- This part is really damning: a real efficiency audit might need a lot of access to look for signs of hidden activity, but they’d never need to hide traces of what they did:
> Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do.
The subsequent message about Russian activity could be a coincidence–Internet background noise-but given how these are not very technically skilled and are moving very fast in systems they don’t understand, I’d be completely unsurprised to learn that they unintentionally left something exposed or that one of them has been compromised.
by DavidPiper
2 subcomments
- (Non-American here.) If they weren't already, it seems like private businesses, security researchers, and I suppose the general public, should start treating US government agencies as privacy and security threats, just like you'd treat any other phisher, scammer, etc.
If government agencies are compromised - via software backdoors or any other mechanism - any data and systems they can access should be considered compromised too.
- The unfortunate reality is that a half of the US population sees the NLRB as a burden on small businesses—primarily because its policies shift frequently, making compliance costly and complex for those without deep legal resources. [1]
And the same half of the population do not trust anything what npr.org says.
Understanding the above dynamic is key to grasping the current state of discourse in the U.S.
[1] https://edworkforce.house.gov/news/documentsingle.aspx?Docum...
by casenmgreen
0 subcomment
- Just read of this on BSky.
Has some of the protected disclosure document from the whistleblower.
https://bsky.app/profile/mattjay.com/post/3ln2dgoksce2e
Looks like Elon's staff went in and made a copy of everything - which in this case NLRB, so sensitive stuff, but any state department going to have a ton of sensitive stuff - and sent it who knows where; this after disabling all logging and a ton of security, presumably to try to cover their tracks.
This is bad. These guys are looking like bad actors, with State-level authorization for access to everything.
Also looks like they're kids and don't have the hang of security, and the professional Russian State run APTs have hacked them.
- This isn't really a shock to me, but what's more frustrating I guess is that absolutely nothing will come of this. I have zero confidence any of this will even be cleaned up, just the same ranting about "fake news".
Really feels like the fox is already in the coop.
by jonnycomputer
4 subcomments
- I think we should be trying to understand what NxGenBdoorExtract is. NxGen is a system for NLRB. Bdoor is pretty evocative of a back door. He took he git offline or made it private. I can't find it on archive.org.
by softwaredoug
1 subcomments
- Some context as I understand it is DOGE employees are all temporary gov't employees whose employment expires (in June?). Assuming they follow the law there (big If), then they scramble around these agencies with tremendous urgency trying to please Elon (or the powers that be?).
And they absolutely should be resisted with this deadline in mind...
by theteapot
1 subcomments
- > ... DOGE employees demanded the highest level of access ... When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, the IT staffers were told to stay out of DOGE's way, the disclosure continues.
But did they actually "turn off logging"?? How do you even do that? Anyone know what access control system they are talking about?
by Mr_Eri_Atlov
0 subcomment
- The only point of DOGE is to cause as much irreparable damage as possible to American infrastructure.
It will go down as the most successful assault on America since 9/11 once the true scale of the damage is understood.
- If there are elections again in the future and more sane, qualified people take office, the Justice Department will have its hands full for decades.
by MysticOracle
0 subcomment
- The whistleblower and his lawyer gave interviews on CNN & MSNBC:
CNN: https://www.youtube.com/watch?v=TsqgXfrSksI
by DrNosferatu
1 subcomments
- The “young and inexperienced” staffers narrative is very convenient to perform target operations on (specially) sensitive data.
by sherdil2022
1 subcomments
- Why isn’t this considered helping the enemy from within / treason?
Why are people being deported for no crimes or for far lesser crimes?
- Makes sense, this is a lawless reactionary attack on the republic. Their purpose is to put capital ever more firmly in charge. That means attacking workers.
by therealpygon
0 subcomment
- What is that saying they like to say all the time? “If you aren’t doing anything wrong, you should have nothing to fear.” Certainly seems like they are afraid of people seeing what they are doing for “not doing anything wrong”.
- It's likely that this team was infiltrated by adversary countries
- That backdoor code is going to lurk for decades.
Not only will Musk be able to tap into it for years but foreign governments.
by campuscodi
0 subcomment
- DOGE staff are just behaving like a foreign cyber-espionage group at this point
- This coupled with the hot mike incident yesterday where Trump was saying how El Salvador needed to build more mega prisons for the "home grown..terrorists" is beyond concerning. Sure sounds like DOGE is compiling lists of 'less desirable s' that will soon be swept off the streets in unmarked vans. America has turned fully fascist.
by 9283409232
3 subcomments
- It should be clear at this point that DOGE is trying to create a unified database of all persons in the US for targeting. Every single bit of data that they can get about you from the government or social media will be tagged to you Minority Report style. They were clear about wanting to deport citizens to El Salvador as well. Once you are identified as the other side they will come for you. If you are waiting for it to get worse before taking action and getting involved, we are already at that point.
