Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror

Submission + - Whistleblower reports terrible things due to DOGE (youtube.com) 9

Submitted by echo123
echo123 writes: NLRB employee Daniel Berulis reports on CNN that within 15 minutes of DOGE staff receiving new accounts with access to highly sensitive Department of Labor (DoL) data, someone within Russia logged in with the correct username and password over 20 times, but were rejected by location-related conditional access policies. Additionally a traffic spike of 10Gb of data exiting DoL was witnessed which is highly unusual activity at anytime.

Also, DOGE is using Starlink to exfiltrate data, and Starlink is known to be hacked by Russia.

He also reports this activity is not limited to the DoL, it has been witnessed across the government I.T. infrastructure, and that sensitive databases have recently been exposed to the open internet.

Daniel Berulis also received a clear message to stop looking. Part of the package he received included drone footage of him walking his dog.

Fast forward to 4min 15seconds if you're in a hurry.

= = =

Via Reuters

Berulis alleged in the affidavit that there are attempted logins to NLRB systems from an IP address in Russia in the days after DOGE accessed the systems. He told Reuters Tuesday that the attempted logins apparently included correct username and password combinations but were rejected by location-related conditional access policies.

Berulis' affidavit said that an effort by him and his colleague to formally investigate and alert the Cybersecurity and Infrastructure Security Agency (CISA) was disrupted by higher-ups without explanation.

As he and his colleagues prepared to pass information they'd gathered to CISA he received a threatening note taped to the door of his home with photographs of him walking in his neighborhood taken via drone, Andrew Bakaj, Whistleblower Aid's chief legal counsel, said in his submission to Cotton and Warner.

"Unlike any other time previously, there is this fear to speak out because of reprisal," Berulis told Reuters. "We're seeing data that is traditionally safeguarded with the highest standards in the United States government being taken and the people that do try to stop it from happening, the people that are saying no, they're being removed one by one."

via NPR

The top Democrat on the House Oversight Committee is calling for an investigation into DOGE's access to the National Labor Relations Board following exclusive NPR reporting on sensitive data being removed from the agency.

Ranking Member Gerry Connolly, D-Va., sent a letter Tuesday to acting Inspector General at the Department of Labor Luiz Santos and Ruth Blevins, inspector general at the NLRB, expressing concern that DOGE "may be engaged in technological malfeasance and illegal activity."

"According to NPR and whistleblower disclosures obtained by Committee Democrats, individuals associated with DOGE have attempted to exfiltrate and alter data while also using high-level systems access to remove sensitive information—quite possibly including corporate secrets and details of union activities," Connolly wrote in a letter first shared with NPR. "I also understand that these individuals have attempted to conceal their activities, obstruct oversight, and shield themselves from accountability."

Comment Re:I Find the TRUTh reassuring.... but (Score 1) 23

Is that you, ChatGPT? Welcome back dude!

Ultimately the best security will be having an understanding with our adversaries that will focus on our mutual survival, (..)

Ultimately the best building security will be having an understanding with would-be thieves, that will focus on our mutual interests (..)

Yeah, sure. Try fences, sturdy doors, proper locks & camera's. And somebody / something checking the footage, with guards / cops on call.

Comment Re:Target code vulnerable? (Score 1) 23

Potentially: yes. If system developing the PLC code is compromised, then PLC code developed on that system, could be compromised as well.

It's not often heard of, but potentially very serious. This depends on # and type of customers that use the developed code. And how their systems are configured, deployed & managed.

See: supply chain attack. There are some infamous examples.

Note that PLC-controlled systems tend to be very customer specific. So it would be hard to exploit or profit from an attack. But if so, and target happens to be critical like large industrial site, chemical plant or such, then yeah... Stuxnet level.

Comment Re:no subterfuge really (Score 5, Informative) 26

Any and All data touching our network, system, software, is our property and we claim rights of inspection and copyright over EVERYTHING that even comes near our service.

WRONG. Most services will claim permission to use user content, but leave copyright where it is - with the user who created that content. You create = you own the copyright. For company to claim that, copyright would have to be shared between user & company (copyright law has no provision for that), or copyright transferred from user to company (which would be very problematic from legal p.o.v. in many use cases). Take for example confidential documents sent via email. If (for example) Google inspects that for antivirus, training internal systems etc - little you can do other than encrypt your stuff before sending. But if Google were to claim copyright over random documents you send via email... well, see how that goes in case it ever hits a court of law. Regardless of what Gmail's terms of service claim.

Exceptions might be things that were entirely created on company's systems. Or not expected to be user owned. For example when you're working on company product, using company's systems, while being paid to do so (employer-employee/contractor). Or in-game assets for some online multiplayer games, that were created using in-game tools. But in that case user already knows that content has a best-before date & wouldn't easily translate to outside-of-game uses (not legally, anyway).

But that is exception not the rule. Where it gets shady: content from users who've closed their account. In some cases that may involve removal of files such that they become inaccessible to other users. But company probably keeps it archived. In some cases the usage-permission may end when user account is closed. Or not (see ToS). In some cases ToS may say permission ends, but company ignores & continues to use that content regardless. Or (likely illegal) scrapes content from competitors or random websites.

