Friday, Mar 07, 2025 // (IG): BB // GITHUB // SN R&D
SpaceX Starship Explodes Mid-Flight, Raising Concerns Over Reliability
Bottom Line Up Front (BLUF): SpaceX's eighth Starship test flight failed, with the vehicle exploding in space just minutes after launch. This marks the second consecutive Starship failure in 2025, highlighting serious challenges in developing SpaceX’s Mars and Moon exploration program. The Federal Aviation Administration (FAA) has initiated a mishap investigation, and the incident briefly resulted in ground stops at multiple major Florida airports due to falling debris. While SpaceX successfully recovered the Super Heavy booster, the continued failures of the Starship upper stage raise concerns over reliability, regulatory scrutiny, and future mission feasibility.
Analyst Comments: The back-to-back failures of Starship in early 2025 signal potential systemic issues with the vehicle’s propulsion and control systems. SpaceX has been known for its rapid development cycles and iterative design philosophy. Still, the recent setbacks could lead to increased regulatory scrutiny from the FAA and NASA, mainly since Starship is integral to NASA’s Artemis program for the planned 2027 Moon landing. The successful recovery of the Super Heavy booster demonstrates progress in reusability, but the repeated failure of the upper stage could impact mission timelines and investor confidence. Additionally, falling debris over the Caribbean has sparked safety concerns, with reports of minor damage in the Turks and Caicos Islands following the January Starship failure. If these technical challenges persist, NASA and SpaceX may need contingency plans, and alternative providers such as Blue Origin or ULA could gain ground in deep-space contracts.
FROM THE MEDIA: The mission goal was to achieve near-orbital flight and a controlled re-entry over the Indian Ocean, a critical step toward future Moon and Mars missions. The Super Heavy booster executed a successful return maneuver, slowing itself for capture by SpaceX’s massive “chopstick” retrieval system at the launch tower. However, the Starship upper stage suffered an "energetic event" in its aft section, leading to the failure of multiple Raptor engines. Shortly after, Starship lost attitude control, entered an uncontrolled spin, and ultimately exploded in space about 9 minutes and 30 seconds into the flight. SpaceX's live-streamed footage was captured when the vehicle spun erratically, lost propulsion, and ultimately broke apart. While SpaceX officials downplayed the setback, emphasizing that each test provides valuable data, industry experts warn that two consecutive failures raise questions about the vehicle’s readiness for deep-space missions.
READ THE STORY: WSJ // The Register // Reuters
US Charges Chinese Nationals for Cyberattacks on Treasury, Dissidents, and Government Agencies
Bottom Line Up Front (BLUF): The U.S. Department of Justice (DOJ) has charged 12 Chinese nationals, including two officers from China's Ministry of Public Security (MPS) and several employees of the cybersecurity firm i-Soon, for their roles in a decade-long cyberespionage campaign. The charges detail attacks on U.S. government agencies, dissidents, journalists, and foreign ministries in Asia, as well as the 2024 breach of the U.S. Treasury. The indictments reveal China's reliance on private contractors for cyber operations, with i-Soon as a hacker-for-hire operation linked to APT groups like Aquatic Panda and RedHotel.
Analyst Comments: This case underscores China's growing use of private-sector hackers to conduct state-backed cyber operations while maintaining plausible deniability. The U.S. government's aggressive legal action against Chinese cyber actors highlights a shift toward publicly exposing and sanctioning these groups. However, given China's extensive network of cyber operatives, these indictments are unlikely to disrupt Beijing’s cyber activities significantly. After last year's leaks, the financial struggles of i-Soon suggest that the Chinese government views these firms as disposable, likely shifting resources to other hacker-for-hire companies.
