A federal grand jury in the Southern District of New York handed up an indictment on September 4, 2024, charging two employees of the Russian state broadcaster RT with routing close to $10 million, by way of offshore shell companies, to a Tennessee outfit called Tenet Media. Tenet in turn paid a roster of American conservative commentators (Tim Pool, Dave Rubin, Benny Johnson, and others) to make videos for YouTube and X. One contract called for four weekly videos in exchange for $400,000 per month, plus a $100,000 signing bonus. Of the roughly 2,000 videos the company posted, not one disclosed a Russian connection. Its founders, the indictment alleges, assured each other in private that their “investors” were “the Russians,” even while telling everyone else the money came from a European financier who did not exist, one Eduard Grigoriann.

The case landed only because RT sat at the top of the chain, and the Foreign Agents Registration Act was written precisely to expose anyone working in this country for a foreign principal. Swap RT for an American billionaire who pushes the same money through the same shells and hides his hand from the commentators and their audiences in just the same way, and nothing happens. No statute is available. FARA falls away the instant the principal is domestic. The Federal Election Commission has twice studied the adjacent problem and twice walked away from it. By 2025, the very agencies that might have closed the gap by rule had been pared back or left unable to function.

Hidden foreign money is a felony; identical hidden domestic money is perfectly lawful. The distinction shapes the whole modern business of paid persuasion. Its domestic half is almost certainly the larger one, and the one no law on the books seems to reliably touch.

At the FEC, the relevant verb has been to decline. Its December 2023 “Technological Modernization” rulemaking refused to require disclaimers on paid political content that operators place on influencers’ own social media accounts. An influencer posting to her own feed, the majority reasoned, resembles a celebrity volunteering an endorsement to a fan base more than she resembles “paid advertising,” even though, as the two Democratic commissioners noted in a separate statement, the campaign cuts her a check the same way it cuts one to a staffer. Ellen Weintraub and Shana Broussard called the result a missed “golden opportunity” to write rules that would reach “behind-the-scenes payments to social media influencers.” Payments of that kind, the majority concluded, fall outside the statutory category of a regulated “public communication.”

None of this is an aberration. When the Commission updated its internet-disclaimer rules in 2022, three commissioners attached statements to an otherwise bipartisan order to make a point of preserving the old “small items” and “impracticability” carve-outs for the online world. Chairman Allen Dickerson and Commissioner Trey Trainor cast those exemptions as backstops suited to a medium where the favored advertising platforms turn over from one election to the next; Commissioner Sean Cooksey, concurring, called those exceptions “critical to maintaining regulatory flexibility for political campaigning online.” Add the two rulemakings together and a good deal of small paid online advertising carries no disclaimer obligation whatsoever, while the practical disclosure floor for paid influencer posts on personal accounts hovers near zero.

In hindsight those two refusals stand as the last fully functioning decisions the Commission would make. It lost its policymaking quorum on the first of May 2025, and by October only two of six seats were filled, short of the four votes the law requires before it can open a case, issue a rule, or hold a hearing. One of the empty chairs belonged to Weintraub, the Democratic chair whom the President had purported to fire by letter in January 2025 and whose seat he has left vacant since. A 2025 petition from the Campaign Legal Center, asking the Commission to do the one thing at issue here and require disclaimers on paid influencer content, now sits with no one able to grant or deny it. The two nominees the President finally sent to the Senate in February 2026, Ashley Stow and Andrew Woodson, are both Republicans, slotted into the two Republican vacancies; he advanced neither the Democrat that congressional leaders had recommended nor anyone for Weintraub’s seat. Their confirmation would restore a bare quorum, though a working Commission would only find itself back at a definitional question it has answered twice already, both times against disclosure.

In the space between that indictment and the Commission’s current silence lies the largest unpoliced channel of paid political persuasion in American life. Tenet was catchable because of the foreign state sitting at the top of it; FARA exists to reach agents who serve a foreign principal. Strip the foreign principal out and you are left with the wider phenomenon, the domestic operator who buys the look of independent civic speech, and that phenomenon has no apparent home in any existing regime. FARA cannot touch a purely domestic principal. The FEC, having begged off twice, now lacks the votes to do anything at all. The Federal Trade Commission polices commercial endorsements, not candidate advocacy or issue speech. Wire- and mail-fraud statutes demand a scheme to obtain money or property, an element covert influence rarely supplies. Campaign-finance disclosure fastens onto committees and expenditures rather than onto the paid speaker who dresses an expenditure up as personal conviction.

A narrow federal crime could fill the gap, though not the crime people usually reach for. Outlaw “disinformation” and you build the very machinery for adjudicating truth that the First Amendment shuts down; conscript the platforms to police contested speech, and you make the problem worse. Missing from the toolkit is a statute aimed at deception about who is paying, one that reaches covert paid influence in a handful of high-stakes settings when it travels alongside knowing or reckless falsehoods of fact. A law like that has to clear serious First Amendment review, steer wide of both the dragnet and the censor’s office, and fit without friction against Section 230, FARA, and the campaign-finance statutes. The constraints are real. Not one of them is fatal.

The gap itself is well charted, and nearly every map ends at the same destination: disclosure. The Brennan Center and the Campaign Legal Center have pressed the FEC to make campaigns label the influencers they pay; the Harvard Law Review has worked out how a disclaimer rule might reach sockpuppets and boosted posts; bills from the Honest Ads Act to the REAL Political Advertisements Act would widen online-ad transparency; and states from Texas to California have written influencer-disclaimer laws of their own. Alicia Wanless has shown how thoroughly the influence industry is built for deniability while FARA’s penalties barely sting. The reflex everywhere is to compel a label rather than write a crime, and the leading election-law scholarship, Richard Hasen’s included, is right to be wary of any freestanding offense of disinformation.

Where a criminal idea does surface, it chases a different lie. The Deceptive Practices and Voter Intimidation Prevention Act would punish a materially false claim about an endorsement, but only when it is deployed to keep someone from voting, and the recent run of state deepfake statutes reaches deception about what a candidate appears to have said or done. Neither touches the deception at issue here, which is not about the ballot or the medium, but about who is paying.

That opening is the one the statute I propose here is built to fill. It leaves disclosure to handle the ordinary case and, above it, adds a narrow criminal layer for the operator who hides his paymaster and lies on the paymaster’s behalf when the stakes run highest.

Where FARA Stops

Congress passed FARA in 1938 to drag Nazi propaganda, then moving through American front men, into the open, and the law works by forcing attribution. Anyone operating inside the United States on behalf of a foreign principal, whether by lobbying, running public relations, or pushing out informational material, must register and lay bare the relationship, the work performed, and the money behind it. FARA assumes, reasonably enough, that a listener deserves to know when a voice that sounds homegrown is really carrying water for a foreign government, a party, or some other foreign principal.

For decades the statute mostly slept. The Mueller investigation woke it, and a run of criminal cases followed through the back half of the 2010s and into the 2020s, among them the superseding indictment of Senator Robert Menendez in October 2023, the prosecution of Linda Sun in September 2024, and Tenet. In the Biden administration’s closing weeks the Justice Department pressed the advantage, issuing a Notice of Proposed Rulemaking on January 2, 2025, the first real rewrite of the FARA regulations in close to twenty years, which set out to shrink the “commercial” exemption, rework the labeling rules for “informational materials” so they fit a world of social-media distribution, and widen the statute’s reach considerably.

The new administration changed course within weeks, though not by killing the rule outright. The January NPRM was expressly spared from the automatic-withdrawal sweep of Inauguration Day’s regulatory freeze, and when the Department scrapped dozens of pending rulemakings in a September 2025 deregulatory purge, it pointedly left the FARA rule off the list. It had survived the purge only to be left for dead. The Department posted the public comments, said nothing further, and let the rule sit in limbo. Around it, the enforcement posture shifted hard. In February 2025 Attorney General Pam Bondi circulated a memorandum steering the FARA Unit toward “civil enforcement, regulatory initiatives, and public guidance” and narrowing criminal cases to conduct resembling traditional espionage by foreign-government actors, all of which represented a pronounced step back from the prosecutions of the preceding years. The FBI’s Foreign Influence Task Force, stood up in 2017 to chase precisely the species of operation Tenet turned out to be, was disbanded. For the foreign-operation cases it had been built around, a statute eight years in the rebuilding was, almost overnight, sheathed.

Sheathed, but not for long, and not for everyone. On September 25, 2025, the President issued a National Security Presidential Memorandum titled “Countering Domestic Terrorism and Organized Political Violence,” NSPM-7, that switched FARA back on and aimed it somewhere new. The memo directs investigations under FARA of non-governmental organizations and American citizens with close ties to foreign governments, agents, foundations, or influence networks, and it landed the same day the Department announced a FARA-flavored inquiry into the Open Society Foundations. The redirection cut straight against Bondi’s own limiting instruction. The cases the FARA Unit had been told to drop were the foreign-operation prosecutions; the cases now urged on it run toward domestic nonprofits and the President’s political opponents. Inside a single year the same statute was narrowed against the next Tenet and pointed at the administration’s adversaries. The enforcement power has been redirected toward whichever targets the party in power prefers.

The PAID OFF Act, which would void the trade and Lobbying Disclosure Act exemptions whenever the foreign principal is a government formally designated an adversary, remains a bill and not a law. And the limits that matter most are older than any of this churn; they sit in the architecture of the statute itself. FARA needs a foreign principal to bite. It compels registration and disclosure, backed by civil and criminal penalties for staying quiet, but does not forbid covert paid influence as such. Hand the Tenet fact pattern to a domestic backer, and FARA simply has nothing to say — and no other federal law steps in to demand disclosure. The 2023 FEC ruling drives it further. Dress the same money up as express electoral advocacy and, so long as the influencer posts from her own account rather than paying for placement, no disclaimer is owed.

Tenet also shows how little reaching a foreign operation can amount to. The indictment charged two RT employees who sit in Moscow and will never stand trial here, and it charged no one in the U.S. — not the commentators the government calls victims, and not the company that paid them. That asymmetry is the model. Foreign operations hire domestic talent precisely so the visible speakers are Americans, insulated from the foreign principal and often kept ignorant of it, which is the configuration FARA handles worst. Criminal FARA has to prove the speaker knew he was acting for a foreign principal, and a deceived front man or a walled-off cutout defeats that proof; the foreign string-puller is reachable in theory while the domestic hands doing the actual talking almost never are. An offense that turns on the hidden paymaster rather than on his nationality reaches the witting domestic middleman missed by FARA: the organizer who knows there is concealed money behind the message and buries it, whether that money is foreign or domestic. It leaves the genuine dupe alone, which is the one place FARA and this proposed statute already agree.

No account of why FARA exists can justify drawing the line at the water’s edge. Our stake in knowing who is paying to move American opinion does not shrink because the payer banks in Delaware instead of a foreign bank.

The Supreme Court recognized exactly this stake in Citizens United v. FEC. Striking down limits on independent expenditures, it nonetheless kept disclosure intact, reasoning that “transparency enables the electorate to make informed decisions and give proper weight to different speakers and messages.” Disclosure has the Court’s blessing. The statutes and agencies meant to carry it out have not kept pace with the way persuasion now travels online, and in the last year several of them have actively run the other way.

Clearing the First Amendment

United States v. Alvarez sets the outer wall, and a proposal like this one has to reckon with more than that wall. The Alvarez plurality voided the Stolen Valor Act because falsity, standing alone, enjoys constitutional protection, and because punishing it in the abstract hands government a power the First Amendment denies it. Justice Breyer, concurring on narrower ground and supplying the controlling rationale, got to the same place through intermediate scrutiny, finding the law too loosely drawn. Each opinion warned against statutes that turn prosecutors loose to pick which lies to punish with no limiting principle anchored to real harm.

A tougher precedent for any covert-influence statute is Susan B. Anthony List v. Driehaus. The 2014 ruling turned on standing, a unanimous Court holding that you can mount a pre-enforcement First Amendment challenge to a political-false-statement law once the prospect of enforcement grows imminent enough. Back before the lower court on remand, the Sixth Circuit threw out Ohio’s statute on the merits, and kindred laws elsewhere have met much the same end. Ohio did not run afoul of the Constitution by wanting to punish lies. It ran afoul by the machine it built to do the punishing, an elections commission authorized to rule on the truth of contested campaign claims through a process that spat out chilling probable-cause findings before the votes were cast and handed partisan complainants a cudgel. The Court’s quarrel was with the machinery, never with the aim.

Lamont v. Postmaster General belongs in the conversation as well, since critics reach for it whenever the government burdens the flow of speech from abroad. Lamont killed a federal statute that ordered the Postmaster General to hold incoming “communist political propaganda” and forward it only if the addressee asked in writing, and it announced a First Amendment right to receive information, propaganda included. None of that bears on what is proposed here. Lamont was about the state physically interrupting delivery to a willing reader. The offense proposed here restricts nothing on its way to an audience; it punishes concealed sponsorship joined to a knowing falsehood, both of which land on the sponsor and on the speaker who knows full well she is lying to her audience about where her words come from. Produce the speech and circulate it with the sponsorship disclosed, and the reader’s right to receive it stays perfectly intact. Even so, the statute ought to spell out a recipient-side safe harbor putting beyond doubt that no liability runs to the audience, a belt-and-suspenders matter of drafting rather than constitutional command.

Read together, those cases counsel discipline rather than surrender. Four features carry the weight.

First, the heart of the offense is covert paid agency rather than falsehood. A speaker is not on the hook for getting facts wrong; the wrongdoing is hiding that an undisclosed principal is paying for the words. Consider the decade’s loudest liar. Juries assessed well over a billion dollars against Alex Jones over the Sandy Hook falsehoods, and the statute would still leave him untouched, because he fronts for no hidden principal and conceals no paymaster; he sells supplements to the audience he deceives in plain sight. Defamation law reached him, which is what defamation law is for, and a statute that also caught Jones would have become the disinformation crime this one refuses to be. Ohio’s campaign-lies statute makes a poor cousin here. The nearer kin are FARA, the FTC’s endorsement rules, and a body of commercial-speech doctrine built on the premise that an audience has a right to know when it is being sold to. Zauderer v. Office of Disciplinary Counsel let the government compel factual disclosure in commercial speech under a forgiving rational-basis-plus standard. Outside the commercial context the review stiffens, as NIFLA v. Becerra and Americans for Prosperity Foundation v. Bonta show, yet each of those decisions involved forcing disclosure of ideological content or of who one associates with, a far cry from disclosing that a sponsor cut the check. From Button down to Bonta, the Court has held one line steady: compelled attribution passes muster when it serves a concrete governmental interest and is drawn narrowly enough to spare protected association. Sponsor disclosure on paid political speech meets that standard however one reads the cases. Free Speech Coalition v. Paxton, handed down in 2025, hints that the Court is recalibrating its scrutiny for content-based rules pegged to particular harms, though that holding sticks to sexual material and minors and travels no further into political speech.

Holder v. Humanitarian Law Project pulls more weight for this proposal than the precedents trotted out in most disinformation arguments. The Court there sustained a criminal statute against a First Amendment attack for one overriding reason, that the speech in question was coordinated with a designated foreign entity instead of offered up as independent advocacy. Chief Justice Roberts, writing for the majority, separated speech delivered on behalf of a foreign principal from speech a person makes on her own hook, and held that the coordination is what opens room for regulation independent advocacy would never permit. That split is the foundation FARA stands on, and it is why the foreign-principal half of today’s gap poses so little difficulty. It does the domestic half a favor too. The Court blessed the idea that paid coordination with a hidden principal is a different creature, constitutionally, from independent political speech, and nowhere does Holder hinge on the principal’s being foreign in any way that would block the same reasoning when a domestic principal hides his role just as thoroughly. So the proposal rests mainly on the transparency-and-attribution logic the Court has embraced from Buckley through the disclosure holding in Citizens United, the logic that does the heavy lifting, and consigns Holder’s compelling-interest framing to the foreign setting it was built for.

Second, the falsity element borrows directly from New York Times v. Sullivan and the cases after it. To count, a statement must be a verifiable assertion of fact made in knowing or reckless disregard of its falsity, leaving opinion, rhetoric, hyperbole, and the ordinary coloring of political talk safely outside. For sixty years the actual-malice standard has set the bar for defaming a public figure and has turned back First Amendment challenge after challenge. Dropping it in here saddles the government with the same exacting mens rea the Court insists on wherever the truth of political speech is what decides liability.

Third, the trigger is drawn tight. Liability reaches only communications tied to an election, to a foreign-interference operation, or to one of a short list of statutorily named public-health or public-safety emergencies, the settings in which hiding the sponsor matters most. Run-of-the-mill political commentary never comes near it. Take sponsorship and disclose it, and you have a complete defense. Pay openly and you commit no crime; nor does the speaker who was herself fooled about where her money came from, which, by the government’s own telling, is the situation most of the Tenet commentators were in.

Fourth, and this matters most, the case is made out of money and relationships, not out of what was said. Driehaus taught the lesson by counterexample, since Ohio’s regime collapsed the moment it let any complainant with a grievance set enforcement in motion by alleging a lie. Here a file cannot be opened because a clip went viral or read as inflammatory or cut against the party in power. It opens only on hard transactional facts, a payment, a contract, money threaded through shell companies, a false filing, an instruction from principal to speaker preserved in their correspondence. A bank ledger can start an investigation; a microphone cannot. The reach stops at cases where there really is a hidden principal, and prosecutors get no license to go fishing on the strength of speech alone.

None of which renders the law uncontroversial. A fresh federal crime sitting astride speech and election administration is going to draw lawsuits, and Eugene Volokh has made the sharpest case against it, arguing that compelling attribution in political speech warrants far more suspicion than compelling it in a commercial transaction, and that any regime of this sort invites selective enforcement against speakers the government dislikes. His is the objection worth taking most seriously, and the answer to it is built into the structure rather than talked around. Because an investigation can begin only from transactional evidence, prosecutors never get to open a case on the say-so of speech; because the gravamen is concealment of the sponsor, the government never has to prove what was true. An offense framed that narrowly parts ways with the political-false-statements laws the courts have invalidated. It parts ways, too, with the Stolen Valor Act that Alvarez rejected, a law that punished naked falsity with no nod to sponsorship, to deception about source, or to any concrete civic harm.

Section 230 and What Platforms Actually See

Section 230 of the Communications Decency Act shields interactive computer services from being treated as the publisher or speaker of information “provided by another information content provider.” Courts have construed that shield generously ever since the Fourth Circuit’s 1997 ruling in Zeran v. America Online, and the Supreme Court left it standing by implication when it disposed of Gonzalez v. Google on other grounds in 2023.

For the most part, this proposal lands outside Section 230 altogether. Its target is the speaker and the concealed sponsor, not the platform acting as a conduit for what users post. The one duty it would lay on platforms, holding onto business records for the paid-sponsorship transactions they broker or process themselves, attaches to the platform’s own behavior, not to anything a user uploaded. Courts have said again and again that obligations rooted in a platform’s first-party conduct fall outside Section 230 entirely. Doe v. Internet Brands shows how it goes. The Ninth Circuit let a failure-to-warn claim move forward because the duty grew out of what the platform itself knew, not out of user-generated content, and the same reasoning carries over to a record-preservation duty pinned to the advertising and sponsorship deals platforms already document.

A word about what platforms can actually see, because that is what dictates where a case like this gets built. Hardly any covert paid influence runs through a platform’s advertising API or its official creator-payout program. Money travels elsewhere, by wire and ACH, in invoices dressed up as consulting or licensing or production work, and increasingly in stablecoins and other cryptocurrency, often funneled through companies chartered in places where nobody has to say who owns them. The platform only ever sees the finished product, the video or the post or the livestream. The cash rarely shows up on screen.

Tenet illustrates the pattern almost too neatly. The $9.7 million did not show up tagged as a political ad buy. It traveled from RT through shell companies in Turkey, Mauritius, and the United Arab Emirates, landed in a Tennessee LLC’s account, and flowed back out to the commentators’ production firms, all of it papered over as routine commercial business, down to a bookkeeping entry, reproduced in the indictment, for the purchase of an iPhone. The hiding happened where the money was laid down, well below the layer where the content went up. By the time the clips surfaced on YouTube and X, the platforms could see nothing that set them apart from a thousand ordinary creator channels.

Two things follow for anyone serious about the problem.

The first concerns where the proof lives, and it is not in platform data. It lives in bank records, in corporate-registry filings, in the beneficial-ownership data FinCEN gathers under the Corporate Transparency Act, and in the back-and-forth between a hidden principal and the middleman who hires and pays the talent. Those records establish agency and concealment, and they are the very files the Justice Department already pulls in its money-laundering and FARA cases. Strip away the speech and a covert-influence prosecution is, mechanically, a financial-crime prosecution whose end product happens to be words. The second thing is a difficulty better admitted than glossed: shell layering, nominee owners, crypto rails, all of it exists to beat precisely this kind of tracing, and beneficial-ownership reporting has lately been cut back in scope and enforced unevenly besides. Promise that the paper trail is easy to follow and you will be promising more than the facts allow. Truer to say that a trail, when it can be traced at all, runs through ledgers and registries rather than through anything anyone said on camera.

All of which doubles as the reply to the fear that this statute would turn into a speech-surveillance tool. An enforcement model that starts from money cannot be set off by a post that goes viral or offends or annoys the powerful, for the plain reason that none of those is a financial record. Concealed money in motion is the predicate. Frame the crime that way and the speech enters the case only after the money has, never before.

An earlier draft of this proposal asked the big platforms to build a “paid sponsor” attribution feature that speakers and sponsors could use to satisfy their disclosure duties. That requirement has been struck from this version. Moody v. NetChoice holds that content moderation is itself expressive activity under the First Amendment, and the lead opinion sweeps widely enough that a clever litigant could recast a mandated design feature as compelled expression. Better to sidestep the whole fight. Liability under this statute falls on the speaker and the sponsor, and a sponsor bent on compliance has tools in hand already, plain-text disclosure in the post chief among them. Leaving the platform question open simply acknowledges that Moody remains unsettled, and keeps a speaker-sponsor statute from having to fight that doctrinal battle on its own.

Two more guardrails belong in the design. The statute cannot saddle platforms with a duty to guess at or enforce the sponsorship status of what users post; that road leads straight back into Section 230, and it would rebuild the content-adjudication regime the whole proposal exists to avoid. Neither should the statute set up anything resembling notice-and-takedown for political speech. Notice-and-takedown is a wholly different mechanism, its chilling effects exhaustively documented in the DMCA fights, and it grows more hazardous still once political speech is the subject. The platform’s job comes to this and no more: keep your own transaction records, and answer lawful process aimed at specific operations.

A demand drawn that narrowly lives comfortably inside Section 230 as the courts read it, and inside the compelled-disclosure case law of the First Amendment.

Building the Case Without Building a Dragnet

The gravest objection to any criminal law that brushes up against speech is that it will end up trained on opposition politicians, on dissidents, on journalists, on the groups that make up civil society. The worry is earned. Counterterrorism powers passed after September 11 were turned, again and again, to ends their authors had sworn off at enactment. FARA carries its own checkered history, including registration demands aimed in the 1960s at civil-rights activists whose so-called foreign principals were flimsy at best. A proposal worth taking seriously has to treat that danger as something to design against, not a debating point to wave away. And the past year, in which the power to pursue influence operations has been switched on and off along nakedly partisan lines, drives the worry home.

That evidence trigger is the first line of defense, and it carries most of the load; an inquiry opens from concealed money in motion and from nothing a speaker said. A second line has to come at the investigative stage. Since the money sits off-platform, the tools are the familiar ones from money-laundering and FARA work, subpoenas to banks, demands for corporate records, grand-jury process served on the intermediaries, and, where it fits, FinCEN’s beneficial-ownership data. Reaching past that into private messages, into platform records beyond the transaction logs, into wallet histories or subscriber identities, ought to take a warrant or court order naming a particular person or entity, fixing a time window, and showing that nothing less intrusive would do the job. The statute should slam the door on dragnet keyword sweeps and forbid predicate-free trawling of people’s political associations. It should bar, as well, any referral built on the content of speech where no independent transactional evidence backs it.

The third guardrail is a matter of who holds the reins. The authority to enforce should rest with the Justice Department’s Public Integrity Section and National Security Division rather than with some newly minted agency, and it should answer to the same congressional oversight that rides herd on other sensitive enforcement work. Declinations should be tallied and reported in the aggregate. Cases opened and then closed without charges should be open to independent inspection. There is nothing exotic in any of this; it is the ordinary plumbing of an enforcement program that works.

One last piece is indispensable, and it is real data access for vetted independent researchers. Nearly all the rigorous empirical work on covert influence has come from outside the enforcement machinery, from the Stanford Internet Observatory before it was wound down in 2024, from Alicia Wanless and the Carnegie Endowment’s program on countering influence operations, from the Brennan Center’s work on political-advertising disclosure. Scholarship of that kind, far more than any platform’s own reporting, has kept the public account of these operations honest. Shut independent researchers out and the regime will understand less than it does today and it will fall prey to the predictable vices of self-reporting, inflated metrics and convenient omissions.

The Offense, Element by Element

The offense can be written in five elements. To convict, the government would have to prove each beyond a reasonable doubt:

1. Payment: The defendant received, provided, or financed the provision of money or a thing of value in exchange for the communication at issue.

2. Concealment: The defendant knowingly concealed the sponsorship relationship from the audience, or knowingly misrepresented the source, identity, or interests of the sponsor, and knew or was substantially certain that the concealment or misrepresentation would cause the audience to perceive the communication as the speaker’s own independent expression rather than paid or sponsored content.

3. Material falsity: The communication included one or more statements of verifiable fact that were false, and the falsity was material to the communication’s persuasive force.

4. Mens rea as to falsity: The defendant knew the statement was false, or acted with reckless disregard for its truth or falsity, at the time of the communication.

5. High-stakes context: The communication occurred in connection with a federal or state election, a foreign-interference operation, or a narrowly defined public-health or public-safety emergency designated by statute.

Two rules govern how those elements may be proved and against whom:

• Deliberate ignorance: Wherever this section requires that a defendant acted knowingly, including knowledge of the sponsorship under element 2 and knowledge of falsity under element 4, that requirement is satisfied by proof that the defendant subjectively believed there was a high probability of the fact and deliberately avoided confirming it. Negligence, recklessness, or a mere failure to investigate is not deliberate ignorance. A speaker who is affirmatively deceived as to the source of payment, and who has no reason to suspect the deception, has not acted knowingly under this section.

• Attribution: The elements need not be satisfied by a single person. One who directs, finances, or organizes a covert paid-influence operation, with knowledge of its concealing and false character, is liable as a principal even if he neither communicates with the audience nor personally utters the false statement. Elements supplied by one participant are attributable to another who knowingly joins or directs the operation, under ordinary principles of conspiracy and aiding-and-abetting liability. No participant is liable for an element as to which he lacked knowledge and that was not a reasonably foreseeable part of the operation he joined.

A set of safe harbors knocks out liability. It is a complete defense that the sponsor was disclosed clearly and conspicuously, on terms the statute specifies. No liability attaches to statements of opinion; to parody, satire, or other communications a reasonable audience would not take as assertions of fact; to journalism; to whistleblowing; to an honest, good-faith mistake as to either the sponsorship or the truth of the statement; or to the mere provision of neutral infrastructure or services. And no liability runs to a member of the audience.

Run the Tenet operation through these elements and it falls outside them, which is the design rather than a flaw in it. The on-air commentators were deceived about their paymaster, so none of them knowingly concealed anything under element 2, and the deliberate-ignorance rule does not reach a speaker with no reason to suspect; on the government’s own account, that describes them. The principal, meanwhile, was foreign, the one part of the chain FARA is built to reach, though in Tenet that reach closed on two absent Russians and on no one in the U.S., which is the blind spot a domestic offense is meant to cover. The statute is built for the case Tenet only points toward, the domestic principal funneling money to a witting intermediary and an on-camera voice who knows whose message he is carrying, the case that as of today triggers no disclosure obligation anywhere. Tenet is the warning — not the test case.

Aggravated conduct is the whole of what the statute reaches, and the honest difficulty is what happens to everything below that line. Ordinary, non-aggravated failure to disclose does not belong in a criminal court; it belongs in a civil regime of disclosure rules. But the civil floor that would catch it is, just now, rubble. The FEC can promulgate nothing, and the FARA modernization that might have helped sits frozen. The statute should therefore carry its own civil tier rather than lease one from agencies that cannot act, a graduated, administratively enforceable penalty for paid non-disclosure short of the criminal threshold, lodged somewhere that still has a quorum. Until that tier exists, the criminal layer stands alone, and its narrowness is deliberate. It bites only where the sponsorship is knowingly hidden in a way the operator was substantially certain would pass as independence, where the underlying factual claim is knowingly or recklessly false, and where all of it unfolds in a high-stakes setting.

The qualifying cases will be few, and each will rest on the same deception-about-source theory — the one with the firmest claim on democratic principle and the surest doctrinal ground.

How Other Democracies Have Handled It

No peer democracy has written a general crime of disinformation onto its books, and holding back has been the wiser instinct. The jurisdictions worth watching have gone after systemic platform risk, after sponsorship disclosure, after covert foreign agency, and have done it all without setting themselves up to rule on contested content.

