TL;DR:

  • Senator Wyden sent a cryptic letter to CIA Director Ratcliffe expressing "deep concerns about CIA activities", and his track record on these warnings is essentially perfect
  • Conduent's govtech breach now affects 25+ million Americans: up from 4 million initially reported, with Social Security numbers, medical data, and financial records stolen across multiple states
  • Two cybersecurity professionals pleaded guilty to running BlackCat ransomware: a Sygnia incident responder and a DigitalMint ransomware negotiator were moonlighting as the criminals they were paid to fight
  • Boston Mayor Wu ordered the release of ICE surveillance footage and banned ICE from all city property, with five other Greater Boston cities following suit
  • FISA Section 702 expires in 69 days, and neither party can agree on whether the government should need a warrant to search Americans' communications

The "Wyden Siren" Just Fired Again, and It's Never Been Wrong

When Senator Ron Wyden sends a cryptic letter about classified government misconduct, pay attention. He's never been wrong.

On February 4, the longest-serving member of the Senate Intelligence Committee sent a two-line public letter to CIA Director John Ratcliffe. The message: "I write to alert you to a classified letter I sent you earlier today, in which I express deep concerns about CIA activities."

That's it. Two lines. No details. And that's exactly why it matters.

Wyden has security clearance to know things the rest of us don't. He's also barred from telling us what he knows. So he does this instead, fires a flare and waits for the truth to catch up. When HuffPost pressed him for details, he said: "the reason I sent the public letter is that is all that I'm allowed to say publicly, and I'm gonna leave it at that."

His track record: In 2011, he cryptically warned about the PATRIOT Act's secret reinterpretation. Edward Snowden proved him right two years later. He flagged a withheld 2015 DOJ legal opinion on cybersecurity. He warned about Section 702 surveillance abuses. He alerted the public to ICE's bulk financial subpoenas targeting millions of Americans' records. Every single time, the full story eventually came out, and every time it was bad.

Tech journalist Mike Masnick at Techdirt called it "The Wyden Siren" and noted the pattern has "never been wrong." Whatever the CIA is doing right now that Wyden can't talk about, history says we'll find out eventually. And we won't like it.

Sources: Sen. Wyden Press Release, Common Dreams, Techdirt

Conduent Breach Balloons to 25 Million. Half of Texas Alone

Remember when Conduent said their breach affected 4 million people? They lied. Or at least they were very, very wrong.

The government technology contractor, which processes Medicaid claims, tolling systems, and benefit programs for state governments across the country, now admits the January 2025 ransomware attack compromised at least 25 million Americans. In Texas alone, 15.4 million people were hit. That's roughly half the state's population.

Oregon's attorney general confirmed another 10.5 million affected residents. Delaware, Massachusetts, New Hampshire, and other states are still tallying their numbers. The stolen data includes names, Social Security numbers, dates of birth, medical information, and financial records.

The breach timeline is damning. Conduent initially reported a "limited security event." Then revised up to 4 million. Then 15 million in Texas. Then 25+ million total. They're still counting.

This is what happens when a single company becomes the digital backbone for state government services across the country. One breach, and half of Texas has their Social Security numbers in criminal hands. We covered the initial scope last week. It keeps getting worse.

Sources: HIPAA Journal, WebProNews, Startup News

The Ransomware Fighters Who Were Running the Ransomware

You can't make this up. Two cybersecurity professionals, people companies hired specifically to fight ransomware, just pleaded guilty to running BlackCat ransomware attacks.

Ryan Goldberg, 40, worked as an incident response manager at Sygnia, a cybersecurity firm. Kevin Martin, 36, worked as a ransomware negotiator at DigitalMint. By day, they helped companies recover from attacks. By night, they were the attackers.

The pair operated as BlackCat/ALPHV affiliates, paying 20% of their ransom earnings to the ransomware operation's administrators. They successfully extorted $1.2 million in Bitcoin from a Florida medical company. They also targeted a Maryland pharmaceutical firm, a California doctor's office, a Virginia drone company, and a California engineering firm, though those four attacks failed.

Assistant Attorney General Tysen Duva nailed the irony: the defendants "used their sophisticated cybersecurity training and experience to commit ransomware attacks, the very type of crime that they should have been working to stop."

Both face up to 20 years in prison. Sentencing is March 12. A third co-conspirator hasn't been publicly identified.

BlackCat targeted more than 1,000 organizations between November 2021 and December 2023 before law enforcement disrupted the operation. The group's affiliates ranged from overseas hackers to, apparently, American cybersecurity professionals with day jobs at reputable firms.

Sources: DOJ Press Release, The Record, CSO Online

Boston Mayor Orders Release of ICE Surveillance Footage

Boston Mayor Michelle Wu signed an executive order on February 5 banning ICE agents from detaining people on city property and ordering the public release of surveillance and body camera footage showing federal agent conduct.