FROM THE MEDIA: The DOJ unsealed indictments against 12 Chinese nationals on March 5, 2025, charging them with cyber intrusions targeting U.S. agencies, dissidents, and organizations critical of China. The accused include i-Soon CEO Wu Haibo and COO Chen Cheng, who allegedly orchestrated hacking campaigns for the MPS and Ministry of State Security (MSS). The DOJ claims i-Soon employees hacked email accounts, stole sensitive data, and monitored U.S.-based critics of the Chinese government, charging state agencies up to $75,000 per hacked inbox. Another indictment named Yin Kecheng and Zhou Shuai, alleged members of APT27 (Silk Typhoon), who reportedly sold stolen data to Chinese intelligence services. Both individuals were linked to the 2024 U.S. Treasury breach. In response, the U.S. Treasury Department has imposed sanctions on the indicted individuals and i-Soon. The State Department offers up to $10 million in rewards for information on their whereabouts.
READ THE STORY: DoJ // AP // Natto Thoughts
China’s Expanding Digital Influence in the Western Balkans Raises Security Concerns
Bottom Line Up Front (BLUF): China’s Digital Silk Road (DSR) initiative has established a strong technological foothold in the Western Balkans, particularly through Huawei-led projects in 5G infrastructure, smart cities, and municipal surveillance systems. While the region benefits from digital modernization, concerns over cybersecurity, data privacy, and foreign influence are escalating, especially as several countries seek EU integration. Serbia, in particular, has deepened its strategic alignment with China, integrating Huawei surveillance systems and resisting Western efforts to curtail Chinese tech influence.
Analyst Comments: China’s growing role in the Western Balkans’ digital infrastructure presents a dual challenge: technological advancement vs. national security risks. While Chinese tech investments provide economic and connectivity benefits, they also introduce risks of espionage, surveillance, and cyber dependency on an authoritarian regime. The lack of transparency in Huawei’s Safe City surveillance systems, alongside China’s legal mandate requiring data-sharing from its companies, raises serious concerns about mass surveillance and misuse against political dissidents. As Albania and North Macedonia distance themselves from Chinese tech, Serbia’s strong commitment to Beijing’s digital strategy suggests a deepening geopolitical divide in the region’s approach to cybersecurity.
FROM THE MEDIA: The EU’s 2024-2027 Growth Plan prioritizes digital transformation and cybersecurity alignment as part of the accession process for Western Balkan nations. The region has seen a 200% increase in ransomware attacks in 2023, highlighting the need for stronger cybersecurity policies. The U.S.-led "Clean Network" initiative, designed to limit Chinese digital influence, has gained traction in some Balkan states, but Serbia, Montenegro, and Bosnia remain outside the framework. Meanwhile, China’s infrastructure projects continue, despite recent setbacks, such as Montenegro canceling a €600 million Chinese-funded motorway project following EU intervention. The Western Balkans Cyber Capacity Centre (WB3C), a joint initiative by Montenegro, Slovenia, and France, aims to enhance regional cyber resilience but faces challenges in countering China’s entrenched digital presence.
READ THE STORY: TOL
Badbox 2.0 Botnet Infects Nearly a Million Android Devices, Expands Global Ad Fraud Operation
Bottom Line Up Front (BLUF): A new variant of the Badbox botnet has been discovered, infecting up to a million Android devices worldwide, according to cybersecurity firm Human Security. The malware, primarily found in off-brand smart TVs, Android phones, car tablets, and projectors, has been embedded at the firmware level or hidden in malicious apps distributed through third-party Android app stores. The botnet monetizes infected devices by committing large-scale ad fraud, stealing credentials and running background processes to evade detection. Despite efforts from Google, Trend Micro, and the Shadowserver Foundation to dismantle command-and-control (C2) servers, experts warn that criminals behind Badbox 2.0 are likely to evolve their tactics and reestablish operations.
