The DOGE NLRB whistleblower case has revealed alarming activity within Elon Musk’s Department of Government Efficiency (DOGE) that threatens the integrity of sensitive labor dispute data. A whistleblower at the National Labor Relations Board (NLRB) has brought forward a complaint alleging that DOGE employees siphoned more than 10 gigabytes of confidential case files and downloaded potentially malicious code repositories from GitHub to facilitate this unauthorized access. These revelations, as reported by KrebsOnSecurity, raise serious questions about data security and governmental oversight in agencies impacted by Musk’s tech ventures.
Details of the DOGE NLRB Whistleblower Allegations
The whistleblower, Daniel J. Berulis, a seasoned security architect at the NLRB, detailed the circumstances in a complaint filed recently. According to Berulis, on March 3, 2025, DOGE officials demanded the creation of highly privileged “tenant admin” accounts exempt from standard network logging protocols. These accounts purportedly granted unrestricted permissions including reading, copying, and altering sensitive NLRB database contents while preventing comprehensive audit logging, effectively creating blind spots for security monitoring.
Berulis discovered that these DOGE accounts downloaded three external code libraries from GitHub—libraries unfamiliar to NLRB or its contractors. One of these repositories contained a program designed to cycle connections through a large pool of cloud IP addresses to enable “pseudo-infinite IPs” for web scraping and brute forcing. This code, originally authored by a user known as “Ge0rg3,” was forked and modified in January 2025 by Marko Elez, a notable DOGE developer linked to multiple Musk enterprises.
Marko Elez and the Problematic Code
Marko Elez, who previously faced public criticism for social media posts advocating discriminatory ideologies and subsequently resigned before being rehired, developed a library called async-ip-rotator based on Ge0rg3’s requests-ip-rotator project. The Python library in question is described as leveraging AWS API Gateway’s IP pool to bypass IP-based rate-limits on web services, facilitating automated scraping and brute forcing.
Court filings and political reports indicate Elez has access to prominent government systems, such as the Treasury Department’s payments infrastructure, heightening the risk of misuse. Politico reported Elez’s prior violation of Treasury information security policies by improperly sharing sensitive spreadsheets.
Security Implications of the Data Transfer
The unauthorized downloads and access to NLRB case files pose a significant threat to labor rights and employee protections. The data allegedly includes confidential details about union organizers and ongoing disputes, which if leaked, could allow companies to retaliate against workers unfairly. Berulis expressed grave concerns that the data transfer undermines the agency’s role in protecting workers and may bias ongoing litigation.
Moreover, security researchers analyzing Elez’s code have criticized it as “insecure, unscalable, and a fundamental engineering failure,” emphasizing the potential risks if such software manages sensitive government data. These criticisms were posted on GitHub in early February 2025, underscoring the fragility and poor design of the IP rotation technology utilized by DOGE employees.
Context: The NLRB’s Eroded Authority and Legal Battles
The NLRB has been hobbled politically following firings of board members by former President Trump, leaving the agency without quorum. Compounding this, Musk’s companies such as SpaceX have engaged in legal battles challenging the NLRB’s constitutionality. Despite a recent federal appeals court unanimously rejecting these arguments, the agency’s operational capacity remains compromised.
Given this fraught environment, the DOGE interference within NLRB systems exacerbates concerns over oversight, transparency, and the safeguarding of public-interest data.
Additional Downloaded Tools and Their Functions
Aside from the IP rotation libraries, the whistleblower noted DOGE employees downloaded two other tools: Integuru, a framework for reverse engineering APIs used in data fetching, and Browserless, a headless browser system used to automate web tasks. Both tools are frequently employed in web scraping and automation scenarios, aligning with the broader suspicious activity pattern seen in the case.
What’s Next?
Responses from the NLRB and DOGE remain pending, though the story continues to develop as more scrutiny is applied to Musk’s government-affiliated technology operations. The whistleblower went public after internal channels discouraged notifying US-CERT, highlighting systemic issues within agency procedure and potential cover-ups.
For ongoing updates and a detailed account of the events, please refer to the comprehensive report at KrebsOnSecurity.
This unfolding controversy signals urgent calls for reinforced cybersecurity protocols, transparent audits, and renewed political will to protect sensitive government data from improper corporate influence and technical exploitation.
