logoalt Hacker News

mythrowaway4904/23/20256 repliesview on HN

this part of the whistleblower complaint seem way worse:

" On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior week. I saw way above baseline response times, and resource utilization showed increased network output above anywhere it had been historically – as far back as I could look. I noted that this lined up closely with the data out event. I also notice increased logins blocked by access policy due to those log-ins being out of the country. For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers. "

Replies

stevenwoo04/24/2025

Any guesses for best possible interpretion? The Russians have infiltrated their PCs with keyloggers and DOGE are working from insecure open networks.

The worst possible interpretation is straightforward - they are working for the Russians as agents and let the Russians in or installed the keyloggers for Russia.

show 10 replies
kazinator04/24/2025

The article could offer a summary of this key finding, rather than, say, the pointless paragraph near the bottom about the scraping software found in GitHub not being well written.

This is the evidence which strongly suggests that the DOGE personnel are using various cloud IP addresses to scrape.

Palmik04/24/2025

I wonder why the "no-out-of-country logins" block happens after verifying login credentials and not before, which would make more sense to me.

show 4 replies
bequanna04/24/2025

This just seems odd.

Why would they attempt a login from Russia (if it was indeed Russians)?

It is incredibly cheap to use a VPN with a US residential IP.

show 2 replies
orbital-decay04/24/2025

>Primorskiy Krai

Probably the least expected location to connect from, if it was genuine. Not saying it necessarily isn't, but it's not usual either and doesn't make much sense.

show 1 reply
superconduct12304/24/2025

Wow that's insane