was just a few days ago.
Reposted by Maki-Wolf
Cost spikes without new resources.
Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.
Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.
April 18, 2025 at 12:12 AM
Cost spikes without new resources.
Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.
Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.
Reposted by Maki-Wolf
Multi-factor authentication? Disabled.
Someone downgraded Azure conditional access rules — MFA was off for mobile.
This was not approved and not logged.
Someone downgraded Azure conditional access rules — MFA was off for mobile.
This was not approved and not logged.
April 18, 2025 at 12:12 AM
Multi-factor authentication? Disabled.
Someone downgraded Azure conditional access rules — MFA was off for mobile.
This was not approved and not logged.
Someone downgraded Azure conditional access rules — MFA was off for mobile.
This was not approved and not logged.
Reposted by Maki-Wolf
The most daming claim in this statement IMO:
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
April 18, 2025 at 12:12 AM
The most daming claim in this statement IMO:
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
Reposted by Maki-Wolf
They used an external library that used AWS IP pools to rotate IPs for scraping and brute force attacks.
They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
April 18, 2025 at 12:12 AM
They used an external library that used AWS IP pools to rotate IPs for scraping and brute force attacks.
They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
Reposted by Maki-Wolf
And then the data started flowing out.
10+ GB spike in outbound traffic
Exfiltration from NxGen, the NLRB's legal case database
No corresponding inbound traffic
Unusual ephemeral containers and expired storage tokens
10+ GB spike in outbound traffic
Exfiltration from NxGen, the NLRB's legal case database
No corresponding inbound traffic
Unusual ephemeral containers and expired storage tokens
April 18, 2025 at 12:11 AM
And then the data started flowing out.
10+ GB spike in outbound traffic
Exfiltration from NxGen, the NLRB's legal case database
No corresponding inbound traffic
Unusual ephemeral containers and expired storage tokens
10+ GB spike in outbound traffic
Exfiltration from NxGen, the NLRB's legal case database
No corresponding inbound traffic
Unusual ephemeral containers and expired storage tokens
Reposted by Maki-Wolf
They disabled the logs.
Berulis says DOGE demanded account creation with no recordkeeping.
They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
Berulis says DOGE demanded account creation with no recordkeeping.
They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
April 18, 2025 at 12:11 AM
They disabled the logs.
Berulis says DOGE demanded account creation with no recordkeeping.
They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
Berulis says DOGE demanded account creation with no recordkeeping.
They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
Reposted by Maki-Wolf
DOGE demanded root access.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
April 18, 2025 at 12:11 AM
DOGE demanded root access.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
Reposted by Maki-Wolf
Who’s the whistleblower?
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.
April 18, 2025 at 12:11 AM
Who’s the whistleblower?
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.