In the European Union, the Digital Services Act loads systemic-risk obligations onto the largest platforms under Articles 34 and 35, compels transparency in advertising, and opens platform data to vetted researchers under Article 40. The companion Political Advertising Regulation, (EU) 2024/900, most of which took effect on October 10, 2025, makes political ads name their sponsors, stand up a public repository, and keep foreign money at arm’s length as elections approach. Neither one makes disinformation a crime. Both train their attention instead on who is paying, how the targeting works, and where the funds move.

Britain’s National Security Act 2023 built a foreign-interference offence around conduct that turns on misrepresentation and is undertaken for, or at the direction of, a foreign power. The drafters reached for the covert-agency idea, not a license to police content, and they slotted the offence alongside the Online Safety Act’s systemic-duties framework instead of a content-based speech crime.

France’s Law No. 2023-451 took on commercial influencers, requiring them to label sponsored content and flag certain doctored images. Political speech sits outside its direct ambit, yet it has set a disclosure-first template for governing the influencer economy that a number of other European countries are now copying. Attribution runs through every one of these schemes like a single thread. Not one hands the state the power to declare a contested political claim true or false. Instead, each shrinks the room in which paid persuasion can operate while keeping its sponsor in the dark.

My research indicates American statute books contain nothing of the kind.

Coda

FARA caught the Tenet operation for a single reason: the foreign broadcaster sitting at the very top of the chain. The Commission’s two refusals left the domestic version of the same conduct, almost surely the commoner version, under no federal disclosure requirement at all. And as paid influence keeps migrating into channels the campaign-finance laws were never built to cover, the gap widens by the year, in doctrine and on the ground alike.

Something shifted after 2024. The gap stopped being a byproduct of drift and became a set of choices. Across 2025, the executive narrowed FARA’s criminal enforcement against foreign operations, disbanded the task force built to spot them, left the modernization rule to gather dust rather than advance it, and let the FEC fall below a working quorum while the one body equipped to require influencer transparency went dark. Then, with NSPM-7, it turned FARA back on and aimed it at domestic nonprofits and political adversaries. Leaving covert paid persuasion unregulated, and reserving the enforcement machinery for the government’s critics, is now a decision taken deliberately, by the very institutions that would run any replacement.

All of that is the case for writing the rule into a statute instead of leaving it to the discretion of agencies and for arming it with guardrails fit for a world where the power to enforce gets switched on and off according to party. An offense built on covert paid agency rather than contested content, carrying a Sullivan-grade state of mind, a trigger that bars prosecutors from opening files on speech, and oversight made to be audited, looks nothing like the political-false-statements laws the courts have voided, and nothing like the censorship apparatus the First Amendment was written to forestall. It has the added virtue of being hard to switch off, unlike the levers this administration has shown it can pull at will — suspending enforcement here, hollowing an agency there, retraining a statute on new targets when it suits.

The other path is the one we are on, with covert actors at home and abroad free to buy the costume of independent civic speech, working the ever-wider gap between where the FEC stopped and where FARA’s foreign-principal trigger begins. That gap is no accident of equilibrium. Someone chose it, and in 2025 the choosing turned deliberate.

In an election where paid messaging wears the costume of independent conviction, where the backers paying for it, foreign and domestic, answer to no law that would make them say so, where a voter cannot tell persuasion that was bought from persuasion that was meant, and where the money, if it is ever traced, comes to light only after the ballots are counted and the result is already set, the 2026 midterms will be the first national test of whether the country can live that way.

The author is a technologist, not a lawyer, and welcomes further discussion and analysis on this topic from the wider legal community. Jackie Singh is a CISSP-certified information security practitioner and investigative journalist who served as a senior cybersecurity staffer for the Biden 2020 campaign. She writes for Hacking, But Legal.

Get 25% off for 1 year

On the X account belonging to Representative Thomas Kean, Jr., of New Jersey’s Seventh Congressional District, the first-person pronoun has continued to do its quiet work. I’m fighting for… I'm pleased to join… I submitted… I met my wife while we were both working at the EPA… I’m working to secure…

Between early March and late April of this year, the account posted more than a hundred times. None of the photographs in those posts, reporters have noted, can be reliably dated to the period in question. The pictures are stock or recycled. Whoever writes the posts has Kean’s voice down. Kean himself has not been seen.

Kean — Republican, son of the former governor whose name still functions as civic shorthand in New Jersey — last cast a vote in the House of Representatives on March 5th. His voting card has been idle since. By mid-May, he had missed close to a hundred roll calls, including contested measures on which his caucus, holding a one-seat margin, needed every body it could find. His office has described his absence, with a consistency that begins to feel rehearsed, as “a personal health matter,” and has named no diagnosis, no facility, no procedure, no timeline beyond the office's week-by-week assurance that he will be back soon.

Reporters from the Times, NBC, NJ Advance Media, and NOTUS have gone looking and have not found him. In Westfield, his hometown, neighbors say they have not seen Kean in months. The house, by several accounts, has looked unused. His wife, once a regular figure in the neighborhood, walking the dog and pulling out of the driveway, has been glimpsed only intermittently; one NOTUS reporter saw her at the property but never her husband. Doorbells go unanswered. No town hall to crash, no ribbon-cutting to attend. For any incumbent during an election year, this would be an unusual silence; for one in a swing district months out from a primary, it is something stranger.

◆

The official account of his condition has come almost entirely through intermediaries. Kean’s father, Tom Kean, Sr., told CNN that his son was suffering from a “serious” illness “real” enough, in the elder Kean’s phrasing, to knock him out, that several doctors were involved, that the condition was not degenerative, and that a full recovery was expected. Speaker Mike Johnson has described a “short, very positive conversation” by telephone in which Kean sounded upbeat and eager to return to Washington. The Washington Times reported that Kean had also called Richard Hudson, who chairs the National Republican Congressional Committee, to reiterate that he is still running for reelection. Two of the county Republican chairs in New Jersey, Carlos Santos in Union and Tracy DiFrancesco in Somerset, say they received calls in which Kean sounded like himself and confirmed his plans to seek a third term.

Nearly eleven weeks after his last vote, Kean himself gave a phone interview to the New Jersey Globe. His doctors, he said, were “confident” he was on the road to a “full recovery”; he anticipated returning to voting and to the campaign trail within a couple of weeks. He did not name the illness. He did not say where he was or who was caring for him. No reporter has spoken with him in any setting where his condition could be observed.

◆

Congress has never been candid about its own infirmities, and the recent record reads like a study in how much vagueness the institution can absorb. Dianne Feinstein spent months away from the Senate in 2023 with shingles and a subsequent brain inflammation; she returned visibly diminished and was permitted to finish out her term. With Mitch McConnell, after a series of televised freezing episodes, a brief letter from the Capitol physician, referencing neither imaging nor diagnosis, was sufficient to close the matter formally if not in the eyes of the public. John Fetterman went the other way in 2023, checking himself into Walter Reed for clinical depression and announcing it openly. He has since suggested he regrets that openness, which says something about the incentives.

A nearer parallel within the current Congress is Frederica Wilson, the Democratic representative from Florida’s Twenty-fourth District, who missed more than forty votes this spring while recovering from eye surgery. Wilson, like Kean, was the subject of a Hill piece grouping the two as case studies in absenteeism. Unlike Kean, she eventually sat for a local-television interview, on Miami’s Channel 10, in which she confirmed a second procedure and explained that her doctors had forbidden her to fly. She put out a statement under her own name. Voters could watch her speak and judge for themselves whether her account of her recovery matched what they saw. The disclosure was partial. She did not produce charts. It was nevertheless the kind that allows constituents to perform the small, ordinary act of verification.

Kean has offered nothing comparable. Reporters have produced no video and located no clinic. The closest thing to evidence of his current state is a chorus of party officials describing how he sounded on the phone.

◆

Legal mechanisms for dealing with an absent member of Congress are thinner than most voters might assume.

Article I, Section 5 of the Constitution lets each chamber “compel the attendance of absent members” and “punish” them for disorderly behavior, including expulsion by a two-thirds vote. Prolonged nonattendance could, in theory, qualify as misconduct; in practice, expulsion has been reserved for the Confederates of the eighteen-sixties, for members convicted of serious crimes, and for the occasional spectacular scandal, never for chronic absence by itself. The Supreme Court’s 1969 decision in Powell v. McCormack further constrained Congress from excluding members for reasons beyond the Constitution’s stated requirements of age, citizenship, and residency. House leaders are unlikely to test those limits in a case framed as illness. Nothing in the rules provides a procedure for vacating a seat because the member has stopped appearing. Death and resignation, the system understands. A quiet fade is outside its vocabulary.

Modern congressional offices, meanwhile, are engineered to outlive their principals’ presence. A member’s staff drafts press releases, manages constituent casework, posts to social media, responds to emails, and, increasingly, files documents that once required a physical signature. NOTUS reported that Kean’s financial disclosures showed digitally signed stock trades worth between roughly fifty thousand and one hundred ninety thousand dollars during the very weeks when no journalist could locate him. None of this is improper on its face. When a member is briefly hospitalized or away for a week, the institutional autopilot is exactly what permits the work to continue. Sustained over months, the same arrangements describe an office producing the outputs of representation without the representative.

The cost is not abstract. Kean sits on the House Foreign Affairs Committee, which receives classified briefings on matters from Ukraine to the Indo-Pacific, and on Energy and Commerce, whose jurisdiction reaches telecommunications, energy policy, and large parts of the technology sector. Briefings continue, and votes are cast or not cast, with staff sitting in for an elected official whose chair is technically still occupied. Constitutionally, this work is supposed to be done by a representative of the people of the Seventh District; in practice, it is being done by people who have never been on any ballot.

◆

New Jersey’s Seventh has, for a decade, swung. Tom Malinowski, a Democrat, took the seat in 2018; Kean took it back in 2022 and held it, narrowly, in 2024. Democrats placed Kean on the D.C.C.C.’s 2026 target list early, and Inside Elections has since shifted its rating in their direction. Politico has reported that Democrats see the seat as increasingly in play, with some strategists, privately, regarding Kean as politically finished. A crowded Democratic primary will be decided on June 2nd, and the eventual nominee will inherit a campaign theme that requires no embellishment. The incumbent has not been seen.

Republicans insist that the illness is temporary and the office functioning, and that Kean will be back. Replacing him on the ballot would be procedurally difficult and politically humiliating, an admission of the very thing they currently deny. The party, for now, holds the line. In the district, meanwhile, a seat exists without an occupant anyone has seen.

◆

There is a temptation, in writing about a case like this, to make it stand for something larger: the aging political class, the octogenarian presidents, the committee chairs struggling through hearings, the lifetime appointees performing competence by ritual. The gesture is warranted, but the local point suffices. A congressman has not been seen outside a small circle of party officials in nearly three months. He has issued no statement under his own voice that could not have been produced without him. His district has been served, in the meantime, by a digital reproduction of representation — posts and statements and casework and signatures, all in his name. Lacking any procedure for declaring this a problem, the institution has declined to declare it one.

Whether voters reach the same conclusion is, for the moment, the only mechanism left.

In February 2025, Donald Trump signed Executive Order 14203. The order declared that the International Criminal Court’s efforts to investigate American or Israeli personnel posed an “unusual and extraordinary threat” to U.S. national security. By December, eleven ICC prosecutors and judges sat on the same Treasury blacklist normally reserved for drug traffickers and oligarchs. Canadian judge Kimberly Prost was one of them, sanctioned in August in connection with a 2020 ruling on Afghanistan. She told The Irish Times what happened next: credit cards canceled overnight, banks dropping her account, Amazon shutting her out, the Alexa device in her home in The Hague going silent. A colleague’s daughter had her U.S. visa revoked.

On May 1, 2026, Trump signed a second order, declaring open season on a wide circle of Cuban officials, state-linked businesses, and the foreign banks that finance them. Its mechanism mirrors the one used against the ICC: asset freezes, travel bans, secondary sanctions threatening any third-country institution that handles a designated person’s money. A bank in Madrid or Montreal that processes a payment for a sanctioned Cuban port operator now risks losing access to the U.S. dollar system.

Read the two orders side by side, and a working doctrine emerges.

International jurisdiction over American or allied officials, even under a treaty 125 countries have ratified, is denounced as lawfare. American jurisdiction over foreign officials, businesses, and even foreign judges, exercised unilaterally with no treaty basis and no mechanism of consent, is framed as sovereign common sense. Washington’s complaint about the ICC is not really that international law overreaches — it is that someone else has begun reaching.

Criminal law for thee, sanctions for me

Washington dresses its case against the ICC in the familiar grammar of consent. America never joined the Rome Statute that created the court. Successive administrations have insisted that a treaty cannot bind a state which has not signed it, and that ICC jurisdiction over Americans for conduct in Afghanistan, or over Israelis for conduct in Palestine, violates that principle. On paper, sovereignty is the issue.

The argument collapses on contact with U.S. practice. A government that insists The Hague cannot judge its nationals asserts a sweeping right to judge the world through Treasury designations, freezing the assets of foreign officials, blacklisting foreign companies, and threatening foreign banks for conduct that occurs entirely outside U.S. territory, so long as a dollar somewhere in the chain provides a hook. Pressed on the inconsistency, Washington responds that controlling access to American markets and the world’s reserve currency is a domestic matter. Brussels and Brasília call this extraterritorial reach. Washington calls it the right of any sovereign to choose its trading partners.

Two propositions are being asserted at once. A multilateral court built on treaty consent has no business touching American or Israeli officials, even when alleged crimes occur on the territory of states that have accepted the court’s authority. A single state, by contrast, has every right to decide which Cuban general, which Iranian banker, or which Hague-based prosecutor may travel, bank, or do business anywhere on earth that depends on dollars. One proposition rests on a principle. The other rests on market share.

Stripped of its legal vocabulary, the doctrine is a hierarchy. American officials and close allies sit at the top, effectively shielded from international criminal accountability by political and financial muscle. Beneath them, the officials of weaker states find themselves simultaneously subject to ICC jurisdiction and to the U.S. sanctions apparatus.

At the bottom, judges and prosecutors who investigate the wrong suspects find their own names on the list alongside the people they were trying to bring to trial.

How Cuba went dark

“Cuba’s finished. They have a bad regime. They have very bad and corrupt leadership. And whether or not they get a boat of oil, it’s not going to matter.”

—Donald Trump, March 30, 2026

Understanding what the May 1 order expands requires understanding what brought Cuba to the brink in the first place. Washington’s preferred explanation, which blames Cuban mismanagement, will not do the work.

Cuba’s grid was already failing well before 2026. Its thermoelectric plants are Soviet-era infrastructure held together with improvisation, maintenance deferred for decades. Cuba’s 2021 currency unification, pitched as rationalization, landed instead as another shock to an economy already off balance. Major island-wide outages struck repeatedly in late 2024, including a total grid collapse in October that took days to restore. Venezuelan oil shipments, Cuba’s lifeline since the Soviet Union dissolved, had been declining for years as Caracas’s own economy unraveled. Internal corruption is real, state planning a long-running disaster. None of this is in dispute.

What changed in the first weeks of 2026 was not Cuban policy. It was American policy.

In December 2025, the U.S. Coast Guard seized the tanker Skipper in the Caribbean as it carried sanctioned Venezuelan crude, an action Cuba’s foreign ministry called an “act of piracy and maritime terrorism.” A week later, Washington formalized a blockade on sanctioned tankers moving in or out of Venezuela. On January 3, 2026, U.S. forces executed Operation Absolute Resolve, capturing Venezuelan president Nicolás Maduro and his wife in a helicopter assault on Caracas. Two days later, the couple were arraigned before U.S. District Judge Alvin Hellerstein in the Southern District of New York on narcoterrorism and drug-trafficking charges. Venezuelan oil shipments to Cuba, already shrinking, ended. Trump’s Executive Order 14380 on January 29 threatened tariffs on any country that picked up the slack. Mexico’s state oil company Pemex, under pressure, halted its shipments. Other suppliers followed.

The New York Times described what resulted as the first effective American blockade of Cuba since the missile crisis. The administration has made no secret of its purpose. Regime change by the end of the year, with Trump musing publicly about having “the honor of taking Cuba” while predicting the government will collapse “within a short period of time.” The blockade is not an unintended consequence of the policy so much as it is the policy.

Run the numbers. Cuban mismanagement was a constant from January 2025 to January 2026. The variable that changed was American policy. Hold one variable steady, change the other, watch the outcome shift, and you can see which input is doing the causal work. Cuban dysfunction is the pre-existing condition.

The U.S. policy put the patient in intensive care.

Independent assessments arrived quickly and bluntly. UN human rights experts in February condemned the January order as “a serious violation of international law” and “an extreme form of unilateral economic coercion with extraterritorial effects” — language UN special rapporteurs have rarely applied to American policy. By March, World Health Organization director-general Tedros Adhanom Ghebreyesus was warning publicly that “thousands of surgeries have been postponed during the last month, and people needing care, from cancer patients to pregnant women preparing for delivery, have been put at risk due to lack of power to operate medical equipment and cold chain storage for vaccines.” UN Secretary-General António Guterres said he was “extremely concerned” the humanitarian situation could “worsen, or even collapse.” Reporting from Havana described medical staff hand-pumping intensive-care equipment during blackouts to keep critical patients alive.

NPR’s coverage of the crisis put the contradiction plainly: the blockade has had “devastating effects on the civilians Trump and Secretary of State Marco Rubio say they want to help.”

Then came the small episode that gave away the rule. In late March, after months of what Cuban officials called a de facto oil blockade, the sanctioned Russian-flagged tanker Anatoly Kolodkin docked at Matanzas carrying 730,000 barrels of crude. Trump waved it through aboard Air Force One: “We have a tanker out there. We don’t mind having somebody get a boatload because they need... they have to survive.” His press secretary, Karoline Leavitt, told reporters the next day this was a humanitarian exception and “not a policy change.”

Five weeks later, Trump signed the May 1 order expanding the very sanctions architecture the tanker had briefly bypassed. The exception confirmed the rule it broke. Washington had reserved itself the prerogative to decide who eats, who has lights, and who treats their patients, on a case-by-case basis, by executive whim.

The architecture of the new order

The May 1 executive order does several things at once. Major sectors of the Cuban economy get designated as high-risk zones: energy, defense, metals and mining, financial services, security. Anyone judged to have operated in those sectors, from cabinet ministers down to mid-level managers, can have property blocked in the United States and entry barred. People deemed responsible for human rights abuses or corruption face the same fate. So do their adult family members, an extension of liability that would not survive a constitutional challenge if applied to American citizens.

Secondary sanctions are the genuinely new feature.

Foreign financial institutions that conduct “significant” transactions for designated Cuban actors face restrictions on their U.S. correspondent and payable-through accounts, the plumbing through which dollar-denominated commerce actually flows. Washington has used the mechanism to police Iran-related transactions for years. Applying it to Cuba treats the entire Cuban economy as a contamination risk to be quarantined.

Three days before Trump signed the order, the Senate had a chance to weigh in. Tim Kaine of Virginia introduced a war powers resolution that would have barred the president from launching military action against Cuba without congressional approval. Kaine argued the United States was already engaged in hostilities, and pointed to the oil blockade as evidence: “The U.S. is using force to block energy from going to Cuba.” If another country did this to America, he added, Washington would consider it an act of war. Senate Republicans blocked the procedural vote 51-47. Florida senator Rick Scott called the issue “moot” because Trump had not yet deployed troops. The blockade itself, in this telling, was not hostilities. The boats turning back, the hospitals running on fumes, the surgeries postponed: none of it counted.

Cuba’s role in this story is functional, not symbolic. The island has served sixty years as a laboratory for aggressive sanctions design, and tools developed against Havana have routinely migrated to other targets. The blueprint Trump signed on May 1, with its declared national emergency, broad sectoral designations, and secondary reach into third-country banks, is now portable. It is also self-renewing, requiring no congressional buy-in beyond the president’s annual notice that the emergency continues.

Set the Cuba policy beside the Russia policy, and the doctrine becomes difficult to defend with a straight face. Sanctions on Moscow are sold as essential to containing the war on Ukraine and deterring further aggression in Eastern Europe. Treasury, meanwhile, has repeatedly issued general licenses allowing certain Russian oil shipments to clear, ostensibly to avoid shocks to global energy markets. Russian crude finds its way to market when American consumers might otherwise feel the price. Cuban hospitals, which exert no comparable pressure on the price of gasoline in Ohio, receive no such accommodation.

What comes after the lights go out

“Cuba is going to be next,” Trump told the Associated Press. “It’s going to fail. And we will be there to help it out.” Pressed on the Russian tanker, he laughed off its significance: “He loses one boatload of oil. That’s all it is... It’s not going to have an impact. Cuba’s finished.”

Look closely at the framing.

Trump describes a country whose collapse he is engineering as a country collapsing on its own. The “help” he offers is reserved for Cuban-Americans in Florida, the political constituency that votes in U.S. elections, not for the ten million Cubans currently on the island whose hospitals are running out of fuel. The Castro brothers are both dead; the man Trump is starving out of power is Miguel Díaz-Canel. None of this slows him down. Cuba is finished, and the United States will be there.

Cuba is one stop on a route. Replay the past sixteen months, and the rhythm is the same each time. Pick a target. Manufacture the crisis. Take out the leadership. Move on before anyone has to govern what’s left. Venezuela was the precedent. Greenland was the trial balloon. Cuba is the test of whether financial weapons alone can do what helicopters did in Caracas.

Maduro had been in U.S. custody for less than 48 hours when Trump told reporters that the United States would “run” Venezuela “until such time as we can do a safe, proper and judicious transition.” Asked about elections, Trump said: “Well, I think we’re looking more at getting it fixed, getting it ready first, because it’s a mess.” Almost in the same breath, he announced that U.S. oil companies would enter Venezuela to “fix” its energy infrastructure and would be “reimbursed for their efforts.” Maduro’s vice president, Delcy Rodríguez, was sworn in as acting president. The Trump administration signaled it was willing to work with her, the same Rodríguez who had been deeply implicated in Maduro’s repression and corruption.

Elliott Abrams, who served as Trump’s first-term Venezuela envoy, called the arrangement “a recipe for an Iraq-style disaster.” Ten weeks after the capture, Abrams wrote in The Washington Post that “almost invisible so far is any progress toward a democratic transition.”

RAND researchers analyzing the aftermath put it more bluntly: “regime decapitation does not equal regime change.” Most of the ruling structure remained: the colectivos, the secret police, the corrupt military leadership, the Cuban intelligence officers embedded throughout. What had changed was that an American president had captured a sitting head of state on foreign soil, declared an interest in the country’s oil, and offered no plan for governance beyond “fixing” things on his own timeline.

Trump cited the Venezuelan template approvingly when asked about Cuba.

In a phone interview with CNN’s Dana Bash on March 6, he said Cuba was “going to fall pretty soon” and announced he was sending Rubio to handle the negotiations: “I’m going to put Marco over there and we’ll see how that works out.” In the same call, asked about the broader playbook, Trump pointed to Venezuela as the model. “It’s gonna work very easily,” he said. “It’s going to work like did in Venezuela. We have a wonderful leader there. She’s doing a fantastic job.” His “wonderful leader” was Delcy Rodríguez. Trump also took personal credit for the Cuban collapse: “I’ve been watching it for 50 years, and it’s fallen right into my lap because of me.”

The Cuban side of the equation comes with its own freight. Thirty-two Cuban military and intelligence officers were killed in Caracas during Operation Absolute Resolve, where they had been embedded with Maduro’s security detail. Their bodies returned to Havana in mid-January. Cuban president Miguel Díaz-Canel addressed crowds at the U.S. Embassy and vowed no concessions. Rubio is now preparing to negotiate with a government still mourning thirty-two of its own people, killed by the same United States now demanding they accept “new people in charge.”

Greenland came and went on a parallel track. Through January 2026, Trump refused to rule out military force to acquire the territory, slapped a 10% tariff on Denmark and seven other European countries with a threat to escalate to 25%, and demanded “Complete and Total Control of Greenland.” His own press secretary said “utilizing the U.S. military is always an option.” Trump backed down at Davos only after sustained European pushback and counsel from his own aides, settling for a vague “framework of a future deal.” Greenland remained nominally Danish. Trump kept the option open.

The throughline across all three campaigns is the absence of a plan for what comes after. Each operation begins with a national-security framing, narcotics in Venezuela, communism and migration from Cuba, Russian and Chinese ships near Greenland. Each one ends with an executive order or a special-forces operation. None of them comes with a coherent answer to the question that always follows: then what? In Venezuela, the answer was Delcy Rodríguez and a foreign-investor-friendly oil law. In Cuba, the answer is a country with a collapsing healthcare system and a million-dollar question about who runs the place once the lights stay off. In Greenland, the answer was a Truth Social post and a tariff threat aimed at Denmark.

The premise driving all three campaigns: destruction is the same as design. Break the existing order, the thinking goes, and something better will fill the vacuum, possibly run by the United States, possibly run by people Washington approves of, possibly run by no one in particular while American oil companies move in.

Trump articulated the post-war theory of governance recently while discussing Iran. The Iranian military, he explained, had been disabled in days. The Navy first, the Air Force after that, the anti-aircraft soon after. American jets were flying over Iran unopposed. The electricity grid could be eliminated “in a matter of minutes.” The oil infrastructure had been deliberately spared, not out of restraint, but because rebuilding it would “take them forever.”

Then came the governance plan, in his own words: “whoever it is that’s going to be running that, and we’re going to try to get people that are going to run it well.” That sentence, casually delivered, is the entire public framework. Disable the country. Then try to find acceptable replacements.

The same logic governs their Cuba campaign.

Trump turned to Rubio in the same interview and asked him to explain. “Cuba has an economy that doesn’t work and a political and governmental system they can’t fix,” Rubio said. “It’s not dramatic enough. It’s not going to fix it. So they’ve got some big decisions to make over there.” Pressed by a reporter on whether the embargo could be eased in exchange for cooperation, Rubio went further. The embargo, he confirmed, “is tied to political change on the island.” Cuba had survived “for 40 [years] on subsidies from the Soviet Union and now from Venezuela. They don’t get subsidies anymore. So they’re in a lot of trouble. And the people in charge are — they don’t know how to fix it. So they have to get new people in charge.”

Rubio cited the loss of Venezuelan subsidies as proof Cuba’s economy cannot survive. He neglected to mention that the United States itself eliminated those subsidies in January by capturing the Venezuelan president and seizing the tankers carrying oil to Havana. Trump’s framing of the same situation has been less guarded:

Six weeks later, with hospitals scaling back surgeries and the Cuban peso in freefall, neither man has named the “new people.”

The May 1 order locks the architecture in place. There is no stabilization plan, no transition framework, no offer to rebuild what the blockade has broken. The order extends the architecture of pressure indefinitely while the consequences play out somewhere else, on a timeline determined by how long ten million Cubans can be kept in the dark before something breaks. The Senate, given the opportunity to ask whether any of this counted as hostilities, voted not to ask.

Judges as fair game

Sanctioning ICC judges and prosecutors marked a major break with prior U.S. practice. The Bush administration refused to join the court and pursued bilateral immunity agreements aggressively, but had not attacked the judiciary nor designated a sitting judge by name. Trump has crossed that line and kept walking. Eleven ICC officials are now on the SDN List alongside Hezbollah financiers and North Korean front companies for the offense of doing their jobs.

Prost’s account, given to The Irish Times in December, captures the practical effect. Banks immediately closed her credit cards. Online retailers cut her off. Currency transfers to family members became unworkable, because SWIFT routes through American infrastructure. Her sanctioning, as Prost noted, was punishment for a 2020 ruling on a now-dormant Afghanistan investigation.

Sanctions cannot deter what has already happened. They can only punish.

NGOs and academics who interact with sanctioned ICC officials face their own exposure under the order’s “material support” provisions. A law professor advising a designated judge on a procedural question could, in principle, find herself on the same list. The order has been challenged in federal court on First Amendment grounds, with injunctions issued for some plaintiffs, though the underlying authority remains intact.

Layer the May 1 Cuba order atop E.O. 14203, and the architecture clarifies. A foreign bank that processes a payment for a sanctioned ICC official’s legal team could, in theory, trip the same secondary sanctions rules now threatening institutions that handle Cuban state business. A judge in The Hague and a port operator in Havana are not equivalent actors in any moral sense, but they face the same instruments now: asset freezes, travel bans, financial isolation. All ordered from Washington, none subject to any meaningful external review.

To governments outside the United States, the picture resembles a loyalty test more than a rules-based order. Investigate Russian war crimes in Ukraine and Washington applauds. Apply the same legal framework to Israeli or American conduct and your name may appear on an OFAC list.

The court has not changed, nor have the standards. Only the identities of the suspects have, which is precisely the point.

The quiet part, said aloud

The strongest argument for U.S. policy is the one defenders are usually too embarrassed to make in public. It runs roughly as follows: international criminal law is selectively enforced anyway, sanctions are a normal tool of statecraft, and the United States is entitled to use the leverage its financial centrality provides. If the world wanted a different system, the world should not have made the dollar its reserve currency.

There is something honest in this. The ICC has had an uneven record. Sanctions are not prison sentences. A sovereign state controlling access to its own markets is not the same as a treaty-based court asserting jurisdiction over non-members. American courts can review some sanctions designations. Congress, in theory, can rein in an overreaching president.

