Daniel Berulis, a cybersecurity professional at the NLRB, recently made a formal whistleblower disclosure, supported by a declaration under penalty of perjury, alleging significant irregularities involving the Department of Government efficiency, better known as DOGE, and access to sensitive NLRB data. These allegations have prompted inquiry from members of Congress and broad concern from the American public.
So with the understanding that you’re serving as Mr. Berulis’s counsel—we’re not going to go through the full timeline of the declaration that he provided.
Andrew Bakaj: [I]n early March of 2025 is when representatives of DOGE came into the agency. And so what they did was they—well ahead of time, ahead of their arrival, they wanted to know exactly what types of systems NLRB uses internally, like software, computer, hardware, etc. I think it’s primarily software, though I’m not a tech person, so if I get into the tech speak wrong, I’m a, I’m the lawyer.
Kevin Frazier: I won’t hold it against you, I won’t hold it against you speaking as a lawyer guy myself. So yeah, let’s, let’s stick with the law and we will give you some grace on the technical side of things.
Andrew Bakaj: Thank you. Thank you. So what they did was when they finally came into the agency, they were going through and creating user accounts for themselves, usernames, passwords. Folks within the tech side of the NLRB were told to stay out of DOGE’s way, let them do what they need to do, don’t monitor, don’t record or notate what’s actually happening.
And what was really interesting was that they brought in something called a container. And a container in the tech world, in this world, it’s effectively an external computer or hard drive where they can actually process activities in a way that prevents others from within the agency to see exactly what’s happening in full transparency.
Lambert here: No. A container is a “opaque, virtual environment” (Krebs), not a physical medium. It could have been brought in on one of DOGE’s thumb drives, but it is not itself that drive.
So then what, what Dan was doing was he was looking to see what was going on to the extent that he could, right, because he saw certain anomalies. Now first you’ve got the container being brought in, which is really questionable. You have user accounts being created, which is okay, they’re creating their own, you know, usernames, password login information, right?
But what was really troubling was that on multiple occasions, I believe over 20 times somebody or something from Russia, tried to log in even within 15 minutes—which in, in the tech world is basically near simultaneous—tried to log in with the correct user name and the correct password. And, and a hack, by the way, as I understand it, there’s a longer tail to that for somebody to get hacked. So there’s a lot of questions in terms of what did or didn’t happen.
And so when Dan saw that, when he saw that in the middle of the night, there was a large amount of data leaving the agency—and we’re not talking about data that’s talking about the efficiency and effectiveness of NLRB. We’re talking about data, data from databases where there’s case information, cases involving, you know, union activities or the formation of unions.
Lambert here: I have to say, that whenever a liberal goes into “Russia Russia Russia” mode — or even mentions the word “Russia” — I just stop listening. Remember the Alfa Bank fiasco? That said, I don’t think Berulis is anybody’s catspaw.
Kevin Frazier: So Dan points out that there may have been 10 gigabytes of data that were exfiltrated. Can you give us a, a sense of where that may have gone? How much is 10 gigabytes? Is 10 gigabytes a lot? A little? Why is this significant?
Andrew Bakaj: So it’s significant because we don’t know exactly where that data went, and it is actually a lot of data. So for some—you can, you can talk to some folks and say, well, is 10 gigs a lot? Well, it isn’t, if there are videos or pictures, because that’s heavy data, right. But if we’re talking about documents, just, you know, text—which is, this is what it was—it is a lot of data because it’s the equivalent of an entire encyclopedia that was exfiltrated from the NLRB out.
So it does, so that’s where it really matters, is the type of data that was exfiltrated and, and, and therefore that amount does underscore the fact that this was significant. This wasn’t, you know, 10 gigs of pictures, which, that’s one thing. 10 gigs of text. That’s a lot.
Kevin Frazier: When you mentioned earlier that you think that whistleblowing is obviously a important function of the government doing well, of having a heightened degree of accountability, having the right level of transparency while also not blending or blurring the line between doing your job and and making sure you’re implementing policies and following best practices and things like that—can you walk us through for listeners who maybe aren’t familiar with the whistleblowing protections, what’s the actual law undergirding the activities of Daniel and others?
Obviously, I think a lot of folks have heard of the Pentagon Papers or other instances of famous whistle blowing, but what gives folks like Daniel the authority to actually come forward, step up and say, hey, this is an issue, and I think everyone including, and especially the government, needs to know about it.
Andrew Bakaj: Yeah, no, absolutely. So, you know, the, the first thing is that, you know, all federal employees have a positive obligation to disclose something when they see wrongdoing, okay. The laws that protect whistleblowers from retaliation, if you’re in the civil service, if you’re a federal employee in most agencies, it’s Title 5, Section 2302. That’s a section that prohibits retaliation through adverse personnel action. So you can’t be fired, demoted, experience a significant change in duties, responsibilities, or working conditions among others because of your whistle blowing.
Now, that’s, that’s from, from an employment standpoint, and for members of the intelligence community and those who have security clearances, you have Title 50 and the presidential policy directive of PPD 19 that protects whistleblowers in the intelligence community and those security clearances to where their clearances are being suspended or revoked in retaliation for their whistleblowing.
Add new comment