#NLRB stores reams of potentially sensitive data, from confidential info about employees who want to form unions to proprietary business info.

The #DOGE employees, who are led by #Trump adviser & billionaire tech CEO #ElonMusk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new admin's policies & to cut costs & maximize efficiency.

#law #InfoSec #privacy #NationalSecurity

& data has nothing to do w/making the govt more efficient or cutting spending.

Meanwhile, acc/to the disclosure & records of internal comms, members of the #DOGE team asked that their activities not be logged on the system & then appeared to try to cover their tracks behind them, turning off monitoring tools & manually deleting records of their access—evasive behavior several #cybersecurity experts compared to what #criminal or #StateSponsored #hackers might do.

#law #Trump #Musk #InfoSec

The employees grew concerned that the #NLRB's confidential #data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in #Russia [wtf?], acc/to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing #security #breach or potentially #illegal removal of personally identifiable information.

#criminal #law #Trump #Musk #InfoSec #NationalSecurity

The #whistleblower believes that the suspicious activity warrants further investigation by agencies w/more resources, like #CISA or the #FBI.

#Labor #law experts…fear that if the data gets out, it could be abused, including by private companies w/cases before the agency that might get insights into damaging testimony, #union leadership, #legal strategies & internal data on competitors — #Musk's #SpaceX among them….

#criminal #law #Trump #InfoSec #NationalSecurity

It could also intimidate #whistleblowers who might speak up about unfair labor practices, & it could sow distrust in the #NLRB's independence, they said.

The new revelations about #DOGE's activities at the labor agency come from a #whistleblower in the IT department of the NLRB, who disclosed his concerns to #Congress & the US Office of Special Counsel [#OSC] in a detailed report that was then provided to #NPR.

#criminal #law #Trump #Musk #InfoSec #NationalSecurity

Meanwhile, his attempts to raise concerns internally within the #NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information & overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit #Whistleblower Aid.

#criminal #law #Trump #Musk #InfoSec #NationalSecurity

…#DOGE employees demanded the highest level of access, what are called "tenant owner level" accounts inside the independent agency's computer systems, w/essentially unrestricted permission to read, copy & alter #data….

When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with #NLRB #security policies, the IT staffers were told to stay out of DOGE's way….

#law #Trump #Musk #InfoSec #NationalSecurity

For #cybersecurity professionals, a failure to log activity is a cardinal sin & contradicts best practices as recommended by the National Institute of Standards & Technology [#NIST] & the #DHS's #CISA, as well as the #FBI & the #NSA.

"That was a huge red flag," said Berulis. "That's something that you just don't do. It violates every core concept of security & best practice."

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

Those #forensic #digital #records are important for record-keeping requirements & allow for troubleshooting, but they also allow experts to investigate potential breaches, sometimes even tracing the attacker's path back to the vulnerability that let them inside a network. The records can also help experts see what #data might have been removed. Basic logs would likely not be enough to demonstrate the extent of a bad actor's activities, but it would be a start.

#law #Trump #Musk #DOGE #InfoSec

There's no reason for any legitimate user to turn off logging or other #security tools, #cybersecurity experts say.

"None of this is normal," said Jake Braun…fmr acting principal dpty natl cyber dir at the WH…. "This type of activity is why the government buys insider-threat-monitoring technology. So we can know things like this are happening & stop sensitive data exfiltration before it happens," he told NPR.

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

However, the #NLRB's budget hasn't had the money to pay for tools like that for years, Berulis said.

A couple of days after #DOGE arrived, Berulis saw something else that alarmed him while browsing the internet over the weekend.

MIT grad & DOGE engineer #JordanWick had been sharing info about coding projects he was working on to his public account w/ GitHub….

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

After journalist Roger Sollenberger started posting…about the account, Berulis noticed something Wick was working on: a project, or repository, titled "NxGenBdoorExtract."

Wick made it private before Berulis could investigate further, he told NPR. But to Berulis, the title itself was revealing.

"So when I saw this tool, I immediately panicked,"…He immediately alerted his whole team.

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

While NPR was unable to recover the code for that project, the name itself suggests that Wick could have been designing a #backdoor, or "Bdoor," to extract files from #NLRB's internal case management system, known as NxGen, acc/to several #cybersecurity experts who reviewed Berulis' conclusions.

…NxGen is an internal system that was designed specifically for the NLRB in-house, acc/to several of the engineers who created the tool….

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

…while many of the #NLRB's records are eventually made public, the NxGen case management system hosts #proprietary #data from #corporate competitors, personal information about #union members or employees voting to join a union, & #witness testimony in ongoing cases. Access to that data is protected by numerous federal #laws, including the #Privacy Act.

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

…engineers were also concerned by #DOGE staffers' insistence that their activities not be logged, allowing them to probe the NLRB's systems & discover info about potential #security flaws or vulnerabilities w/o being detected.

“The whole idea of removing logging & [getting] tenant-level access is the most disturbing part to me," one engineer said.

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

"If he didn't know the backstory, any [chief information security officer] worth his salt would look at network activity like this & assume it's a nation-state attack from #China or #Russia," said Braun, the fmr White House #cyber official.

#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity

About a week after arriving, the #DOGE engineers left #NLRB & deleted their accounts….

In the office, Berulis had had limited visibility into what the DOGE team was up to in real time.

That's partly because, he said, NLRB isn't advanced when it comes to detecting insider threats…. "We as an agency have not evolved to account for those," he explained. "We were looking for [bad actors] outside," he said.

#criminal #law #Trump #Musk #InfoSec #NationalSecurity