The argument cannot, however, rescue the principle of consent that the United States invokes against the ICC. If consent is the operative legal value, it is operative everywhere. American officials cannot be subject to a tribunal whose jurisdiction the United States has not accepted, fine; then Cuban officials, foreign bankers, and ICC judges should not be subject to American jurisdiction they have not accepted either. The position only coheres if you assume what it is supposed to prove: that some sovereigns are more sovereign than others, and that the United States stands at the top of the list because it has the power to put itself there.

The May 1 order quietly ratifies that position.

A government comfortable asserting near-universal authority where it holds structural power, in finance and trade, while denying that any other actor, court or treaty or multilateral body, may exercise comparable authority over Americans. Foreign ministries in U.S.-allied and non-aligned capitals alike have been saying so with growing volume: the rules-based order is, in practice, a power-based order with rules-based marketing.

A different approach would require concessions Washington has never been willing to make. It would mean accepting, in principle, that American and allied officials are not beyond the reach of international courts when alleged crimes occur on consenting territory. It would mean narrowing the emergency economic powers under which sanctions designations are made, with clearer standards and meaningful judicial review. It would mean acknowledging that secondary sanctions on third-country banks raise legal questions, not merely diplomatic ones.

None of that is on offer. Trump’s May 1 decree reinforces the working doctrine: jurisdiction that touches Americans or close allies is overreach, jurisdiction that ensnares foreigners is prerogative.

No one is fooled. The contradiction is visible to anyone outside Washington who cares to look — to allies, to adversaries, and increasingly to the central banks building payment systems that route around the dollar. American power as currently configured depends on the rest of the world choosing not to notice. The two signatures Trump put on EO 14203 and the May 1 order assume that choice will hold.

They are a poor wager on how long it will last.

Get more from Jackie Singh in the Substack app

Available for iOS and Android

Get the app

This is the story of a magazine article about a computer worm, a network of intelligence professionals who built companies around America’s critical infrastructure, and the months I spent inside one of those companies before being fired by a letter left in my mailbox. The connection between these threads is not that one caused the other, but that I was inside the second before I understood the first, and understanding the first is what eventually made the second make sense.

On the very first morning I reported to Accenture as a Senior Manager — newly hired to lead the FusionX team, one of the most respected red-teaming operations in American cybersecurity — co-founder Tom Parker stepped out of an elevator, strode through the glass doors, took one look at me, and said, “Who are YOU?” I gave my name and my title, and politely informed him I was a new hire starting that day. He grimaced, said nothing further, and walked away.

That was early June. By November of that same year, I would be terminated without cause by a letter mailed to my Manhattan apartment. In the intervening months, I had not been permitted to do the job I had been hired to do: lead a team of elite consultants to help solve the Fortune 500’s most pressing technical security concerns. A direct report who had followed me from a previous employer and I were assigned a single foreign financial client, taken off that job without explanation, and given nothing else. He has since confirmed this account. I was then placed on administrative leave, also without explanation — my equipment seized, my access revoked, and presence maintained just enough to be monitored while we were both excluded from everything of consequence.

I initially mentally framed what happened in common terms: I was the only dark-skinned woman in the group, and some of the hostility I encountered felt like it might have something to do with that. The cybersecurity industry has a well-documented problem with both racism and sexism, and I have been on the receiving end of both throughout my career. I spoke publicly about sexism and discrimination in the field after working on the Biden campaign in 2020. When the DerbyCon security conference shut down in 2019 after women and minorities raised concerns about harassment, the community blamed the people who spoke up — including me, just for having been quoted in the story.

What I experienced at FusionX was part of that broader pattern. But the deeper story, which I have reconstructed from public records, patent filings, corporate registrations, my own email inbox, and the documented career trajectories of the people involved, concerns what FusionX actually was, who controlled it, and the web of intelligence community veterans, oligarch capital, and privatized state power standing behind a company entrusted with the security architectures of U.S. government agencies and major multi-national corporations.

The Article That Knew Too Much

On October 5, 2010, Tablet Magazine published a brief essay on the Stuxnet worm, “Modern Warfare, Too” by Michael Tanji. The worm had recently been discovered infecting industrial control systems worldwide with a pronounced concentration in Iran. Tanji’s byline identified him as “a former supervisory intelligence officer who worked on information warfare issues at the Defense Intelligence Agency.” The article appeared in a curated “Web Wars!” series alongside a companion piece by Yossi Melman, the veteran Israeli intelligence correspondent for Haaretz, whose connections to the Mossad establishment are well documented. In 2020, Donald Trump elevated Melman’s account of the killing of the head of Iran’s nuclear program on Twitter.

Israeli journalist Shimon Aran, who served in the IDF’s Unit 8200, claimed to have notified Melman of the retweet, and that he was “very surprised..”

Melman’s article “Coded,” published in Tablet Magazine in October 2010, argued that Israel “may or may not” have been behind Stuxnet, and that it didn’t particularly matter. Tanji’s American-perspective article reached the same conclusion by a different route. On its surface, “Modern Warfare, Too” reads as competent analysis from a highly qualified commentator. Tanji correctly identified Stuxnet as targeting Siemens SCADA software, noted the worm’s sophistication, and speculated about Israeli involvement. When the article is mapped against what was publicly known in October 2010 and what would be confirmed months or years later, it is strikingly prescient.

The Symantec Stuxnet dossier, published in late September 2010, had concluded that “the ultimate target of Stuxnet remains unknown.” Ralph Langner, the German industrial control systems researcher who first speculated publicly that Natanz was the target, described his own assessment as “speculation.” The precise mechanism by which Stuxnet destroyed centrifuges by manipulating frequency converters manufactured by Fararo Paya and Vacon on Siemens S7-315 PLCs would not be confirmed until November 2010 at the earliest.

Joint U.S.-Israeli authorship under Operation Olympic Games was not reported until a New York Times piece in January 2011, and not fully confirmed until David Sanger’s June 2012 account. Kim Zetter's Countdown to Zero Day, the definitive account of Stuxnet's discovery and the operation behind it, provided much of the framework I used to verify what was and was not publicly established at each point in this timeline.

Tanji, writing in early October 2010, got the strategic picture almost perfectly right while remaining conspicuously vague on technical details.

He characterized Stuxnet as designed “not to kill, but simply to disorient: cyber tear gas.” Langner’s 2013 analysis, “To Kill a Centrifuge,” would confirm this framing years later, finding that the attackers “took great care to avoid catastrophic damage” and instead sought to induce early rotor failures that would be indistinguishable from routine engineering problems. He described digital weapons as “disposable sniper rifles, not cluster bombs,” a metaphor that reflects offensive cyber doctrine of the kind that has since become standard material at war colleges, but had no place in public discourse in 2010.

He observed that Stuxnet was “sophisticated enough, it is targeted enough, to make the sufficiently suspicious in Iran wonder if there is in fact not someone on the inside who has passed information.” In 2024, the Dutch newspaper De Volkskrant revealed that a recruited AIVD agent named Erik van Sabben had been the human penetration vector who physically introduced the malware into Iranian facilities. What Tanji had framed as speculation now reads more like a description of the actual effect.

He invoked Effects-Based Operations doctrine by name: “you don’t want to destroy the power plant, you just want to turn it off, because eventually you want the lights to come back.” At the time of that writing, no one outside a small circle of officials understood that this was the operational philosophy of Olympic Games. Each of these judgments was subsequently confirmed. None were established in the public record when Tanji wrote them down. All of them served the strategic communication interests of the operation’s sponsors.

In response to a request for comment from this publication, Tanji said that his article relied on no classified knowledge.

He said that he does not know Yossi Melman, and had not read Melman’s companion piece. He acknowledged maintaining “a decent sized network of friends and former colleagues with extensive experience in IW/CNO” (Information Warfare and Computer Network Operations) but said he has “no idea if any of them was involved with Stuxnet.”

While the article was remarkably prescient, the author says it was solely the product of publicly available analytic tradecraft.

The Author’s Credentials

Tanji was not a casual observer of cyber operations. His career placed him at the center of the American military cyber apparatus during its formative period. He began as a U.S. Army SIGINT analyst, served in Desert Storm, and moved through a succession of increasingly sensitive positions: intelligence specialist at U.S. Army Intelligence and Security Command (INSCOM), then the Defense Intelligence Agency, where from 1998 to 2004 he served as Supervisory Intelligence Officer in the Information Warfare Office within the Transnational Warfare Group. Profiles published by OODA Loop and CSO Online also place him at NSA and the National Reconnaissance Office.

At DIA, Tanji was selected as one of a “handful of intelligence officers selected by-name” to support the Joint Task Force for Computer Network Defense (JTF-CND), the direct precursor to U.S. Cyber Command. He represented DIA on National Security Council and National Intelligence Council cyber projects, deployed in a counterintelligence and HUMINT role during Operation Allied Force, and after September 11 created the Department of Defense’s first computer forensics and intelligence fusion team. He left government in 2005 and co-founded Kyrus Tech, which later partnered with Microsoft to disrupt the Zeus botnet. He is also listed as one of the co-founders of security firm Carbon Black.

In 2009, Tanji edited Threats in the Age of Obama, a compendium of national security essays published by Nimble Books. Among the twenty-one contributors were Matt Devost and Bob Gourley.

The Book and Its People

Bob Gourley was a Naval Intelligence officer who became the first Director of Intelligence (J2) at JTF-CND, the same organization Tanji had supported, and later served as Chief Technology Officer of the Defense Intelligence Agency, the same agency where Tanji had worked in the Information Warfare Office. After leaving government, Gourley co-founded OODA LLC with Matt Devost. His website CTOvision.com published approving coverage of Tanji’s work at Kyrus Tech.

Devost’s biography takes a different turn. He arrived at SAIC in 1995. By his own account, buried in keywords at the bottom of his LinkedIn resume, he directed the Coalition Vulnerability Assessment Team, supported the President’s Commission on Critical Infrastructure Protection and the Defense Science Board, served on the President’s National Security Telecommunications Advisory Committee, and provided support during the Solar Sunrise investigation — the 1998 Department of Defense cyber intrusion that directly led to the creation of JTF-CND. He was twenty-five years old.

In 1996, Devost co-founded the Terrorism Research Center and began operating from devost@terrorism.com. A 2004 USPTO trademark filing shows the organization attempting to register “TERRORISM.COM” from an office on North Fairfax Drive in Arlington, Virginia. The trademark was refused as “merely descriptive.” Today, terrorism.com redirects to the website of DEV Capital, Devost’s investment entity. At iDEFENSE, he built a cyber-intelligence operation serving Fortune 500 clients. At Security Design International, he ran penetration testing and vulnerability assessments against what he described as “every critical infrastructure segment.”

Then, in 2006, Erik Prince purchased Devost’s companies and merged them with the consulting group led by Cofer Black, the former Director of the CIA’s Counterterrorism Center, to create Total Intelligence Solutions. Devost became its president. Rob Richer, former CIA Associate Deputy Director of Operations, served as CEO. The Washington Post reported that Prince had “built Total Intel” from Devost’s firms.

Total Intelligence Solutions functioned as something akin to a privatized CIA: staffed with former senior Agency officers, capitalized by the Blackwater fortune, and selling intelligence services to governments and corporations alike. Devost ran its day-to-day operations with more than sixty employees.

Both Sides of the Table

In June 2010, Devost co-founded FusionX LLC with Tom Parker, a British cybersecurity expert who had presented with him at Black Hat on adversary characterization back in 2003. FusionX offered red-teaming, penetration testing, and cyber defense, promising that its “best in class technical assessment teams will target your information assets using the highly tailored tactics, techniques and procedures (TTP’s) of your most likely attackers.” Its clients included Fortune 500 companies and government agencies.

From March 2010 through April 2013, Devost simultaneously held an appointment as a Special Government Employee advising the Under Secretary of Defense for Policy, the Deputy Assistant Secretary of Defense for Cyber Policy, and “other senior leadership” on cyber strategy. This period encompassed the discovery of Stuxnet, the operational peak of Olympic Games, the achievement of full operational capability by U.S. Cyber Command, and the formulation of the country’s first comprehensive cyber strategy.

The dual position would have given Devost visibility into both the government’s offensive and defensive cyber posture and the vulnerability landscape of the private sector at the same time.

In 2015, Accenture acquired FusionX. Devost became a Managing Director leading Accenture’s Global Cyber Defense practice, while Parker took on global growth and strategy for Accenture Security’s 6,200-person organization, which generated more than $1.8 billion in annual revenue. Their access scaled accordingly. After both left Accenture, Parker served as Deputy CISO at AIG and then founded Hubble Technology, which was acquired by NetSPI/KKR in 2024.

As of early 2026, both Parker and Harvey work in IBM’s cybersecurity division.

The reporting that follows — on the Blavatnik-funded institution at the center of Devost’s public image, the WINTERMUTE patents, and the months I spent at Accenture’s FusionX before being terminated by mail — is available to paid subscribers.

Hacking, but Legal has no access to protect. Only readers. Paid subscribers are the reason this piece exists, and the reason the next one will.

Read more

She joined the Oxford Programme for Cyber and Technology Policy, known as OxCTP, which is co-directed by Ciaran Martin, the founding CEO of the United Kingdom’s National Cyber Security Centre, an operational cyber arm of GCHQ. Martin had joined the Blavatnik School as Professor of Practice in September 2020, the day after stepping down from his government role.

The two most recent leaders of civilian cyber defense in the United States and the United Kingdom now work in the same program, at the same school, under the same name. That name belongs to a Soviet-born billionaire whose business history, according to former senior Treasury sanctions officials, places him alongside sanctioned Russian oligarchs in every respect except his U.S. passport: Len Blavatnik.

That characterization is contested. Blavatnik’s representatives reject the oligarch label, and as this piece will discuss, several major news outlets have published corrections after using it. But in November 2020, two former senior U.S. government officials with direct sanctions expertise published an Atlantic Council report stating plainly that Blavatnik’s “funding can hardly be considered legitimate” and that he escapes sanctions only because he is a U.S. citizen.

There are reasons this convergence has gone unreported that have nothing to do with its importance. Blavatnik’s reputation apparatus — PR responses within hours of publication, legal letters, and corrections extracted from major outlets — makes writing about his network expensive. The facts are public; the cost of a single imprecise phrase is not. Institutional capture becomes invisible not because no one sees it, but because describing it carefully exceeds what most deadlines allow.

What follows is an accounting of what it means that the people the sanctions machinery could not touch are now funding the institutional home of the most senior Western cyber officials.

The Donor

Len Blavatnik was born in Odessa in 1957, when it was part of the Ukrainian Soviet Socialist Republic. His family moved to Yaroslavl, north of Moscow, where he attended the Moscow State University of Railway Engineering before emigrating to the United States in 1978. He earned a master’s in computer science from Columbia University and an MBA from Harvard Business School. In 1986, he founded Access Industries, the holding company through which he conducts most of his business operations, and which now controls Warner Music Group.

After the collapse of the Soviet Union, Blavatnik used Access Industries to acquire former state assets during Russia’s privatization era, accumulating shares in aluminum smelters and energy companies that became the foundation of his fortune. As of April 2026, Forbes estimates his net worth at $31.4 billion, making him the sixty-ninth richest person in the world. He holds dual American and British citizenship and was knighted by Queen Elizabeth II in 2017.

His early business partnerships are what counterintelligence professionals would focus on. This is not a matter of individual bad actors. As former Bush administration official Philip Zelikow and three co-authors argued in Foreign Affairs in mid-2020, the Kremlin has transformed corruption itself “into an instrument of national strategy,” a doctrine under which ostensibly private business relationships, philanthropic giving, and elite social access are tools of statecraft rather than peripheral side effects of it.

Blavatnik reportedly became close friends with Viktor Vekselberg at the Moscow State University of Railway Engineering. Together, they co-founded the Renova investment vehicle and accumulated stakes in Russian aluminum smelters. In 1997, Blavatnik’s Access Industries joined with Vekselberg’s Renova Group and Mikhail Fridman’s Alfa Group to form the AAR consortium, which acquired a 40% stake in Tyumen Oil Company (TNK) for $800 million. AAR later partnered with BP to form TNK-BP, one of the largest oil companies in Russia.

The venture was enormously profitable: when the state-owned Rosneft purchased AAR’s stake in 2013, the consortium received $28 billion in cash, having already collected $19 billion in dividends. Blavatnik was also a board member of Rusal, one of the world’s largest aluminum producers, from 2007 to 2016. The company was founded by Oleg Deripaska and controlled through his EN+ Group; Blavatnik held an indirect minority stake of approximately 8% through SUAL Partners (jointly with Vekselberg), which held ~22%.

Vekselberg was sanctioned by the U.S. Treasury in April 2018 under E.O. 13662 “for operating in the energy sector of the Russian Federation economy.” Deripaska was sanctioned “for having acted or purported to act for or on behalf of, directly or indirectly, a senior official of the Government of the Russian Federation” under E.O. 13661 and 13662.

Blavatnik himself has not been sanctioned by the United States or the United Kingdom, and his representatives have been aggressive in defending that distinction. Spokespersons for Access Industries have said repeatedly that he “hasn’t had any contact with president Vladimir Putin since 2000,” “plays no role in Russian politics,” and “is not Russian,” emphasizing that he has been an American citizen since the 1980s, was born in Soviet Ukraine, and holds dual U.S.–U.K. citizenship.

Despite this, in December 2023, Ukrainian President Volodymyr Zelensky signed a decree imposing sanctions on 51 individuals, Blavatnik among them. He remains off the U.S. OFAC Specially Designated Nationals list and the U.K. OFSI sanctions list, but the country of his birth has formally sanctioned him. Blavatnik’s fortune was built alongside and intertwined with individuals who have since been sanctioned, and his business history in post-Soviet Russia appears inseparable from the political economy of the oligarch era.

Two former senior Treasury and National Security Council officials made the same assessment explicitly in a 2020 Atlantic Council report on Russian dark money. Anders Åslund, a former economic adviser to the Russian government from 1991 to 1994, and Julia Friedlander, who served as Senior Policy Advisor for Europe in Treasury’s Office of Terrorism and Financial Intelligence during the period when Vekselberg and Deripaska were sanctioned, wrote that Blavatnik “became a naturalized US citizen in 1984” but “made his big money much later on in the Russian heavy industry, notably in TNK-BP, in partnership with Viktor Vekselberg, who was sanctioned by the US government as a Kremlin oligarch in April 2018.”

Their conclusion: “Blavatnik is a US citizen and cannot be sanctioned by the United States, but his funding can hardly be considered legitimate.” That sentence, written by someone who sat inside Treasury’s sanctions apparatus during the relevant period, is the clearest public statement from a former U.S. government official that the only thing separating Blavatnik from his sanctioned partners is his passport.

In 2019, Quartz published Panama Papers–based reporting describing an indirect business link between Blavatnik and a Russian Interior Ministry official. The connection ran through Amediateka, a Russian streaming company majority-owned by Access Industries, which had outsourced services to Nemo TV, a company in which Alexander Makhonov, then Russia’s Deputy Minister of Internal Affairs, held a stake via offshore entities.

Quartz was careful to note that “it’s unclear whether Blavatnik had any interaction with Makhonov” and that “there is no allegation of any illegality.” The relationship was a vendor arrangement between a subsidiary and a company part-owned by a Russian official, not a direct partnership — perhaps a meaningful distinction on paper, though one that still places a Russian Interior Ministry figure inside Blavatnik’s corporate supply chain during a period when his holdings remained deeply embedded in Russia.

Access Industries has described his donations as driven by a “pro-business, pro-Israel agenda” — a framing that is only partially borne out by the FEC record. Blavatnik’s political giving spans both American parties and multiple countries, but is bipartisan in name only. Between 2009 and 2014, his federal donations were modest and roughly balanced, peaking at $273,600 in the 2013–2014 cycle, according to FEC data compiled by the Dallas Morning News and Quartz.

Starting in 2015, his spending transformed: he poured at least $6.35 million into Republican committees and PACs during the 2015–2016 cycle with the overwhelming majority directed at the Senate GOP leadership and the PACs of presidential and Senate candidates. Mitch McConnell’s Senate Leadership Fund received roughly $2.5 million in that cycle and approximately $3.5 million total between 2015 and 2017, by far the largest single destination.

The McConnell donations sit alongside a sequence of events the Atlantic Council report describes as “public and legal” but impossible to ignore.

Blavatnik was a minority owner of Rusal when the Treasury Department sanctioned Rusal along with its controlling owners in April 2018. After what Åslund and Friedlander describe as “intense lobbying by Rusal” in a campaign led by Lord Gregory Barker, the new British CEO of Rusal’s parent company EN+, and including former Senator David Vitter of Louisiana, then at the lobbying firm Mercury Public Affairs, the Treasury lifted the sanctions against Rusal in January 2019. “Almost immediately afterward,” Åslund and Friedlander write, “Rusal committed to investing $200 million in a company in Kentucky, McConnell’s home state.”

McConnell led the Senate effort to block Chuck Schumer’s resolution of disapproval, which would have kept the Rusal sanctions in place. The resolution narrowly failed, 57-42, falling three votes short of the 60 needed to overcome a filibuster. Eleven Republicans crossed McConnell to vote with Democrats — including, notably, Marco Rubio, who had received $1.5 million in Blavatnik-connected contributions through his Conservative Solutions PAC and Florida First Project. Blavatnik’s donations did not purchase Rubio’s vote on this specific question. They appear, however, to have had a different effect on the Republican leadership: according to TIME magazine’s August 2019 investigation, two of the three votes needed to save the sanctions came from Kentucky’s own delegation: McConnell himself and junior Senator Rand Paul.

There is no public record of Blavatnik personally lobbying McConnell on the Rusal question; the documented relationship between them is financial. What is documented, through TIME’s reporting, is that Braidy Industries CEO Craig Bouchard met with a Rusal sales executive in Zurich in January 2019, while Rusal was still under U.S. sanctions, and was told: “If we get the sanctions off, let’s meet again.” The next day, McConnell blocked the Schumer resolution on the Senate floor. Ten days later, Treasury formally lifted the sanctions. Eleven weeks after that, Braidy and Rusal announced a $200 million partnership in Ashland, Kentucky. Senate Finance ranking member Ron Wyden opened an investigation in October 2019 asking whether the Braidy-Rusal discussions had taken place while sanctions were still in force. Bouchard never fully answered on the record.

McConnell told reporters in May 2019 that his position on Rusal was “completely unrelated to anything that might happen in my home state.” Michael McFaul, the former U.S. Ambassador to Russia under the Obama administration, told the Washington Post: “It is shocking how blatantly transactional this arrangement looks.” Heather Conley, a former Deputy Assistant Secretary of State under George W. Bush, put it more structurally in TIME:

The Kentucky mill was never built. Rusal ultimately invested approximately $65 million of its $200 million pledge before suspending further investment in March 2021. Braidy Industries was renamed Unity Aluminum, eventually merged with Steel Dynamics, and the mill project moved elsewhere. Kentucky recouped its $15 million taxpayer investment in September 2022, and the site was donated back to the regional industrial authority. The political function of the Rusal-Kentucky deal — the lifting of sanctions through the promise of American jobs — appears to have outlived its economic function by several years.

Beyond McConnell, Blavatnik’s Republican giving continued down the ticket: $1.1 million to Scott Walker’s PAC, $800,000 to Lindsey Graham’s PAC, $250,000 to John Kasich, and $200,000 to John McCain. Blavatnik then added $1 million to Donald Trump’s 2017 inaugural committee. His donations to Democrats over the same period to Kamala Harris, Chuck Schumer, Ron Wyden, Bob Menendez, and Hillary Clinton were described by Quartz as “relatively small sums” totaling in the low hundreds of thousands across multiple recipients. In the 2020 cycle, he gave $5,200 to Pete Buttigieg and $5,600 to Joe Biden.

Framing this as “bipartisan” would obscure a donation ratio of at least ten to one in favor of Republicans during the pivotal 2015–2017 period, concentrated in the hands of GOP leadership. The identities of the recipients, including the top foreign policy official in the United States government and the chairman of the Senate committee responsible for the federal budget blueprint, matter more now than they did when the donations were made.

Marco Rubio was confirmed as the 72nd Secretary of State on January 20, 2025 by a 99–0 Senate vote, and was sworn in the following day; since May 1, 2025, he has also served concurrently as acting National Security Advisor, the first person to hold both positions simultaneously since Henry Kissinger. Lindsey Graham was elected Chairman of the Senate Budget Committee for the 119th Congress on December 20, 2024, and has since used that chair to shepherd the FY 2025 budget resolution and the “One Big Beautiful Bill Act” through the Senate.

In 2024, the Washington Post reported that Blavatnik belonged to a WhatsApp group of powerful U.S. business leaders, whose stated goals included shifting public opinion in favor of Israel and coordinating with Israeli government officials after October 7th. Members discussed receiving private briefings from Israeli officials and pressuring Columbia University’s administration to permit police action against student protesters.

The Washington Post’s reporting drew pushback. NYC Deputy Mayor for Communications Fabien Levy, who is Jewish, called the framing “offensive” and “antisemitic” in a post on X:

None of this is secret; it is the documented financial and political biography of the man whose name is on the school where America’s and Britain’s top cyber officials now work. With that said, billionaires have deep pockets with which to handle legal and media matters. Blavatnik’s representatives have publicly rejected the “oligarch” label as “both highly inaccurate and offensive,” and major outlets including the Guardian and the Times of London have published formal corrections after describing him as a “Putin pal” or “Putin associate.”

His lawyer, Martin Singer, told Quartz in a December 2018 letter that Blavatnik had “zero” involvement in Russian politics.

Bloomberg wrote in May 2023 that “naturalized US citizen” Blavatnik had divested “his last major asset in the country where he seeded his fortune,” exiting a chapter that began with TNK-BP’s sale to Rosneft in 2013 and his departure from the Rusal board in 2016.

The Institutional Network

The Blavatnik philanthropic footprint across Western academic institutions is extraordinary in both scale and strategic positioning.

The Blavatnik School of Government at the University of Oxford was founded in 2010 with a £75 million donation from the Blavatnik Family Foundation, one of the largest gifts in Oxford’s nine-hundred-year history. The original donation came from “Len Blavatnik and a trust associated with him” per Oxford’s Council Regulations; the “Blavatnik Family Foundation” was formally incorporated as a 501(c)(3) later, though the Foundation’s website now claims the gift.

The university contributed an additional £26 million. The school’s purpose-built headquarters, designed by the famous Swiss architectural firm Herzog and de Meuron, was inaugurated by Prince William in 2016. It trains future government leaders through its Master of Public Policy program, hosts senior practitioners as visiting fellows, and conducts research on governance and public policy. It is, by design, a pipeline for the people who will run governments.

Oxford’s own governance regulations for the school are clear: Regulation 3 states “the academic direction and day-to-day management of the School shall be entirely and exclusively the responsibility of the University,” and Regulation 8 affirms Oxford’s “duty to preserve and protect the academic freedom of its academic staff.” But the same regulations contain a more unusual provision: the appointment of the Dean “shall be made by Council, with the approval in writing of the Blavatnik School of Government Foundation, such approval not to be unreasonably withheld.” The donor’s foundation holds a contractual say over who leads the institution. This arrangement is unusual in academic governance, where donor influence over senior appointments is typically resisted.

The Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University was established as a joint initiative with the Israel National Cyber Directorate under the Prime Minister’s Office. $65 million funded the entire “Blavatnik Initiative” at TAU — encompassing the ICRC in addition to a drug discovery center, computer science fund, and other programs. ICRC is led by Major General (Ret.) Isaac Ben-Israel, former Director of Defense R&D at Israel’s Ministry of Defense. The center hosts Cyber Week, one of the world’s largest cybersecurity conferences drawing over 11,000 attendees from 99 countries, and runs DefenseTech Week in collaboration with the Israeli Ministry of Defense.

Beyond these two cyber-specific institutions, the Blavatnik Foundation has donated at least $270 million to Harvard (including $200 million to Harvard Medical School, the largest gift in HMS history), roughly $75 million to Yale, and tens of millions more to Columbia, Stanford, Brown, the University of Pennsylvania, the University of Cambridge, the Royal Academy of Engineering, and the New York Academy of Sciences. The Blavatnik Family Foundation’s own website now reports contributions exceeding $1.3 billion to over 250 institutions.

The pattern is clear: Blavatnik’s money does not simply support academic research. It names buildings, names schools, names programs, and in the case of the Oxford school, grants contractual influence over leadership appointments. The institutions receiving this funding are the ones that train government officials, conduct cyber policy research, and host leaders who recently held some of the most sensitive civilian cyber defense positions in the Western alliance.

The Cyber Leadership Pipeline

The appointments at the Blavatnik School follow a pattern: government cyber leaders depart their positions and land at Oxford, where they receive academic prestige, a platform for continued policy influence, and proximity to the Blavatnik network, while simultaneously taking on private-sector roles.

Ciaran Martin stepped down as CEO of NCSC on August 31, 2020, and joined the Blavatnik School as Professor of Practice on September 1. He is the founding director of OxCTP, the cyber policy program Easterly later joined, which he now co-directs with Dr Brianna Rosen. Simultaneously, Martin serves as Managing Director at Paladin Capital Group, a venture capital firm investing in early-stage cybersecurity companies, and sits on the Global Advisory Board of CyberCX, Australia and New Zealand’s largest cybersecurity services provider. The Blavatnik academic appointment provides the credibility platform; the private-sector positions provide the commercial channel. The knowledge and relationships cultivated during four years running NCSC (and longer still in GCHQ’s cyber leadership) now flow through both.

