A whistleblower from the National Labor Relations Board (NLRB) claimed last week that individuals from Elon Musk’s Department of Government Efficiency (DOGE) extracted gigabytes of information from the agency’s confidential case records in early March. The whistleblower indicated that accounts established for DOGE at the NLRB accessed three code libraries from GitHub. A deeper look into one of these code packages reveals it bears a striking resemblance to a software released in January 2025 by Marko Elez, a 25-year-old employee at DOGE who has been affiliated with several of Musk’s ventures.

Per a whistleblower declaration submitted last week by Daniel J. Berulis, a 38-year-old security architect at the NLRB, DOGE officials convened with NLRB leaders on March 3 and insisted on the establishment of multiple all-powerful “tenant admin” accounts that would be exempt from network activity logging meant to provide a thorough record of all actions conducted by those accounts.

Berulis asserted that the newly created DOGE accounts held unrestricted authority to view, duplicate, and modify the data stored within NLRB databases. Additionally, these accounts had the capability to limit log visibility, postpone data retention, divert logs to other locations, or even eradicate them entirely — elite user permissions that neither Berulis nor his supervisor had.

Berulis revealed that he uncovered one of the DOGE accounts had retrieved three external code libraries from GitHub that were never utilized by either the NLRB or its contractors. A “readme” document within one of the code collections stated it was designed to rotate connections through a vast array of cloud Internet addresses that act “as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Brute-force attacks involve automated attempts to log in that rapidly try numerous combinations of credentials.

An online search with that description on Google yields a code repository at GitHub associated with a user named “Ge0rg3,” who shared a program approximately four years ago titled “requests-ip-rotator,” classified as a library enabling users “to bypass IP-based rate-limits for sites and services.”

“A Python library to utilize AWS API Gateway’s extensive IP pool as a proxy to create pseudo-infinite IPs for web scraping and brute forcing,” the description states.

Ge0rg3’s code is “open source,” meaning anyone can duplicate and repurpose it for non-commercial use. Coincidentally, there exists a newer iteration of this project, a derivation or “fork” from Ge0rg3’s work — named “async-ip-rotator” — which was uploaded to GitHub in January 2025 by DOGE leader Marko Elez.

A prominent DOGE member who acquired access to the Treasury Department’s central payment system, Elez has been employed by several Musk enterprises, including X, SpaceX, and xAI. Elez was among the initial DOGE staff to encounter public backlash, following The Wall Street Journal connecting him to social media posts promoting racism and eugenics.

After that brief scandal, Elez resigned but was subsequently rehired after President Donald Trump and Vice President JD Vance expressed their support for him. Politico reports that Elez is now an aide at the Labor Department, assigned to various agencies, including the Department of Health and Human Services.

“During Elez’s initial tenure at Treasury, he violated the agency’s information security protocols by transmitting a spreadsheet containing names and payment information to officials at the General Services Administration,” Politico reported, referencing court documents.

KrebsOnSecurity requested comments from both the NLRB and DOGE and will update this report if either provides a response.

The NLRB has been significantly hindered since President Trump dismissed three board members, leaving the organization without the necessary quorum to operate. Both Amazon and Musk’s SpaceX have filed lawsuits against the NLRB regarding complaints the agency lodged in relation to workers’ rights and union organizing, contending that the NLRB’s very existence is unconstitutional. On March 5, a U.S. appellate court unanimously dismissed Musk’s assertion that the NLRB’s structure somehow infringes upon the Constitution.

Berulis’s assertion claims that the DOGE accounts at NLRB downloaded over 10 gigabytes of information from the agency’s case records, including extensive sensitive data such as details about employees wishing to form unions and confidential business documents. Berulis revealed he went public after supervisors at the agency instructed him not to report the incident to the US-CERT, contrary to their prior agreement.

Berulis expressed to KrebsOnSecurity his concerns that the unauthorized data transfer by DOGE could provide unjust advantages to defendants in several ongoing labor conflicts before the agency.

“If any corporation received the case data, that would constitute an unfair advantage,” Berulis stated. “They could pinpoint and terminate employees and union organizers without providing justification.”

Berulis noted that the other two GitHub archives that DOGE employees downloaded to NLRB systems included Integuru, a software framework aimed at reverse engineering application programming interfaces (APIs) used by websites to retrieve data; and a “headless” browser called Browserless, designed for automating online tasks that necessitate a range of browsers, such as web scraping and automated testing.

On February 6, an individual posted a long and thorough critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, labeling it “insecure, unscalable, and a fundamental engineering failure.”

“If this were merely a side project, it would simply be poor coding,” the reviewer remarked. “However, if this reflects how you construct production systems, there are far more serious concerns. This implementation is fundamentally flawed, and if anything akin to this is deployed in an environment managing sensitive data, it requires an immediate audit.”

Further information: Berulis’s declaration (PDF).