> And Berulis noticed that an unknown user had exported a "user roster," a file with contact information for outside lawyers who have worked with the NLRB.
Possibly looking for lawyers for Trump to target with EOs or blackmail.
by jonnycomputer
0 subcomment
- And what is NxGenBdoorExtract?
by g42gregory
2 subcomments
- Here is the thing that blows my mind: why is there an implicit assumption that this article is an honest reporting and not a propaganda piece? Don't get me wrong, I am not saying that it is. What I am saying is that, at the very least, this question should always be asked first about any reporting.
by 1970-01-01
0 subcomment
- More evidence the current POTUS is in cahoots with Russia.
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
- This checks out because all those DOGE hires appear to be hackers, and they are now state sponsored.
Most of them could never pass a basic background check, much less a TS or even public trust from one of the more invasive Federal agencies.
- I've said this repeatedly, but write this down: before this administration is out we are going to have a major (probably multiple) scandal where DOGE staffers get caught with some kind of horrifying self-enrichment scam based on the data they're hoovering. It could be simple insider trading, it could be selling the data to a FBI sting, it might take lots of forms. But it's going to happen.
These are a bunch of 20-something tech bro ego cases convinced of their crusade to remake government along libertarian axes they learned from Reddit/4chan/HN. These are simply not people motivated out of a genuine desire to improve the public good. And they've been given essentially unsupervised access to some outrageously tempting levers.
by LadyCailin
0 subcomment
- Sounds like they need to file a CVE.. oh wait.
- Even by the standards of this administration...... yikes:
Meanwhile, his attempts to raise concerns internally within the NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information and overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit Whistleblower Aid.
- Welcome to Elon Musks America
by JohnMakin
2 subcomments
- This seems important and incredibly relevant on a site called hackernews. It's credible and from a credible source. Why are we flagging it?
- I am not sure how it's possible to defend the kind of stuff DOGE is doing anymore. Even the veneer of looking for efficiency is gone. There have only been claims of 'fraud' with no real evidence backing up the claimed scale of fraud.
At this point it simply looks like DOGE is yet another attempt to use a popular trope (Govt fraud and waste) to push through changes specifically designed to give unchecked power to one individual.
This much concentrated, unchecked power opens up vast opportunities for fraud and corruption and there are pretty much no instances in history where it turned out be to a good thing in retrospect.
Also, very surprised this story made it to the front page. Typically, stuff like this gets flagged off the front page within minutes.
by computerthings
0 subcomment
- [dead]
by tonetheman
0 subcomment
- [dead]
by consumer451
8 subcomments
- It is hilarious what does, and does not, get flagged on this website in 2025.
The other day on /active, there was a story about a French politician being banned from running for office, due to being convicted of outright fraud for the second time. Absolutely nothing to do with technology or business, nothing to do with the USA. Pure politics in a foreign country. Not flagged.
There was a story directly below which involved the USA, technology and business, but had an uncomfortable narrative for some users. Flagged.
As someone who still likes this site a lot, this just makes me laugh at this point. I don't know how else to react.
- I'm not american so can somebody please explain me, how is deleting logs and every trace of your actions helping with government efficiency?
by indoordin0saur
2 subcomments
- [flagged]
- [flagged]
by josefresco
3 subcomments
- [flagged]
by giraffe_lady
3 subcomments
- [flagged]
by mevin_kitnick
0 subcomment
- [flagged]
by mevin_kitnick
0 subcomment
- [flagged]
- [flagged]
- [flagged]
by grandempire
2 subcomments
- [flagged]
by howmayiannoyyou
11 subcomments
- [flagged]
- They didn't use StarLink?! ROFLMAO
I hope he doesn't think Trump is his boy and will keep DOJ off his back. The problem is that the institutional funds and market makers will not support this level of Watergate/Enron/WorldCom-like risk and Trump isn't going to become entangled in that (since it means the corporate death penalty as far as public equity and access to bank capital is concerned).
BUT the Report is from a super controversial NGO that has long been targeted by Republicans and may soon be DOGEd, so it could be filled with speculation, half-truths, innuendo and lies.
Still...They didn't use StarLink?! I mean, is that not the greatest evidence you could ever hope for of an obvious NSA backdoor in StarLink? They were willing to risk obscure premises-based (bandwidth) monitoring over holding a mini-dish out the window for a few seconds..Too much! I feel like I owe someone $20 for a ticket.
by grandempire
7 subcomments
- > particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets
This entire article appears to be speculation about data they MAY have taken with no evidence besides large file size that they are misusing something.
The discussion with the “whistle blower” and other experts is only about how serious it would be IF they misused it.
Am I reading it wrong?
Hacker News