Jen Easterly left CISA on January 20, 2025, when the Trump administration took office. Her career before CISA included service in NSA’s Tailored Access Operations, the agency’s elite offensive hacking unit; helping establish U.S. Cyber Command in 2009-2010; serving as Deputy for Counterterrorism at NSA; and over two years as Special Assistant to President Obama and Senior Director for Counterterrorism on the National Security Council. Between government stints, she spent more than four years at Morgan Stanley as global head of their cybersecurity fusion center. She is a West Point graduate and Rhodes Scholar who earned her Oxford master’s degree at Pembroke College.

In July 2025, Easterly was appointed to the Robert F. McDermott Distinguished Chair at West Point’s Department of Social Sciences. Less than 24 hours after far-right activist Laura Loomer criticized the appointment, Secretary of the Army Daniel Driscoll rescinded the offer, posted a public announcement on X, and ordered a review of hiring practices.

Easterly responded to the rescission, describing herself as a “casualty of casually manufactured outrage” and a victim of cynicism that “corrodes our institutions”.

The full statement is available on LinkedIn, but I quote from it here:

The same official who rescinded Easterly’s West Point appointment has since become one of the most consequential figures in U.S. national security.

In November 2025, President Trump tapped Driscoll (a Yale Law classmate of Vice President JD Vance with no prior diplomatic experience) to lead American negotiations to end the Russian war in Ukraine. Driscoll flew to Kyiv, then Geneva for talks alongside Rubio, Special Envoy Steve Witkoff, and Jared Kushner, then to Abu Dhabi for secret talks with a Russian delegation. The Army secretary is now the United States’ primary point of contact with the Russian government on the most consequential foreign policy question of Trump’s second term, working off a 28-point peace plan originally drafted behind closed doors by Witkoff and Kremlin envoy Kirill Dmitriev.

His own position, however, is reportedly fragile. The Washington Post reported on April 7, 2026 that Driscoll has been engaged in a months-long conflict with Defense Secretary Pete Hegseth over personnel decisions, including Hegseth’s attempts to block the promotions of four Army officers (two women, two Black) to one-star generals, and Hegseth’s forced retirement of Army Chief of Staff General Randy George in early April ahead of schedule. Driscoll told the Post he has “no plans to depart or resign as the Secretary of the Army” and remains “laser focused” on Army readiness, but sources told the paper that tensions ran high enough last fall that Driscoll asked Vance to intervene on his behalf.

The same political dynamic that ended Easterly’s West Point appointment — outrage cultivated on partisan media, personnel decisions driven by loyalty rather than credentials — is now operating at the top of the Pentagon itself against the man who executed the Easterly rescission. The difference is that Driscoll has Vance; Easterly did not.

Easterly’s Blavatnik School fellowship was announced the following month. This political exclusion from a traditional government-military academic role left the Blavatnik School as her primary institutional home, illustrating how private philanthropic institutions can become the only viable platform for elite experts who fall out of political favor in their home countries.

The convergence is now complete. The person who ran America’s civilian cyber defense and the person who ran Britain’s national cyber security center are working in the same program, at the same school, funded by the same individual, contributing to the same research and teaching on cyber policy.

The Structural Concern

The question this arrangement raises is not about the individual integrity of Easterly or Martin. Both are widely respected professionals with distinguished records of public service. There is no evidence that either has been compromised or that their work at the Blavatnik School is anything other than legitimate academic engagement.

The concern is structural, and it operates at four levels.

First, there is the question of institutional dependence. When a single donor’s foundation holds contractual approval over the Dean of a school of government, and that school becomes the preferred destination for the most senior Western cyber officials, the donor’s interests become ambient. They need not be expressed through directives or conditions. They are embedded in the architecture. The scholars and fellows at the school know who funds it. The institution’s continued prestige depends on continued funding. The donor’s political and financial interests, documented in public filings, news reporting, and his own statements, form the background against which all programming decisions are made.

Second, there is the question of knowledge concentration. Easterly and Martin collectively possess the most comprehensive understanding of U.S. and UK cyber defense capabilities, vulnerabilities, and strategic doctrines held by any two people outside of current government service. Easterly worked in Tailored Access Operations, helped build Cyber Command, ran counterterrorism at NSA, and directed CISA. Martin built and ran NCSC for four years. The classified knowledge they carry does not expire when they leave government. Housing both of them under the same institutional roof, funded by a single individual with documented connections to sanctioned Russian entities, creates a concentration of strategic knowledge in a space that is neither government nor private sector, and is subject to neither classification controls nor corporate compliance regimes.

Third, the Atlantic Council report explains why Blavatnik’s alleged personal innocence may be beside the point. Åslund and Friedlander describe a mechanism that applies to wealthy Russian-born businessmen even when they hold Western passports and live outside Russia: the richer they get, the more leverage the Kremlin has over them. Their assets sit in two places: Russia, which Putin controls directly, and the West, where Western sanctions can freeze them. The Kremlin can squeeze either end.

The Mueller Report documented exactly this dynamic playing out with one of Blavatnik’s original business partners. Petr Aven, head of Alfa-Bank and a partner in the 1997 AAR consortium that Blavatnik co-founded, told Mueller’s team that he met with Putin roughly every three months. Aven said he treated anything Putin raised in those meetings as an order, and that refusing would have consequences. The specific threat Putin made to Aven in late 2016, according to Mueller, was that the United States might sanction Alfa-Bank, and that Aven needed to do something about it. In other words: Putin was using the threat of American sanctions to pressure a Russian oligarch into doing the Kremlin’s bidding.

None of this means Blavatnik operates under the same pressure Aven does, but people with whom Blavatnik built his fortune are on the record in sworn federal investigations as people who take orders from Putin because they simply cannot afford not to. Blavatnik maintained financial relationships with some of them until as recently as 2022. Åslund and Friedlander describe this kind of Kremlin pressure on wealthy Russians as “standard procedure.” The question is not whether Blavatnik himself takes orders from Moscow. It is whether the people around him do, and what that proximity means for the institution funding Easterly and Martin’s shared academic home.

Fourth, there is the question of the three-country bridge. The Blavatnik institutional network now spans the United States, the United Kingdom, and Israel. Easterly’s career and Blavatnik’s donations to Harvard, Yale, and Columbia anchor the American node. The Oxford school and Martin’s appointment anchor the British node. The ICRC at Tel Aviv University, jointly operated with the Israeli Prime Minister’s Office, anchors the Israeli node. These three countries are among the most important intelligence-sharing partners in the Western alliance.

The structural implications of these questions extend far beyond any individual appointment.

The Precedent

In August 2017, Bo Rothstein resigned his position as Professor of Government and Public Policy at the Blavatnik School in protest over Blavatnik’s $1 million contribution to Donald Trump’s inaugural committee. “I cannot give legitimacy and credibility to a person who is supporting Donald Trump,” he wrote in his resignation letter to Oxford’s Vice Chancellor Louise Richardson.

ProMarket, a publication of the George J. Stigler Center at the University of Chicago’s Booth School of Business interviewed him at the time, noting that “Rothstein is one of the most influential political scientists in the world today, having spent decades studying corruption and quality of government.”

Cherwell, Oxford’s student newspaper, obtained Rothstein’s letter on October 31, 2017, and published a story quoting it the following day:

Rothstein told Cherwell that he had been “excommunicated” from the school and barred from his office and students after the resignation. The Blavatnik school disputed his characterization, calling his allegations “false.” NPR and The Guardian covered the resignation extensively.

Rothstein returned to Sweden.

Two years earlier, in November 2015, a group of academics, Oxford alumni, and Russian dissidents including physicist and human rights activist Pavel Litvinov had published an open letter in The Guardian urging Oxford to “stop selling its reputation and prestige to Putin’s associates,” as reported by the Oxford Student and covered in detail by Cherwell.

The letter was organized by Ilya Zaslavskiy, a specialist in due diligence, sanctions, and kleptocracy who holds an MPhil in International Relations from the University of Oxford. Zaslavskiy held positions in TNK-BP's international affairs and gas business units between 2006 and 2010 — the Blavatnik-Vekselberg-Fridman oil venture central to this piece — before being arrested by the FSB in March 2008 in what the Washington Post reported at the time was widely viewed as part of an effort to force TNK-BP's foreign partners out of the venture. The FSB initially accused Zaslavskiy and his brother of state treason; the charge was later downgraded to industrial espionage, and then to “failed attempt of industrial espionage,” before a 2009 trial that Zaslavskiy described as a show trial, which ended with a conviction and a sentence of two years of probation. More than 100 Western managers were forced out of TNK-BP during the same period, and TNK-BP's British CEO Robert Dudley was forced to leave the country.

Zaslavskiy has since served as head of research at the Free Russia Foundation, as a fellow at Chatham House, and as senior program manager at the Center for International Private Enterprise. He heads Underminers.info, a research project exposing Eurasian kleptocrats in the West, and has written research papers for the Atlantic Council, Hudson Institute, Martens Centre, and other leading think tanks. His April 2021 paper “Which Kremligarchs Should Be Sanctioned by the Biden Administration?” introduced the term Kremligarchs to describe a litany of individuals who “should be added to the US Treasury sanctions’ lists due to their close involvement in the Kremlin’s infrastructure designed to harm the US and its allies.”

In May 2022, CNN reported that a group of fifty-five American and European foreign policy experts and anti-corruption activists had written a letter in September 2019 to the board of the Council on Foreign Relations to protest CFR’s acceptance of a $12 million donation, stating that Blavatnik “uses his ‘philanthropy’ at leading western academic and cultural institutions to advance his access to political circles,” calling such giving a vehicle for “the infiltration of the US and UK political and economic establishments at the highest levels.”

CNN further contextualized the situation:

These concerns predate the cyber dimension entirely. The question of whether Blavatnik’s money buys influence at Oxford has been debated since 2010. What has changed is the nature of the people now accepting his hospitality. When the school hosted political scientists and public policy scholars, the stakes were academic.

Now that it hosts the former heads of CISA and NCSC — people who possess the most sensitive knowledge about Western cyber defense — the stakes have become both a matter of national security and perceptions of the same.

What Comes Next

The Oxford Programme for Cyber and Technology Policy is expanding. Its inaugural Oxford Cyber Forum has already taken place in June 2024. Easterly has contributed to classes, seminars, and public events, including a panel at OxCTP’s Global Tech Policy Seminar Series alongside former Executive Vice President of the European Commission Margrethe Vestager. The program aims to “help governments navigate the cyber frontier and encourage the responsible adoption of emerging technologies.”

This is, on its face, valuable work. Democratic societies need thoughtful cyber policy. Academic institutions play an important role in developing it. The question is not whether this work should be done, but whether it should be done under the name and with the money of a single private individual whose financial biography includes partnerships with sanctioned Russian oligarchs, offshore entanglements with Russian government officials, and documented participation in coordinated influence campaigns.

There are other places where these leaders could have landed. Easterly is a West Point graduate who could have returned there, and nearly did. Martin could have joined any number of British universities or think tanks. Both chose, or accepted, the institution that offered the most prestige, the most resources, and the most ambitious cyber policy program, which happens to be the one funded by Len Blavatnik.

The individual decisions are rational, but the systemic outcome warrants scrutiny.

When a single billionaire with documented Russian oligarch ties funds the academic home of both the American and British cyber chiefs, the school that trains future government leaders, and a cyber research center jointly operated with the Israeli Prime Minister’s Office, the resulting structure is not a conspiracy. It is something more durable: an institution. Institutions do not need to conspire. They shape behavior through incentives, access, and prestige, and they outlast any individual appointment.

The question for policymakers, for the intelligence community, and for the public is whether this particular institution, with this particular funding source, in this particular configuration, is something Western democracies should be comfortable with, or whether the concentration of cyber leadership under a single private benefactor represents a structural vulnerability that no one has been willing to name at the intersection where it matters most: the pipeline of departing cyber chiefs into a single donor-funded institution.

Correction, April 9, 2026: An earlier version of this piece described Ilya Zaslavskiy as “a former Russian politician.” Zaslavskiy is in fact a specialist in due diligence, sanctions, and kleptocracy who held positions in TNK-BP's international affairs and gas business units between 2006 and 2010 and was prosecuted in 2008-9 in what the Washington Post reported at the time was widely viewed as part of an effort to force TNK-BP's foreign partners out of the venture. The reference has been updated. I regret the error.

Five current officials and one former official later confirmed this to Politico. Then, he took it again. He did not pass the second time either. Within days of the first result, the employees who had arranged the examination and done nothing more than follow the security requirements of the originating intelligence agency received letters suspending their access to classified information. The acting director kept his badge, but the staffers who enforced the rules lost theirs.

That sequence of events, which received scattered coverage when it broke into public view last December, is the right place to start a story about an executive order that President Trump signed on March 26, 2026 — and about what has happened to the federal networks those staffers were paid to protect.

On April 1, 2026, the FBI notified Congress that Chinese hackers had breached one of its internal surveillance systems in what the bureau classified as a “major incident” under FISMA. The compromised system, known internally as DCS-3000, is a pen register and trap-and-trace collection network that stores metadata revealing who the FBI is watching: which phone numbers, which websites, which subjects of active counterintelligence investigations. The intrusion was traced to a third-party commercial internet service provider’s vendor infrastructure. It was, in other words, a supply-chain attack — the exact category of threat that Emergency Directive 21-01 was written to address, and that CISA retired in a bulk action on January 8, 2026, three weeks after the polygraph story broke. The CISA story, the DEI story, and the FBI breach story are the same story.

Understanding why requires going back to the beginning.

Sixty Years of Scaffolding

Lyndon Johnson signed Executive Order 11246 on September 24, 1965, in the middle of a decade that had already produced the Civil Rights Act and the Voting Rights Act. His order required federal contractors to do more than refrain from discrimination: they had to take affirmative steps to remedy it. Any company with a federal contract above $50,000 and at least 50 employees was obligated to develop a written Affirmative Action Program — an annual document specifying hiring goals, promotion timelines, pay equity analyses, and self-audits. A Labor Department bureau called the Office of Federal Contract Compliance Programs existed to enforce this, and in 2024 it was still recovering millions from contractors for alleged violations.

President Johnson’s theory was structural, rather than sentimental.

A labor market shaped by decades of exclusion from schools, professional networks, and institutions would, if left to its own devices, reproduce that exclusion through criteria that looked neutral but weren’t. The correction factor had to be built in. For sixty years, through administrations of both parties, through the Reagan era’s attempts to weaken it, the Clinton era’s “mend it, don’t end it” compromise, and Bush and Obama tenures where it remained effectively untouched, EO 11246 held.

On January 21, 2025, it was revoked.

The First Demolition

Trump’s second inaugural week produced two executive orders relevant here.

The first, EO 14151 (“Ending Radical and Wasteful Government DEI Programs”), was largely an internal matter: federal agencies were told to shutter their DEI offices, eliminate equity grants and contracts, and remove diversity requirements from employee performance reviews. Federal DEI staff were placed on administrative leave within days. The second order on the following day, EO 14173 (“Ending Illegal Discrimination and Restoring Merit-Based Opportunity”), did the structural work.

It abolished Johnson’s EO 11246 outright, dismantled OFCCP’s enforcement authority, and replaced sixty years of affirmative action mandate with a certification requirement: every new federal contract would have to include a contractor’s attestation that it was not running DEI programs in violation of anti-discrimination law. The certification clause carried a second provision that drew less attention at the time.

It stated that compliance was “material to the Government’s payment decisions” under the False Claims Act — the Civil War-era statute that authorizes the government to recover treble damages from contractors who defraud it. The FCA also allows private citizens to file suit on the government’s behalf and keep a share of what’s recovered. Those suits, called qui tam actions, are the mechanism through which the administration intends to make an example of holdouts. The White House’s FY2026 budget proposal sought to eliminate OFCCP, removing its EO 11246 enforcement authority, but Congress ultimately funded the agency at roughly $101 million in the Consolidated Appropriations Act of 2026, leaving it smaller, narrowed, and focused on a much thinner slice of contractor compliance.

Courts moved immediately. A Maryland district judge issued a nationwide preliminary injunction in February 2025, concluding that key provisions were likely unconstitutional, and the administration appealed. The Fourth Circuit stayed the injunction, then vacated a second one. On February 6, 2026, the court ruled in NADOHE v. Trump that the orders could not be struck down wholesale. Challengers would have to contest specific enforcement actions as they arose.

The orders have been fully operative ever since.

The Enforcement Machinery

In May 2025, Deputy Attorney General Todd Blanche announced what DOJ called the Civil Rights Fraud Initiative, pairing the Civil Fraud Section and the Civil Rights Division to pursue FCA actions against contractors whose DEI programs could be characterized as race-conscious. The legal theory was not complicated: a company that submits a payment request to the government certifies, implicitly, that it is complying with applicable law. If prohibited programs are maintained while collecting federal payments, every invoice is a false claim. By December 2025, DOJ had issued civil investigative demands (subpoenas for documents and testimony) to companies across finance, defense, technology, and healthcare.

The FCA set a record in FY2025 by “recovering” $6.8 billion. This was the largest annual total in the statute’s 160-year history, more than doubling the prior year’s $2.9 billion. DOJ’s press release announcing the figure specifically cited EO 14173 as an enforcement priority for FY2026.

One thousand two hundred ninety-seven (1,297!) qui tam suits were filed in FY2025 alone.

The Newest Order

The executive order signed a little more than a week ago is the campaign’s third instrument, and it addresses something the administration has evidently concluded the prior framework failed to prevent.

The White House fact sheet states this candidly: “some entities, including government contractors, have attempted to conceal ongoing DEI activities even as the Administration has worked to end them.”

Where EO 14173 asked contractors to certify their own compliance, the order requires that every covered contract contain a verbatim clause prohibiting “racially discriminatory DEI activities”, defined as disparate treatment in hiring, promotion, contracting, or program participation based on race or ethnicity as a condition of performance. FCA materiality language, previously embedded in guidance, is now written into the contract clause itself. Contractors must also report any subcontractor’s known or “reasonably knowable” violations up the chain of command. This is a reporting duty that runs opposite to the usual flow of federal oversight, from contractor employee to contracting agency, and bypasses the subcontractor’s own management.

The order covers only race and ethnicity, conspicuously omitting sex, sexual preference, religion, and national origin that appeared in EO 14173.

Gender-based DEI programs such as women’s leadership tracks and pay equity reviews are left to the broader regulatory environment. The Office of Management and Budget is directed to identify specific sectors at particular risk of violations based on past conduct and issue sector-specific guidance. Finance, defense, technology, and healthcare have already been named in prior DOJ statements.

Cybersecurity contractors, defense-adjacent and technology-forward, are obvious candidates for early targeting.

What Has Already Changed

Since Trump’s re-election in November 2024, roughly one in five U.S. companies has eliminated DEI programs.

Among those, fifty-seven percent reported hiring fewer workers from underrepresented groups, and a third reported promoting fewer. Representation of people of color in leadership fell at thirty percent of the companies that cut programs; women’s leadership representation fell at twenty-four percent. The Conference Board found that fifty-three percent of S&P 100 companies changed how they described DEI efforts in their 2025 regulatory filings. Mentions of the acronym “DEI” in Fortune 100 documents fell ninety-eight percent year over year; broader references to diversity dropped seventy-two percent. Much of what corporate America has done is not eliminate programs but rename them. This looks more like a retreat from transparency in an attempt to appear compliant with Trump’s rulings rather than a genuine retreat from actual practice.

More than twenty-six hundred jobs carrying “diversity” or “DEI” in the title have been eliminated since early 2023. The Pentagon cut or restructured a hundred and eighty-eight related positions.

The financial consequences have been real, yet unevenly distributed.

Target announced its DEI rollbacks in January 2025 and experienced more than two hundred days of declining performance: ten consecutive weeks of declining foot traffic, a missed first quarter, and an estimated twenty billion dollars in market capitalization erased by the time the full impact registered. Investors sued, alleging the company had misled shareholders about the financial risks of the decision itself, which was the first time a rollback decision generated securities litigation, inverting the conventional risk calculation entirely. Costco, which defended its commitments publicly during the same period of shareholder pressure, saw between 4.6% and 5.8% year-over-year foot traffic growth.

The CISA Catastrophe

CISA entered fiscal year 2025 with approximately 3,732 employees. The FY2026 budget proposal sought to reduce CISA’s staffing to 2,324 positions. What actually happened through layoffs, buyouts, and people who left without prompting because the environment had become untenable, brought headcount even lower to around 2,200 by mid-2025 — a loss of roughly a third.

About seventy staff were reassigned to other DHS components, including ICE, through management-directed transfers. The Cybersecurity Division, which monitors federal networks for intrusions, fell from around 1,100 people to around 800-850. CISA’s nationwide team of Cybersecurity Advisers — the field staff who connect companies with federal resources — went from 164 to about 97. The Stakeholder Engagement Division faced a sixty-two percent funding reduction; the National Risk Management Center, which provided cross-sector risk analysis, faced seventy-three percent.

In April, CISA announced it is planning to hire more than three hundred people. A familiar mechanism runs through both the CISA story and the DEI orders: remove the structure that enforced rules, wait to see what falls away, then propose to rebuild from a narrower base, under worse conditions, without restoring the safeguards that kept the enterprise functioning in the first place.

How Gottumukkala Got There

Madhu Gottumukkala arrived as acting director in May 2025, installed by Secretary Kristi Noem. His career had moved from Motorola and Verizon consulting to Samsung engineering to a CTO post at CallHealth in Hyderabad, then to Sanford Health, then to South Dakota state government as CIO. None of those roles required navigating the culture or methods of the intelligence community. Dakota State University — where Gottumukkala completed his PhD and later joined the advisory board — holds all three NSA Center of Academic Excellence designations and hosts an on-campus SCIF. To whoever placed him, that combination may have read as a credential. The substantive career remained in civilian IT and healthcare.

Within weeks of his arrival, Politico reported that in his first major intelligence briefing, he asked what threats the U.S. faced from the Southern border and India — a country that has never been considered a significant cyber adversary, while Russia and China were actively targeting American networks.

“Typically, India would be the last place we’d be talking about,” said one official who was in the room.

He also, within weeks of arrival, began pressing for access to a Controlled Access Program — among the most restricted intelligence compartments in existence, established only when ordinary Special Access Programs are insufficient, governed by the Director of National Intelligence, with entry conditions set by the originating agency. A senior career official denied the first request: there was no operational need, and his predecessor had never sought the same access. That official was subsequently placed on administrative leave. A second request, signed personally by Gottumukkala, went forward. His signature acknowledged the counterintelligence polygraph requirement mandated by the originating agency. Career staff arranged the examination.

In late July 2025, he took the polygraph.

He did not pass.

He took it again.

He did not pass again.

According to the March 13, 2026 congressional letter led by Rep. James Walkinshaw (VA-11) and signed by four colleagues — citing information provided to House Homeland Security Committee staff by one of the suspended employees — Gottumukkala failed two counter-intelligence scope polygraphs required for access to the program. The letter was addressed to the inspectors general of DHS and the Intelligence Community.

Two failures. The same program. At an agency whose statutory mission is protecting federal networks from adversaries.

Congress Asked. He Denied It.

At a House Homeland Security Committee hearing on January 21, 2026, ranking member Bennie Thompson (D-MS) asked Gottumukkala directly whether he had failed a counterintelligence polygraph. Gottumukkala told Congress he “did not accept the premise of that question.”

The Walkinshaw letter, filed six weeks later, states that he “falsely accused career CISA staff of providing incorrect information” and asks whether his actions to “obstruct or retaliate against DHS employees for disclosing his two counter-intelligence polygraph failures to the Director of National Intelligence constitute a Prohibited Personnel Practice under 50 U.S. Code § 3234.”

The lawmakers also ask whether CISA’s Chief Security Officer ever alerted ODNI, as federal statute requires following a polygraph failure, and whether ODNI engaged a review of Gottumukkala’s clearance.

The answers remain publicly unknown.

The Staff Who Enforced the Rules Were Punished

On August 1, 2025, acting DHS Chief Security Officer Michael Boyajian sent letters to six CISA employees suspending their classified access. Their stated offense: providing false information to the acting director about the necessity of a polygraph. They had not created the requirement. They had followed the conditions the originating agency laid down. The practical offense was arranging a procedure that produced an embarrassing result for a political appointee.

By December, twelve officials — among them several Trump appointees — had described the episode to Politico on background despite the risk to their own careers.

“Instead of taking ownership and saying, ‘Hey, I screwed up,’ he gets other people blamed and potentially ruins their careers,” one current official said. “We’re a sinking ship.

We’re like the Titanic,” said another.

As of February 2026, those employees’ clearances remained revoked and they remained on administrative leave — more than six months after the original letters.

DHS’s public response came from Assistant Secretary Tricia McLaughlin, who stated that Gottumukkala “did not fail a sanctioned polygraph test” (the emphasis is mine.) The statement does not assert he passed a test. It does not dispute that counterintelligence examinations took place. It does not deny that the SAP (Special Access Program) owner required one as a condition of access, or explain why his own signature on the access request would not have alerted him to that condition. Under DHS’s reading, the polygraph was unauthorized because political leadership had never formally approved the access request in the first place — which would mean Gottumukkala pursued restricted intelligence access after being denied, after the official who denied him had been conveniently removed.

Neither interpretation is flattering.

The ChatGPT Incident

The polygraph failures were not the only security lapse. Between mid-July and early August 2025 — the same period as the first polygraph — Gottumukkala uploaded at least four documents marked “for official use only” to the public version of OpenAI’s ChatGPT. The uploads triggered automated cybersecurity alerts designed to detect theft or unintentional disclosure of government materials from federal networks, generating several alerts in the first week of August alone. He had personally requested special authorization from CISA’s Chief Information Officer to use OpenAI’s ChatGPT shortly after joining the agency, despite the fact that the tool is blocked for most DHS employees over concerns that sensitive information could be retained outside federal systems. Data entered into the public version of ChatGPT can be incorporated into OpenAI’s training data and exposed to hundreds of millions of users.

After the alerts surfaced, Gottumukkala met with CISA’s CIO Robert Costello, its chief counsel, and DHS’s acting general counsel to assess potential harm. CISA spokesperson Marci McCarthy described the usage as “short-term and limited” and said he had operated under an authorized temporary exception. Costello, the CIO who sat across from him in those meetings, subsequently tried to be dismissed by Gottumukkala in January 2026 — an effort blocked by other senior political appointees, but one that accelerated his departure from CISA and federal service.

Chair of the Senate Judiciary Committee Senator Chuck Grassley (R-IA) sent CISA a letter pressing the agency about the ChatGPT incident. As of this writing in early April 2026, CISA has not responded.

In his first weeks on the job, the man running the agency responsible for federal cybersecurity hygiene had uploaded government documents to a commercial AI platform, failed a counterintelligence polygraph, then failed a second one.

Why the Polygraph Failures Are Unsurprising in Context

Read more

I’ve been following Annie Altman’s allegations against her brother since before most people had heard her name.

In November 2023, when Sam Altman’s abrupt firing from OpenAI sent the tech world into a frenzy of speculation, I published an analysis exploring what might have rattled the board. In a section of that piece titled ‘Scenario 3,’ I discussed the abuse allegations Annie had recently shared on social media. She subsequently published a statement on her Medium blog, which she then republished in full as a guest post on this site under her own byline.

At the time I wrote my analysis, I was careful to note the allegations were unproven. I still am.

But I am not a lawyer, and I’m not a childhood sexual abuse expert. What I am is someone who has had direct interactions with Annie Altman and, based on those interactions, formed a professional and personal assessment: her allegations were credible. Having reviewed every key document in the federal court record, including the amended complaint she filed on April 1, 2026, I believe her even more.

This is the story of what that record actually says, what a federal judge has already decided, and what happens next. It is also, necessarily, the story of what happened to Annie when she tried to tell it the first time.

The Lawsuit

On January 6, 2025 — just two days before the statute of limitations expired — Ann “Annie” Altman filed a civil lawsuit against her brother Samuel “Sam” Altman in federal court in St. Louis. The case, Ann Altman v. Samuel Altman, Case No. 4:25-cv-00017-ZMB, is assigned to U.S. District Judge Zachary M. Bluestone in the Eastern District of Missouri.

The complaint is not ambiguous. Annie alleges that Sam sexually abused her continuously from approximately 1997 to 2006, beginning when she was three years old and he was twelve, at the family home in Clayton, Missouri. The abuse, she alleges, progressed from forced oral contact to digital penetration to rape and sodomy, occurring multiple times per week during the early years and continuing until she was approximately eleven or twelve.

The last acts, she alleges, were committed by Sam as an adult against a minor.

Read more

I spent the last eight hours confirming and re-confirming what I found. I needed to be sure before writing that a foreign head of government is implicated in a consequential decision made today by Treasury — and that the public record establishing that connection has been sitting there, openly, for sixteen years.

The delisting went through without a word. The responses to journalists have been unremarkable boilerplate. What follows is what I found, how I found it, and why it matters.

On the last day of March, the Treasury Department’s Office of Foreign Assets Control (OFAC) published a routine-looking administrative action: a batch of name removals from the Specially Designated Nationals (SDN) list. Buried among counter-narcotics delistings were three Russian-flagged vessels — FESCO Moneron, FESCO Magadan, and SV Nikolay.

Three lines of text on a government webpage made these three ships no longer subject to U.S. sanctions.

I had been watching all three.