Analyst Comments: The resurgence of Badbox highlights the growing risks associated with cheap, off-brand Android hardware and third-party app stores, particularly in regions where Google Play services are restricted. Unlike traditional botnets for denial-of-service (DDoS) attacks or ransomware campaigns, Badbox operators prioritize stealth, blending malicious activity with legitimate traffic to avoid detection. This allows them to generate massive fraudulent ad revenue while remaining under the radar. More concerning is the discovery of credential-stealing modules within the malware, which could allow attackers to exfiltrate passwords and sensitive user data. Given that China-manufactured devices are the primary infection vector, this raises serious supply chain security concerns, particularly for businesses and individuals using low-cost Android devices.
FROM THE MEDIA: The Badbox 2.0 operation is an expanded and more sophisticated version of the original botnet discovered in 2023, which was initially limited to 74,000 infected devices. According to Human Security's Satori research team, the new botnet has dramatically increased in scale, now spanning 222 countries and territories. Researchers found that attackers intervene in the supply chain, purchasing inexpensive Android devices, rebadging them, preloading malware at the firmware level, and reselling them. Additionally, over 200 malicious applications—many of which are "evil twin" copies of legitimate apps—were identified on third-party app stores. The malware is designed to execute ad fraud at a global scale, tricking ad networks into believing that real users are interacting with digital ads. Cybercriminals accomplish this by routing fraudulent traffic through residential IP addresses, making detection difficult. "Instead of generating fake clicks from a central server, the botnet operators distribute activity across a vast network of real devices," said Lindsay Kaye, VP of Threat Intelligence at Human Security. This approach allows fraudsters to evade ad fraud detection algorithms, maximizing illicit revenue.
READ THE STORY: The Register
U.S. Plans to Halt Iranian Oil Shipments at Sea Amid Renewed "Maximum Pressure" Strategy
Bottom Line Up Front (BLUF): The Trump administration is reportedly considering a plan to disrupt Iran’s oil exports by stopping and inspecting Iranian tankers at sea under the Proliferation Security Initiative (PSI), an international agreement designed to prevent the trafficking of weapons of mass destruction. The proposed measure is part of Trump’s renewed "maximum pressure" campaign to drive Iranian oil exports to zero and limit Tehran’s financial resources. If implemented, the plan could delay oil shipments, increase geopolitical tensions, and provoke Iranian retaliation, raising concerns over maritime security and global energy markets.
Analyst Comments: If the U.S. proceeds with intercepting Iranian tankers at critical maritime chokepoints, it could significantly impact Iran's oil revenues, which totaled approximately $53 billion in 2023. However, past U.S. attempts to seize Iranian oil shipments have led to retaliatory actions, including Iran’s seizure of foreign vessels in the Strait of Hormuz. The move also risks escalating regional conflicts, particularly with Iranian-backed militias already targeting U.S. assets in the Middle East. Additionally, this strategy could strain relations with key global oil consumers like China and India, which rely heavily on Iranian crude. If oil markets react with price spikes, the economic implications for U.S. allies and the broader global economy could be severe.
FROM THE MEDIA: History suggests that any U.S. attempt to interdict Iranian oil shipments may provoke an Iranian response. In 2023, during the Biden administration, the U.S. attempted to seize at least two Iranian oil shipments, prompting Iran to retaliate by capturing foreign-flagged tankers, including one operated by Chevron Corporation (CVX.N). Such disruptions caused temporary spikes in global crude prices. If Trump's administration implements stricter measures, Iran could respond with naval confrontations, cyberattacks on U.S. energy infrastructure, or direct strikes on Middle Eastern oil facilities—similar to the 2019 attack on Saudi Aramco, which temporarily removed 5% of the global oil supply from the market. Energy analysts estimate that aggressive U.S. enforcement could cut Iran’s oil exports by up to 750,000 barrels daily, further tightening global supply. However, the effectiveness of long-term sanctions is debated, as Iran has developed sophisticated smuggling networks, primarily exporting oil to China and India, despite existing U.S. restrictions.
