Today's Headlines:
- RSA Conference 2026 starts Monday. Nearly 44,000 cybersecurity professionals descend on San Francisco's Moscone Center. Theme: "Power of Community."
- DOJ officially blames Iran for Stryker attack. Four Handala domains seized. The group already launched new sites and is defiant.
- Speaker Johnson scrambling for FISA 702 votes. Tom Cotton pushing clean 18-month extension. Reform bill still alive.
- Retail Merchandising Services breach. 16,114 people exposed including SSNs and bank routing numbers.
- Section 702 FISA: 30 days to sunset.
RSA Conference 2026: The Surveillance Industry's Biggest Week
The world's largest cybersecurity conference kicks off Monday at San Francisco's Moscone Center. Over 44,000 attendees, 700+ vendors, and 600+ exhibitors will spend four days (March 23-26) discussing "the latest in cybersecurity trends, challenges, and solutions."
Translation: the surveillance-industrial complex's annual trade show. The same companies that build the backdoors will sell you locks for the doors. The same governments that hack your phone will talk about "protecting critical infrastructure."
This year's theme—"Power of Community"—lands differently when that community includes intelligence agencies, defense contractors, and data brokers all networking over cocktails. We'll be monitoring announcements closely. The products unveiled here end up in police departments and corporate IT systems within months.
What to watch: AI-powered surveillance tools, endpoint detection that phones home, and "zero trust" products that require trusting their vendors completely.
FISA 702: 30 Days and Counting
Section 702 of the Foreign Intelligence Surveillance Act sunsets at midnight on April 20. We're down to 30 days, and Congress still can't agree on what to do.
Here's the state of play:
- Cotton's clean extension: Senate Intelligence Committee Chair Tom Cotton (R-UT) wants a simple 18-month reauthorization with zero reforms. No warrant requirement. No data broker ban. Just "keep it going."
- The reform bill: The bipartisan Government Surveillance Reform Act from Wyden, Lee, Lofgren, and Davidson would require warrants to search Americans' communications collected under 702 and ban the government from buying your data from brokers. Last time, a warrant requirement lost by a single vote—212-212 in the House.
- Johnson's problem: Speaker Mike Johnson is trying to corral enough Republican votes for passage, but the dynamic has shifted. ICE has been using 702 data for immigration raids, turning this from an abstract intelligence debate into a live political fight.
The Washington Times reported yesterday that Johnson is "under the gun" to get this done. A classified hearing in February apparently "erupted in frustration" when intelligence officials refused to say whether the Trump administration even wants Congress to renew 702. Nobody knows what the White House actually wants, which makes whipping votes nearly impossible.
DOJ Makes It Official: Iran Ran Handala
The Justice Department announced Thursday the seizure of four domains used by Iranian hackers: Justicehomeland.org, Handala-Hack.to, Karmabelow80.org, and Handala-Redwanted.to.
More importantly: DOJ formally attributed these operations to Iran's Ministry of Intelligence and Security (MOIS). Not "suspected Iranian hackers." Not "threat actors with ties to Iran." The U.S. government is now on record saying MOIS runs Handala.
What Handala did, according to DOJ:
- Claimed credit for the March 2026 Stryker cyberattack that wiped 200,000+ devices
- On March 6, claimed theft of 851GB from the Sanzer Hasidic Jewish community
- Used the email [email protected] to send death threats to Iranian dissidents and journalists in the U.S.
- Posted stolen data and called for killings of journalists and Israeli citizens
Handala's response? Within hours of the seizures, they launched new domains and posted on Telegram: "We are more than only a website and series of internet domains... this is nothing more than the latest desperate attempts by the United States and its allies to silence the voice of Handala."
They're not wrong that domain seizures are whack-a-mole. But the formal MOIS attribution matters. It could trigger sanctions, enable cyber operations in response, and changes how allies coordinate.
Retail Merchandising Services: Another Day, Another SSN Breach
Retail Merchandising Services Inc., a national merchandising company based in Brooklyn Park, Minnesota, disclosed a breach affecting 16,114 people. The exposed data includes names, dates of birth, Social Security numbers, and bank account/routing numbers—everything needed for identity theft.
Timeline:
- November 24, 2025 - January 7, 2026: Attackers had intermittent access to an email account
- January 2026: RMS detected "unusual activity"
- February 25, 2026: Investigation confirmed the breach
- March 16, 2026: Company finally notified victims
That's almost four months from breach start to notification. RMS is offering 12 months of credit monitoring through Cyberscout, and you have 90 days to enroll. If you worked with RMS or received notification, don't wait.
Action items: Freeze your credit at all three bureaus (Equifax, Experian, TransUnion). It takes 10 minutes and costs nothing. Don't rely on monitoring—it only tells you after someone's already stolen your identity.
Federal Car Surveillance Coming in 2027 (But There's a Catch)
The 2021 Infrastructure Investment and Jobs Act mandated that all new cars must include "impaired driving prevention technology" by late 2027. The tech involves infrared cameras on steering columns tracking your eye movement, pupil dilation, and drowsiness. If the AI decides you're impaired, it can prevent ignition startup or limit your speed.
Here's the catch: NHTSA says the tech isn't ready. According to Carscoops, regulators reviewed breath sensors, touch-based alcohol detectors, camera-based monitoring systems, and behavior-tracking software. None of them meets the legal requirement for a system that works "passively, accurately, and without requiring driver input."
The current error rate is "unacceptably high." Officials aren't aware of any system achieving the required 99.9% accuracy.
So the mandate exists on paper, but enforcement keeps slipping. The question: when the tech finally works, who gets access to that data? Your insurance company would love to know if you're a drowsy driver. Police would love real-time alerts. And the car manufacturers are already selling your location data to whoever pays.
Hacker News is having a field day with this one. Privacy implications are "huge" when your car's AI can decide you're too tired to drive and lock you out.
What We're Watching
- April 6: Meta's deadline to respond to Senate questions about facial recognition in smart glasses
- April 20: Section 702 FISA sunset date
- Next week: RSA Conference vendor announcements—expect AI surveillance tools marketed as "security solutions"
- Ongoing: Freedom of the Press Foundation's lawsuit seeking documents on the Trump administration's centralized surveillance database plans
References
- RSA Conference 2026
- Speaker Mike Johnson under the gun to pass FISA renewal - Washington Times
- Justice Department Disrupts Iranian Cyber Enabled Psychological Operations - DOJ
- Iran-linked Handala responds with defiance after US seizure - The National
- US accuses Iran's government of operating Handala - TechCrunch
- Retail Merchandising Services Data Breach Notice - Vermont AG
- Federally Mandated Driver Surveillance Tech Faces Delay - Carscoops
- Section 702 FISA 2026 Resource Page - Brennan Center