For the past couple of weeks, I have been building and improving PHANTOM WAKE (phantom-wake.com), a maritime hybrid warfare intelligence platform I created primarily to track Russia’s shadow fleet.

It draws from various sources such as public sanctions data, real-time AIS vessel tracking feeds, Ukrainian military intelligence databases, and Global Fishing Watch’s historical behavioral records, running every vessel through a multi-factor behavioral scoring engine I developed. The tool was directly inspired by Andrei Soldatov and Irina Borogan’s November 2025 investigation in Foreign Affairs, “Moscow’s Offshore Menace,” which documents how Russia’s sanctioned fleet has evolved from a financial evasion mechanism into an active platform for hybrid warfare. When OFAC published today’s action, all three of the newly delisted ships were already live in my system, flagged with active anomalies.

What the data shows about these vessels does not square with a routine administrative cleanup.

“Ordinary Course of Business”

Asked about the deletions, a U.S. Treasury spokesperson told the Kyiv Independent that the actions are “not indicative of a broader shift in the U.S. Russia policy,” adding that “the removals implemented today were done in the ordinary course of business as part of OFAC’s investigations and based on a thorough review.” The spokesperson noted that such reviews may be triggered by requests from sanctioned individuals, internal OFAC considerations, or “in response to other national security and foreign policy priorities consistent with the law.”

“The ultimate goal of sanctions is not to punish but to change behavior and to promote accountability,” the spokesperson said.

That explanation deserves to be tested against the full record of what Treasury has been doing in relation to Russian sanctions for the past 33 days because today’s vessel delistings did not arrive in a vacuum. A review of OFAC’s own published actions since late February reveals a systematic, rolling dismantlement of Russia-related sanctions pressure across multiple sectors simultaneously:

• February 27: Three PMC Wagner Group-linked individuals removed from the SDN list under Russia-EO14024

• March 5: General License 133 issued, authorizing Russian oil deliveries specifically to India. This oil license was issued within days of the Hormuz closure beginning around February 28

• March 12: General License 134 issued, authorizing Russian oil sales globally, citing market disruption from the closure of the Strait of Hormuz

• March 18: Evgeniya Tyurikova, a senior Sberbank executive sanctioned for her role in Russia’s financial system was quietly removed from the SDN list, along with a Turkish sanctions evasion network and a UAE-based entity

• March 19: GL-134 amended and extended as GL-134A

• March 20: A UAE freight company and several individuals sanctioned for Russian sanctions evasion removed from the SDN list

• March 27: Vladimir Dmitriev, former head of Vnesheconombank (VEB) — Russia’s state development bank was removed under Russia-EO14024; Andriy Portnov, a Yanukovych-era Ukrainian official with longstanding Russian political ties, removed under Global Magnitsky along with his charitable foundation, ANDRIY PORTNOV FUND

• March 30: General License 131D amended to facilitate the negotiated sale of Lukoil International GmbH — the day before today’s vessel delistings

• March 31: FESCO Moneron, FESCO Magadan, and SV Nikolay removed from the SDN list

Treasury’s “ordinary course of business” explanation might have held for each action read in isolation. Against the full 33-day sequence — PMC Wagner personnel, a Sberbank executive, VEB’s former head, a Yanukovych political ally, oil license upon oil license, a Lukoil transaction pathway cleared, and now defense-bank vessels — it becomes considerably harder to sustain.

Russia’s Informal Military Flotilla

To understand why these three vessels matter specifically, you have to understand who owns them.

FESCO Moneron and FESCO Magadan are currently owned and operated by Investconsulting LLC, a Russian company whose corporate lineage runs directly through the FESCO Group. Transgarant LLC, which founded Investconsulting, is 91.2% owned by PJSC DSMP, the FESCO Group’s parent company. But their previous owner tells the more significant story: both vessels were held by PSB Leasing LLC, a subsidiary of Promsvyazbank (known in Russia by its initials PSB), before being transferred into the FESCO corporate structure after sanctions were imposed, a transfer that is itself a textbook sanctions evasion technique.

The U.S. sanctioned both vessels in February 2022 as part of a package targeting five PSB Leasing-owned ships. Today’s action removes two of the five. The three that remain on the SDN list are Baltic Leader, Linda (now Inda), and Pegas (now Gallileo). Notably, both Linda and Pegas have already been renamed using similar identity-cycling behavior flagged in FESCO Magadan — and Linda has also cycled through multiple flags including Liberia, Netherlands, and Russia.

PSB is not a typical commercial bank. PSB itself was seized from its founders, brothers Dmitry and Alexei Ananyev, by Russia’s Central Bank in late 2017 — and then repurposed by the Kremlin as its defense-sector bank. The Ananyevs fled Russia, and the vessel assets remained. Since 2018, PSB has operated as Russia’s designated defense-industry financial institution, processing state defense contracts for the Ministry of Defense, providing mortgage and banking services exclusively for military personnel, and extending its operations into Russian-occupied territories of Ukraine. Sanctioning these vessels was, in effect, sanctioning assets of Russia’s military bank.

The SV Nikolay carries a different ownership chain but a grimmer operational history. Sanctioned in connection with Russia’s Alfa-Bank, the financial empire co-built by Mikhail Fridman and Peter Aven, both of whom were sanctioned by the EU and UK — and both of whom successfully challenged their EU designations in court in 2024, with an Advocate General opinion suggesting a further appeals ruling may go their way. According to Ukrainian authorities, the vessel has been involved in transporting stolen grain from Russian-occupied Ukrainian territories to Turkey.

Reuters used satellite imagery and ship-tracking data to reconstruct a June 2022 voyage in which SV Nikolay appeared at Crimea’s main grain terminal before docking in Izmir, Turkey — while its own documents claimed the cargo had been loaded at a Russian port 160 miles away. The 10,000-metric-ton corn shipment was purchased by Turkish food company Yayla Agro, which said it had been given falsified documents. Ukrainian military intelligence lists the vessel as actively involved in stolen grain transport to Turkey to this day.

This is not a ship that was swept up in broad financial measures and later found to be commercially innocent. SV Nikolay has had a documented role in the physical looting of Ukrainian agricultural output.

The Trump administration’s official framing for its Russia sanctions relief program has centered on energy markets: U.S.-Iran tensions sent oil prices surging, the Strait of Hormuz effectively closed, and on March 12 Treasury issued a general license permitting the purchase of certain sanctioned Russian oil at sea. The March 5 India-specific oil license suggests that framing was already in motion before the Hormuz closure, complicating the implied causation.

And regardless, FESCO Moneron, FESCO Magadan, and SV Nikolay are container ships and a general cargo vessel. They do not carry oil. The energy market rationale does not apply here.

What “Going Dark” Means

Every large commercial vessel is required by international law to operate an Automatic Identification System (AIS) transponder which broadcasts the ship’s identity, position, speed, heading, and declared destination. Port authorities, coast guards, insurers, and compliance teams all rely on this data. “Going dark” means switching the transponder off, or transmitting false data. When a vessel disappears from AIS tracking, it may be in a geographic dead zone beyond terrestrial receiver range, experiencing equipment failure, or deliberately suppressing its signal to conceal where it is and what it is doing.

In the context of Russia’s shadow fleet, deliberate darkness is the rule, not the exception. Extended AIS gaps correlate reliably with ship-to-ship oil transfers at sea, undeclared Russian port calls, and, according to Soldatov and Borogan’s reporting, potentially the positioning of personnel and equipment for hybrid warfare operations.

The tanker Boracay, previously sanctioned by the UK and EU, was tracked near the Danish coast during drone incursions that forced the closure of Copenhagen Airport in September 2025 — one of three shadow fleet vessels Danish authorities placed under investigation as a possible drone launch point. French commandos boarded the ship in international waters off Ushant Island on September 27, finding approximately $100 million in Russian oil bound for India, two Russian private security agents who, according to French investigators, were controlling the crew and “representing Russian interests and gathering intelligence”, and a false flag of Benin flying where a proper registration should have been. French President Emmanuel Macron said the vessel was suspected of “serious offences” but declined to address the drone speculation directly.

Putin called the French boarding “piracy.”

Just yesterday, the day before OFAC quietly removed these three Russian vessels in question from the SDN list, a criminal court in Brest, France sentenced the Boracay's captain, Chinese national Chen Zhangjie, to one year in prison and a €150,000 fine — in absentia, because he was already back at sea.

The ship itself has since been renamed Feniks (“The Phoenix”) and was last reported flying the Russian flag in the Strait of Malacca. Its ultimate beneficial owner has not been publicly identified.

The shadow fleet’s dual life as economic instrument and military-intelligence platform reflects a Soviet-era operational playbook Russia has maintained for nearly a century.

What I Found Using PHANTOM WAKE

PHANTOM WAKE maintains a watchlist of 2,000+ vessels drawn from OpenSanctions, which aggregates designations from OFAC, the EU, UK, Australia, Canada, and Ukraine, and from GUR Ukraine’s independently compiled shadow fleet database. Every vessel with a known position is scored continuously against a multi-tier risk formula: static identity factors including flag state, ownership opacity, and the history of name changes; behavioral signals derived from AIS data; infrastructure proximity checks against more than 700 submarine cable routes; and fleet-clustering detection that flags when multiple tracked vessels converge in the same area.

The platform draws entirely on publicly available data sources. Every feed it taps are accessible to anyone. What the scoring engine does is fuse those signals into a continuous, ranked assessment of which vessels warrant added attention, and why. Beyond sanctions evasion, PHANTOM WAKE monitors a second threat class that has received far less public attention: shadow fleet vessels being used to destroy the undersea cables and power lines that keep Europe’s lights on and internet running.

The incidents are no longer hypothetical.

In November 2024, a Chinese-flagged bulk carrier called the Yi Peng 3 crossed the Baltic Sea and left two severed cables in its wake. One of them, the C-Lion1, was the only direct telecommunications cable connecting Finland to Central Europe — 144 terabits per second of internet traffic, gone. The other, the BCS East-West link, carries a significant share of Lithuania’s internet capacity. Both were cut within hours of each other. On Christmas morning 2024, the Eagle S dragged its anchor across the Estlink-2 cable on the floor of the Gulf of Finland. Estlink-2 is not a data cable — it is the power line that carries electricity from Finland into Estonia. Cross-border power transmission dropped by two-thirds, from 1,016 megawatts to 358. Estonia’s government convened an emergency session. Repairs were expected to take up to seven months. Finland seized the Eagle S at sea.

Estonia’s Prime Minister said publicly that shadow tankers “assist Russia in generating revenue that supports its hybrid attacks.” In January 2025, the MV Arne was caught dragging its anchor through 90 meters of water — nearly three times the depth at which commercial vessels normally anchor — directly over the AEC-1 cable off Ireland’s County Mayo coast. German police who boarded the vessel later found it was missing its anchor entirely.

The AEC-1 is Ireland’s only dedicated transatlantic cable, carrying internet and cloud traffic between New York and Europe, including a dedicated connection used by the U.S. Department of Energy to move scientific data between American national laboratories and CERN’s particle accelerator in Switzerland. If the cable had been cut, there is no backup route. Ireland has no redundant transatlantic cable. None of these three incidents was detected before the damage occurred. Each required a patrol aircraft or seized vessel to piece together what had happened after the fact.

The method is almost always the same: anchor drag. A ship drops or drags its anchor across a cable route, the anchor snaps fibers or power lines that have lain undisturbed on the ocean floor for decades, and the vessel sails away. It looks like an accident. It usually isn’t. PHANTOM WAKE checks every vessel’s position against 708 submarine cable routes in real time, flagging ships that anchor in suspiciously deep water, loiter over cable corridors at near-zero speed, or go dark in an area where their projected path crosses critical infrastructure. The three vessels delisted today did not trigger cable proximity alerts during the monitoring window. But the behavior that makes a vessel dangerous to cables, such as extended radio silence, deep-water loitering, and/or weeks of static position data, is exactly the behavior all three have displayed. The tool was built to find vessels like these before the next cable goes dark, not after.

Here is what the system was showing for the three vessels as of this afternoon.

SV Nikolay carries the highest risk score of the three: 52 out of 100, in the HIGH tier. Its AIS transponder has been effectively silent for 197 days. The last confirmed transmission was September 15, 2025. Its last reported position places it near 41.3 degrees north, 29.5 degrees east — the northern Bosphorus approaches, one of the most strategically significant chokepoints in the world for Russian commercial and naval traffic, and a well-documented hub for ship-to-ship grain and oil transfers. PHANTOM WAKE flagged it with the STS_ZONE_DARK signal: the vessel went dark while inside a known ship-to-ship transfer zone.

Something else stood out when I reviewed the PHANTOM WAKE data for all three vessels. Their draught readings (the measure of how deep a hull sits in the water, a direct proxy for cargo and fuel load) were completely static across 18 consecutive daily readings spanning nearly three weeks.

In commercial shipping, draught varies constantly. Fuel burns, ballast is adjusted, cargo is loaded and offloaded. A flat line across days or weeks suggests one of several possibilities: the vessel is moored and not operating commercially; the position data being broadcast is replayed or fabricated; or the vessel is being held in a deliberate staging posture. Any of these would be consistent with the broader evasion pattern these ships have displayed.

The SV Nikolay’s draught reading has not moved by so much as a tenth of a meter across 18 consecutive daily readings spanning March 14 through March 31. It has no declared destination. This is the same vessel used to move stolen Ukrainian grain to Turkey — more on that below.

FESCO Moneron (Cyrillic: ФЕСКО МОНЕРОН) last transmitted a confirmed AIS signal on December 21, 2025 — ninety-nine days ago. Its reported position puts it in the Sea of Okhotsk, off Russia’s Pacific coast, moving at 13.1 knots. Global Fishing Watch recorded four loitering events for this vessel in the past twelve months: three consecutive days in late February 2026 near 50.9 degrees north, 150.5 degrees east, roughly 88 kilometers offshore and well clear of any declared port, drifting at between 0.34 and 1.13 knots. Its draught, 6.2 meters, has not changed across 18 consecutive readings since March 14.

These signals appear abnormal in every way.

FESCO Magadan (Cyrillic: ФЕСКО МАГАДАН) presents the most analytically complex picture. Its behavioral score at the time of capture is low. On the surface, it looks relatively clean. It is not.

The Ship That Called Itself a French Carrier

FESCO Magadan has cycled through five flag states (Germany, the UK, Malta, Portugal, and Russia) and carries four known aliases: CMA CGM Tatiana, India, Velazquez, and its Cyrillic name variant, Феско Магадан.

PHANTOM WAKE gives it an Identity Cycling score of 80 out of 100, the highest of the three vessels.

The alias “CMA CGM Tatiana” is worth sitting with. CMA CGM is one of the world’s largest and most recognized container shipping companies, a French firm whose vessels move through virtually every major port on earth. Using that name looks nothing like coincidence or administrative carelessness. It is a deliberate technique to create name confusion with a legitimate, widely recognized Western carrier with the intention of reducing scrutiny at port, in insurance documentation, and in compliance database queries.

PHANTOM WAKE now specifically scores for this class of behavior, flagging vessels whose aliases match major Western carriers including CMA CGM, Maersk, MSC, and Hapag-Lloyd.

FESCO Magadan’s low behavioral score reflects only what the system could observe during a narrow capture window, not what Global Fishing Watch’s historical archive shows. On February 18, 2026, the vessel had a three-day, eight-hour AIS gap in the Sea of Okhotsk, at approximately 52 degrees north, 158.7 degrees east. On the same day, in the same general zone, FESCO Moneron was in the middle of its own three-day loitering cluster.

These ships are both listed at exactly 7,519 gross registered tonnage or GRT, indicating they are sister ships built to the same specification.

Two vessels built together, sharing ownership connections to Russia’s sanctioned defense bank, co-sanctioned and now co-delisted together, operated in dark posture in the same remote Pacific waters on the same dates. The behavioral signature is consistent with a coordinated ship-to-ship transfer operation, but it is not definitive confirmation. That would require cross-referencing with closed satellite imagery sources, which my system cannot provide at present.

But this does not seem like a coincidence.

Speaking of Coincidences

It is worth noting that the FESCO Moneron carries one additional entry in its public sanctions record that the ownership chain alone does not capture.

Back then, it was named Francop — the vessel at the center of the Francop Affair, in which Israeli Navy commandos from Shayetet 13 boarded the ship in the eastern Mediterranean on November 4, 2009 during Operation Four Species and seized, according to CNN, 40 containers of missiles, rockets, lights arms and mortars. We’re talking 320 tons of weapons, including 9,000 mortar shells, Katyusha rockets, hand grenades, and over half a million rounds of ammunition in what Israel described as the largest arms seizure in its history.

The Katyusha rockets stand out. According to a September 2023 analysis by The Economist, these particular rockets have a relatively recent history of North Korean arms sales to Russia:

“North Korea has been delivering 152mm shells and Katyusha-type rockets to Russia for the best part of a year. Russia is shopping in Pyongyang and Tehran because both regimes are already so heavily targeted by international sanctions that they have nothing to lose and much to gain by doing business with Mr. Putin’s government.”

The cargo was Iranian-origin, bound for Hezbollah via Syria.

Israeli President Shimon Peres issued a strong condemnation following the seizure, asserting that the operation exposed the “large gap between Syria and Iran's statements and their actual activities.” Israeli PM Netanyahu said,

“This is a war crime. This is a war crime that the UN General Assembly, which is meeting today, should investigate, discuss and condemn. This is a war crime that should prompt the UN Security Council to convene in special session, especially since it was in gross violation of UN Security Council resolutions.

This is a war crime which we know the Iranian regime intends to repeat, further arming Hizbullah, which has already fired thousands of missiles at our communities.”

Hezbollah denied any connection to the weapons and, as with Putin in the case of the Boracay, condemned the maritime interception as an act of piracy. The ship was released. It was renamed. It became FESCO Moneron.

And today, the United States removed it from the sanctions list.

The U.S. government manages the sanctions list. The review that produced yesterday’s delisting was, in Treasury’s own words, “thorough.” The Francop Affair was not a footnote buried in a classified annex. This was a public diplomatic incident involving ambassadors from 44 countries, an IDF press conference, and a statement from Israel’s Prime Minister.

Netanyahu was that Prime Minister. He is back in office.

Given the multifaceted, high-level intelligence sharing and security coordination that characterizes the U.S.–Israel alliance, especially during the current conflict, it is highly improbable that an action involving vessels tied to a major Israeli security incident would occur without some level of bilateral coordination.

The conclusion is not comfortable, but it is the only one the record supports: whoever approved this delisting knew exactly what the Francop was. They removed it anyway. The question is not at all whether that decision was informed. The questions are: what was it made in exchange for, what does it suggest about the future of this war, and what are its implications for the American people?

Ukraine Is Watching

These delistings do not only register in Washington. While the Trump administration was quietly removing three Russian vessels from the SDN list, the rest of the Western alliance was moving in the opposite direction.

On March 25, Prime Minister Keir Starmer authorized British military and law enforcement to board, interdict, and detain sanctioned shadow fleet vessels transiting UK waters. The announcement was made at the Joint Expeditionary Force Summit in Helsinki, where allied nations agreed to coordinate shadow fleet interdiction across European and Mediterranean waters.

“Putin is delighted with the conflict in the Middle East,” Starmer said, “as he believes rising oil prices will enrich him. That’s why we are intensifying our efforts against his shadow fleet.”

The day after that authorization, a Cameroon-flagged tanker named VAYU 1 — sanctioned by the UK in May 2025 for transporting Russian oil, having departed Murmansk on March 10 — sailed to within six nautical miles of Dover, close to the narrowest part of the English Channel, and passed through undetained. BBC Verify tracked it spending at least five and a half hours inside UK territorial waters and twenty-nine hours in the UK’s Exclusive Economic Zone. The Ministry of Defence told the BBC that “any action is on a case-by-case basis.”

By today, at least 25 sanctioned Russian vessels have transited UK waters since the boarding authorization was announced (out of a total of 544 vessels Britain has sanctioned as shadow fleet participants) with no reported detentions, according to ship tracking data analyzed by Reuters. Pole Star Global counted 301 Russian shadow fleet vessel events in UK waters in the first three months of 2026 alone: 95 in January, 100 in February, 106 in March — increasing each month, with incidents recorded not just in the Channel but inside UK internal waters and at ports including Belfast, Immingham, and Grangemouth.

Yesterday, France sentenced a shadow fleet captain to prison. The UK authorized boarding last week and has not yet used it. The EU’s 20th sanctions package remains blocked by Hungary and Slovakia. On the same day OFAC freed three Russian vessels, the Russian oil tanker Anatoly Kolodkin docked in Cuba with Washington’s blessing. Ukraine is urging allies to tighten the noose while the United States actively loosens it.

In a joint statement with Senators Warren and Schumer on March 13, Senator Jeanne Shaheen (D-NH) said the administration had helped “facilitate a windfall of $150 million each day for [Russia’s] war machine,” and raised the possibility that Treasury was “flouting” the congressional notification requirements of the Countering America’s Adversaries Through Sanctions Act. Thirteen days later, Shaheen and Republican Senator Thom Tillis co-introduced the BLOCK PUTIN Act — legislation explicitly designed to prevent the kind of sanctions rollback now unfolding.

Treasury’s assurance that today’s actions are “not indicative of a broader shift” is difficult to square with a calendar that speaks for itself.

What PHANTOM WAKE Does and Does Not Do

The platform works entirely on publicly available data sources. It cannot access classified intelligence. It uses reported AIS positions at face value, which introduces a meaningful limitation: AIS is trivially spoofable, and Russia’s shadow fleet operators know it. Vessels can broadcast false coordinates while operating elsewhere entirely. Pole Star Global calls this “long-term anchor spoofing,” a state in which a ship appears stationary or on a plausible route while physically conducting illicit operations somewhere else.

More sophisticated variants involve dual transmitters broadcasting different IMO identification numbers simultaneously, pre-programmed routes that mimic legitimate voyages, and other forms of Vessel Identity Laundering or Identity Theft. For example, a high-risk ship in proximity of a clean vessel will briefly assume its identity, conduct its transfer, and swap back to avoid detection. The static draught and speed readings I flagged for all three delisted vessels are themselves consistent with long-term anchor spoofing.

This is the operational baseline for this class of vessel. Confirming or ruling out spoofing as well as other anomalies I described would require cross-referencing against Synthetic Aperture Radar satellite imagery cross-referenced against the AIS record (the standard methodology used by commercial maritime intelligence platforms), RF signal geolocation, and in some cases human intelligence, none of which PHANTOM WAKE can provide from public sources alone.

What the system can do is identify the behavioral footprint that spoofing reliably leaves behind: impossible speed transitions, coordinate jumps, repeated positional values across weeks of readings, and AIS gaps timed to known transfer zones. The anomalies flagged here are real. Where exactly these ships are right now is a question that requires satellite data to answer.

PHANTOM WAKE continues to track all three vessels under a DELISTED category. Removal from the OFAC SDN list does not remove a vessel from Ukrainian military intelligence’s shadow fleet database, from the EU’s watchlist, or from other lists — and it raises an immediate question about what else on the watchlist may be OFAC’s next target.

Another One To Watch

There is a fourth vessel worth watching: FESCO Sofia, a container ship bearing the FESCO name but operated by Steam Line Middle East Shipping L.L.C., a UAE-based company — and currently not designated by any Western sanctions authority.

It appears in OpenSanctions not as a sanctioned vessel but as an “entity of interest,” flagged through the Tokyo Memorandum of Understanding’s port state control detention database. It has been detained by Asian port authorities five times in fourteen months — February, July, August, September 2024, and April 2025 — with each detention indicating serious safety or compliance deficiencies. It is classified by the Russian Maritime Register of Shipping, itself a sanctioned entity.

FESCO Sofia’s AIS transponder has been dark for 193 days. Global Fishing Watch recorded 14 loitering events in the past year, nearly all at the same cluster of coordinates in the East China Sea, 40 kilometers offshore, drifting at fractions of a knot. Its draught has not moved by a single millimeter across 18 consecutive daily readings. Both FESCO vessels delisted today share every one of those behavioral signatures — and SV Nikolay’s 197-day AIS silence makes the parallel hard to ignore, regardless of ownership chain.

Whether FESCO Sofia is a vessel the West should be watching more closely, or simply one that hasn’t attracted sufficient attention yet, is a question PHANTOM WAKE will keep asking.

The Cuffs Are Off

As of this morning, the vessels are no longer sanctioned by the U.S. They can enjoy calling at Western ports and will avoid triggering secondary sanctions risk. Their insurers can cover them through markets that previously dropped them. The practical effects of today’s decision are immediate.

More significantly, all three previously carried a secondary sanctions designation under Section 11 of Executive Order 14024, meaning foreign companies worldwide, not just American ones, faced potential U.S. designation for conducting significant transactions with them. That extraterritorial deterrent is now gone.

“Ordinary course of business” is one explanation — one which the data strongly suggests shouldn’t be the only one considered. The sanctions regime is only as credible as the decisions made in its name. When a vessel with this history is removed without explanation and without scrutiny, the question is no longer whether the list reflects U.S. national security interests.

The question is whose interests it reflects instead.

Get more from Jackie Singh in the Substack app

Available for iOS and Android

Get the app

Reporting from ACLED’s March 2026 special issue shows the opening wave killed Supreme Leader Ali Khamenei and other senior figures, hit government compounds in Tehran, and targeted key elements of Iran’s air defenses, missile forces, and internal security apparatus.

Within days, ACLED was tracking hundreds of strikes across at least 26 of Iran’s 31 provinces, with Tehran the most heavily bombed, alongside central, western, and southern regions. Targets have included media facilities and detention centers, with resulting jailbreaks and large-scale displacement, as MERIP’s regional analysis documents.

In public appearances, Donald Trump has worked to shrink the war in the American imagination. Speaking to House Republicans at his Florida golf resort, he described it as a “little excursion” to “get rid of some evil,” promised it would be “short-term,” and claimed the United States had already “won in many ways,” per Military Times. In remarks captured by Al Jazeera English, he floated a timeline of a “couple weeks, few weeks,” even while threatening, as NBC News reported, to inflict damage that would make it “nearly impossible for Iran to ever rebuild as a nation again.”

A campaign that aims to shatter a state’s ability to function is, by definition, neither narrow nor brief.

Domestic fairy tale vs. operational reality

Trump’s language does more than express confidence; it manages risk perception.

Calling a war an “excursion” suggests a discrete trip, something you return from without lasting disruption. It signals to markets and voters that this conflict will not become another Iraq or Afghanistan.

Trump's language does more than express confidence; it manages two audiences at once, and it does so by design. For people who follow foreign policy closely, "excursion" reads as a malapropism for "incursion," the more precise military term. That slippage does not feel accidental. It invites educated observers to conclude that the president simply doesn't know the word he was looking for, which is a psychologically powerful move: if you believe the man ordering the war is too confused to name it correctly, you are more likely to roll your eyes than to organize. Contempt is a remarkably effective substitute for complacency.

For everyone else, the word does its other job. An excursion is a day trip. It’s what you do on a cruise ship when you dock somewhere new. It carries no weight, no dread, no implication of open-ended commitment. Both readings serve the same purpose: keep the public from treating this as the generational policy choice it actually is. One group is anesthetized by condescension, the other by reassurance. The word works precisely because it fails in two different directions at once.

The conduct of the war points in a different direction. ACLED’s conflict tracking indicates:

• 1,879 U.S. and Israeli strikes recorded in the first two weeks alone, with at least 73 intercepted.

• Hundreds of those attacks falling across most of Iran’s provinces, including repeated hits in and around Tehran.

• A campaign explicitly structured to degrade Iran’s ballistic missile forces, air defenses, and nuclear-related infrastructure, which Iranian planners treat as core regime survival assets.

Tehran’s response has also shifted. A CSIS analysis concludes that Iran has abandoned its earlier pattern of calibrated retaliation in favor of rapid escalation, with strikes and proxy attacks across the Gulf and explicit threats to “irreversibly destroy” regional infrastructure and energy facilities. The Institute for the Study of War describes Iranian operations in multiple theaters, including Lebanon, Iraq, Syria, and the Gulf, alongside cyber and maritime actions.

Human Rights Watch’s March 26 assessment frames the conflict as a stress test for the laws of war, documenting serious violations by all parties and citing inflammatory statements by officials that include open threats to destroy civilian infrastructure and dismiss the binding force of international law. Defense Secretary Pete Hegseth publicly vowed that U.S. forces would give “no quarter” to enemies in Iran, a statement that itself constitutes a war crime under international humanitarian law.

The public isn’t buying the “excursion”

American public opinion has turned against the war early. A CNN-SSRS poll conducted just after the strikes began found that nearly 60 percent of respondents disapproved of the decision to take military action in Iran, while 56 percent believed a long-term military conflict between the two countries was at least somewhat likely. More than half expected Iran to become more of a threat to the United States as a result of the strikes.

Support for regime change and ground operations is weaker still. According to the same polling, 56 percent opposed an effort to overthrow the Iranian government, and only 12 percent supported deploying U.S. ground forces into Iran. A separate analysis from the Institute for Global Affairs draws on these numbers to describe the war as “politically unsustainable” and warns it is already drifting toward the kind of open-ended, ill-defined commitment that marked earlier U.S. wars in the region.

Intentional risk, not accidental quagmire

The administration’s own stated objectives point toward a strategy that assumes, and to function requires, a willingness to risk wider war. Public statements by Trump and allied analysts describe goals that include:

• Destroying large portions of Iran’s missile and naval capabilities.

