Protesters opposing ICE's mass deportation operations are increasingly turning to data leaks and homegrown surveillance tools.

Why it matters: The latest wave of U.S.-based hacktivism — where hackers launch attacks to make a political statement, rather than to make money or steal state secrets — reflects a more strategic, cohesive embrace of digital tools.

Driving the news: Someone leaked a trove of sensitive information about approximately 4,500 ICE and Border Patrol employees, including 2,000 frontline enforcement agents, to the site ICE List last week.

• The trove appears to be the largest known breach of Department of Homeland Security staff data. It follows the killing of Renee Good in Minneapolis.
• "It is a sign that people aren't happy within the U.S. government, clearly," ICE List founder Dominick Skinner told the Daily Beast.
• Homeland Security Secretary Kristi Noem and other officials have condemned the "doxing" of agents and threatened to prosecute offenders.

The big picture: This form of strategic hacktivism has been more common overseas in recent years, particularly during uprisings, invasions and geopolitical conflicts.

• Think of hackers taking sides in the war in Gaza, or Ukraine mobilizing local hackers at the start of Russia's invasion.

The intrigue: Sensitive data and surveillance have become central to the battle between ICE and those protesting its operations.

• DHS directed much of its $75 billion cash infusion from President Trump's One Big Beautiful Bill Act toward new surveillance contracts, including those with Israeli spyware vendors and Palantir to track potential targets for deportation.
• U.S. activists have increasingly weaponized leaked data and built counter-surveillance tools since 2020, when the Black Lives Matter protest hit a fever pitch, Cooper Quintin, security researcher and senior public interest technologist at the Electronic Frontier Foundation, told Axios.

Zoom in: Hackers and digital activists have targeted the wide array of surveillance tools ICE uses in its mass deportation efforts.

• Protesters have built tools to map Flock Safety cameras, flag Bluetooth signals from law enforcement surveillance devices, and report ICE raid locations.
• One YouTuber found a flaw in Flock cameras that allowed anyone to access the internal interface controlling the live surveillance feed.
• The Com, a loose-knit hacker community behind a wave of major data breaches, leaked the personal information of hundreds of DHS and ICE officials in October.

Flashback: These efforts are far more controlled, strategic and quiet than the U.S. is used to seeing from hacktivists, Quintin noted.

• Anonymous, the hacking collective known for attacking major companies, governments and religious organizations, leaned on louder tactics — like boasting about its work on YouTube and Twitter — than today's digital protesters.

What to watch: The litigation threats to hackers and other activists chronicling ICE's actions online are very real.

• ICE has been pushing courts to give it "unlimited subpoena authority" to force social media companies to identify people running anonymous accounts tracking and monitoring the agency's work.
• Three women were indicted in September for allegedly following an ICE agent to their home, livestreaming the encounter, and posting the agent's home address on Instagram.

Jen Easterly, who led the nation's top cyber agency during the Biden administration, will now lead the RSAC Conference, one of the world's biggest gatherings of cyber professionals.

Why it matters: Easterly has gathered quite a following as a public speaker, startup adviser and cybersecurity intelligence official in her decades of service. That energy will breathe new life into the decades-old gathering.

What they're saying: "RSAC is not just a conference — it's the home of the global cybersecurity community," Easterly said in a statement.

• "We're at a pivotal moment where cybersecurity and AI have become inseparable, and the world needs a trusted platform to bring together the people, ideas, and technologies that will shape the next decade."

Between the lines: RSAC is best known for its weeklong conference in San Francisco. This year's is expected to attract more than 40,000 attendees, the group said Thursday.

• But RSAC, which spun out of the RSA company in 2022, also offers a year-round membership for cyber professionals and hosts several startup competitions.

What's next: Easterly will focus on expanding RSAC's international presence, strengthening membership and education initiatives, and driving programs around emerging issues such as AI security and secure software development during her tenure.

Yes, but: Some Trump administration officials are considering not attending this year's conference after Easterly's appointment, according to Nextgov.

• A spokesperson for RSAC did not respond to a request for comment.

China's reported move to freeze out U.S. and Israeli cybersecurity vendors may sound like a major escalation, but the economic punch is likely highly limited.

Why it matters: Beijing appears to be seeking some sort of economic leverage ahead of Trump's planned visit in April.

