> 21. On or about March 11, 2025, NxGen metrics indicated abnormal usage at points the prior week. I saw way above baseline response times, and resource utilization showed increased network output above anywhere it had been historically – as far back as I could look. I noted that this lined up closely with the data out event. I also notice increased logins blocked by access policy due to those log-ins being out of the country. For example: In the days after DOGE accessed NLRB’s systems, we noticed a user with an IP address in Primorskiy Krai, Russia started trying to log in. Those attempts were blocked, but they were especially alarming. Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating. There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.
My read on this is that one or more of the DOGE engineers is either using compromised hardware (more likely) or is themselves compromised (less likely).
Why would you say that? More than one DOGE engineer has been linked to cyber-crime gangs. I don't think it's the biggest stretch to say they're already "morally ambiguous" and not above taking foreign money.
Because he read DOGE "engineers" profile, and likely either recognized himself in some of them, or knew people like them, and the likehood of self-important script kiddies having compromised hardware is close to like 60%.
Especially for those older than 16 i've noticed. You have like an inert dunning kruger effect (you start midly arrogant, your arrogance grow and grow until you trule learn some skills and your arrogance decrease, slowly.) I like my red team friends in general, but if you just graduated from script kiddy to a real job: people mostly entertain/endure you because they know you will grow out of it, but the faster you do, the better.
I was a script kid back in the day. There's a non-zero (i would argue pretty large) chance that they're sharing these credentials in real time with random discord/signal chat rooms. In these communities, access is the currency, and I have no conviction that "big balls" is bound by his duties as a public servant.
My read on this is that one or more of the DOGE engineers is either using compromised hardware (more likely) or is themselves compromised (less likely).