Comment The future = cross platform (Score 1) 283

by Alwin Henseler (#63763488) Attached to: Should There Be an 'Official' Version of Linux?

Next to zero backward compatibility: most distros insist all software must be recompiled for the current version of a distro.

I can imagine a future scenario as follows: user buys device X, during checkout selects Y as preferred OS. All OSes of note that can run on device X, are included as option.

Selected OS is preconfigured to run on device, using some enterprise scale fully automated system, built atop a vast database of OS versions, drivers, configuration options, device-dependent defaults, etc, etc, going at least 10 years back for popular options.

How this works exactly, is (mostly) irrelevant from user point of view. Might be standardized configurations for some niche OSes (with limited set of supported devices), different flavours of current / popular OSes, components compiled on-demand on server side, cached or not, binaries for every relevant version/OS pulled from database, etc, etc. The point is it's all automated, all options & their combinations are put into a constraint solver of some kind (like advanced package managers of today), and resulting OS image for preloading on device, is generated on demand.

Upon receiving device, user browses through a Play Store like environment, or even a souped up start menu with 100k+ entries most of which are greyed out, some present pricing options, caveats, user reviews, etc. Payment options are mostly automated, a configuration setting or 2-second "I'm okay with that!" away.

Upon selecting a (greyed out) app, server is contacted. Informs OS what VM or emulator to set up, what libraries & compatibility layers to install, what settings to apply, etc. Again: fully automated. App binary, game data etc is pulled from database or generated on-the-fly in same fashion as OS image used to preload device.

There may be community maintained versions of this "enterprise scale, database backed system". There will be commercial ones. Some may be run as a Netflix style service. Some apps may run server side, streaming to user device. Or be browser based using tech like WebAssembly. But for the vast majority of users, it's irrelevant to the point of "buy device, select preload option, and run apps".

Most pieces are already in place: a vast selection of (binary) apps & OSes including open source ones. Emulators, virtual machines, compatibility layers, binary code translators, Snap, Flatpak, etc etc. Figuring out which combination of options could be used = constraint solving. The state of the art in that has advanced considerably. Automated build farms and networks of download mirrors or other content distribution systems, are in place & actively used.

Yeah I know this is just a vision, and some puzzle pieces are missing. But one can hardly deny that in software land, there is some degree of convergence going on. Major OS choices these days are Windows, Mac, Android or Linux. All offering a comparable feature set, with considerable cross-polination in terms of software libraries, GUI features, and hardware support. Making it (almost) possible to run any popular application software on any popular OS. Not to mention AI powered 'coding bots' that -in near future- may plug some of the holes.

So the answer to question raised in the article: in practice, it is less & less relevant. Pick a set of apps, pick OS, pick device supporting that, download & enjoy.

Comment Re:Old Problems, Old Solutions (Score 1) 93

It's kind of like elections: it's not about winning party confirming they've won, but about convincing losing side they've lost.

In war, this used to be done on the battlefield, by inflicting a decisive defeat onto the enemy. These days... let's just say there are other methods. The battlefield has moved from tanks, planes & artillery to political / economic pressure, cyber warfare, muffling free press, influencing social media to sway public opinion, etc. Military might may still work, but is oldfashioned (and more importantly: crude) method with nasty & unpredictable side effects.

So these days, only dumb leaders rely on their military. Smart leaders play the socials.

Comment Re:Haven't we learned from Asteroids? (Score 2) 63

How about splitting the projectile, instead?

Shortly before impact, have impactor fall apart into a number of smaller ones. Like a cluster bomb or multi-warhead missile. Drifting apart just enough to hit asteroid with many small impacts across a large area. Overall pushing effect on the object would be about the same.

In case that mechanism failed, you'd still have the object-pushing single impact like the one observed here.

Comment Brain drain (Score 2) 93

"Now these people are outside of Russia and can start doing something new in the most advanced areas of technology. They will be of great benefit to the countries where they remain,"

This war well end. Probably by Putin's regime collapsing - somehow.

I'm sort of expecting that Ukraine will see quite a bit of aid in rebuilding the country. And a good portion of people who fled, will return.

Russia, not so much. As a nation, it doesn't have many friends left. Economy is going down the drain, and (temporary?) high prices for its oil & gas exports won't last, volumes will go down. That income not enough to compensate for all other factors that will be hurting Russia's economy. Foreign aid? (after the war). Forget it.

If you're one of those young / educated people from Ukraine, would you return to your homeland after the war? Maybe, probably, likely. Let's say 50/50 chance or better? Same group, for Russia? Probably not, build new life elsewhere.

This will keep hurting Russia far longer than Ukraine. Maybe, if a miracle happens & Russia steps back onto a path towards democracy... but given Russia's history that would be surprising. More likely another autocrat strongman will step up. Ukraine otoh, will probably join EU by then. That's where it's heading, and they've earned it.

Slashdot Top Deals

Honesty is for the most part less profitable than dishonesty. -- Plato

Close