• Crippling or dismantling its regional proxy networks, often described as the “Axis of Resistance.”

• Preventing Iran from ever obtaining a nuclear weapon, including by force.

• Weakening or toppling the regime in Tehran, framed as necessary for a “decisive victory.”

As the Atlantic Council puts it, completing that mission requires sustained coercive pressure well beyond a brief air campaign. ACLED goes further, concluding that “the only clear path to a decisive victory, especially for Israel, would be regime change, a far longer, costlier, and more destabilizing undertaking than a limited air campaign is likely to achieve.” A policy that sets regime change as the real victory condition cannot honestly be described as a short, controlled operation.

Escalation specialists have warned for years, as CSIS documents, that attempting to coerce Iran on core regime interests, especially its deterrent capabilities and regional networks, produces broad retaliation rather than capitulation. When policymakers choose maximal goals in full view of that history, they are accepting the likely shape of the conflict, not stumbling into it.

Early operational choices match that reading. The decision to open with leadership decapitation and attacks on national-level infrastructure signaled an intent to shock the Iranian system. Trump’s subsequent threat to destroy Iranian power plants if the Strait of Hormuz was not reopened within 48 hours, documented by Human Rights Watch, put civilian infrastructure explicitly on the table from the outset. They note that Trump later “postponed but did not revoke his threat.”

Eschatology, power, and the “excursion” story

Religious and ideological commitments inside the administration add another layer to this picture. PBS NewsHour has documented how Hegseth built a public identity around Christian nationalism, defended the medieval Crusades, and used explicitly religious rhetoric to frame conflicts with Iran and other Muslim-majority states. His book American Crusade celebrates a narrative of civilizational struggle, and reporting has captured his use of crusader iconography, including “Deus vult” tattoos, as a sitting defense secretary. (I wrote a story about Hegseth’s body ink in July 2025.) CNN’s analysis frames all of this not as personal quirk but as ideological commitment that now shapes policy.

The administration’s closest evangelical allies bring their own theological frameworks to bear. Work from the Misgav Institute, the Washington Institute, and the Arab Center DC describes how certain strands of Christian Zionism and apocalyptic belief treat Israel’s territorial control and confrontation with Iran as steps in a prophetic timeline. Baptist News traces this end-times theology directly into the policy debate around intervention in Iran. Those same networks shaped Trump’s first-term decisions on Israel-Palestine and are again present around his second-term team.

Alongside more familiar aims like reaffirming U.S. regional primacy and tightening the Israel-Gulf alignment, these beliefs help explain why a destabilizing war can be framed inside the administration as both strategically necessary and spiritually resonant, as Hoover Institution analysis of the broader Trump doctrine makes clear. At home, describing the campaign as a “short-term excursion” reduces the friction between that vision and the domestic political need to minimize costs.

This mix of religious certainty and strategic ambition shows up in the way senior officials talk about legal constraints. In the HRW report and related coverage, statements by Trump and Hegseth treat the laws of war less as binding rules than as political annoyances. Critics who warn about escalation or civilian harm get cast as weak, defeatist, or disloyal rather than as people reading the risk landscape correctly.

Information management and ready-made excuses

The “excursion” framing does more than sell optimism; it bakes in deniability. If the conflict drags on or spreads further, the White House can claim that no one could have anticipated the depth of Iranian resistance, or that domestic and foreign saboteurs undermined an otherwise sound plan.

Trump has already declared that the U.S. has “won in many ways” and suggested, per NBC News, that only a bit more pressure is needed to finish the job. As Zeteo and ABC News have both analyzed, the “excursion” language is deployed precisely to keep public attention narrow, so that when mounting costs arrive, they can be framed as unfortunate surprises rather than predictable consequences.

The pattern is familiar. The Iraq invasion, to which I was deployed as a baby-faced soldier in 2003, was sold with promises of quick victory, low cost, and self-funding reconstruction. When that fantasy collapsed, officials blamed flawed intelligence and unforeseeable enemy resilience. Two decades later, the marketing has been updated with AI-guided munitions and space-based targeting, but the core structure remains unchanged. Project expansive objectives onto a minimized public footprint, insist that escalation is something done to the United States rather than chosen by it, and deny that initial decisions made a grinding conflict the likely outcome from the start.

This time, as MERIP’s regional correspondents make clear, the stakes include not just one country’s fate but the stability of a region already under compounding pressure from Gaza, Lebanon, and long-running crises in Iraq and Syria.

On the record we have now, the through-line is already quite visible. The war in Iran did not grow out of some misjudged “incursion” that somehow got out of hand; it emerged from a policy that treated a wider regional conflict as an acceptable, and perhaps necessary, risk, and then wrapped that choice in a story designed to make the eventual quagmire look like an accident rather than the predictable outcome of the original design.

On a Saturday in November 2021, he asked his 62.5 million Twitter followers whether he should sell 10% of his stake. They said yes. The following Monday, $60 billion vanished. Over the next five days, $200 billion more followed.

In December of that same year, he debuted a haircut that social media immediately likened to a style associated with 1930s European fascist movements. Tesla fell 11.3% in three days while the Nasdaq recovered.

In July 2024, on an earnings call, he told shareholders who doubted his vision to sell their stock. They obliged: Tesla dropped 12.3% in a single session, 3.4 times the decline of the broader tech sector.

Last March, he tweeted that he was “going back to this haircut,” attaching a photo of the 2021 look. Tesla fell 4.8% the next trading day while the broader market was up.

I used two separate AI models to assist me in analyzing each of these events against market benchmarks while isolating Tesla’s stock performance from broader index movements to suss out what portion of each decline was attributable to Musk’s behavior, not macroeconomic conditions. My methodology here is simple: compare Tesla’s returns against the Nasdaq-100 (QQQ) and S&P 500 (SPY) over one-day and five-day windows following each signal. Any gap between Tesla’s performance and the benchmark highlights an idiosyncratic move where the market was punishing Tesla specifically, not tech stocks or equities in general.

The cumulative toll across five qualifying events: roughly 35 percentage points of excess loss against the Nasdaq. I make the case that this is not attributable to earnings misses, interest rate hikes, or competitive pressure from BYD, but to the public conduct of one key man.

On March 20, 2026, a nine-member federal jury in San Francisco found that Musk had made materially misleading statements to investors during his Twitter acquisition, in violation of Section 10(b) of the Securities Exchange Act and SEC Rule 10b-5. The jury awarded approximately $2.1 billion in stock damages, with potentially $500 million more in options losses still to be resolved. In closing arguments, plaintiffs’ attorney Mark Molumphy told the jury that Musk’s tweets were not innocent mistakes but were “carefully calculated to drive down” Twitter’s stock price. The jury found him liable for misrepresentation on two of three challenged statements and rejected the broader claim that he had engaged in a deliberate scheme to defraud.

That verdict, partial as it is, reframes everything that came before it.

The Anatomy of a Clean Signal

Not every Musk provocation qualifies. Tesla is a volatile stock, and much of its movement on any given day tracks broader tech sector dynamics or responds to legitimate business catalysts: delivery numbers, margin compression, Federal Reserve policy. The question is not whether Tesla’s stock goes down after Musk says something inflammatory but whether it goes down more than the rest of the market in a way that only Musk’s conduct can explain.

I set the bar conservatively. To qualify for this analysis, an event needed to produce an excess return of at least negative 5% against QQQ within one trading day. Events where Tesla declined roughly in lockstep with tech stocks were discarded, regardless of how dramatic the drop looked in isolation. The filter eliminated a number of candidates, including Musk’s April Fools “Tesla Goes Bankrupt” tweet in 2018 and his Hertz deal skepticism in November 2021. It also eliminated the current March 2026 selloff, which, severe as it has been, is substantially explained by macro weakness: the Nasdaq fell 5.2% over the same window, leaving Tesla with only 2.3% of excess decline, and the jury verdict on March 20 introduced a second concurrent catalyst that makes the signal impossible to isolate cleanly.

Five events survived the cut. Together, they tell a story about how the world’s richest man communicates with markets.

“Tesla stock price is too high imo”

May 1, 2020.

The tweet arrived mid-session, part of a barrage that included “Selling almost all physical possessions” and lines from the national anthem. Tesla had been trading at roughly $760. Within minutes of the 11:11 AM post, it fell below $700. It closed down 10.3%.

The Nasdaq dropped 2.8% that day on COVID-related uncertainty. The S&P fell 2.6%. Tesla’s excess loss against QQQ was 7.5 percentage points, meaning the broader market explained less than a third of the decline.

The rest belonged entirely to Musk.

What makes that episode instructive is the recovery. Within five trading days, the stock had recouped all the losses, and then some. The market absorbed the tweet as a one-off disruption, limited to a CEO mouthing off — nothing structural. But the 7.5% excess loss on the day itself is unambiguous. A CEO publicly called his own stock overvalued, and the market repriced accordingly, in minutes.

Musk later testified under oath, during the “funding secured” trial in January 2023, that his tweets do not move Tesla’s stock price. He pointed to this exact episode as evidence, noting that the shares recovered. Three years later, in a different courtroom and a different case, a jury in Pampena v. Musk found that two of his tweets about the Twitter acquisition constituted material misrepresentations under federal securities law.

His defense that these posts were harmless and ephemeral, without predictable market consequences, has now been tested before a jury and found wanting.

The Twitter Poll

November 6-7, 2021.

The cleanest signal in the dataset, and one that deserves a close read.

On a Saturday afternoon, Musk posted a poll to Twitter: “Much is made lately of unrealized gains being a means of tax avoidance, so I propose selling 10% of my Tesla stock. Do you support this?” Over 3.5 million accounts voted. 57.9% said yes. Musk pledged to abide by the result.

On Monday, Tesla fell 4.8%. By Friday, it was down 15.4%.

The S&P 500 was up 0.1% on that Monday. The Nasdaq was essentially flat, down one-tenth of a percent. The 14.5% excess five-day loss against QQQ is the largest in the dataset. Every point of it belongs to Musk, and Musk alone.

Beneath the performance art lay a drier reality. SEC filings show that Musk had established a 10b5-1 pre-arranged trading plan in September 2021, two months before the poll, to sell shares tied to stock options expiring in August 2022. He was going to sell these shares regardless of any poll. He told the Code Conference in September that “a huge block of options will sell in Q4.”

The poll created the appearance of a democratic, crowd-sourced decision for a course of action already set in motion.

One more thing. Kimbal Musk, Elon’s brother and a Tesla board member, sold 88,500 Tesla shares on November 5 across 14 separate tranches at prices averaging roughly $1,229 per share, for a total of approximately $108.8 million. The Form 4 was filed with the SEC that same evening at 9:22 PM Eastern.

The poll went up the next afternoon.

The filing contains no notation indicating the sales were made under a pre-arranged Rule 10b5-1 trading plan. Kimbal’s later Tesla stock filings, in April 2023 and November 2024, prominently state that transactions were effected pursuant to a 10b5-1 plan. The November 5, 2021 filing carries no such language, and the SEC noticed. The Wall Street Journal reported in February 2022 that the agency had opened a formal investigation into whether Kimbal’s sale constituted insider trading. Elon’s public response was that his brother “wasn’t aware” of the poll, but that Tesla’s lawyers did know about it.

That distinction made between familial awareness and corporate-counsel awareness is the kind of parsing that securities attorneys are likely to remember.

The Haircut

December 1-3, 2021.

Accepting that a CEO’s hairstyle can function as a market-moving event requires a certain flexibility of mind. The data, at any rate, is uncooperative with skeptics.

Musk appeared at The Wall Street Journal’s CEO Council event in early December 2021 sporting a look that broke sharply from his usual style: closely shaved sides, a longer swept-over top. Social media responses ranged from Gary Oldman’s villain in The Fifth Element to less charitable historical comparisons. Musk responded to the attention with a laughing emoji and the claim that he had cut it himself.

By Friday, December 3, the haircut had gone viral. Tesla fell 11.3% from its November 30 close. Volume on that Friday spiked 58% above normal levels.

The immediate objection is that the Federal Reserve was turning hawkish at the same time. Jerome Powell had testified before the Senate on November 30 and retired the word “transitory” from his description of inflation. True enough. The Nasdaq fell 2.7% over the same November 30 to December 3 window. Then, over the five-day window through December 10, the Nasdaq recovered and finished up 1.1%. The S&P finished up 3.3%. Tesla kept falling, posting a negative 12.2% excess return against QQQ over that span. The Fed’s actual policy announcement, the accelerated taper and three projected rate hikes for 2022, did not come until the FOMC meeting on December 15, two full weeks after the selloff began.

The market was punishing Tesla for something it was not doing to tech stocks broadly. And that haircut was no isolated gesture. It was the visible edge of a political alignment that was about to become explicit.

On Thursday, December 16, Musk casually replied to an email from The Babylon Bee, a right-wing satire site whose content has been documented by Ohio State researchers as among the most shared factually inaccurate material on social media, inviting their team to Austin “this weekend.” On Sunday, December 19, Babylon Bee CEO Seth Dillon, Editor-in-Chief Kyle Mann, and Creative Director Ethan Nicolle flew to Austin and sat down with Musk for a rambling, hundred-minute interview covering “wokeness,” Elizabeth Warren, and the Metaverse. The next day, Monday, December 20, Tesla hit its monthly low: $299.98 — a 17.8% drawdown from the haircut’s debut.

The interview was published on YouTube and as a podcast on December 21 and 22. In it, Musk told the hosts he had sold “roughly 10%” of his Tesla holdings and was “almost done.” The stock, which had closed at $312.84 on December 21, surged to $355.67 by December 23. The Bee Weekly recap, released December 24, confirmed the Sunday recording date, with Nicolle noting it had worked out around a Disneyland trip because “we interviewed him on Sunday.”

The selling did not actually stop. SEC filings show Musk sold approximately 934,000 shares on December 21, another 934,000 on December 22, and a final 934,090 on December 28, when the Form 4 explicitly stated: “THIS RULE 10b5-1 TRADING PLAN WAS COMPLETED ON DECEMBER 28, 2021.” Nearly 2.8 million shares were sold after the interview was recorded and after the stock hit its bottom. The 10b5-1 plan ran on its pre-arranged schedule regardless.

The stock recovered anyway, surging 13.7% in two days on the strength of the “almost done” statement alone. The market did not wait for the selling to actually finish; it heard the signal and repriced. What moved the stock was not the cessation of sales but the communication that cessation was imminent, a forward-looking announcement delivered through a media channel that would reach Tesla’s most devoted retail holders. The selling continued for another week. The market did not care as it had heard what it needed to hear.

Tesla closed the year at $352.26, roughly where it started the month. Tesla closed at $365.00 on December 1, 2021, the day the haircut debuted. On March 27, 2026, it closed at $361.83. Within three dollars.

After four years and three months, the stock has gone nowhere.

“They should sell their Tesla stock.”

July 23, 2024.

During Tesla’s second-quarter earnings call, Musk did something that, to my knowledge, no other sitting CEO of a publicly traded company has ever done on a recorded investor call: he told shareholders to sell.

The next day, Tesla dropped 12.3%. The Nasdaq fell 3.6%. The S&P lost 2.3%. Tesla’s excess loss against QQQ: 8.7 percentage points. Volume spiked 50%.

The quarter itself was weak, with declining automotive margins that were widely expected. Weak quarters alone do not produce 8.7 points of excess decline. The broader tech selloff explains about 30% of the move, with the remaining 70% as the market pricing in the spectacle of a CEO issuing an explicit sell recommendation for his own company.

Musk operates under a 2018 SEC consent decree, amended in April 2019, that requires him to have an experienced securities lawyer pre-approve public communications on an enumerated list of topics before he posts them. That list includes Tesla’s financial condition, production numbers, projections about the business, and “events regarding the company’s securities.” An explicit recommendation to sell Tesla stock, tied to a forward-looking projection about autonomous driving capability, falls squarely within at least two of those categories. The decree remains in force: Musk moved to terminate it in 2021, was denied by Judge Liman in SDNY in 2022, lost the appeal at the Second Circuit in 2023, and petitioned the Supreme Court in Musk v. SEC (No. 23-626) without obtaining relief.

No enforcement action followed the earnings call statement, just as none had followed the “stock price is too high” tweet in May 2020, which Musk told the Wall Street Journal was not vetted in advance by Tesla counsel. The SEC declined to comment to WSJ on the May 2020 tweet. No contempt motion was filed, nor was any sanction issued. Compliance Week ran a piece at the time headlined “Elon Musk again tests SEC with ‘stock price is too high’ tweet,” framing the episode as a test of the agency’s willingness to enforce. Reuters, summarizing the pattern in 2022, was more blunt: in its faceoff with Musk, the SEC had “blinked.” Columbia law professor John Coffee told CNN he did not expect repercussions, viewing the tweet as opinion rather than factual misstatement. The SDNY docket confirms there is no entry in 2020 referencing the May 1 tweet, no show-cause order, and no contempt proceeding.

A consent decree that is never enforced obviously functions less as a constraint and more as a decoration.

“Going back to this haircut”

March 16, 2025.

Thirteen months after the earnings call, with Tesla shares having already lost 48% of their value from a January 2025 high of $428.22, Musk posted the photograph of himself and his son from the December 2021 period with the caption: “Going back to this haircut.” The tweet went up at 5:32 AM Eastern on a Sunday morning. X reported it received 113.9 million views.

Monday, Tesla fell 4.8%. The Nasdaq rose 0.6%. The S&P rose 0.8%. The excess loss against QQQ was 5.4 percentage points, clearing the threshold. Unlike every previous signal, though, the five-day excess was negligible. The stock was already so beaten down from the DOGE backlash and the collapse of European sales that the marginal damage was absorbed within days.

Two features of this signal set it apart from its predecessors.

First, Musk owns X. He controls its algorithms, its trending mechanics, its content distribution pipeline, and the view-count metrics that the platform reports to the public. No independent body audits how X calculates or displays view counts, and Musk has a documented history of altering platform mechanics to amplify his own content. When X reports that a market-moving tweet from its owner reached 113.9 million accounts, that figure should be understood as a claim made by the interested party, not a verified measurement. The count may well reflect engineered amplification with distribution tuned to ensure saturation of financial media and institutional investor feeds.

Then there is the timing. The 2020 “stock price is too high” tweet went out at 11:11 AM on a Friday, causing a real-time intraday crash that at least gave traders the chance to react in the moment. The haircut callback went out before dawn on a Sunday. By Monday’s open, every financial outlet had covered it. Institutional risk desks had run their models, options market makers had adjusted their quotes, and algorithmic trading systems had processed the signal through Sunday evening futures. Monday’s open was a fait accompli.

Retail investors, who cannot trade pre-market and rely on liquidity available during market-hours to exit positions, bore the full brunt of a gap-down that institutional participants had a full overnight window to position themselves around.

The Pattern

Five signals over five years. Each is structured differently, but all share a set of features that, taken together, do not appear purely impulsive.

Insider positioning precedes the signal. In the Twitter poll case, Kimbal Musk liquidated $108.8 million in Tesla shares across 14 tranches on November 5, filed the Form 4 at 9:22 PM that evening, and the poll went up the next afternoon. His filing carried no 10b5-1 safe-harbor language, unlike his later Tesla sales in 2023 and 2024 which did. The SEC opened a formal investigation into whether the trade constituted insider trading. During the December 2021 haircut period, multiple insiders were executing sales. By early 2025, Tesla board members and executives had offloaded over $100 million in shares across a matter of weeks, with board chair Robyn Denholm alone moving $558 million worth of stock since 2020. After insiders sell, the signal drops.

Every qualifying signal produced a volume spike. The smallest was 12%, the largest 58%. These are not retail panic-sell volumes. Spikes of that magnitude indicate institutional participation: pension funds, index rebalancers, risk-parity models, hedge fund desks, all responding to the same trigger simultaneously. The signal is not aimed at day traders on Reddit; it is aimed at the algorithmic layer of the market that treats CEO behavior as a quantifiable risk input.

The signals hit hardest near highs. The Twitter poll and the haircut debut, both issued when Tesla hovered near its all-time highs around $400 (split-adjusted), produced 14.5% and 12.2% excess five-day losses respectively. The March 2025 tweet that was issued when the stock sat at $250 barely left a mark beyond the first day. A signal aimed at triggering corrections from elevated levels, where the most value can be extracted by anyone positioned short or holding puts ahead of the event, would behave exactly this way.

Each signal is deniable. “Stock price is too high” is just an opinion. The Twitter poll was about his taxes. The haircut is just a haircut. The earnings call was actually about strategic conviction. “Going back to this haircut” is a simple joke about grooming. The signals he drops come wrapped in a layer of plausible deniability thick enough to keep regulators at bay but thin enough for anyone paying attention to read the message. Deniability is not a flaw in the signal; it is the actual mechanism by which the signal operates. And consider: Musk’s 2018 consent decree with the SEC requires pre-approval of communications about Tesla’s financial condition, securities, or projections. A tweet about a haircut does not appear on that list. The two signals in this dataset that produced the largest excess losses against the Nasdaq, the haircut debut at 12.2% and the haircut callback at 5.4%, are the two that most cleanly evade the decree’s enumerated categories. Draw your own conclusions.

The distribution channel is now captive. When Musk tweeted “stock price is too high” in May 2020, Twitter was an independent platform with its own algorithms and editorial decisions. He was broadcasting through someone else’s infrastructure. After the October 2022 acquisition, every subsequent signal has been distributed through a platform he owns outright. Algorithmic amplification, trending curation, view-count reporting, etcetera — Musk controls all of it. No independent check exists on whether his posts receive preferential distribution, and there is no third-party verification of reported engagement metrics.

The man who moves markets with his posts also owns the printing press.

What the Jury Said

On March 20, 2026, nine days after Musk’s latest haircut-related post began circulating, a nine-member federal jury in San Francisco returned its verdict in Pampena v. Musk, the class action shareholder lawsuit over his 2022 Twitter acquisition. After nearly four days of deliberation, they delivered a split decision.

The jury found Musk liable under Section 10(b) of the Securities Exchange Act and SEC Rule 10b-5(b) for two specific tweets: his May 13, 2022 statement that the Twitter deal was “temporarily on hold,” and a May 17 tweet claiming the deal could not proceed without bot data. Both were found to be materially misleading. A third challenged statement, made on a podcast, was deemed opinion and not actionable. The jury rejected the plaintiffs’ broader theory under Rule 10b-5(a) that Musk had engaged in an intentional “scheme to defraud” investors.

Damages rose to approximately $2.1 billion in stock losses, with plaintiffs’ attorneys estimating an additional $500 million in options losses for a potential total near $2.6 billion. Shareholders are set to receive between $3 and $8 per share per day for the class period. Musk’s attorneys at Quinn Emanuel announced an appeal immediately, called the verdict “a bump in the road,” and noted the jury had “found both for and against the plaintiffs and found no fraud scheme.”

The plaintiffs’ attorney Joseph Cotchett told reporters afterward that the verdict “sends a strong message that just because you’re a rich and powerful person, you still have to obey the law, and no man is above the law.”

The significance reaches well beyond the acquisition of Twitter and well beyond the two counts on which Musk prevailed. For the first time, a federal jury had examined specific tweets by Elon Musk under the framework of securities fraud and concluded that two of those constituted material misrepresentations made with the requisite mental state. They did not find a coordinated scheme, but they did find that individual tweets, standing alone, were false enough and consequential enough to warrant billions in damages.

None of that proves the five Tesla sell signals documented above were intentional misrepresentations.

A verdict about Twitter shares does not establish liability for Tesla share movements. It does, however, resolve a predicate question that Musk has contested in courtrooms for nearly a decade: does he understand that his public statements move stock prices, and does he make them with awareness of their consequences? Nine jurors heard his defense and rejected it on two out of three counts.

The proposition that Elon Musk posts without understanding what his posts do to stock prices is, as of March 20, 2026, something a jury weighed and declined to believe.

The Cumulative Cost

Across five qualifying events, measured conservatively against the Nasdaq-100, Musk’s public actions have produced approximately 35 percentage points of idiosyncratic loss in Tesla’s stock. These are not losses caused by the Federal Reserve, Chinese competition, declining EV demand, or any of the dozens of legitimate headwinds that every automotive company faces. They are losses caused specifically and measurably by the CEO’s tweets, statements, and personal aesthetic choices in periods where the broader market was flat or rising.

At Tesla’s current market capitalization of roughly $1.4 trillion, a single percentage point of movement represents approximately $14 billion in shareholder value. The math is approximate, because the market cap has fluctuated over the five-year period in question, but the order of magnitude speaks for itself.

This accounting captures only the five cleanest events. It leaves out the slow bleed of the DOGE period, when Tesla’s association with Musk’s political activities cost the stock roughly half its value from December 2024 to April 2025. It leaves out the dozens of smaller provocations that fell below my methodology’s 5% excess threshold, as well as the opportunity cost of investors who exited Tesla entirely because they could no longer stomach Musk’s governance style.

What it does capture, rigorously and defensibly, are five moments when the wealthiest individual used his public platform to communicate something to the market, the market responded with overwhelming and precisely timed selling pressure, and the rest of the market did not.

What Comes Next

Tesla’s next earnings call is scheduled for April 28, 2026.

Musk has signaled that capital expenditures will exceed $20 billion this year, more than double the 2025 figure. Automotive revenue fell 10% last year. The company is discontinuing the Model S and Model X. The robotaxi fleet operates only about a dozen vehicles in Austin with human safety chaperones riding side-saddle. The Cybercab, which has no steering wheel, is supposed to begin production in April and expected to reach volume production by year’s end.

The Pampena v. Musk verdict will be appealed, and Quinn Emanuel will argue that a mixed decision vindicates their client. Despite this framing, the factual core of the jury’s finding stands until it is overturned: two tweets by Elon Musk constituted material misrepresentations under federal securities law, and they cost shareholders billions. For anyone holding TSLA, the question is no longer whether the CEO’s public behavior affects the stock — The data settles that. The question is whether the next signal has already been sent.

Tesla closed at $361.83 on March 27. That is just $3.17 away from where it stood on December 1, 2021, the day Elon Musk debuted a Hitler Youth-style haircut and the market started selling.

Some patterns repeat because the underlying conditions recur. Others, because someone wants them to.

Jackie Singh is an information security professional and investigative journalist.

This analysis is based on publicly available market data, SEC filings, court records, and contemporaneous media reporting. It does not constitute investment advice. All price data has been split-adjusted.

Share

If you work in a newsroom, a law firm, or a research lab, your gut feeling no longer counts as a forensic tool. I’m so excited to share that my new app Kinexis.AI goes live today to help bridge the gap between human perception and manipulated reality.

Instead of a simple “fake or not” detector, my company has built a multi-modal telemetry engine. Running a video through Kinexis generates a clinical, forensic report across multiple layers of analysis:

• Synthetic Artifacts: Hunting for the microscopic glitches GenAI leaves in its wake.

• Narrative Framing: Identifying hidden persuasion techniques like authority positioning or “feigned earnestness.”

• Body Language: Mapping movements and expressions that often occur too fast for the human eye to register.

Jeffrey Epstein’s deposition footage serves as a quick case study.

When we processed clips of those archival tapes, the engine didn’t just confirm they were authentic; it flagged specific moments of contempt and high cognitive load that might change your understanding of the testimony.

Kinexis turns a passive viewing experience into a data-driven investigation.

Building Kinexis has been a deeply personal mission over the past weeks because I believe technology should act as a shield for truth rather than as a weapon against it.

This platform is a first-of-its-kind attempt to complement every citizen and professional’s valuable human judgment with a high-fidelity AI sensor that offers a nuanced, forensic understanding of how media can be constructed to influence us.

By merging deepfake detection with behavioral intelligence, my hope is that we can use AI for good—empowering people to cut through the noise of synthetic manipulation and restore a shared, factual foundation for how we understand the world.

I built this for those who hate black-box verdicts, but haven’t had useful tools to dig deeper. You’ll get raw data, timestamped findings, and probabilistic confidence scores.

Stop guessing. Start measuring!

You can run your first analysis right now, or browse public reports. Guest checkout is enabled, and we support direct links from sites like YouTube, Facebook, X/Twitter, and TikTok so you don’t have to waste your time downloading videos.

Analyze Your First Video

Stay skeptical.

In February 2025, I wrote about something that almost happened. A provision in the House-passed FY2025 NDAA would have transformed the Selective Service System from voluntary self-registration into automatic, database-driven enrollment of every draft-age male in the country. It was stripped from the final bill before President Biden signed it in December 2024. I argued at the time that its removal didn’t mean the idea was dead. The 57-1 vote in the House Armed Services Committee, the bipartisan enthusiasm, the obvious political utility of keeping a draft on a hair trigger—all of it pointed toward a second attempt.

That second attempt succeeded, and in a context far worse than I anticipated.

On December 18, 2025, President Trump signed the FY2026 National Defense Authorization Act into law. Section 535 mandates that the Selective Service System automatically register all male U.S. residents aged 18 to 26 using existing federal databases. The provision takes effect in one year. It passed 312-112 in the House and 77-20 in the Senate. Nobody held a press conference about it.

Between my original article and this one, the United States bombed Iran’s nuclear facilities, intervened militarily in Venezuela, deployed the National Guard to American cities, and authorized the largest defense budget in history. A new National Defense Strategy explicitly prepares for “prolonged, multi-domain conflicts.”

