Search
Items tagged with: InfoSec
#NLRB stores reams of potentially sensitive data, from confidential info about employees who want to form unions to proprietary business info.
The #DOGE employees, who are led by #Trump adviser & billionaire tech CEO #ElonMusk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new admin's policies & to cut costs & maximize efficiency.
& data has nothing to do w/making the govt more efficient or cutting spending.
Meanwhile, acc/to the disclosure & records of internal comms, members of the #DOGE team asked that their activities not be logged on the system & then appeared to try to cover their tracks behind them, turning off monitoring tools & manually deleting records of their access—evasive behavior several #cybersecurity experts compared to what #criminal or #StateSponsored #hackers might do.
The employees grew concerned that the #NLRB's confidential #data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in #Russia [wtf?], acc/to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing #security #breach or potentially #illegal removal of personally identifiable information.
The #whistleblower believes that the suspicious activity warrants further investigation by agencies w/more resources, like #CISA or the #FBI.
#Labor #law experts…fear that if the data gets out, it could be abused, including by private companies w/cases before the agency that might get insights into damaging testimony, #union leadership, #legal strategies & internal data on competitors — #Musk's #SpaceX among them….
It could also intimidate #whistleblowers who might speak up about unfair labor practices, & it could sow distrust in the #NLRB's independence, they said.
The new revelations about #DOGE's activities at the labor agency come from a #whistleblower in the IT department of the NLRB, who disclosed his concerns to #Congress & the US Office of Special Counsel [#OSC] in a detailed report that was then provided to #NPR.
Meanwhile, his attempts to raise concerns internally within the #NLRB preceded someone "physically taping a threatening note" to his door that included sensitive personal information & overhead photos of him walking his dog that appeared to be taken with a drone, according to a cover letter attached to his disclosure filed by his attorney, Andrew Bakaj of the nonprofit #Whistleblower Aid.
…#DOGE employees demanded the highest level of access, what are called "tenant owner level" accounts inside the independent agency's computer systems, w/essentially unrestricted permission to read, copy & alter #data….
When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with #NLRB #security policies, the IT staffers were told to stay out of DOGE's way….
#law #Trump #Musk #InfoSec #NationalSecurity
For #cybersecurity professionals, a failure to log activity is a cardinal sin & contradicts best practices as recommended by the National Institute of Standards & Technology [#NIST] & the #DHS's #CISA, as well as the #FBI & the #NSA.
"That was a huge red flag," said Berulis. "That's something that you just don't do. It violates every core concept of security & best practice."
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
Those #forensic #digital #records are important for record-keeping requirements & allow for troubleshooting, but they also allow experts to investigate potential breaches, sometimes even tracing the attacker's path back to the vulnerability that let them inside a network. The records can also help experts see what #data might have been removed. Basic logs would likely not be enough to demonstrate the extent of a bad actor's activities, but it would be a start.
There's no reason for any legitimate user to turn off logging or other #security tools, #cybersecurity experts say.
"None of this is normal," said Jake Braun…fmr acting principal dpty natl cyber dir at the WH…. "This type of activity is why the government buys insider-threat-monitoring technology. So we can know things like this are happening & stop sensitive data exfiltration before it happens," he told NPR.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
However, the #NLRB's budget hasn't had the money to pay for tools like that for years, Berulis said.
A couple of days after #DOGE arrived, Berulis saw something else that alarmed him while browsing the internet over the weekend.
MIT grad & DOGE engineer #JordanWick had been sharing info about coding projects he was working on to his public account w/ GitHub….
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
After journalist Roger Sollenberger started posting…about the account, Berulis noticed something Wick was working on: a project, or repository, titled "NxGenBdoorExtract."
Wick made it private before Berulis could investigate further, he told NPR. But to Berulis, the title itself was revealing.
"So when I saw this tool, I immediately panicked,"…He immediately alerted his whole team.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
While NPR was unable to recover the code for that project, the name itself suggests that Wick could have been designing a #backdoor, or "Bdoor," to extract files from #NLRB's internal case management system, known as NxGen, acc/to several #cybersecurity experts who reviewed Berulis' conclusions.
…NxGen is an internal system that was designed specifically for the NLRB in-house, acc/to several of the engineers who created the tool….
