[twalkz]

> According to a whistleblower complaint filed last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, officials from DOGE met with NLRB leaders on March 3 and demanded the creation of several all-powerful “tenant admin” accounts that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.

Feels like a pretty good Occam’s razor case… but is there any legitimate reason why one would request this?

[rtkwe]

Even worse when you know more of the whistleblower's story which is that ~15 minutes after one of DOGE's accounts were made there was an attempted login with the correct password from Russia. Not many explanations for that that look good for DOGE...

[ourmandave]

That's straight up traitorous.

DOGE needs to be shutdown and everyone of them held as a flight risk while the whole thing is investigated.

[vimax]

Not to defend doge at be all, but the article specifically mentioned installing a bunch of proxy and scraping tools. Is this likely to be an actual Russian state attack or just extremely poor opsec / an attempt to evade internal controls, still likely very illegal. I'm all for holding all involved accountable to the fullest extent, but this is too sloppy for Russian state involvement to make me think they're on any intelligence payroll anywhere.

[rtkwe]

On the other side, why would Russia need to hide it's involvement in anything with this administration? If they're not willing collaborators they're seemingly entirely beguiled by Russia propaganda and schmoozing.

Brazenly just logging in from Russia can be a statement all its own.

[DrillShopper]

They work for Trump so they'll never be held to account, even if a Democrat wins the next election (assuming even have one and it's fair and free)

I never thought I'd be calling for UN observers for an election in the US but here we are

[JumpCrisscross]

> They work for Trump so they'll never be held to account, even if a Democrat wins the next election

Why? If Democrats take the House in the midterms, which looks more likely the longer Navarro and Musk have West Wing access, they can basically turn these folks' lives into a living hell of back-to-back hearings (and contempt charges down the road). And if Democrats win the next election, they'll presumably put someone with a pulse in charge who doesn't take two years to bring the most important cases of their administration to the docket.

[DrillShopper]

When Biden was elected they didn't seriously crack down on them before outside of the one case at Justice that went nowhere.

They also didn't prosecute GWB/Cheney/Rumsfeld for war crimes when they had the chance. This is a long standing policy of theirs.

[rtkwe]

I get the instinct and the reasoning behind it but it really has proven to just let the whole mess fester into the madness we're getting today.

[JumpCrisscross]

> didn't prosecute GWB/Cheney/Rumsfeld for war crimes

Not relevant to domestic crimes committed by non-Cabinet folk.

[efnx]

I think Trump could simply pardon them, unfortunately.

[JumpCrisscross]

> Trump could simply pardon them

Ironically, one of the most useful things Trump could do is prosecute e.g. Hunter Bide so SCOTUS can strike down preëmptive pardons.

[xoa]

>I think Trump could simply pardon them, unfortunately.

FWIW I think you're not correct here, or rather, it's not merely irrelevant but would actually harm them. The pardon power protects against criminal prosecution by the federal government. But it doesn't protect against mere embarrassment, nor against new actions performed after the pardon. Congress isn't prosecution, their inquiries are just about information finding, and while they can result in information on crimes surfacing, whether or not the USDOJ decides to pursue that or not is completely up to them. The reason a pardon might flat out hurt in such a scenario is that there is an argument it would eliminate any claim of 5th Amendment privileges. That's commonly referred to the right to be silent, and normally that's effectively what it is, but the actual right is the right against self incrimination [0]. If you've been pardoned for something purely federal then by definition it's impossible to incriminate yourself regarding that, because no criminal case can be brought against you. So there'd be no right to refuse to cooperate with a congressional inquiry, and if you didn't that could be treated as contempt which would not be covered by any pardon for the underlying actions.

So yes if a future Administration wanted to pursue criminal prosecutions for crimes that were undertaken by the current Trump Administration, Trump's pardons could certainly put a stop to that. But in terms of "they can basically turn these folks' lives into a living hell of back-to-back hearings", pardons don't help with that one. And if the Democrats just wanted to thoroughly document exactly what went down and who was responsible to make it an indelible part of the history books, with any social consequences that'd come from that, pardons can't help with that either.

----

0: Text of the 5th Amendement: "...nor shall be compelled in any criminal case to be a witness against himself..."