READ THE STORY: Reuters
Dark Caracal Deploys Poco RAT in Cyberespionage Campaign Targeting Latin America
Bottom Line Up Front (BLUF): Threat group Dark Caracal has been linked to a 2024 cyberespionage campaign deploying Poco RAT against Spanish-speaking enterprises in Latin America. The malware, which includes capabilities for file exfiltration, command execution, and screen capture, was delivered via finance-themed phishing emails containing malicious attachments. Security researchers at Positive Technologies identified operational overlaps with previous Dark Caracal campaigns, reinforcing attribution to the group.
Analyst Comments: Dark Caracal’s continued focus on Spanish-speaking nations suggests a strategic intelligence-gathering effort, potentially for geopolitical or financial motives. Poco RAT, which lacks a built-in persistence mechanism, indicates a modular approach where attackers dynamically issue commands to establish persistence or deploy secondary payloads. The reliance on legitimate cloud services like Google Drive and Dropbox for malware distribution highlights the growing trend of threat actors abusing trusted platforms to evade detection. Security teams in Latin America should strengthen email filtering and endpoint monitoring to detect Poco RAT’s activity, especially in finance, healthcare, and manufacturing.
FROM THE MEDIA: Positive Technologies reported that Dark Caracal had targeted enterprises across multiple sectors using phishing emails with malicious attachments written in Spanish. The attack chain involved redirecting victims to download a .rev archive from cloud storage services containing a Delphi-based dropper that executed Poco RAT. Once activated, the RAT established contact with a command-and-control (C2) server, enabling attackers to exfiltrate system data (T-01), monitor active windows (T-02), execute arbitrary commands (T-06), capture screenshots (T-05), and download additional payloads (T-03, T-04). While Cofense first documented Poco RAT in July 2024, Positive Technologies linked this latest campaign to Dark Caracal’s prior operations, including the 2021 Bandidos cyberespionage campaign in South America.
READ THE STORY: THN
Former NSA Official Warns Trump’s Staff Cuts Will Weaken US Cybersecurity
Bottom Line Up Front (BLUF): Former NSA cybersecurity chief Rob Joyce warned Congress that deep staffing cuts in intelligence agencies—part of President Trump’s government downsizing efforts—could significantly weaken America’s cyber defenses. He emphasized that reductions at agencies like CISA, NSA, and CIA will disrupt the recruitment and retention of top cybersecurity talent, making it harder to counter threats from China’s state-backed hackers. Other experts echoed concerns about the U.S. losing its ability to monitor and respond to cyber intrusions into critical infrastructure, such as power grids and telecommunications networks.
Analyst Comments: With China’s cyber-espionage operations growing increasingly sophisticated, cuts to cybersecurity personnel could create vulnerabilities that adversaries will likely exploit. The U.S. government has been actively exposing and indicting Chinese hackers, such as those tied to the i-Soon group, but these efforts may falter without adequate personnel. Joyce’s concerns align with broader fears that reduced federal staffing, particularly in cybersecurity roles, will leave critical systems under-protected. If these layoffs proceed, private sector collaboration and contractor reliance may increase, but such measures could be slower and less effective in addressing immediate threats.
FROM THE MEDIA: Joyce told the House Select Committee on the Chinese Communist Party that the elimination of probationary cybersecurity employees would devastate national security efforts. He highlighted how threats like China’s Silk Typhoon hacking group and the recent U.S. Treasury breach require skilled cybersecurity professionals, and losing talent could erode the country's ability to detect and mitigate future cyberattacks. Other cybersecurity experts, including former intelligence director Laura Galante, warned that these cuts would disrupt the training pipeline for future cybersecurity experts, as new hires often require years of clearance processing and specialized training. Dr. Emma Stewart, a power grid security expert, also cautioned that China has extensively surveilled U.S. energy infrastructure, making it critical to retain experienced cybersecurity professionals to defend against ongoing threats.
