A whistleblower on the National Labor Relations Board (NLRB) alleged final week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of knowledge from the company’s delicate case recordsdata in early March. The whistleblower mentioned accounts created for DOGE on the NLRB downloaded three code repositories from GitHub. Further investigation into a kind of code bundles exhibits it’s remarkably just like a program revealed in January 2025 by Marko Elez, a 25-year-old DOGE worker who has labored at quite a few Musk’s firms.
A screenshot shared by NLRB whistleblower Daniel Berulis exhibits three downloads from GitHub.
According to a whistleblower grievance filed final week by Daniel J. Berulis, a 38-year-old safety architect on the NLRB, officers from DOGE met with NLRB leaders on March 3 and demanded the creation of a number of omnipotent “tenant admin” accounts that had been to be exempted from community logging exercise that might in any other case maintain an in depth report of all actions taken by these accounts.
Berulis mentioned the brand new DOGE accounts had unrestricted permission to learn, copy, and alter data contained in NLRB databases. The new accounts additionally might limit log visibility, delay retention, route logs elsewhere, and even take away them totally — top-tier consumer privileges that neither Berulis nor his boss possessed.
Berulis mentioned he found one of many DOGE accounts had downloaded three exterior code libraries from GitHub that neither NLRB nor its contractors ever used. A “readme” file in one of many code bundles defined it was created to rotate connections by means of a big pool of cloud Internet addresses that serve “as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Brute drive assaults contain automated login makes an attempt that strive many credential mixtures in fast sequence.
A search on that description in Google brings up a code repository at GitHub for a consumer with the account title “Ge0rg3” who revealed a program roughly 4 years in the past known as “requests-ip-rotator,” described as a library that can permit the consumer “to bypass IP-based rate-limits for sites and services.”
The README file from the GitHub consumer Ge0rg3’s web page for requests-ip-rotator consists of the precise wording of a program the whistleblower mentioned was downloaded by one of many DOGE customers. Marko Elez created an offshoot of this program in January 2025.
“A Python library to utilize AWS API Gateway’s large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing,” the outline reads.
Ge0rg3’s code is “open source,” in that anybody can copy it and reuse it non-commercially. As it occurs, there’s a newer model of this venture that was derived or “forked” from Ge0rg3’s code — known as “async-ip-rotator” — and it was dedicated to GitHub in January 2025 by DOGE captain Marko Elez.
The whistleblower acknowledged that one of many GitHub recordsdata downloaded by the DOGE workers who transferred delicate recordsdata from an NLRB case database was an archive whose README file learn: “Python library to utilize AWS API Gateway’s large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Elez’s code pictured right here was forked in January 2025 from a code library that shares the identical description.
A key DOGE employees member who gained entry to the Treasury Department’s central funds system, Elez has labored for quite a few Musk firms, together with X, SpaceX, and xAI. Elez was among the many first DOGE workers to face public scrutiny, after The Wall Street Journal linked him to social media posts that advocated racism and eugenics.
Elez resigned after that temporary scandal, however was rehired after President Donald Trump and Vice President JD Vance expressed assist for him. Politico reviews Elez is now a Labor Department aide detailed to a number of companies, together with the Department of Health and Human Services.
“During Elez’s initial stint at Treasury, he violated the agency’s information security policies by sending a spreadsheet containing names and payments information to officials at the General Services Administration,” Politico wrote, citing courtroom filings.
KrebsOnSecurity sought remark from each the NLRB and DOGE, and can replace this story if both responds.
The NLRB has been successfully hobbled since President Trump fired three board members, leaving the company with out the quorum it must perform. Both Amazon and Musk’s SpaceX have been suing the NLRB over complaints the company filed in disputes about staff’ rights and union organizing, arguing that the NLRB’s very existence is unconstitutional. On March 5, a U.S. appeals courtroom unanimously rejected Musk’s declare that the NLRB’s construction by some means violates the Constitution.
Berulis’s grievance alleges the DOGE accounts at NLRB downloaded greater than 10 gigabytes of knowledge from the company’s case recordsdata, a database that features reams of delicate data together with details about workers who wish to kind unions and proprietary enterprise paperwork. Berulis mentioned he went public after higher-ups on the company advised him to not report the matter to the US-CERT, as they’d beforehand agreed.
Berulis advised KrebsOnSecurity he apprehensive the unauthorized knowledge switch by DOGE might unfairly benefit defendants in quite a few ongoing labor disputes earlier than the company.
“If any company got the case data that would be an unfair advantage,” Berulis mentioned. “They could identify and fire employees and union organizers without saying why.”
Marko Elez, in a photograph from a social media profile.
Berulis mentioned the opposite two GitHub archives that DOGE workers downloaded to NLRB programs included Integuru, a software program framework designed to reverse engineer software programming interfaces (APIs) that web sites use to fetch knowledge; and a “headless” browser known as Browserless, which is made for automating web-based duties that require a pool of browsers, similar to net scraping and automatic testing.
On February 6, somebody posted a prolonged and detailed critique of Elez’s code on the GitHub “issues” web page for async-ip-rotator, calling it “insecure, unscalable and a fundamental engineering failure.”
“If this were a side project, it would just be bad code,” the reviewer wrote. “But if this is representative of how you build production systems, then there are much larger concerns. This implementation is fundamentally broken, and if anything similar to this is deployed in an environment handling sensitive data, it should be audited immediately.”
Further studying: Berulis’s grievance (PDF).
Update 7:06 p.m. ET: Elez’s code repo was deleted after this story was revealed. An archived model of it is right here.