[jarym]

The guy in the oval wants to defund the UN… he’s one step ahead of you!

[stephenitis]

Citation?

[orochimaaru]

Not parent but it’s here - https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...

DOGE is a complete clusterfuck. Fwiw I think there is hard to spot fraud in the govt that should be looked at (eg price inflation at the pentagon, VA, Medicaid/Medicare, SS). They should have done the hard work of uncovering that. Instead they just went for clickbait headlines.

[mmooss]

> DOGE is a complete clusterfuck.

It depends what the objectives are. My impression is that they have been very successful pursuing their actual objectives, while providing a cover story of a 'clusterfuck'.

[rtkwe]

And conveniently gutting agencies that are or were soon to be thorns in Elon's side. FAA and EPA were annoying him around SpaceX's Starship test launches, CFPB would be annoying for his future everything app plans for Twitter, etc.

[orochimaaru]

Maybe. But none of those make him as much money as Tesla which is in the dumps with all the shenanigans. From a motivation perspective it seems more like rank stupidity than Machiavellian.

[rtkwe]

Take your pick it was widely reported and you can read the original whistleblower report;

https://whistlebloweraid.org/wp-content/uploads/2025/04/2025... - page 2 & 11

"This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and – concerningly – near real-time access by users in Russia. Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (eg. Usernames/Passwords)"

"For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers."

https://krebsonsecurity.com/2025/04/whistleblower-doge-sipho...

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

[gnabgib]

From the whistle blower.

> Within minutes after DOGE accessed the NLRB's systems, someone with an IP address in Russia started trying to log in, according to Berulis' disclosure.

https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-...

[pan69]

> all-powerful “tenant admin” accounts that were to be exempted from network logging activity

Is this normal to build this sort of functionality into a software system? Especially software systems that heavily rely on auditability?

[michaelt]

Sometimes, depending on the situation.

My company retains all e-mails for at least 5 years, for audit purposes. But if some troublemaker were to e-mail child porn to an employee, we'd need to remove that from the audit records, because the laws against possessing child porn don't have an exception for corporate audit records.

So there's essentially always some account with the power to erase things from the audit records.

[Cheer2171]

It sounds like you haven't actually had to face that situation, because it is more complicated than just having to delete an offending attachment. You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted. And there would be other records generated to document the deletion, like I'm sure a long email or slack thread from this getting discovered and sent up the chain, over to legal, then to the FBI, then back to coordinating the logistics of manually deleting something from the audit logs. So if for a completely unrelated case, a third party auditor stumbles upon that mess, they will be able to reconstruct why a single attachment cannot be found in the audit logs.

"No" is the answer to GP: there is no legitimate reason for a fully unlogged superuser account.

[j_w]

Yeah, superuser accounts? Of course you need them to exist. Superuser accounts that produce no logs? There is never a reason for that. Anyone who claims they should have a superuser with no logging is up to no good.

[michaelt]

> You would still have an audit log of the deletion of that email record by the superuser, even if the content is deleted.

If needing things wiped from the audit logs happens often, you might indeed have an audited interface for wiping things from the audit logs.

But if it's very rare? Maybe I just request the production database password for "Incident #12345" and run some careful SQL.

> And there would be other records generated to document the deletion, like I'm sure a long email or slack thread

For sure - but the account capable of deleting entries from the audit logs exists

And if I am ordered to hand it over to someone who doesn't care to explain their actions on slack? Then there won't be any explanations in slack.

[heelix]

Ah man... back in the day I worked for a company that built out records management software. One of the big things on the side of the cereal box was that not even an admin could delete something flagged as a record within its retention plan. Fast forward to a company doing that for emails, messing up spam filters, and getting a blast of 'normal' porn that was all flagged as records. I believe they ended up creating security groups for those files that help keep those who were using it .. safe for work.

[aqme28]

I don't follow this example. You could still have an account delete the email while generating a record that an email was deleted. Why would you need an account that doesn't generate deletion records?

[acdha]

Very true - this comes up constantly in blockchain questions - but in that case there’d at least be an audit log showing who deleted which records.

[katbyte]

No. Never. While it’s expected to have a “root” account exempting from logging serves no honest purpose.