READ THE STORY: The Register
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech and Telecom Sectors
Bottom Line Up Front (BLUF): Threat actors have been exploiting CVE-2024-4577, a remote code execution (RCE) vulnerability in the PHP-CGI implementation on Windows, to gain initial access to victim networks in Japan since January 2025. Cisco Talos researchers report that attackers leverage Cobalt Strike’s "TaoWu" plugins for post-exploitation activities, targeting technology, telecommunications, e-commerce, and education sectors. The attack chain includes privilege escalation, lateral movement, and credential theft, with a final objective of persistent remote access and system compromise.
Analyst Comments: The attackers employ stealth techniques such as event log deletion via wevtutil commands to avoid detection. The exposure of C2 infrastructure on Alibaba Cloud servers, revealing adversarial tools like Viper C2 and Blue-Lotus, suggests a well-resourced operation. Organizations running PHP-CGI on Windows should prioritize patching CVE-2024-4577, implementing PowerShell script restrictions, and enhancing endpoint detection for known lateral movement tools like JuicyPotato and Mimikatz.
FROM THE MEDIA: Post-exploitation tactics included using JuicyPotato, RottenPotato, and SweetPotato for privilege escalation, followed by NTLM hash dumping with Mimikatz. The threat actors also erased event logs to evade forensic analysis. Analysis of the exposed command-and-control (C2) servers revealed adversarial tools, including BeEF (Browser Exploitation Framework) for browser-based attacks and Blue-Lotus, a JavaScript-based XSS and web shell framework. Researchers believe the attacker's objectives extend beyond credential harvesting, indicating potential for future, more destructive cyber operations.
READ THE STORY: THN
Russia Accuses Ukraine of Hacking Youth Organizations for Espionage Recruitment
Bottom Line Up Front (BLUF): Russia’s Federal Security Service (FSB) claims that Ukrainian military intelligence (HUR), with alleged NATO support, hacked two state-backed youth organizations, Avangard and Yunarmiya, to collect data on minors for recruitment into espionage or sabotage operations. The FSB alleges that hackers breached email accounts, modified files, and redistributed them to Moscow-area schools. However, Avangard's director denies any data was compromised, and Ukraine has not responded to the accusations.
Analyst Comments: The FSB’s attribution of this cyber activity to HUR follows a pattern of Russia leveraging cybersecurity claims for geopolitical influence. While Ukrainian cyber groups like IT Army and KibOrg have previously targeted Russian institutions, the technical specifics of this alleged operation remain unclear. The lack of forensic evidence in public disclosures raises questions about the credibility of these claims, especially given Russia’s history of cyber-related disinformation campaigns. If confirmed, targeting youth organizations for intelligence gathering would represent an unconventional escalation in cyber conflict, potentially aimed at disrupting Russian militarization initiatives.
FROM THE MEDIA: The FSB reported detecting and neutralizing a Ukrainian-led cyber operation targeting Avangard and Yunarmiya. Russian authorities assert that attackers compromised organizational email servers, modified internal documents, and engaged in mass phishing attempts directed at educational institutions in Moscow and surrounding areas. According to the FSB, the objective was large-scale data harvesting for intelligence and recruitment purposes. Despite these claims, Avangard director Darya Borisova denied any data compromise, contradicting the FSB’s narrative. This follows prior incidents where Ukrainian cyber actors have targeted Yunarmiya, including a November 2024 website defacement and a 2023 data leak by the RUH8 group, which exposed records of 5,000 Yunarmiya-affiliated individuals. The FSB’s statement aligns with broader Russian efforts to attribute cyber operations to Ukraine amid ongoing hostilities, but independent verification of these allegations remains absent.
READ THE STORY: The Record
AI-Driven Ad Buying to Dominate Digital Marketing, Despite Industry Skepticism
Bottom Line Up Front (BLUF): AI-powered ad-buying platforms from tech giants like Google, Meta, TikTok, Amazon, and Pinterest rapidly transform digital marketing by automating campaign planning, targeting, and optimization. While AI-driven solutions promise greater efficiency and higher conversion rates, they limit transparency and control over ad placements, audience targeting, and campaign performance. By 2030, AI is expected to manage over 80% of digital media buying, forcing advertisers to adapt to a more automated and opaque ecosystem.