Quiet draft plans are now law, being implemented against a backdrop of active warfare.

What Section 535 Actually Does

Under the new law, the SSS must “identify, locate, and register” every male person residing in the United States between 18 and 26 by aggregating data from other federal agencies—Social Security, IRS, immigration records, whatever else the SSS Director “determines necessary.”

This replaces a self-registration system in place since 1980. Under that framework, young men were supposed to sign up voluntarily; most didn’t. Compliance has been abysmal for decades. Bernard Rostker, who ran the SSS from 1979 to 1981, testified in 2019 that the existing database would be “less than useless” for an actual draft.

Congress had an obvious alternative: abolish a system that hasn’t worked in 45 years. Instead, it chose to expand the system’s reach and its access to Americans’ personal data.

Edward Hasbrouck, the most knowledgeable independent expert on draft registration in the country, put the change in stark terms when the conference bill emerged in December 2025: this:

“will move the USA closer to activation of a draft, or at least to being able to claim to be ready to activate a draft ‘on demand,’ than at any time in the half century since draft registration was suspended and draft boards were deactivated in 1975.”

A revealing detail is buried in the legislation itself. Despite the word “automatic,” the law still requires potential draftees to provide personal information on demand of the SSS. If the system could truly identify and locate everyone on its own, that provision wouldn’t be necessary. It exists because the premise of constructing a comprehensive, accurate list of every draft-eligible person by merging federal databases doesn’t hold up. Federal databases don’t agree with each other. They don’t track current addresses. They don’t reliably record sex as assigned at birth. None of them were designed for this purpose.

So what the law actually creates is not an automated registration system but a sweeping new authority for the SSS to demand data from every other federal agency and to demand personal information from individuals.

Automation is the sales pitch; the surveillance architecture it enables is the product.

How It Got Through

The legislative path reveals how Congress handles provisions with major civil liberties implications when nobody is paying attention.

Automatic registration language originated within the SSS itself during the Biden administration, championed in Congress by Rep. Chrissy Houlahan (D-PA). Her bill sailed through the House Armed Services Committee in May 2024 on a voice vote without audible opposition, endorsed “wholeheartedly“ by Chairman Mike Rogers (R-AL). Democrats got to look tough on national service. Republicans got expanded government data collection that could be weaponized for other purposes. Everyone won except the people who’d eventually be registered.

When the provision was stripped from the FY2025 NDAA in conference, I flagged it as a temporary setback, and ten months later it resurfaced in the FY2026 bill.

In September 2025, Rep. Warren Davidson (R-OH), a West Point graduate and Army veteran, tried to bring a floor amendment that would have replaced automatic registration with outright repeal of the Military Selective Service Act. The House Rules Committee blocked it, foreclosing any debate on whether the Selective Service should exist at all. Only the question of how aggressively it should operate was permitted.

By December 2025, the House-Senate conference committee had folded the provision into the final FY2026 NDAA. Public discussion around its passage focused on the $901 billion topline, the 3.8% military pay raise, Golden Dome missile defense authorization, and $400 million for Ukraine. Automatic draft registration was a footnote.

The Friends Committee on National Legislation had flagged the provision before it passed, calling it “dangerous draft automation.”

Their warning went largely unheard.

DOGE Walks Into the Selective Service

In April 2025, before the automatic registration provision was even enacted, the Department of Government Efficiency showed up at SSS headquarters.

The SSS confirmed to Edward Hasbrouck that “a DOGE representative visited our Agency this week. We’ve established a great working relationship. They asked us about our data and requested access, which we gave in compliance with the President’s Executive Order on Establishing and Implementing the Department of Government Efficiency.”

The registration database contains records on all male U.S. citizens or residents born on or after January 1, 1960, who have registered or been registered by state driver’s license agencies. Enormous and inaccurate, as of that April visit it was open to an organization with no statutory authority and no obligation to explain what it intended to do with the data.

When Hasbrouck asked whether new computer matching programs had been carried out by DOGE, the SSS said no, but acknowledged it wasn’t clear whether the agency would “even know what DOGE has done with SSS data, once DOGE has gotten access to it and possibly exfiltrated it.”

Once data leaves an agency and enters DOGE’s orbit, no mechanism exists to track it, constrain it, or recall it. DOGE’s entire operational model is built on aggregating and cross-referencing federal databases.

That model now includes the draft registration list.

From Database to Weapon

If DOGE’s access was the opening move, the SSS’s subsequent rulemaking was the follow-through.

After Section 535 was enacted, the SSS’s first official regulatory action was a proposal to expand “routine uses” of registration data. Under the new proposed rules, SSS records could be disclosed to federal, state, and local agencies and to private entities for purposes including immigration enforcement.

The Heritage Foundation had signaled earlier in 2025 that it wanted SSS registration data turned against immigrants, leveraging threats of prosecution for “knowing and willful” non-registration to pressure undocumented individuals to self-deport. The legal basis for such threats is thin because you can’t prosecute someone for “knowingly” failing to do something they didn’t know they were required to do. But the coercive potential is real, especially for populations already living under threat of deportation.

In January 2026, a coalition of civil liberties and peace organizations pushed back. The Military Law Task Force, the Electronic Privacy Information Center (EPIC), Restore the Fourth, the Committee Opposed to Militarism and the Draft, Project YANO, the Episcopal Peace Fellowship, the Jewish C.O. Project, and the Center on Conscience & War submitted joint comments opposing the proposed data-sharing expansion. Their filing warned that DOGE had already been given access to the SSS database “for undisclosed purposes and with no apparent legal basis” and that the proposed rules were a precursor to the far broader data-sharing regime that automatic registration would require.

The coalition also flagged the populations most vulnerable: transgender and non-binary youth, who risk being misgendered or misregistered by databases that don’t track sex assigned at birth, and immigrant youth, whose data would flow directly into infrastructure already being repurposed for enforcement operations.

As someone who has spent years studying how government data systems get repurposed, I’ve seen this cycle before. A database gets built for a narrow purpose. Access creeps outward, new “routine uses” get proposed, and by the time the public notices, the architecture is already operational. The SSS registration database is mid-cycle right now.

A System That Can’t Draft Anyone

Here’s the paradox. The Selective Service System is simultaneously being granted unprecedented data collection powers and remains institutionally incapable of executing an actual draft.

Between March 2021 and March 2025, draft board membership declined from 9,596 to 5,802. When the SSS conducted outreach to its own board members, it discovered that “many” had died without the agency’s knowledge. The SSS had so little contact with the people responsible for processing draft claims that it didn’t know they were dead.

Many local boards now lack the three members required by law to constitute a quorum. Without a quorum, a board cannot legally hear deferment or exemption claims. If a draft were activated tomorrow, residents in those jurisdictions would have no functioning board to appeal to. The National Appeal Board, which hears appeals of deferment and exemption decisions, had a single member as of March 2025. Three are needed for a quorum, so no functioning national appeals process exists.

The SSS was considering asking Congress to let it consolidate boards across entire Congressional districts rather than counties, which would reduce the number of boards needed but overload survivors with cases they’d be unprepared to handle, staffed by rushed appointees with minimal training.

Congress just entrusted this agency with building a comprehensive national database of every draft-eligible person in the country.

Meanwhile, the Wars

While Congress debated subcommittee markup language, the United States was fighting.

On June 22, 2025, the U.S. launched Operation Midnight Hammer, striking three Iranian nuclear facilities at Natanz, Fordow, and Isfahan with B-2 stealth bombers and over 100 aircraft. Trump declared Iran’s enrichment capabilities “obliterated.”

In late February 2026, the U.S. and Israel launched a second, larger campaign against Iran, Operation Epic Fury, engaging over 1,700 targets including command centers, ballistic missile sites, naval vessels, and military infrastructure. Trump declared a “major combat operation.” As of this writing, Iran has retaliated with missile strikes on U.S. bases across the Gulf, and fighting continues.

In the Caribbean, the largest U.S. naval concentration since the Cuban Missile Crisis took shape over summer 2025. Since September, the U.S. has carried out dozens of strikes on suspected drug-smuggling vessels, killing scores of people. Defense Secretary Pete Hegseth announced many of these personally on social media, declaring that targets would be treated “EXACTLY how we treated Al-Qaeda.”

A congressional crisis erupted in November after it was reported that Hegseth had allegedly ordered a second strike to eliminate survivors of a September 2 attack, raising serious questions under the Geneva Conventions that congressional investigators are still pursuing. The FY2026 NDAA itself contains a provision withholding 25% of Hegseth’s travel budget until the Pentagon provides Congress with unedited video of the Caribbean strikes.

By January 2026, Venezuela escalated from naval buildup to full intervention with Operation Absolute Resolve, in which U.S. forces bombed infrastructure across northern Venezuela and Delta Force operators captured President Maduro.

On the domestic front, National Guard troops deployed to Washington D.C. in August 2025, then to Los Angeles, Memphis, Charlotte, New Orleans, and Portland. In August 2025, Trump signed an executive order directing the Pentagon to create standing National Guard units in every state for “rapid nationwide deployment.” In a meeting with over 800 generals, he described America as waging “a war from within.” (The Supreme Court ruled against the Chicago deployment in December, and Trump withdrew troops from three cities before signaling they could return.)

The 2026 National Defense Strategy: Saying the Quiet Part

Released in January 2026, the new National Defense Strategy is the most telling document in this sequence. Previous defense strategies talked about “preventing war” or “integrated deterrence.” This one organizes around preparation for “prolonged, dispersed, and multi-domain conflicts.”

Homeland and hemispheric defense became Priority #1, with “homeland” now encompassing the entire Western Hemisphere under what the Pentagon calls a “Trump Corollary to the Monroe Doctrine.” China remains the “pacing threat,” but operational focus has shifted to the Caribbean, the Arctic, and the Gulf of America. Officials describe the defense industrial base as being placed on “a wartime footing,” with calls for a “once-in-a-century revival of American industry.”

CSIS analyst Mark Cancian, a retired Marine colonel, noted the strategy warns of “an increased risk of America itself being drawn into simultaneous major wars across theaters — a third World War.” The answer offered is a “one plus” conflict model: the U.S. fights one major war while allies handle the second. Those allies, described in the document as “freeloading dependents,” are expected to shoulder frontline roles, logistics, and risk.

One conspicuous absence: the NDS does not mention the all-volunteer force. Every previous QDR and NDS had a section on sustaining the AVF. Its disappearance from a document that otherwise touches every major defense topic is hard to read as an oversight.

You don’t build automatic draft registration, expand the surveillance apparatus around it, rename the Department of Defense to the “Department of War,” and stop talking about the all-volunteer force (all while fighting on two continents) unless conscription is being kept very close to the surface.

What Comes Next

The SSS has until December 18, 2026, to stand up the automatic registration system. That means publishing regulations, completing Privacy Act and Computer Matching Act notices, obtaining OMB approval for new data collection instruments, and building the technical infrastructure to pull and reconcile data across multiple federal agencies. All of this by an agency that can’t keep track of whether its own draft board members are alive.

States could complicate the process. The automatic registration law grants the SSS authority to compel data from federal agencies, but imposes no such obligation on state governments. Eleven states currently have no Selective Service registration tie-in with driver’s licenses. Any state that doesn’t want its residents’ data funneled into a DOGE-accessible draft database could end its data-sharing agreement with the SSS entirely.

The coalition that submitted comments in January is planning continued opposition and calling for repeal of the Military Selective Service Act before automatic registration takes effect. They have nine months.

Congress could still repeal the MSSA with a one-sentence bill. But 389 House members and 77 senators just voted to expand the system, so repeal is not a near-term prospect.

What is a near-term prospect: by December 2026, the federal government will possess a continuously updated database of every draft-eligible male in the country, constructed from cross-referenced federal records, accessible to agencies with no clear data protection obligations, and maintained by an institution that has already shown it cannot be trusted with the data it has.

That database will exist in a country actively bombing Iran, intervening in Venezuela, operating under a defense strategy premised on prolonged warfare, and no longer mentioning the all-volunteer force in its strategic planning.

I wrote a year ago that the GOP’s draft plans were quiet. They aren’t quiet anymore. They are law, and the nine months between now and implementation are the last window to stop them.

And lately, watching the cybersecurity community go quiet while the Trump administration dismantles the country’s defenses, I keep asking myself the same question I’m about to try to answer.

Answering that honestly requires pulling apart several threads at once: money, clearances, the peculiar political inheritance of hacker culture, the structural position of technical professionals under capitalism, and a community that has quietly confused professional discretion with moral neutrality.

The SentinelOne Test

If you want to understand why the cybersecurity industry is silent, start with what happened to Chris Krebs. Krebs was the founding director of CISA, the government’s civilian cybersecurity agency.

Our community has generally had a positive view of CISA—in no small part due to the years-long visible efforts of their senior leadership, including Krebs, to create lines of integration with information security communities of practice and create a sense of democratic participation in the defense of the nation.

Many sectors which are critical to national defense are under the control of private enterprises, so it is similarly important to build these relationships—as well as relationships with foreign organizations tasked with the defense of their own respective nations—and they had, partly through forging relationships with noted influencers and increasing their visibility at industry events.

Trump fired Chris Krebs unceremoniously via tweet in November 2020 for working to counter disinformation that the presidential election was not secure. At the 2021 Cyberwarcon conference, organizers presented him with a flight jacket reading “FIRED BY TWEET,” and everybody clapped.

In April 2025, the joke stopped being funny: Trump issued a Presidential Memorandum naming Krebs in its title.

For lawyers and process nerds: that one is technically a Presidential Memorandum rather than an Executive Order, but in practice it functions the same way: it directs the executive branch, carries binding instructions for agencies, and can be enforced unless it conflicts with statute or the Constitution. The differences are mostly procedural: Memoranda don’t have to be printed in the Federal Register, they don’t have to spell out the president’s specific legal authority the way orders do under 1 C.F.R. § 19.1, and the budget office doesn’t need to issue a formal “Budgetary Impact Statement” for them.

The effect of the Memorandum was the revocation of Krebs’ security clearance, the start of a Justice Department investigation into his government service, and the suspension of the clearances of every employee at SentinelOne, where Krebs worked as chief intelligence and public policy officer. No evidence supported the White House memo’s accusation that he had been “suppressing conservative viewpoints,” and no explanation was offered for why SentinelOne’s entire workforce should be punished. Within a week, Krebs resigned, saying the fight was one he needed to take on outside the company.

Reuters contacted 33 of the largest U.S. cybersecurity companies for comment.

Thirty-two either declined or did not respond. A single voice of opposition came from the Cyber Threat Alliance, a nonprofit, whose president Michael Daniel said: “Targeting a company because the president does not like someone in the company is an example of the very weaponization of the federal government the memo claims to be combating.”

Katie Moussouris, founder of Luta Security, was blunt: “I don’t think it’s feasible for cybersecurity companies to have a broader response on this. The risk is just too high.”

An anonymous executive put it more plainly to Reuters: “If they are willing to crush Mr. Krebs, what do you think they’ll do to me?”

The Dismantling

The act against Krebs was not an isolated act of retribution. He was a demonstration project—and the demonstration worked!—because it ran in parallel with a systematic campaign to hollow out America’s cybersecurity infrastructure.

CISA entered fiscal year 2025 with roughly 3,400 employees. By December 2025, that number had fallen to approximately 2,400. Trump’s FY2026 budget proposes cutting the agency’s funding by $495 million, a 17% reduction, eliminating over a thousand authorized positions. Election Security has been entirely zeroed out. Forty-five million dollars stripped from Cyber Defense Education and Training. Seventy million from the National Risk Management Center.

In April 2025, the CVE program nearly collapsed. CVE is the global system for identifying and tracking software vulnerabilities, and it underpins virtually every security operation on Earth. MITRE’s government contract was allowed to approach expiration before CISA threw together a last-minute extension. The system survived. But nobody who watched it happen could avoid the obvious implication: even the most fundamental shared infrastructure of cybersecurity is expendable when it falls within the budget-cutting blast radius.

General Timothy Haugh, who led both the NSA and U.S. Cyber Command, was fired along with his deputy, Wendy Noble. No official rationale was offered. DHS Secretary Kristi Noem took the stage at the RSA Conference and called CISA a “Ministry of Truth,” accusing it of deciding “what was truth and what was not.” She was referring to the agency’s role in debunking election misinformation that Trump still insists was censorship.

By January 2026, the escalation had reached a kind of absurdist peak. CISA, the FBI, and the NSA all pulled out of the RSAC Conference after the event’s organizer hired former CISA director Jen Easterly as CEO. Easterly is a 25-year Army veteran and political independent whose offense was criticizing the administration’s loyalty mandate at the previous year’s conference. West Point had already rescinded a job offer to her after a far-right activist objected. The federal government withdrew from the world’s largest cybersecurity gathering because it didn’t like the new boss—one who was, until quite recently, their own well-respected boss.

All of this while Chinese state-sponsored hackers remain positioned inside American critical infrastructure. As Easterly wrote on LinkedIn before Trump’s allies forced her further from public life: “As experienced leaders exit and key roles remain vacant, our nation’s cyber defenses are at risk of being dangerously degraded.”

The Government as Threat Actor

This is the part that should unsettle everyone in my field.

We train to defend against Advanced Persistent Threats, use acronyms like APT28 and APT41 and Volt Typhoon, write detection rules, build threat models, share indicators of compromise. Our entire conceptual apparatus assumes the threat actor is foreign and that the U.S. government is, broadly speaking, on our side.

Then came DOGE. Elon Musk’s operatives gained access to Treasury payment systems, OPM personnel databases, and IRS records with minimal security vetting. Alan Butler, executive director of the Electronic Privacy Information Center, told Politico that their access to federal data was “an absolute nightmare.”

Bruce Schneier at Harvard said government systems are now less secure because of DOGE’s actions. Axios reported on the insider threat implications of granting rapid access to individuals with unclear backgrounds and undisclosed conflicts of interest. A former DHS Chief Privacy Officer described what happened as “a data breach of exponential proportions.”

In any other context, we would call this an insider threat. We would write an incident report, recommend access revocation, conduct forensic analysis. But the people who did it answer to the president, and the people who would normally investigate are being fired or silenced. Nobody has written a TTP report for DOGE. Nobody has published a MITRE ATT&CK mapping for an executive branch that treats its own government’s data as a personal resource.

Our frameworks were not built for this.

Who We Are, and Why That Matters

You can’t understand how this community responds without understanding where it came from. Information security descends from hacker culture, and hacker culture’s founding ethic was libertarian in the older, pre-partisan sense: distrust of authority, commitment to open information, and an unwavering belief that technology could route around institutional power. Cypherpunks who built the encryption tools we still depend on saw cryptography as a liberating force against government surveillance.

The politics are not neatly left or right. They are anti-authoritarian, which maps onto anarchism for some, market libertarianism for others, progressive activism for still others. Walk around DEF CON and you will find people who think open source is a grand anarchist experiment sitting next to people who think the Second Amendment is a cybersecurity posture. Collective political action can be difficult when the only shared conviction is some vague skepticism of centralized power.

Demographics complicate this further. Women make up 22% of the cybersecurity workforce. LGBTQ people, including a visible contingent of trans women hackers and security researchers, have carved out real cultural space in this industry—from long‑running events like Queercon at DEF CON, which I have personally attended and found to be great fun, to highly public practitioners like Alissa Knight who’ve made it easier for others to imagine themselves here. Plenty of people in this industry have skin in the game when it comes to the policies this administration is pursuing.

Yet the workforce remains overwhelmingly white and male. People with the greatest personal stakes in resisting are also the most vulnerable in the workplace, and the least able to speak out safely. Meanwhile, the white, male, credentialed, senior professionals who hold the most structural power face the least direct personal threat.

Conferences celebrate minority members with panels and mentorship programs, but none of that has translated into collective defense when those same members face real-world policy harm.

Does the Culture Support MAGA?

No. Not broadly. But the picture has nuance that a flat denial would miss.

At RSA 2025, Chris Krebs drew thunderous applause for saying “we should be outraged. Absolutely outraged.” Moussouris told reporters, “Everybody feels the same way I do. Nobody is authorized to say anything officially.” An open letter from the Electronic Frontier Foundation gathered more than 40 prominent signatories condemning the Krebs executive order. A State Department employee at the conference, speaking on condition of anonymity, called Secretary Noem “just a puppet.”

Overwhelmingly, sentiment in this community runs against what the administration is doing. It finds expression in private Slack channels, anonymous quotes to reporters, standing ovations at conferences. What it does not produce is organized, public, sustained resistance.

I should be transparent about where I sit in all of this. I was never fully anonymous in the communities I came up through, and I haven’t stopped using my voice. If anything, I’ve become far more strident since 2020, when I watched the security community fail to mount any serious response to the disinformation campaigns and election targeting that defined that cycle. Some of that targeting was directed at me personally. Those events fully clarified something I might have already known: silence in this industry is a choice, and it benefits whoever is running the operation.

Which brings me to the one moment when a real part of the community did speak up. In late April 2025, the EFF organized an open letter to the White House demanding that the Krebs investigation be dropped and SentinelOne’s clearances reinstated. I signed it.

The initial version carried names like Ron Rivest, Matt Blaze, Bruce Schneier, Jeff Moss, Alex Stamos, and Gabriella Coleman—people whose careers are established and reputations large enough to absorb the hit. Within days, the signature count blew past 400. The version I have in front of me now carries over 730 names.

Look at who signed, and a pattern emerges. About 80% included a professional title or affiliation, which in this context is itself an act of exposure. Roughly a quarter hold senior positions: C-suite executives, CISOs, directors, distinguished engineers, endowed professors at MIT, Princeton, Stanford, Georgetown, Columbia. CSO Online called it “a who’s who of the cybersecurity intelligentsia.”

But the bulk of signatories, close to half, are mid-career practitioners: security engineers, analysts, architects. People with titles like “Cybersecurity Professional” or “Security Analyst at Black Hills Information Security.” These are people who don’t have endowed chairs to fall back on.

One name stands out for a different reason: Jonathan Kamens, who listed his title as “Former (fired by DOGE) Information Security Lead and Advisor to the CTO, U.S. Department of Veterans Affairs.” He signed as an original signatory, not an open one. He had already lost his job, and chose to make that visible.

The letter mattered. But 730 names out of a global cybersecurity workforce of over 5 million is vanishingly small. And as Krebs himself told Politico six months later, the executive order remained in force, his clearance was still revoked, and SentinelOne was still dealing with the fallout. Solidarity was expressed and nothing changed.

A real but minority pro-MAGA tendency does exist within the community, concentrated in military and intelligence-adjacent subcultures and in parts of the crypto and prepper worlds that overlap with hacker culture. Some of this traces back to the libertarian strand of hacker politics that has always been comfortable with right-wing anti-government rhetoric. But saying the culture “inherently supports MAGA” gets it wrong.

What the culture inherently supports is self-preservation. At this time, self-preservation and silence feel indistinguishable.

The Professional Managerial Trap

A body of left-wing theory explains what is happening here. In 1977, Barbara and John Ehrenreich coined the term “professional-managerial class” (PMC) to describe salaried mental workers whose function is “the reproduction of capitalist culture and capitalist class relations.” They don’t own capital. They manage it, protect it, optimize it, and discipline the people who produce it.

Infosec professionals fit that description almost too well. We design access controls, write acceptable-use policies, implement data-loss prevention, monitor employee behavior on corporate networks, and enforce compliance regimes. Our professional purpose, at its structural core, is to keep the systems through which capital flows running without disruption. The trains must run on time. When the Ehrenreichs described the PMC’s relationship to the working class as “objectively antagonistic,” they could have been describing the person who configures your company’s endpoint detection and decides what you’re allowed to plug into your laptop.

A recent analysis in Jacobin puts a fine point on it: the PMC are “servants of capital, but also have a disdain for capitalism.” I recognize that tension in myself and in most of my peers. Many of us believe, sincerely, that we are protecting people: hospitals from ransomware, election infrastructure from foreign interference, critical infrastructure from catastrophic failure… Structurally, most of us work for corporations or government agencies whose primary interest is protecting capital, intellectual property, and state power. The sincerity is real but the paycheck comes from somewhere else.

And the paycheck is definitely generous. The average U.S. cybersecurity salary: $147,000. Directors and middle managers average $175,000. CISOs regularly clear $200-400K, and top earners exceed $1 million annually. That kind of money buys houses, private school tuitions, stacked retirement accounts, and a way of life that becomes very difficult to risk for the sake of a LinkedIn post.

Security clearances make the trap even tighter. A large portion of the infosec workforce holds or aspires to government clearances which can sometimes unlock lucrative contracts and often the most interesting work. As the Krebs case demonstrated, those clearances are revocable by presidential fiat. When your clearance is your career, and the president has shown he will use clearance revocation as punishment, speaking out goes beyond professional risk.

The Retreat from the Narrative Battlefield

One of the most consequential decisions the infosec community has made in recent years is leaving X/Twitter.

I understand the impulse. Musk’s platform became hostile to the values many in this community hold. Harassment spiked. Trans users were targeted relentlessly. Moderation collapsed. Leaving felt like self-preservation—in many cases, it was.

But Mastodon and Bluesky are not what Twitter was. They are smaller, more fragmented, built for conversation among the like-minded, where security pros talk to other pros about security. Pleasant, sometimes useful, but rarely political engagement in any meaningful sense. Leaving X was a moral exit, not a strategic one. It ceded the largest public forum where technical expertise could have shaped political discourse to bad actors who have been more than happy to fill the vacuum with nonsense.

The progressivist web chose comfort over influence. A community that prides itself on understanding adversarial thinking failed to think adversarially about information warfare.

The Professional Culture of Discretion

One more factor deserves attention because it’s one that is highly specific to this field.

Information security professionals are generally discreet. Operational security is not just a practice, but an identity marker. We often don’t disclose vulnerabilities before they are patched, share intelligence outside trusted channels, or draw attention to ourselves. These habits serve real purposes in their proper context, but they have metastasized into a professional culture where any public political statement feels like a violation of norms.

“We protect systems, not take sides” has become the industry’s equivalent of “just following orders,” which provides cover for inaction that handily serves the interests of whoever currently controls the systems we protect or can successfully apply pressure to its owners.

When Politico described a “typically nonpartisan community beginning to vocalize its dissent” at RSA, it was describing something real. But “beginning to vocalize” in the spring of 2025, months into the dismantling of the American experiment, was already far too late. And vocalization in the form of anonymous quotes and conference applause will never be the same as action.

What Would Action Look Like?

I don’t have a clean answer, but I know how it doesn’t look: migrating to Mastodon to post for an audience that already agrees with you, signing an open letter and going back to work on your government contract, or applauding Chris Krebs at a conference and then telling Reuters “no comment” when asked about SentinelOne.

The cybersecurity community has an asymmetric capability that almost no other professional class possesses. We are people who understand, at a technical level, how the systems of power actually work, who know where the data lives, how it moves, and what is exposed.

The anti-capitalist analysis would say this power will never be wielded against the system because the people who hold it are too deeply embedded in the system’s rewards. The PMC critique holds that professionals whose livelihood and identity depend on capitalist institutions will, in the final analysis, choose those institutions over solidarity with the people those institutions harm.

So far, the evidence supports that reading.

But the Ehrenreichs themselves acknowledged that as working conditions and pay of the PMC deteriorate, alignment with the broader working class becomes possible, even if never guaranteed and always fraught.

Clearances are being revoked. Budgets are being slashed. The CVE program nearly died. Agencies are being gutted. The government pulled out of the industry’s own conference over a hiring decision. Conditions that once made silence feel like prudence are rapidly becoming conditions where silence feels like complicity.

I cannot tell you whether this community will recognize that shift in time. But the window in which inaction can be mistaken for neutrality is closing fast.

A War That Never Quite Starts or Ends

On March 12, 2014, as unmarked Russian soldiers tightened their grip on Crimea, Vladislav Surkov published a short story in the glossy Russian magazine Russky Pioneer. Writing under his pseudonym Natan Dubovitsky, the longtime Kremlin political operator imagined a future conflict he called “the first non-linear war,” where “four coalitions collided” and “it wasn’t two against two, or three against one. It was all against all.” Entire towns and generations changed sides mid-battle; alliances were fluid, motives opaque.

The story appeared on March 12, two weeks after Russian forces seized Crimean airports and surrounded Ukrainian bases, and as soldiers without insignia were replacing local television channels with Russian programming across the peninsula. No war was ever declared. Surkov’s narrator calls the fighting “part of a process,” but not necessarily its most important part.

Moscow thinks about conflict in much the same way.

Since then, journalists and filmmakers (myself included) have treated “non-linear war” as a skeleton key to contemporary Russian strategy. Peter Pomerantsev read Surkov’s fiction alongside his real-world media work, describing a system in which “nothing is true and everything is possible.” Adam Curtis went further in his 2016 BBC film HyperNormalisation, arguing that Surkov’s approach focuses less on battlefield victory than on producing “a constant state of destabilized perception” in which people can be managed because they can no longer tell what is real.

Not every Russia specialist accepts the story as a literal doctrinal blueprint; Surkov was also playing with avant-garde literary and artistic traditions. As a description of how power can operate, though, the story is brutally clear.

Non-linear war breaks things and redraws borders; it does something else, too. It reshapes what entire societies come to regard as ordinary. Shock follows shock. Information floods every channel. People adapt because they have no choice, and their adaptation becomes raw material for the next round of operations. That cycle functions like a ratchet. Each turn makes the next one easier.