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
…while many of the #NLRB's records are eventually made public, the NxGen case management system hosts #proprietary #data from #corporate competitors, personal information about #union members or employees voting to join a union, & #witness testimony in ongoing cases. Access to that data is protected by numerous federal #laws, including the #Privacy Act.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
…engineers were also concerned by #DOGE staffers' insistence that their activities not be logged, allowing them to probe the NLRB's systems & discover info about potential #security flaws or vulnerabilities w/o being detected.
“The whole idea of removing logging & [getting] tenant-level access is the most disturbing part to me," one engineer said.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
"If he didn't know the backstory, any [chief information security officer] worth his salt would look at network activity like this & assume it's a nation-state attack from #China or #Russia," said Braun, the fmr White House #cyber official.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
About a week after arriving, the #DOGE engineers left #NLRB & deleted their accounts….
In the office, Berulis had had limited visibility into what the DOGE team was up to in real time.
That's partly because, he said, NLRB isn't advanced when it comes to detecting insider threats…. "We as an agency have not evolved to account for those," he explained. "We were looking for [bad actors] outside," he said.
But he counted on #DOGE leaving at least a few traces of its activity behind,…details he included in his ofcl disclosure.
First, at least 1 DOGE account was created & later deleted for use in #NLRB's cloud systems, hosted by Microsoft:
DogeSA_2d5c3e0446f9@nlrb.microsoft.com
Then, DOGE engineers installed what's called a "container," a kind of opaque virtual computer that can run programs…w/o revealing its activities to the rest of the network.
#law #Trump #Musk #DOGE #InfoSec #NationalSecurity
On its own, that wouldn't be suspicious, though it did allow the engineers to work invisibly & left no trace of its activities once it was removed.
Then, Berulis started tracking sensitive #data leaving the places it's meant to live…. First, he saw a chunk of data exiting the NxGen case management system's "nucleus," inside the #NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
From what he could see, the #data leaving, almost all text files, added up to around 10GB…. It's a sizable chunk of the total data in the #NLRB sys, though the agency itself hosts over 10TB in historical data. It's unclear which files were copied & removed or whether they were consolidated & compressed, which could mean even more data was exfiltrated. It's also possible that #DOGE ran queries looking for specific files…& took only what it was looking for….
Regardless, that kind of spike is extremely unusual, …because #data almost never directly leaves from the #NLRB's databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, & there's only one noticeable spike of data going out. He also confirmed that no one at the NLRB had been saving backup files that week or migrating data for any projects.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
Even when external parties like lawyers or overseers like the inspector general are granted guest accounts on the system, it's only to view the files relevant to their case or investigation, explained #labor #law experts who worked with or at the #NLRB….
"None of that confidential & deliberative information should ever leave the agency," said Richard Griffin, who was the NLRB general counsel 2013–2017, in an interview w/NPR.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
For #cybersecurity experts, that spike in #data leaving the system is a key indicator of a #breach, Berulis explained.
When Berulis asked his IT colleagues whether they knew why the data was exfiltrated or whether anyone else had been using containers to run code on the system in recent weeks, no one knew anything about it or the other unusual activities on the network….
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
In fact, when they looked into the spike, they found that logs that were used to monitor outbound traffic from the system were absent. Some actions taken on the network, including #data exfiltration, had no attribution—except to a "deleted account," he continued. "Nobody knows who deleted the logs or how they could have gone missing," Berulis said.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
The IT team met to discuss insider threats — namely, the #DOGE engineers…. "We had no idea what they did," he explained.…
They eventually launched a formal breach investigation, …& prepared a request for assistance from #CISA. However, those efforts were disrupted w/o an explanation, Berulis said. That was deeply troubling to Berulis….
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
In the days after Berulis & his colleagues prepared a request for #CISA's help…, Berulis found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal info & overhead pictures of him walking his dog…. It's unclear who sent it, but the letter made specific reference to his decision to report the breach. Law enforcement is investigating the letter.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
"If the underlying disclosure wasn't concerning enough, the targeted, physical intimidation & surveillance of my client is. If this is happening to Mr. Berulis, it is likely happening to others & brings our nation more in line w/ #authoritarian regimes than w/open & free democracies," wrote Bakaj, his atty, in a stmnt to NPR. "It is time for everyone–& #Congress in particular–to acknowledge the facts & stop our #democracy, freedom, & liberties from slipping away…."
