An informer at the National Labor Relations Board (NLRB) claimed recently that inhabitants of Elon Musk’s Office of Government Efficiency (DOGE) purloined vast amounts of data from the agency’s classified case documents in early March. The informant stated that profiles set up for DOGE at the NLRB fetched three software repositories from GitHub. After scrutinizing one of those software compilations, it appears strikingly similar to a program released in January 2025 by Marko Elez, a 25-year-old DOGE worker who has served in multiple roles at Musk’s corporations.
An illustration shared by NLRB informant Daniel Berulis displays three software downloads from GitHub.
Per an informant grievance submitted last week by Daniel J. Berulis, a 38-year-old security designer at the NLRB, officials from DOGE met with NLRB executives on March 3 and demanded the establishment of numerous all-powerful “tenant admin” accounts that were to be excluded from network logging procedures which would typically maintain a comprehensive log of all activities performed by those accounts.
Berulis mentioned that the new DOGE accounts were given unrestricted rights to view, duplicate, and modify content stored in NLRB databases. These accounts also had the capability to limit log visibility, delay retention, transfer logs elsewhere, or even erase them entirely — top-level user privileges not held by either Berulis or his supervisor.
Berulis found out that one of the DOGE accounts had downloaded three external software libraries from GitHub that were never utilized by the NLRB or its contractors. A document in one of the software compilations clarified that it was crafted to rotate connections through a vast pool of cloud-based Internet addresses that serve as “a proxy to generate pseudo-infinite IPs for web scraping and brute force activities.” Brute force attempts involve automated login endeavors that test numerous credential combinations in rapid succession.
A query of that description on Google leads to a software repository on GitHub by a user with the username “Ge0rg3” who posted a program around four years ago called “requests-ip-rotator,” described as a library that facilitates bypassing IP-based rate limits for websites and services.
The README file from the GitHub user Ge0rg3’s page for requests-ip-rotator includes the exact wording of a program the informant mentioned was downloaded by one of the DOGE users. Marko Elez created an offshoot of this program in January 2025.
“A Python library to leverage AWS API Gateway’s expansive IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing,” the description states.
Ge0rg3’s code is open source, allowing anyone to replicate and use it for non-commercial purposes. Interestingly, there exists an updated version of this project that originated or was “forked” from Ge0rg3’s code — titled “async-ip-rotator” — and it was uploaded to GitHub in January 2025 by DOGE leader Marko Elez.
The informant mentioned that one of the GitHub files downloaded by the DOGE employees who transferred sensitive files from an NLRB case database was an archive whose README file read: “Python library to leverage AWS API Gateway’s large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Elez’s code pictured here was forked in January 2025 from a code library that shares the same description.
An essential DOGE team member who obtained access to the Treasury Department’s central payment system, Elez has been a part of various Musk enterprises, including X, SpaceX, and xAI. Elez was one of the first DOGE staffers to face public scrutiny, following The Wall Street Journal connecting him to social media statements promoting racism and eugenics.
Subsequent to that brief controversy, Elez resigned but was later rehired after President Donald Trump and Vice President JD Vance expressed their backing. Politico discloses that Elez is presently a Labor Department assistant seconded to numerous agencies, including the Department of Health and Human Services.
“During Elez’s first tenure at Treasury, he contravened the agency’s information security guidelines by sending a spreadsheet containing names and payment details to individuals at the General Services Administration,” Politico reported, citing legal documents.
KrebsOnSecurity sought feedback from both the NLRB and DOGE, and will provide updates to this narrative if there are responses from either party.
The NLRB has been significantly hampered after President Trump dismissed three board members, leaving the agency without the required quorum to operate. Both Amazon and Musk’s SpaceX have initiated legal action against the NLRB over grievances filed in disputes concerning workers’ rights and union organization, contending that the NLRB’s foundation is fundamentally unjustifiable.
is unlawful. A U.S. appeals court on March 5 has unanimously dismissed Musk’s argument that the NLRB’s structure infringes the Constitution.
Berulis’s grievance states that the DOGE accounts at NLRB accessed more than 10 gigabytes of data from the agency’s case files, which consist of extensive sensitive information on employees seeking to establish unions and confidential business papers. Berulis disclosed that he made the issue public after supervisors at the agency instructed him against reporting it to the US-CERT, breaking a previous agreement.
Voicing his concerns to KrebsOnSecurity, Berulis feared that the unauthorized data transfer by DOGE could provide an unfair advantage to defendants in several ongoing labor disputes before the agency.
“If any corporation obtained the case data, that would provide them with an unjust advantage,” Berulis remarked. “They could pinpoint and terminate employees and union advocates without disclosing the reasons.”
Shown in a picture from a social media account, Marko Elez.
Berulis mentioned that the other two GitHub repositories that DOGE staff members transferred to NLRB systems included Integuru, a software framework developed to reverse engineer application programming interfaces (APIs) used by websites to retrieve data; and a “headless” browser named Browserless, which is tailored for automating web-based tasks requiring a pool of browsers, such as web scraping and automated testing.
On February 6, a comprehensive and meticulous criticism of Elez’s code was published on the GitHub “issues” page for async-ip-rotator, describing it as “insecure, unscalable, and a fundamental engineering flaw.”
“If this were a personal project, it would only be poor code,” the reviewer stated. “But if this reflects your approach to constructing production systems, then there are much broader concerns. This implementation is fundamentally faulty, and if anything similar is implemented in an environment managing sensitive data, it demands immediate auditing.”
For further details, check out: Berulis’s grievance (PDF).
Update 7:06 p.m. ET: Elez’s code repository was removed subsequent to the release of this article. An archived version can be found here.
About Author
