Hacker News new | ask | show | jobs
by frumplestlatz 426 days ago
Why does someone from Russia want access to NLRB data, and why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets when it would be trivially traceable back to them, and if they were in fact granted untraceable/unlogged admin credentials, could legitimately download the data themselves and simply hand it over to said Russian assets if that was their actual intention?

It's not behavior that makes any sense assuming even a semi-rational/intelligent actor.
2 comments
threeseed 425 days ago
> Why does someone from Russia want access to NLRB data

It has details of labor disputes. Which if you’re Russia who thrives on fostering conflict in the US would be an ideal data set.

> Why would DOGE be immediately leaking just-granted NLRB login credentials to Russian assets

Because they are young, highly inexperienced engineers who have been tasked with rolling out their LLM system as quickly as possible. Their priority is not security.

link
frumplestlatz 425 days ago
Your argument is that they are so inexperienced and insufficiently monitored that they immediately leaked just-granted NLRB login credentials (how?) to Russia, while rolling out an LLM system (what system?), and the Russian assets that acquired those credentials were so inept that they risked their access — and had their logins rejected — by immediately attempting to use them directly from a Russian IP block?

Furthermore, that the NLRB data would somehow be of sufficient value to Russian state actors to justify risking burning their access to DOGE employees/data/credentials through frankly idiotic OPSEC, despite there being much higher value targets than the NLRB?

This even remotely doesn't pass the smell test.

link
threeseed 425 days ago
a) No one knows how Russia had the credentials but they did.

b) This system: https://www.wired.com/story/doge-is-just-getting-warmed-up-d...

c) DOGE under its current form will end in the next weeks/months as Musk moves on. So if you’re Russia the best bet is to get as much data now as you can.

link
anang 425 days ago
> Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating.

Explains this:

> why would DOGE be immediately leaking just-granted NLRB login credential

The implication is that the credentials were for more than this specific system. It's entirely feasible that a bad actor would immediately try to vacuum up as much data from as many systems as possible, it's just that this system had a geo block that made it clear this was happening.

I don't think we need to assume that this was a targeted attack on this specific NLRB system, just that this specific NLRB system was the one that caught the attempts.

So, what systems DIDN'T block authentication?

link