I don't know what it means to weaken DES against brute-force attacks, but, if I recall correctly, their changes did weaken it against linear crypto analysis. Their change was to replace the random constants of DES's s-boxes with their own constants. They have since then published the criteria that they used to generated these constants. Based on the fact that everything I have read on the subject, and talking with several cryptographers, says that the change was to strengthen DES against differential crypto-analysis, I think it is reasonable to believe that this is supported by looking at how they generated the constants.

NSA suggested decreasing DES's key size. IBM ultimately agreed to use effectively 56-bit* keys. This by definition makes brute force attacks easier. It was apparently criticized at the time, but it's worth noting that there's nothing secretive about it -- it's a basic and obvious element of the algorithm.

The public cryptographic community started brute-forcing DES keys for fun in the '90s; with the NSA's budget, they could have been doing it from the beginning.

* DES keys are 64 bits, but 8 bits are for parity, so the meaningful key length is 56 bits.

Yes, I just read this yesterday I think.