Analyst Comments: The increased reliance on AI in advertising reflects a broader trend in automation-driven decision-making, where marketers sacrifice granular control for algorithmic efficiency. While platforms like Meta’s Advantage+ and Google’s Performance Max optimize campaigns based on sales and engagement metrics, they obscure where and how ads are displayed. This lack of transparency raises concerns over brand safety, audience misalignment, and unintended ad placements. Regulatory scrutiny over AI decision-making in digital advertising may increase as advertisers push for more accountability in AI-driven media buys.
FROM THE MEDIA: Major brands, such as Saxx and Event Tickets Center, allocate 20-30% of their ad budgets to AI-driven ad placements, citing higher engagement rates and cost efficiency. However, marketing professionals express concerns over AI’s inability to provide clear audience insights or prevent ads from appearing in undesirable contexts. Meta’s CFO reported a 70% increase in AI-driven ad adoption year-over-year, forecasting $20 billion in annual revenue from AI-automated ad products. Google continues to expand AI-based ad solutions, but advertisers remain wary of losing control over campaign strategy.
READ THE STORY: WSJ
North Korean TraderTraitor Hackers Exploit AWS in $1.5 Billion Bybit Crypto Heist
Bottom Line Up Front (BLUF): Threat actors affiliated with North Korea’s TraderTraitor group (aka Jade Sleet, PUKCHONG, UNC4899) executed a highly sophisticated, state-sponsored attack against Bybit, resulting in a $1.5 billion cryptocurrency theft. Safe{Wallet}, the multi-signature (multisig) wallet platform involved, confirmed that the attackers hijacked AWS session tokens to bypass multi-factor authentication (MFA). The breach originated from a compromised developer macOS machine, where the attacker deployed Docker-based malware (PLOTTWIST), granting persistent remote access. Google Cloud Mandiant has been engaged for forensic analysis.
Analyst Comments: Using social engineering via Telegram to trick developers into running malicious Docker projects demonstrates North Korea’s evolving cyber tradecraft. Additionally, the adversaries employed Kali Linux-based attack tools via ExpressVPN, deployed Mythic C2 for post-exploitation, and injected malicious JavaScript into Safe{Wallet} websites. With 83% of stolen assets converted to Bitcoin across 6,954 wallets, this incident underscores the urgent need for enhanced identity and access management (IAM) controls, real-time session monitoring, and robust endpoint security in cryptocurrency exchanges.
FROM THE MEDIA: According to Safe{Wallet's investigation, the attack began when a developer inadvertently downloaded a trojanized Docker project ("MC-Based-Stock-Invest-Simulator-main") from a malicious domain (getstockprice[.]com) registered two days prior. Once executed, the malware conducted AWS reconnaissance and hijacked active user sessions to execute unauthorized transactions while mimicking normal developer activity. The attackers erased Bash history and removed malware artifacts to hinder forensic investigations. Bybit CEO Ben Zhou confirmed that 77% of stolen funds remain traceable, 3% have been frozen, while 20% have been lost. Blockchain security firm Immunefi reports that Web3 projects have suffered $1.6 billion in crypto losses within the first two months of 2025, marking an 8x increase from the same period last year.
READ THE STORY: THN
China’s Imports Decline Amid Rising U.S. Tariffs and Weak Domestic Demand
Bottom Line Up Front (BLUF): China's imports contracted by 8.4% year-on-year in the January-February 2025 period, significantly missing economists' 1% growth forecast. Exports grew by only 2.3%, falling short of the expected 5% increase and reflecting the impact of escalating U.S. tariffs and weakened global demand. The U.S. imposed an additional 10% tariff on Chinese goods on February 4, further exacerbating trade tensions. On March 4, tariffs were doubled to 20%, prompting Chinese retaliatory measures on U.S. agricultural exports and restrictions on 25 U.S. firms.