In part because of the stymied internal investigation & attempts to silence him, Berulis decided to come forward publicly.
…despite all that, Berulis managed to uncover stranger & more troubling details about what happened while #DOGE was logged on….
Unknown users gave themselves a high-level access key, what's called a SAS token, "shared access signature," to access storage accounts, before deleting it. Berulis said there was no way to track what they did with it.
While investigating the #data taken from #NLRB, Berulis tried to determine its ultimate destination. But whoever had exfiltrated it had disguised its destination too….
#DOGE staffers had permission to access the system, but removing data is another matter.
Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected.
#criminal #law #Trump #Musk #DOGE #InfoSec #NationalSecurity
Speak for that which you know is right
#EFF #cybersecurity #infosec #Krebs #ChrisKrebs
eff.org/deeplinks/2025/04/cybe…
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructure.Electronic Frontier Foundation
#infosec people, THIS is big and you need it in front of management RIGHT NOW.
MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure.
This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.
Inside #DOGE’s push to defy a #CourtOrder & access #SocialSecurity data
Reps of #ElonMusk’s US #DOGE Service have sought for weeks to get around a court order barring their access to sensitive #data & internal systems at the #SSA, prompting career staff to repeatedly resist their efforts, acc/to a half dozen people familiar w/the DOGE team’s actions & records obtained by The Washington Post.
#law #Trump #Musk #privacy #InfoSec #NationalSecurity #judiciary
washingtonpost.com/politics/20…
tHe eNd oF A LeGaCy?!?
Cyber-attacks are not only an existential threat to businesses, they can also hit underground message boards: the infamous website 4chan, known not only for being an endless source of memes, but also for doxxing and coordinating cyber-attacks, spreading hate and conspiracy theories, has itself been hit by hackers.
The site has been offline since early this morning and internal data, including emails from moderators and the admin and parts of the source code, have been leaked. Many users who used to post anonymously on the message board are now worried about the consequences of their online behaviour.
The details of the hack are still unknown, but an outdated PHP tech stack seems to be the reason why access to databases, source code etc. is now possible. Reading about outdated PHP and leaked source code, and possibly database takeover, we immediately think of an unpatched RCE vulnerability, but we will probably find out soon.
#Whistleblower details how #DOGE may have taken sensitive #NLRB data
In the first days of March, a team of advisers from #Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, DC, headquarters of the National Labor Relations Board.
The small, independent federal agency investigates & adjudicates complaints about unfair #labor practices.
#law #InfoSec #privacy #NationalSecurity #Musk
npr.org/2025/04/15/nx-s1-53558…
Risk. Risk is something the business can understand. If you can quantify risk, you get the business to listen. The business deals in numbers, $in vs $out. Quantify the risk of not having a given control. The talk needs to be about $$$, and how infosec controls prevent $out.
Unlocking secret ThinkPad functionality for emulating USB devices:
xairy.io/articles/thinkpad-xdc…
#reverseengineering #informationsecurity #hardware #hacking #infosec #cybersecurity
🤫 Unlocking secret ThinkPad functionality for emulating USB devices
Enabling and using xDCI controller on ThinkPad X1 Carbon 6th GenAndrey Konovalov
BusKill Tutorial: Self Destructing Laptop Storage
#buskill #encryption #crypto #storage #forensics #antiforensics #HDD #infosec #cybersecurity #datarecovery #luks #encrypted #harddrive #privacy #security #educational
Watch On #Peertube:
Freeradical.zone is a Mastodon server featuring infosec and privacy and technology and leftward politics and cats and dogs and…
You can find out more at freeradical.zone/about or contact the admin @tek
#FeaturedServer #Infosec #Privacy #Technology #Mastodon #Fediverse #FreeFediverse
Free Radical
Infosec and privacy and technology and leftward politics and cats and dogs and...Mastodon hosted on freeradical.zone
Oh here’s a good pentesting “self qa” tip:
Write the report, then, before the end of the test window, go back through each finding. Your job is to make sure that using ONLY the information in your report, it’s possible to reproduce that finding.
You aren’t allow to cheat yourself and use any other knowledge or your own techniques again to fill in the blanks - you can ONLY use what is in the report in front of you.
Can you reproduce the finding, without cheating? Yes? Excellent, ‘tis good to go. No? Add more detail.
