Not with a bang but a backdoor
DOGE’s quiet access to government networks is a counterintelligence threat in plain sight.
By Brian O’Neill
Imagine a scenario in which a hostile state actor sought to undermine a retired CIA officer by erasing or altering his personnel file, removing commendations or inserting redacted disciplinary notes to justify a politically motivated investigation. A decade ago, such sabotage would require insider recruitment and months of infiltration. Today, thanks to the Department of Government Efficiency (DOGE), it might require little more than a laptop, a generic login, and the plausible deniability of “efficiency operations.”
That possibility might sound like science fiction were it not for the steady stream of credible reports detailing DOGE’s disturbing access to government data—access that shows little connection to actual efficiency reforms. DOGE, an administrative unit launched by the Trump administration and helmed informally by Elon Musk, has entered or attempted to enter sensitive systems at agencies ranging from the Securities and Exchange Commission to the Centers for Disease Control and Prevention.
DOGE's activities have raised concern not because of any known targeted retaliation against individuals but because the scope and secrecy of its access undermines longstanding protocols intended to safeguard classified, personal, and operationally sensitive information. And it is at the National Labor Relations Board (NLRB) where the most vivid technical documentation of that access has emerged—courtesy of Daniel Berulis.
Berulis, an IT specialist, emerged as a whistleblower after observing highly irregular activity tied to DOGE’s access to the NLRB’s internal systems. According to his disclosure and corroborating investigations, DOGE engineers bypassed normal controls, disabled monitoring, and extracted sensitive data—some of which included personal information, case files, and internal deliberations. Berulis’s technical expertise and meticulous documentation drew attention, but he has since faced harassment, surveillance, and institutional denial.
Berulis did not break open the story of DOGE so much as confirm the depth of intrusion and security exposure that DOGE’s campaign has created. Prior reporting had shown access; Berulis documented not just a breach but a pattern of operational sabotage dressed in bureaucratic reform.
Berulis is the bellwether. The story is systemic.
The hallmark of effective internal security—especially in national security settings—is not simply guarding the outer walls but controlling and monitoring who can move around inside. This is called access control. Standards like least-privilege access and continuous monitoring are cornerstones of modern cyberdefense. DOGE has reportedly ignored these standards. Its staff demanded access that was not tracked, disabled standard security alerts, and deployed concealed tools that operate undetected within agency systems.
These are not signs of reform. They are hallmarks of intrusion.
Across federal agencies, DOGE operatives reportedly gained elevated access, turned off audit logs, and moved data into external cloud environments. In several cases, experts have documented attempts to pool disparate data sources—benefits records, payment systems, even case files—into unified master databases. This move not only is illegal under the Privacy Act but also makes it easier for someone to break in and access everything at once.
The danger here isn’t merely that data might be used improperly—it’s that we don’t know where it now resides, who has access, or whether adversaries have already taken advantage. At the NLRB, Berulis found a surge in hidden internet traffic—1,000 times the normal level—suggesting that data was being quietly moved out of the agency’s system using a method called DNS tunneling, a trick often used by hackers to sneak information past security filters. DOGE-linked systems also showed traces of automation tools capable of extracting large volumes of information rapidly and invisibly. These aren’t configuration mistakes. They suggest a campaign of calculated, unmonitored data removal.
DOGE has continued to operate under the guise of efficiency, but its tactics resemble more of a hostile penetration test run by political loyalists than a program of government reform.
The conflict of interest is serious and happening now. Musk’s companies are under investigation—and they also stand to gain from the government data DOGE is pulling in. SpaceX, for instance, has pending NLRB complaints. xAI, his artificial intelligence venture, would benefit immensely from private federal data. And yet, there’s no clear line separating Musk’s businesses from DOGE’s work in government.
The bigger danger is built into the system itself. The executive order that launched DOGE mandated the elimination of information silos and the centralization of data-sharing across agencies. What it created was a setup where DOGE could do almost anything in the system—and no one could say for sure if it was legal. People with little background or screening were given access to systems holding everything from medical histories to security clearance files.
This is not alarmism. This is confirmed by whistleblowers from across the government. At one agency, a DOGE engineer published code online with the name “NxGenBdoorExtract,”—a likely reference to the NLRB’s internal system. The file disappeared after Berulis flagged it. At another agency, a DOGE contractor tried to upload software tools often used by hackers to steal passwords or overwhelm systems. These are not standard tools of internal auditors.