[sanderjd]

Of course not. It's the exact opposite and every single person here knows this.

[sellmesoap]

From a an old hackers perspective disabling shell history can have positive security implications. But in today's 'cattle not pets' systems mentality I'd expect all actions to have a log and not having that seems fishy to me. Keeping logging infra secure has a dubious, the log4j fiasco comes to mind. I'm not a fan of regulation for most things, but I think we need a higher cost for data leaking since security is an afterthought for many orgs. My personal leaning is to be very choosy about who I'll do business/share data with.

[typs]

> “We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”

From the previous post, they had auditor roles built in that they purposely chose to go around

[XorNot]

It's the same as domain admin in active directory.

You always need it to setup the system initially.

It's like root on Linux: it's an implementation detail that it must be possible.

[lovehashbrowns]

There’s no possible need for an admin-level user that bypasses logging. If anything these users should have additional logging to external systems to make it harder to hide their use.

[tw04]

Root on Linux isn’t exempt from logging. I also don’t know any enterprise that allows admin accounts to bypass logging.

There is no legitimate justification for this request.

[XorNot]

root on Linux can just kill the log forwarder and erase the relevant logs, or refill them with junk.

[sanderjd]

Yes. A more competent hack would have been to use their superuser permissions to do that kind of thing.

But instead they requested that logging be disabled, thus outing themselves as acting in bad faith.

[gusgus01]

At least at places I've worked, terminating the logger would cause a security incident, and the central logging service have some general heuristics that should trigger a review if a log is filled with junk. Of course with enough time and root, there's ways to avoid that. But that's also usually why those with root are limited to a small subset of users, and assuming root usually requires a reason and is time gated.

[mynameisvlad]

> But that's also usually why those with root are limited to a small subset of users, and assuming root usually requires a reason and is time gated.

I mean, if we were to apply the equivalent from the article, then no they would not have had a reason nor been time gated.

[acdha]

That still leaves highly visible log traces if you’re following most security standards (required in .gov) since you’d have the logs showing them disabling the forwarder. The difference here is that this was like an attacker but had backing from senior management to violate all of those rules which would normally get someone fired, if not criminally charged.

[II2II]

That is a very serious design flaw, but I also believe it is a flaw that is addressed by SELinux. (Perhaps someone with a knowledge of SELinux can offer some input here.) That said, I'm not sure how widespread the use of SELinux is and doubt that it would help in this case since the people in question have or can gain physical access.

[jmainguy]

If your root, you can just turn off selinux

[Braxton1980]

Assuming the Whistleblower is telling the truth, why would they make the request if they could cover their tracks themselves

[sanderjd]

The question is whether it needs to be possible to turn off the audit logs for that role. And of course: No.

[skeeter2020]

typically the admin account can createthings like super users, and super users can do anything with the data, but not sure there's a use case where a single account can do both, and why can any of them avoid logging?

[vkou]

There isn't one.

Anything musk's dogs claim to find cannot be taken at face value because of this. Because there is no audit, and no evidence that they can offer that they didn't doctor their findings.

The next time they claim that a 170-year old person is receiving SS checks, they have no way to prove that they didn't subtract a century from that person's birthdate in some table.

[FredPret]

Ah, this is something I haven't thought of before. This might not actually be spying, but instead just an attempt to plant fake results.

[blooalien]

> This might not actually be spying, but instead just an attempt to plant fake results.

That statement might be (slightly) more believable had there not been access attempts from Russian IP addresses using valid (and recently created) DOGE login credentials so very shortly thereafter.

[timewizard]

They give away the game if you pay attention and read other internal sources from other agencies. This is all about shoving AI into the loop and removing federal workers from it.

They want to prove that AI can do "just as good a job" on these data sets and arrive at "equal conclusions" with a much higher level of effiency.

This is what happens when you get high on your own supply.

[vkou]

And even if it's not and everyone involved is a qualified, thoughtful, unimpeachable public servant with no agenda but the general welfare of the Glorious Republic of Arstotzka in their hearts, the lack of an audit trail means that you have to seriously consider that they aren't.

Of course, given the blatant dishonesty and criminality that the rest of this administration is producing (see: every immigration law case that they are losing in court), you'd have to be a useful idiot to actually assume good intent from them.