Analyst Comments: The decline in imports signals China’s strategic shift toward economic self-sufficiency, with reductions in grain, iron ore, and crude oil purchases potentially reflecting inventory adjustments rather than an immediate economic downturn. However, the slowdown in export growth suggests that U.S. tariff escalations are already disrupting China’s manufacturing and trade sectors. The renewed trade war under Trump’s second administration will likely exacerbate global supply chain instability, with China prioritizing domestic consumption and alternative trade routes to mitigate external pressures.
FROM THE MEDIA: China’s trade surplus reached $170.52 billion, underscoring the imbalance between falling imports and modest export growth. The U.S. has intensified trade restrictions, citing China’s insufficient action on fentanyl trafficking as a key justification for tariffs. Meanwhile, China’s manufacturing activity expanded in February, following a January contraction due to the Lunar New Year holiday. South Korea’s exports to China fell by 1.4%, indicating broader regional trade disruptions. With China’s leadership emphasizing domestic consumption as a priority for 2025, further economic policy shifts are expected to counteract trade pressures and strengthen internal market stability.
READ THE STORY: Reuters
Items of interest
DOJ Appeals Court Ruling Against Warrantless Cell Tower Data Collection
Bottom Line Up Front (BLUF): The U.S. Department of Justice (DOJ) announced plans to appeal a February 21 ruling by U.S. Magistrate Judge Andrew Harris, which found that law enforcement’s use of cell tower dumps—bulk data collection from cell towers—violates the Fourth Amendment. The ruling, which blocked FBI access to records from nine cell towers in a gang-related investigation, could have nationwide implications for digital privacy and law enforcement surveillance tactics. The DOJ has until March 21 to file its appeal.
Analyst Comments: This ruling marks a significant shift in judicial oversight of mass digital surveillance, reinforcing privacy rights against warrantless data collection. If upheld, it could restrict law enforcement’s ability to use tower dumps—a widely used investigative technique—without specific probable cause. The decision follows a similar 2024 ruling against geofence warrants, which allow the mass collection of location data from mobile devices. The DOJ's appeal suggests a potential Supreme Court battle over the constitutionality of bulk cell data collection, with significant consequences for digital privacy laws in the U.S.
FROM THE MEDIA: Judge Andrew Harris ruled that cell tower dumps qualify as searches under the Fourth Amendment, requiring probable cause for each individual affected. His decision blocked an FBI request to access cellular records from nine towers as part of a criminal probe. Harris compared the request to searching an entire haystack for a single needle, calling it overly broad and unconstitutional. The ruling follows a 2024 federal appeals court decision against geofence warrants, which similarly allow bulk location tracking. The DOJ has sought an extension to prepare its appeal, calling the case a “novel legal issue” with far-reaching implications for law enforcement.
READ THE STORY: The Record
Cops Need A Warrant To Search Your Cell Phone’s Location History, Supreme Court Rules (Video)
FROM THE MEDIA: The Supreme Court just ruled that cops need a search warrant to get information about where people have been from their cell phones.
Warrantless Cell Phone Tracking (Video)
FROM THE MEDIA: A federal appeals court on Wednesday said the authorities do not need a probable-cause warrant to track a suspect's every move via GPS signals from a suspect's mobile phone. The 6th U.S. Circuit Court of Appeals, ruling 2-1, upheld a 20-year term for a drug courier nabbed with 1,100 pounds of marijuana in a motorhome camper the authorities tracked via his mobile phone pinging cell towers from Arizona to a Texas truck stop. The decision, a big boost for the government's surveillance powers, comes as prosecutors are shifting their focus to warrantless cell-tower location tracking of suspects in the wake of a Supreme Court ruling in January sharply limiting the use of GPS vehicle trackers. The Supreme Court found law enforcement should acquire probable-cause warrants from judges to affix GPS devices to vehicles and monitor their every move...".* Ana Kasparian and Cenk Uygur discuss on The Young Turks
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.