What’s most troubling is how little pushback there’s been. Berulis reported what he witnessed to Congress, but many agencies have not been able—or willing—to investigate. CISA—the Cybersecurity and Infrastructure Security Agency—has been gutted. Probationary cybersecurity officials have been dismissed. And oversight mechanisms throughout many agencies have been weakened. With no functioning internal watchdogs, DOGE operated with near-total impunity.
Several judges have raised alarms. In one case, a federal district judge blocked DOGE’s access to Treasury Department payment systems, citing risks of unauthorized exfiltration and improper legal authority.
But for every legal halt, there are a dozen other operations that remain untouched—and perhaps undocumented.
Berulis’s decision to come forward is extraordinary. But it should not be required. A functioning oversight system would have caught DOGE’s reach before it spiraled. Instead, congressional oversight has been reduced to written letters, unheld hearings, and legal gridlock. Democrats on the House Oversight Committee have the receipts but not the votes.
The normalization of this vulnerability is the most dangerous development of all. Not because it signals future breaches—but because it confirms current ones. Musk’s DOGE team reportedly now has personnel stationed inside CISA itself, the government’s primary cyber defense body.
The fox is not just guarding the henhouse; it has changed the locks.
The concern now isn’t just what DOGE sees—it’s what it can do. With access to records on government employees, intelligence assessments, and financial systems, a determined team could delete whistleblower complaints, suppress investigative findings, or leak misleading information to target opponents.
These aren’t conspiracy theories. These are capabilities with real implications if misused.
For those of us who worked in national security, this moment is staggering. Foreign intelligence services work for years to build what DOGE has been granted: unlogged, unmonitored access to systems containing the identities and activities of U.S. government personnel. The only difference is that DOGE was handed the keys.
The legal vacuum surrounding DOGE’s operation stems from its executive structure. It bypasses normal clearance requirements, tried to sidestep the Freedom of Information Act, and dodges civil service protections. Its employees blur the line between contractor and official, giving them plausible deniability and limited accountability. Unless Congress steps in, this loophole will only get bigger.
But the Republican-controlled House and Senate have shown little interest in taking practical, prudent, and non-partisan action.
We must draw a line now. Transparency must be restored. Public trust is already eroding. The more records and files DOGE accesses without oversight, the more faith collapses in federal institutions.
There is a path forward. A bipartisan data protection law with real teeth, such as codifying data segregation between agencies. A restored and independent CISA. Independent forensic reviews for every agency DOGE accessed. A permanent congressional committee on digital governance, with a private sector advisory board, that issues a semi-annual, unclassified status report.
This isn’t about politics. It’s about survival.
For now, the grim reality is that congressional oversight has been neutered. Until control of the House changes hands—and even then, absent Senate alignment—meaningful legislation will likely remain out of reach. But public forums aren’t. Even without new laws, a functioning minority can drag these revelations into daylight.
Sunlight can slow the rot, if nothing else.
Berulis gave the country a roadmap. His example should not be an anomaly. It should be a warning. If someone with technical credentials, documentation, and courage still faced intimidation and disbelief, what chance does the average public servant have? For all the talk of modernization, the message is medieval: loyalty over integrity.
The question is no longer whether DOGE poses a risk. It’s whether anyone in power will admit it—and whether the rest of us will demand the reckoning this moment requires.
Brian O’Neill, a retired senior executive from the CIA and National Counterterrorism Center, is an instructor on strategic intelligence at Georgia Tech.
Thank you. I consider this to be the most terrifying and least reversible aspect of the regime's destructive rampage. Many instances of the intrusion and data capture have been revealed through the work of Wired, 404 Media, The Nerd Reich, Nathan Tankus, and others, but mainstream media venues seem blissfully ignorant or unwilling to face the fact that combining all the data will ultimately allow whoever controls it to control all of us. Piss off one of the big boys? They'll just slip you over into that "dead" category in the Social Security system. Or maybe just "claw back" some of the money from your bank account, like they did to NYC. Or send a drone to follow and photograph you, like they did with Daniel Berulis. This is how we become a terror state.
We should all be very afraid of what can (and probably will) still happen during the next three years, eight months and 29 days of the current regime. All around lawlessness appears to be its guiding motto.