[FredPret]

Of course, it just never occurred to me that there's a less bad but still terrible explanation for ghost admin access.

[Cthulhu_]

Sure, to hide your tracks because you know what you intend to do isn't right.

[plandis]

I can’t think of any. Even if you wanted to give someone broad permissions to access and modify data, you wouldn't turn off the audit logs.

[patrickmay]

There is no justification for ever creating an account like that. The only purpose is nefarious.

[largbae]

I am sure they demanded maximum access, but the logging activity phrasing sounds a little bit like spin...

I think if I wanted to describe an account with access to perform "sudo -s" as negatively as possible, I would say "an all-powerful admin account that is exempt from logging activity that would otherwise keep a detailed record of all actions taken by those accounts."

[api]

To allow dodgy offshore actors to snarf huge amounts of data on US citizens to prepare a huge propaganda assault for the next election?

[tootie]

Interview with whistleblower detailing the attack and the threats directed against him:

https://www.pbs.org/newshour/show/nlrb-whistleblower-claims-...

[cmurf]

this guy's lawyer says: This is a difficult topic for Dan to discuss, but prior to our filing the whistle-blower disclosure this week, last week, somebody went to Dan's home and taped a threatening note, a menacing note on his door with personal information.

...

While he was at work, and it also contained photographs of him walking his dog taken by a drone.

This is mafia shit.

[Corrado]

I just finished watching Daredevil: Born Again[0] and this incident looks shockingly familiar to what happened in the show. I don't know how the show runners knew this was going to happen but it feels like they've been spying on the future. Do they have a time machine or are they really that good (and the current administration that bad)?

[0] https://www.imdb.com/title/tt18923754/

[Suppafly]

I'm only really familiar with the 'tenant admin' concept from microsoft administration, it's commonly used otherwise?

[spencerflem]

Obviously no

[jimt1234]

The Deep State! The government is filled with spies determined to "leak" the great work DOGE is doing is the press - so, of course, it needs "God mode" access. Totally legit.

That's the best I could do. LOL

[1oooqooq]

very clear admission of guilt.

[mfer]

Setting aside legitimate (thats a matter of judgement)...

Some previous attempts for DOGE to get data has resulted in data being deleted before they can look and requests for judges to block access to data.

DOGE may be trying to be covert in order to stop these two activities from happening before they can get and review the data.

[throwworhtthrow]

> Setting aside legitimate (thats a matter of judgement)

By definition, a judge decides what's legitimate.

If DOGE expects their access to be blocked by a court judgement, and bum-rushes agencies to exfiltrate data ahead of the judgement, that's also criminal intent.

I am not sure what you are getting at. "Covert" isn't how I'd describe DOGE's actions. "Brazen" maybe?

[mfer]

People have admitted in news interviews to destroying government data to prevent others from knowing what the government was doing. That’s likely criminal. This is a legitimate reason to get at information before people who might destroy have the opportunity.

What’s happening with judges is very political. We likely won’t know what’s allowed until things have gone through the appeals process. There have been cases of judges admitting they will rule against the current administration no matter the topic or law. This is messy, to say the least.

[Braxton1980]

>There have been cases of judges admitting they will rule against the current administration no matter the topic or law

What exactly did they say and who said it?

[LiquidSky]

>People have admitted in news interviews to destroying government data to prevent others from knowing what the government was doing. That’s likely criminal. This is a legitimate reason to get at information before people who might destroy have the opportunity.

Yes, this is precisely the accusation being made against DOGE: they are the government actors criminally trying to to prevent the public from knowing what they're doing.

>There have been cases of judges admitting they will rule against the current administration no matter the topic or law.

No, there haven't, but feel free to provide a source.

[Braxton1980]

>What’s happening with judges is very political. We likely won’t know what’s allowed until things have gone through the appeals process.

What is very political about it?

Since appeals are also decided by judges why is that a better system?

[watwut]

In American system, appeal process is a very formal thing - it checks whether all the ts were crossed, whether process was followed. It is not checking the evidence, it is bringing new evidence, nothing like that.

That is how it was designed.

[santoshalper]

Citation or you're full of shit.