Driving the news: Reuters reported last week that Beijing has banned Chinese companies from buying products from 12 U.S. and Israeli cybersecurity firms due to national security concerns.

• The companies include Palo Alto Networks, CrowdStrike, Google Cloud's Mandiant, Wiz, SentinelOne, Rapid7, Check Point Technologies, Cato Networks and several others.

The big picture: The U.S. and China have employed similar technology bans to gain leverage before scheduled visits and negotiations, analysts at Raymond James noted last week. (Just look at Huawei and ZTE.)

By the numbers: Palo Alto Networks reported last quarter that business in the entire Asia-Pacific region made up 12% of its revenue.

• The region accounted for 19% of revenue for Fortinet and 13% for Israel-based Check Point, according to an analyst note from Raymond James.

Yes, but: CrowdStrike, SentinelOne and Recorded Future each told SecurityWeek that they do not do business in China.

• Check Point also told SecurityWeek that the company hadn't "received any government notification nor are we aware of any restriction on our operations in China."

Reality check: Not all companies replied to requests for comment, and many don't break out their revenues by region in publicly available SEC filings.

A Tennessee-based man pleaded guilty Friday to hacking the U.S. Supreme Court, AmeriCorps and the Department of Veterans Affairs.

Why it matters: Breaking into any of those systems is unprecedented and leaves sensitive court documents and personal information exposed.

Driving the news: Nicholas Moore, a 24-year-old man who lives with his parents in Springfield, Tennessee, pleaded guilty to a Class A misdemeanor as part of a plea deal Friday.

• Moore pleaded guilty remotely given he "does not have a car, does not drive and does not work because of mental health disabilities that have debilitated him since his childhood," according to a court document filed last week.

Zoom in: According to court documents, Moore accessed the Supreme Court's electronic filing system without permission between Aug. 29 and Oct. 22, 2023, using stolen credentials on 25 different days.

• On July 29, 2023, Moore posted screenshots from the homepage of the Supreme Court's filing system to an Instagram account he ran called @ihackedthegovernment.
• Moore then used another set of stolen credentials to break into AmeriCorps' servers between Aug. 17 and Oct. 13, 2023, according to the documents, and posted screenshots from that breach to the same Instagram account.
• He also stole login credentials from a U.S. Marine veteran to log into the health portal for the Department of Veterans Affairs on five different days between Sept. 14 and Oct. 14, 2023 — and Moore disclosed that person's health information in screenshots on social media.

The intrigue: In the Supreme Court hack, Moore obtained not only an authorized user's name and email address but also their date of birth, home address and private answers to three security questions to gain access to the system, per the document.

The big picture: Relying on basic password security is no longer enough to keep hackers out of the most sensitive government systems.

What's next: Moore faces up to a year in prison and a fine of up to $100,000. His sentencing hearing will take place April 17.

@ D.C.

🏛️ Trump has renominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency. (CyberScoop)

👀 The acting head of CISA attempted to oust the agency's current chief information officer despite objections from other political appointees. (Politico)

🪖 Army Lt. Gen. Joshua Rudd, Trump's pick to lead the NSA and Cyber Command, defended his record and lack of specific cyber expertise during his confirmation hearing. (The Record)

@ Industry

🤔 Home Depot investors are pushing the company to review its partnership with Flock Safety, the controversial surveillance firm, and how its data is being shared with law enforcement amid ongoing ICE raids. (Reuters)

💰 Novee, an AI penetration-testing startup, emerged from stealth with $51.5 million in funding. (Axios Pro)

🤖 CEOs and CISOs are split on how much AI will actually help their companies' cybersecurity postures, according to a recent survey. (CNBC)

@ Hackers and hacks

⚠️ Researchers uncovered a set of vulnerabilities in several Bluetooth headphone brands that would allow people within 50 feet of the devices to hijack the controls. (Wired)

🛢️ A month after a cyberattack on its networks, Venezuela's state-owned oil company is running day-to-day operations via phone calls, handwritten reports and WhatsApp messages. (Bloomberg)

🎣 Hackers linked to China targeted U.S. government and policy-related officials with phishing lures about Venezuela in the days after the operation that captured Venezuelan leader Nicolas Maduro. (Reuters)

🌞 🏠 This one is specifically for fans of Bravo's "Summer House." Please hit reply with your thoughts on the latest! I can't stop talking about it.