DOGE worker’s code supports NLRB whistleblower

Original Article ↗ Hacker News Discussion ↗

Alleged DOGE Activity at NLRB

  • Complaint says DOGE demanded “tenant owner” / “tenant admin” accounts at NLRB with:
    • Permissions above even the CIO’s.
    • Ability to read, copy, and alter sensitive case data (union organizers, corporate docs, PII).
    • Exemptions from normal logging and standard audit roles the system already supported.
  • Whistleblower claims:
    • Roughly 10GB of data was exfiltrated with abnormal outbound traffic.
    • DOGE-related accounts coincided with blocked login attempts from a Russian IP using valid new credentials.
    • Cyber staff were told not to report to US‑CERT and his own access was curtailed after raising concerns.
    • He later received a threatening note and drone photos at home referencing his disclosure.

Admin Access, Logging, and GitHub Tools

  • Most technical commenters say:
    • Superuser accounts are normal; superusers exempt from logging are not.
    • For audits, read‑only or dedicated auditor roles plus more logging, not less, are standard.
    • Asking in advance for unlogged, all‑powerful accounts is itself evidence of bad faith.
  • DOGE personnel allegedly downloaded IP‑rotation and scraping libraries from GitHub to bypass rate limits and rotate through cloud IPs; one fork:
    • Stripped the original GPLv3 license and comments.
    • Was publicly visible, then rapidly deleted after coverage; archives and gists remain.
    • Attracted a very long, hostile critique that many readers suspect was AI‑generated.

Security Incident & Russia Angle

  • Whistleblower report: repeated login attempts from a Russian region within ~15 minutes of account creation, apparently using correct credentials but blocked by a geo‑policy.
  • Some see this as near‑textbook treason or foreign compromise; others:
    • Note that serious state actors normally hide behind clean infrastructure, not known‑bad IPs.
    • Float alternatives: credential stuffing, poor DOGE endpoint security, or even fabrication/false flag.
  • One incident‑response professional in the thread argues:
    • Logs and context shown are incomplete and selective.
    • The IP used is long‑flagged for low‑grade attacks, not typical of sophisticated operations.
    • NLRB and US‑CERT reportedly deemed it non‑reportable; he suspects misinterpreted Zero‑Trust hardening and overblown claims.

Law, Accountability, and Pardons

  • Many argue this should lead to prison time; others doubt any convictions because:
    • Access was “authorized” by agency leadership and ultimately framed as presidentially directed.
    • Key computer‑crime statutes hinge on “unauthorized” access, which courts and a friendly Supreme Court might interpret narrowly.
    • The President’s broad pardon power and recent immunity rulings effectively make federal law “optional” for insiders.
  • Extended debate over:
    • Whether the US still meaningfully lives under rule of law versus “might makes right.”
    • The structural problem that laws, enforcement, and voters’ expectations have drifted far apart.

Motives, Politics, and Systemic Concerns

  • Many see DOGE’s pattern—logging exemptions, secretive data pulls, mass firings, and AI tooling—as:
    • A project to bust unions, dismantle the welfare state, and justify replacing civil servants with “AI plus a few coders.”
    • A way to harvest sensitive data for political repression (union organizers, immigrants, voters) and private gain.
  • Others insist this is just aggressive auditing and cost‑cutting:
    • Claim large‑scope admin access is a practical necessity when departments may hide waste or destroy records.
    • Argue that outrage is partisan and that some amount of error is inevitable when rooting out “waste.”
  • Several note past examples (VA, nuclear safety, USAID) where DOGE‑style slash‑and‑burn changes seemed to increase risk and long‑term cost rather than efficiency.

Trust in the Whistleblower and Reporting

  • Some readers find the whistleblower’s sworn narrative, detailed exhibits, and alleged retaliation entirely credible, pointing to:
    • Corroborating media reports.
    • Quick repo deletions after attention.
  • Others see “bad novel” vibes:
    • Over‑dramatic elements (drone stalking, Russian IPs).
    • Politically aligned counsel and a media narrative that, they argue, muddles technical facts and leans heavily on innuendo.
  • Overall, the thread splits between those who see this as a clear, systemic abuse of power and those who think the evidence is murky, technically thin, or opportunistically framed.