The order specifically directs city departments to release footage of "violence or property damage by federal agents." Wu accused the federal government of "hiding behind masks" during enforcement operations and called ICE's actions in the city "unconstitutional."

She wasn't alone. Leaders from six Greater Boston cities. Boston, Cambridge, Somerville, Lynn, Newton, and Chelsea, moved together to ban ICE from using municipal property for immigration enforcement. It's the most coordinated local resistance to federal surveillance operations we've seen this month.

The executive order is a direct response to ICE raids that have triggered multiple lawsuits nationwide. While DHS Secretary Noem announced ICE body cameras just last week, she hasn't published any policy on who gets to see the footage. Wu is trying to answer that question from the other direction: the city will release what it has, and let the public judge.

Sources: Boston Globe, WBUR, WCVB

FISA 702: 69 Days and Counting

Section 702 expires April 19. Neither side has the votes to renew it cleanly, and neither side wants to let it die.

The warrant requirement for searching Americans' data lost by a single vote (212-212) in the House last time. This round, the politics are even messier. Senator Dick Durbin pointed to warrantless raids in Chicago and Minneapolis as proof the Fourth Amendment issue is no longer theoretical. The ACLU warned that reauthorizing without reforms "would double down on systemic abuses."

Even DNI Director Tulsi Gabbard said during her confirmation that warrants "should generally be required." But the administration hasn't actually pushed for that reform, and the intelligence community hasn't taken a public position on reauthorization.

Meanwhile, Wyden's CIA letter adds another shadow over the debate. Hard to argue for unchecked surveillance powers when the senator with the highest clearance is publicly sounding alarms about secret intelligence activities.

We're tracking this fight closely. Read our full breakdown and latest analysis.

Sources: Nextgov/FCW, EPIC

Iron Mountain Says Everest Breach Was Just Marketing Files. Maybe.

The Everest ransomware gang claimed to have stolen 1.4 terabytes from Iron Mountain, one of the world's largest information management companies. Iron Mountain says it's not that bad.

According to the company's February statement, a single compromised credential gave the attackers access to a specific folder on a third-party file-sharing site. Iron Mountain says the folder contained marketing materials, not customer data, and that no ransomware was actually deployed on their systems.

Everest's screenshots show directory names related to marketing materials, research documents, and what appear to be client folders. The group set a February 11 extortion deadline.

Iron Mountain manages records storage and information management for thousands of companies, including Fortune 500 firms. If the breach really was limited to a marketing folder on a third-party platform, it's a bullet dodged. If Everest has more than they've shown, and ransomware gangs often hold back their best cards, it could be a much bigger story by midweek.

Sources: Iron Mountain Statement, SC Media, Cybernews

Milwaukee Makes It Official: Facial Recognition Is Banned

The community won. On February 6, Milwaukee Police Chief Jeffrey Norman issued an immediate ban on all facial recognition technology for the department.

The decision came after a five-hour Fire and Police Commission hearing where dozens of residents showed up to demand answers about the proposed Biometrica deal: the one where MPD would trade 2.5 million mugshots for "free" face-matching software. The deal is dead.

Chief Norman said maintaining public trust was more valuable than the technology's investigative benefits. The police union is already pushing back. The ACLU of Wisconsin wants the ban codified in writing, not just a verbal commitment.

We published the full story yesterday. It's one of the rare wins in surveillance pushback, proof that showing up at public meetings still works.

What to Watch

  • Iron Mountain deadline: Everest's extortion deadline is February 11. If the gang publishes data beyond marketing materials, Iron Mountain's "limited impact" story falls apart.
  • FISA 702 countdown: 69 days until the surveillance authority expires. Hearings should accelerate this month.
  • Wyden's CIA warning: Whatever he knows, the public version usually takes months to years to emerge. But it always does.
  • Conduent notifications: More states are expected to disclose affected populations. The 25 million number is probably still not final.
  • BlackCat sentencing: Goldberg and Martin face sentencing March 12. The unnamed third co-conspirator is still out there.

References

  1. Sen. Wyden - Deep Concerns About CIA Activities
  2. Common Dreams - Wyden Siren Sounds Anew
  3. Techdirt - The Wyden Siren
  4. HIPAA Journal - Conduent Breach 25M+ Victims
  5. WebProNews - Inside the Conduent Breach
  6. DOJ - BlackCat/ALPHV Guilty Pleas
  7. The Record - Ransomware Responders Guilty
  8. Boston Globe - Wu ICE Executive Order
  9. WBUR - Boston ICE Order
  10. Nextgov/FCW - FISA 702 Debate
  11. Iron Mountain - Cybersecurity Statement
  12. SC Media - Iron Mountain Limited Impact
  13. FOX6 - Milwaukee FRT Ban