Once the ratchet clicks forward, it becomes difficult to push back.

Phase One: Blurred Thresholds

Well before Surkov put the phrase “non-linear war” into print, Russian officers were questioning the old boundary between war and peace. In a 2013 article in the journal Military-Industrial Courier, General Valery Gerasimov, Russia’s chief of the general staff, wrote that “the very ‘rules of war’ have changed” and that non-military means of achieving political and strategic goals had in many cases “exceeded the power of force of weapons” in their impact. He pointed to social media, information campaigns, covert support to opposition forces, and economic pressure as tools that could soften a target state long before tanks crossed any border. An English translation of the article was later published in Military Review.

Western commentators soon labeled this apparent synthesis the “Gerasimov Doctrine.” Mark Galeotti, the analyst who coined that phrase in 2014, has since written in Foreign Policy for what he says he launched “incautiously and unintentionally,” arguing there is no single doctrine so much as a set of evolving practices and improvisations. The name stuck anyway because it partly captured a change that extended beyond Russia: the rise of conflict fought through a dense mix of military, informational, economic, and legal tools that rarely triggers formal declarations of war.

No clean line separates war from peace in this environment.

Disinformation campaigns muddy public debate. Cyber operations shut down services. Economic pressure spikes prices or wipes out savings. Sporadic kinetic attacks kill and injure far from any defined front. Christopher Paul and Miriam Matthews, in a 2016 RAND Corporation report, called the Russian approach a “firehose of falsehood.” The output is high-volume, multichannel, repetitive, and unconcerned with internal consistency. The goal isn’t to get anyone to believe a particular story. Flood the zone with enough contradictory versions and people stop trying to sort them out.

NATO’s Allied Command Transformation has formalized part of this shift under the label “cognitive warfare.” In its working definition, cognitive warfare consists of activities coordinated with other “instruments of power” in order to influence, protect, or disrupt cognition at the level of individuals, groups, or entire populations. The focus lies less on particular opinions than on the processes people use to form them. A 2024 analysis of the NATO concept published in Frontiers in Political Science notes that cognitive attacks are conceptualized to “hinder decision-making processes, erode national or institutional unity, sow societal division, exploit identities and narratives, and undermine the resolve to engage in conflict.”

When those cognitive processes are overloaded, manipulated, or numbed, the rest of the playbook becomes easier to run.

Phase Two: Layered Shock and Cognitive Overload

Once that blurred threshold is in place, the next move is to subject the population to a mixture of physical and psychological shocks, often far from any traditional front. Those shocks travel through media, markets, and digital infrastructure as readily as artillery barrages.

Ukraine, now entering its fourth year under full-scale Russian attack, offers an unusually well-documented example. A WHO-supported health needs assessment conducted in October 2024 estimated that 68 percent of Ukrainians report a decline in overall health compared to the pre-war period. Mental health concerns are the most prevalent issue, affecting 46 percent of the population, followed by mental health disorders at 41 percent and neurological conditions at 39 percent. Among combat-exposed soldiers in clinical settings, one recent study reported PTSD in 45.9 percent of patients and Complex PTSD in 21.5 percent.

The war’s physical toll runs alongside this psychological damage. CARE International has documented how civilian casualties rose sharply again in 2025 after a brief plateau, with 2,514 people killed and 12,142 injured in that year alone, a 31 percent increase in deaths compared to 2024. Many of those harmed were struck far from any trench or fortified line, as cruise missiles and drones hit apartment blocks, electricity infrastructure, and medical facilities.

At the same time, Russian and pro-Russian information operations batter domestic and international publics with competing narratives about who is responsible for particular atrocities, whether Ukraine is a “Nazi” state, and whether Western support is prolonging the fighting. Research on the firehose model notes that audiences exposed to such campaigns are more likely to remember the messages and less likely to engage in fact-checking, even when warned about disinformation in advance.

A 2025 report by the British Institute for Security Innovation on AI-driven information warfare describes the end state of this process as “epistemic learned helplessness”: a condition in which people stop trying to evaluate claims because the cognitive cost of constant vigilance has become intolerable. Missile strikes, blackouts, deepfake videos, currency shocks: each of those on its own is destabilizing.

Taken together, and repeated over time, they create a background of crisis.

Phase Three: Defensive Normalization

As an Iraq veteran, I am intimately aware with the messy fact that human beings cannot live indefinitely at full alert. When faced with chronic emergency, they will find ways to normalize it as a type of coping mechanism.

War speeds this up and makes it uglier.

Alexei Yurchak called this “hypernormalization.” In his 2005 book Everything Was Forever, Until It Was No More, he described how late-Soviet citizens knew the official story was a lie, but collectively maintained it because nothing else seemed workable. Daily life carried on inside a shared fiction that nobody believed and nobody could replace. Curtis took Yurchak’s framework and ran with it in his 2016 documentary. His argument was that Western publics had arrived at their own version of the same problem. People could see that politics and media were stage-managed. They kept participating anyway, because no alternative script was on offer.

Ukrainians near the front describe sleeping in their clothes so they can grab their children and run to shelters at any hour. Workers plan commutes around likely missile timings. People say they have gotten used to the sound of drones overhead and streets without lights. CARE found that over 70 percent of adults in frontline regions experience depression or severe anxiety, but many frame their condition as just “being tired” or “living normally in war.”

The research on media consumption and collective trauma tells a related story. A three-year longitudinal study published in Science Advances by Thompson, Jones, Holman, and Silver found that people who consumed heavy media coverage of the Boston Marathon bombings experienced more distress and consumed more media after the Pulse nightclub massacre, feeding a cycle that compounded with each new event. Susan Moeller documented the same pattern at a broader scale in her 1999 book Compassion Fatigue: once a conflict becomes a permanent fixture of the news cycle, audiences stop absorbing its daily horrors, even as the killing continues. Over time, the outrage fades into background noise.

From a non-linear operator’s perspective, that shift from alarm to numbness isn’t a side effect or collateral damage, it’s usable ground.

A win, if you will.

Phase Four: Memory, Narrative, and the New Normal

Normalization isn’t a phenomenon limited to individual minds. It is structured by institutions, stories, and the law.

Dr. Edna Lomsky-Feder interviewed Israeli soldiers from different wars about how they remembered combat. What she found was that societies actively rework traumatic memories through official ceremonies, films, school curricula, and family stories, gradually redefining what counts as “normal” in wartime. She calls this the “normalization of war.” Heroic, critical, and resilience narratives compete with one another, but the net effect is domestication: intense war experiences get folded into personal biography as expected, even routine.

A similar logic runs through Russian political life. A study of collective trauma and populism in Russia and Georgia, presented by Jana Javakhishvili and published by the Vilnius Institute for Policy Analysis, argues that unprocessed historical trauma, from Stalinist terror to the collapse of the Soviet Union, has been repurposed by elites into a sense of permanent grievance and siege. The Putin system, in this account, built its legitimacy on a “substitutive trauma”: the loss of empire. That loss is continually rehearsed in media and politics, producing a public encouraged to experience present events as proof that enemies are everywhere and that only a strong leader can keep chaos at bay.

On the receiving end of non-linear campaigns, something different but related unfolds. Therapists and researchers who have written about the “weaponization of collective trauma” described patients who experienced political news as a form of re-traumatization. Constant exposure to outrages and scandals, amplified by algorithmic feeds, keeps the amygdala on high alert. Those affected report difficulty distinguishing real from perceived threats, a collapse of nuance into black-and-white thinking, and “trauma-bonding” within political tribes that makes cross-cutting conversation nearly impossible.

Pomerantsev’s account of Russia in Nothing Is True and Everything Is Possible feels like an extreme version of this condition: a country where reality TV, state propaganda, and organized crime blur into one spectacle, and “surreal” events are the daily rule and not exceptions. Under non-linear pressure, target societies can drift toward a similar terrain without consciously copying that model because the mechanisms producing it— namely, constant crisis, unresolved trauma, and saturated media— are highly familiar.

Phase Five: Institutions Adapt, Then Entrench

Once crisis becomes routine, institutions change shape to cope with it. Those changes can easily harden into a new status quo.

On the humanitarian and medical side, Ukraine now has a rapidly expanding mental health and rehabilitation sector. The World Health Organization and national partners warn that demand for trauma care, psychosocial support, and physical rehabilitation is rising faster than services can be built out, and that those needs will persist for decades after the fighting stops. Physicians for Human Rights and its partners have documented at least 2,591 attacks on Ukraine’s health care system since the start of the full-scale invasion, with 359 health workers killed and 379 injured.

In parallel, Ukraine’s Ministry of Veterans Affairs and civil society organizations are racing to design long-term programs for reintegration, employment, and family support for hundreds of thousands of current and former combatants.

Security institutions have their own transformation under way.

States targeted by non-linear campaigns are now pouring resources into counter-disinformation units, cyber defense agencies, and strategic communications teams. NATO’s cognitive warfare concept papers read partly as a warning and partly as a bureaucratic blueprint: they call for education programs to build “cognitive resilience,” technical systems to detect and flag manipulative content, and coordination mechanisms that treat the information space as a theater of operations in its own right. A senior NATO official confirmed in October 2025 that “hybrid warfare has begun” and that the alliance was investing heavily in preparing for it.

These adaptations are essential for survival in the short and medium term. They also risk baking the emergency into law and policy. Exceptional powers become permanent fixtures. Surveillance measures introduced to counter one wave of disinformation or terror attacks stay in place for the next. Budget lines and career paths depend on the persistence of threat. Once a state apparatus has reorganized itself around managing non-linear conflict, officials have strong incentives to see that conflict everywhere.

Russian doctrine of reflexive control sits upstream of this institutional picture. The basic idea, developed by Soviet mathematician Vladimir Lefebvre in the 1960s and refined since, is to influence an adversary’s choices by shaping its perception of reality so that it “voluntarily” selects the option most favorable to Moscow. Rather than telling an enemy what to do, the operator feeds it information that leads its own decision-making processes to the desired conclusion. Finnish analyst Antti Vasara describes multi-channel campaigns that aim at the public as well as the command-and-control systems of target states in a bid to force them to misread situations and misallocate resources.

A population and a bureaucracy already conditioned to see permanent crisis are easier to steer with these techniques. When everything looks like an attack, officials can be nudged toward overreaction or paralysis with relatively small pushes.

Phase Six: The Ratchet Turns

Once blurred thresholds, layered shocks, defensive normalization, social reconstruction, and institutional adaptation are in place, the environment itself becomes a weapon. Each new operation lands on a society that has already been pushed closer to the edge.

The Thompson et al. study in Science Advances found that people who consumed more media coverage of one collective trauma experienced more stress and fear about the next, creating a feedback loop of anxiety and information-seeking that compounded with each event. King’s College London’s multi-country Impact of Trauma Survey, part of the XCEPT research programme, is probing a related dynamic in Iraq, Lebanon, and South Sudan: in some settings, those who experience severe conflict trauma are more likely to engage in violence themselves, contributing to a “cycle of violence” that spans generations.

In non-linear conflict, each new missile barrage, cyber intrusion, or disinformation wave is calibrated against the current baseline. It doesn’t need to exceed the last one in magnitude. It simply has to differ enough to break through whatever people have managed to normalize. A strike on pediatric wards after months of nighttime attacks on power stations; a deepfake of a leader “surrendering” after months of more conventional propaganda; a banking panic after a year of physical bombardment.

Each re-teaches the lesson that nothing is stable.

Gerasimov’s 2013 article is often quoted for a line about how a “perfectly thriving state” can, in a matter of days or months, be turned into “an arena of fierce armed conflict” and “sink into a web of chaos, humanitarian catastrophe, and civil war.” Read narrowly, that sentence describes rapid regime change. Read in light of a decade of Russian practice, it reads more like a statement of long-term intent to keep adversary societies hovering on the edge of breakdown.

Never quite collapsing, and never quite recovering.

In Ukraine, that edge is visible in both statistics and daily life. Civilian casualties rose by roughly a third in 2025 despite improved air defenses. According to the WHO, attacks on healthcare facilities increased by nearly 20 percent that year, further straining an already overloaded system. Among respondents in frontline areas, 59 percent reported their health as poor or very poor in a December 2025 assessment. Clinicians warn that untreated PTSD and depression will shape politics, crime, and social cohesion for years after any ceasefire.

This is what it looks like when trauma functions as infrastructure.

Strategic Implications

Policy responses tend to focus on the most visible elements of non-linear war: sanctions, arms deliveries, cyber defense, high-profile fact-checking of viral lies. Those are necessary, but they address only pieces of the cycle.

The deeper problem is, as I’ve alluded, both epistemic and psychological.

Once a population has been pushed toward learned helplessness and people feel it no longer matters what is true, traditional tools of democratic politics lose much of their force. A press conference correcting a false claim lands differently on an audience that has essentially given up on verification. A human rights report documenting atrocities carries far less impact if readers have spent years cycling between outrage and numbness.

That RAND study on the firehose of falsehood concludes that after-the-fact debunking is rarely effective. It recommends preemptive inoculation through warning audiences about manipulative techniques before they encounter them, saturating the same channels with accurate information, and, where possible, working to curb the reach of the most aggressive propagandists— defensive maneuvers they work hard to convince populations are a threat to everyone’s free speech. NATO concept papers on cognitive warfare argue for building “cognitive resilience” through education, media literacy, and institutional reforms that improve transparency and trust.

Those moves are sound as far as they go, but still tend to treat trauma and normalization as side effects rather than engineered outcomes. A strategy that takes the ratchet seriously needs to work on several fronts at once:

• Shorten exposure by hardening infrastructure and improving defenses so populations spend less time under active attack.

• Expand care by treating mental health and social repair as central elements of security policy (not afterthoughts!)

• Constrain emergency powers with clear sunsets and oversight to prevent a crisis mindset from hardening into permanent law.

• Support alternative narratives that acknowledge trauma without turning it into a tool of mobilization or denial.

This isn’t about “winning the information war” in some narrow sense; it’s more a question of whether democracies can sustain the conditions (e.g. trust, shared reality, a sense of future) that make politics something other than an exercise in managing a frightened and exhausted public.

In Surkov’s story “Without Sky,” the narrator suffers a brain injury that leaves him unable to perceive depth. He can see only two dimensions, only “yes” and “no,” only black and white. The loss of dimensionality is his private tragedy which doubles as metaphor for something larger. Non-linear warfare aims at flattening a society’s perception in just this way, until people lose the ability to imagine that life could be structured on any terms other than permanent crisis.

Once that perception takes hold, the ratchet doesn’t unwind itself.

Just over a week ago on a February afternoon, I found myself browsing yet another set of odd-looking DMCA notices when I decided to ask Lumen Database for an API key to access their database.

An API key is essentially a researcher login for software; a credential that lets you automatically query large volumes of data instead of clicking through individual records by hand. In my email, I described a straightforward project: examine how one prolific sender of DMCA and related takedown notices might be using copyright law to target lawful reporting and public‑interest speech.

The outputs, I wrote, would be “public, written journalism and analysis,” and I signed it with my name and publication.

Lumen replied the following morning that my “plans and outputs do not align with Lumen’s current goals and mission” and declined access, then ignored a follow‑up request to explain that contradiction.

Lumen’s official account follows me on Twitter, which makes it hard to argue this was an anonymous or context‑free request from a stranger they knew nothing about.

Because Lumen says it exists to document the censorship machinery that operates through legal threats, walling off deeper access to that machinery isn’t a neutral administrative act.

It’s a choice with real consequences for accountability.

The transparency project that gets to say no

Lumen is a project of Harvard’s Berkman Klein Center, which describes it as collecting and studying online content‑removal requests “providing transparency and supporting analysis of the Web’s takedown ‘ecology.’”

UNESCO’s profile summarizes Lumen’s purpose as promoting transparency about “who sends and receives these notices, why, and what online content they refer to,” and facilitating research on “both legitimate and questionable” complaints. The database is populated by voluntary contributions from companies such as Google, Twitter, and YouTube.

On its Researchers page and in its API terms, Lumen tells the world that it generally issues researcher credentials to people or non‑profits planning “journalistic, academic, or legislative & regulatory policy‑focused public written research outputs,” explicitly naming news articles, journal pieces, and white papers as acceptable outputs.

Independent researchers are explicitly eligible; the terms define a “Researcher” as anyone using the API for such a purpose, whether institutionally affiliated or not.

The same API terms contain a sweeping escape hatch: “Lumen reserves the right to deny or refuse to grant API access for any reason.” There is no described public appeal process in those terms, no obligation to provide a reason, and no published statistics on who is refused.

Lumen did not respond to my follow‑up email explaining I was writing a story about their organization and asking for comment on how my “described plans and outputs do not align with Lumen’s current goals and mission.”

A textbook fit (on paper)

Put Lumen’s public description next to the project it declined and the alignment appears perfect. Lumen says it wants to document the “ecology” of online removal requests: who sends them, why, and to what effect.

I proposed to:

• Map the takedown activity of one frequent submitter over time and across platforms and targets

• Evaluate how often that entity’s notices appear overbroad, retaliatory, or aimed at lawful reporting and commentary

• Examine which topics, individuals, or organizations are most frequently targeted, and whether notices cluster around particular events or critical coverage

The outputs would be public journalism and analysis, with clear methodological notes about how Lumen data were used and my expressed willingness to follow any preferred citation or data‑handling practices.

Those are precisely the kinds of “journalistic” outputs Lumen cites when defining acceptable research purposes in its API terms. I was able to find various external descriptions of Lumen reinforcing that same expectation.

Bellingcat’s online investigations toolkit describes Lumen as a Harvard‑affiliated research database of “legal complaints and content‑removal requests (e.g., DMCA, defamation, court orders)” and explains how researchers can use it as part of large‑scale investigations. Based on Bellingcat’s understanding and Lumen’s own docs, their API access is meant for just the sort of systematic pattern analysis that my proposed work needed.

Lumen’s refusal, then, was not simply a matter of limited resources or some ill‑fitting use case. On the public record, my project’s aims sit squarely inside the organization’s announced remit.

The gap lies in how Lumen currently defines its “goals and mission” in practice, and who exactly is allowed to test the limits of abusive notice‑sending.

When a transparency archive narrows the aperture

This is not the first time observers have questioned whether Lumen’s operational choices match its transparency rhetoric.

In 2020, TorrentFreak reported that Lumen had removed precise URLs from public copies of DMCA notices, replacing them with domain‑level information and requiring users to enter an email address to receive a single‑use link to view full details. The outlet, which called Lumen “an essential tool for researchers and reporters interested in the cease‑and‑desist landscape,” warned that “reduced access will probably be disappointing for some,” and noted that the new hoops “place obstacles in the way of legitimate research and accountability.”

Lumen project manager Adam Holland told TorrentFreak the changes were meant to keep Lumen a “vibrant and valuable feature…for research, journalism, and public awareness around takedown requests” while addressing concerns about people using the database as a directory of infringing links and reducing staff workload. In his account, the research community’s experience would remain “in no way” compromised.

Even some copyright‑enforcement professionals were uneasy. A representative from an anti‑piracy company told TorrentFreak that while his clients welcomed less visibility for infringing URLs, he shared “the concerns of those who may feel that this places obstacles in the way of legitimate research and accountability.”

A pattern appears:

• Lumen and its institutional home present the project as a neutral infrastructure for transparency and research on legal threats to speech.

• To manage internal workload and external sensitivities, they narrow public access and route serious work through privileged channels such as researcher logins and API keys.

• Those privileged channels are themselves controlled by opaque, discretionary access decisions with no external oversight.

An unexplained denial of API access to a journalist scrutinizing one particularly prolific takedown sender is a sharper expression of the same dynamic.

Additional denials may have occurred of which the public is not yet aware.

The quiet power to shape which abuses are visible

The stakes are concrete. Fraudulent and retaliatory takedown campaigns have become a quiet but effective tool for reputation management and suppression of critical reporting under the banner of the DMCA.

A 2024 analysis by Tax Policy Associates titled “The epidemic of fraudulent DMCA takedowns” described an “invisible campaign to censor the internet” through bogus copyright notices, especially those sent to Google, aimed at burying investigative or critical articles in search results. Drawing on Lumen data, the author detailed networks of shell companies and fake media entities submitting near‑identical DMCA complaints to remove unflattering coverage of tax disputes, political figures, and alleged misconduct.

Journalist Mike Masnick, writing at Techdirt, has likewise documented “fake entities…still abusing the DMCA takedown process” to scrub factual reporting, using Lumen entries to trace clusters of notices tied to a reputation‑laundering operation built around a string of invented “Media Corporation” brands. Another analysis at Walled Culture showed how backdated copies of articles are used to generate fraudulent notices that convince platforms to remove the original investigative pieces.

These investigations make one thing clear: Lumen’s archive is not just a passive record. It is often the only way to spot repetition and coordination across platforms that individual transparency reports, or scattered notices, will never reveal.

Other observers treat Lumen as central infrastructure. The Canadian think tank CIGI, in its report “Weaponizing Privacy and Copyright Law for Censorship”, points to the role of databases like Lumen in tracking censorship‑adjacent use of copyright and privacy law.

Google itself, in its About Lumen documentation, explains that it contributes certain legal removal requests to the project, and describes Lumen as a Harvard‑based initiative that “collects and analyzes legal complaints and requests for removal of online materials.” Google explicitly links that sharing to goals of transparency and public oversight of content removal.

That privileged position comes with quiet, unreviewable power. By controlling scalable access to the underlying data, Lumen can determine which journalists and researchers can efficiently test powerful actors’ use of copyright, defamation, or court orders to scrub the public record.

Lumen’s own notice‑information page explains that some information is restricted to researchers and that fields, including URLs, may appear as redacted for the general public. After the 2020 changes, full notice details are often available only through email‑gated single‑use links. The web interface allows viewing one complete notice at a time and running basic keyword searches, but trying to map a prolific sender’s behavior that way is effectively research via pipette.

From the public record, the structure looks like this:

[ Notice Senders ]
      │
      │  (DMCA, defamation, court orders, other takedown requests)
      ▼
[ Platforms / Intermediaries ]
      │
      │  (Some or all notices forwarded for "transparency" [CYA])
      ▼
[ Lumen Database ]
      │
      │  Public web interface
      │     (Single-notice, email-gated access for full details)
      │
      └───► [ API Access ]
              │
              │  (Sranted or denied at Lumen's discretion)
              ▼
     [ Researchers / Journalists ]

When those gatekeepers quietly decline, without explanation, the chill is subtle but real. The path of least resistance is to focus on aggregated trends or generic “DMCA abuse,” not on how a particular company, law firm, or political actor is exploiting the system.

Lumen’s silence on my request for clarification leaves open uncomfortable questions that belong in the public record.

Why this should matter to policymakers and platforms

For policymakers and platforms that tout transparency as a partial answer to overbroad content removal, Lumen’s access posture raises several uncomfortable implications.

First, if governments and companies point to Lumen as proof of accountability while Lumen quietly controls who can conduct serious analysis, transparency becomes a talking point rather than a practice. UNESCO’s treatment of Lumen in its World Trends in Freedom of Expression materials underscores its perceived role as a public good in the media freedom ecosystem. That status is undermined if its most powerful analytical tools are selectively withheld from independent scrutiny.

Second, platforms like Google that highlight their participation in Lumen in transparency materials should be pressed on whether they are comfortable with an arrangement in which the primary public archive of their legal notices is not meaningfully accountable to the wider research and journalism community. If Lumen’s access decisions systematically or even sporadically shield high‑volume senders from investigation, platforms are implicated in that outcome.

Third, legislators considering reforms to notice‑and‑takedown regimes should recognize that “transparency” is not binary. A database can exist, be technically public, and be cited in policy debates while still being organized in ways that frustrate the very investigations it is meant to enable. Access design is policy.

Finally, there is a deeper structural question: should a single, privately governed institution occupy such a central position in documenting legal threats to online speech? Work on open data and research access has highlighted how opaque refusals can undercut the public interest even when framed as responsible stewardship. Lumen’s trajectory and practices deserve the same level of critical scrutiny that it has so usefully allowed researchers to apply to everyone else.

What is already clear is this: a project widely treated as the public’s telescope into the world of legal takedown threats is also the gatekeeper to that telescope’s highest‑powered lens. When that gatekeeper quietly tells a researcher her plans no longer fit its mission, and declines to explain why, the story isn’t about a single denied API key, or that researcher’s annoyance at the denial.

It’s about who gets to study censorship, and on whose terms.

Get 25% off for 1 year

That’s because for the last few weeks, I’ve been tracking a story that was too sensitive, and frankly too dangerous, to publish without the backing of a major institutional partner.

I needed an outlet that wouldn’t blink when the names “Trump,” “Putin,” and “FBI” appeared in the same paragraph. I needed a publisher that regards being sanctioned by the Russian Federation as a badge of honor, not a legal liability.

That is why my new investigation, “Trump Pardon Buries FBI’s Secret Work for Putin’s Oligarchs,” is the lead exclusive story today in Byline Times.

The Investigation

We discovered that President Trump’s recent pardon of former FBI agent Mark Rossini wasn’t just a favor—it was a burial.

• The Money: I tracked $3.5 million in donations to a Trump-aligned Super PACsfrom the family of Rossini’s co-defendant.

• The Cover-up: We explain how the defense may have used “graymail”—threatening to expose national security secrets in open court—to force the DOJ to crumble.

• The Result: The pardon didn’t just free a man; it permanently sealed the records of what US intelligence officials were secretly doing for sanctioned Russian networks.

Writing for Byline Times allowed me to document this complex “graymail” legal maneuver with the rigor it demands. Their editors and legal team are fearless, and they are one of the few outlets left willing to print the uncomfortable truth about the intersection of oligarch money and American justice.

Please read the full investigation here: https://bylinetimes.com/2026/02/11/trump-pardon-buries-fbis-secret-work-for-putins-oligarchs

Thank you for supporting Hacking, but Legal. It was your support that funded this investigation, and Byline Times that fearlessly gave it a home. If you want to support more reporting on what the papers don't say, please consider subscribing.

Best,
Jackie Singh

Get 25% off for 1 year

DSS has done this work at every Games since Montreal. It is, by any reasonable measure, an important part of what the agency does—making a newly-announced arrangement at Milan-Cortina 2026 highly peculiar.

The Guardian’s sources at the US Embassy in Rome have confirmed the following statement from ICE:

“At the Olympics, ICE’s Homeland Security Investigations (HSI) is supporting the US Department of State’s Diplomatic Security Service and host nation to vet and mitigate risks from transnational criminal organisations.”

“All security operations remain under Italian authority.”

The official ICE statement describes Homeland Security Investigations as “assisting” DSS “to assess and mitigate threats posed by transnational criminal organizations.” Embassy sources confirmed that HSI would back up State Department security. The Department of Homeland Security said its agents would help with “vetting and mitigating risks.” This is not how federal agencies typically describe anti-trafficking operations, which is what HSI actually does at major sporting events. At the 2017 Super Bowl, HSI’s Operation Guardian Angel arrested 94 perpetrators. The agency runs similar programs at every Super Bowl, working hotels and monitoring patterns.

It does not provide protective security.

The distinction matters. HSI is the investigative arm of Immigration and Customs Enforcement, with over 6,700 agents focused on cross-border crime: narcotics, weapons, money laundering, trafficking. The agency has provided hundreds of thousands of hours of support to the Secret Service at National Special Security Events like inaugurations and Super Bowls. But those are domestic events under DHS coordination. Overseas, the State Department holds authority. DSS operates under Foreign Service protocols. No statutory or operational framework exists for HSI to augment DSS abroad.

Embassy officials told Reuters that several federal agencies have supported Olympic security before, including HSI. This is technically true and substantially misleading. At Paris, HSI ran the Open Doors Initiative, a trafficking prevention program partnering with French hotels and nonprofits. That is specialized law enforcement work, not threat assessment for DSS.

French reporting from RFI noted uncertainty about whether HSI had ever participated in Olympic security at all.

I was unable to locate any public record documents showing HSI providing operational support to DSS at any previous Games. NBC News went further, claiming, “It is not unusual for the division, which takes the lead in international human trafficking situations, to work on marquee events abroad,” and placing that claim in the subheader.

The network offered no evidence for this and appears to be the sole source for this claim among the dozens of international news organizations covering this story. RFI was more careful, reporting it is “not known whether the HSI has in the past been involved in the Olympics, or whether this is a first.”

Perhaps NBC has uncritically repeated an anonymous embassy source’s claim, or possibly conflated HSI's anti-trafficking work at Paris 2024 with the operational security role described for Milan-Cortina. The Open Doors Initiative partnered with hotels and NGOs to identify trafficking victims, which has nothing to do with threat assessment for DSS. One mission is routine. The other, if it has ever happened, left no trace in the public record. NBC’s framing risks normalizing a historically unprecedented arrangement by claiming it is routine.

So what explains Milan-Cortina?

The Department of Homeland Security’s own planning documents offer no answer. The agency’s FY2025 Financial Report, published this month, mentions the Olympics exactly once: TSA preparing for the 2028 Los Angeles Summer Games alongside the 2026 FIFA World Cup and America’s 250th anniversary. Surge staffing. Coordinated planning. Screening upgrades.

The report says nothing about HSI providing security support at Milan-Cortina, nothing about augmenting DSS operations abroad, nothing about threat assessment at international sporting events. If this deployment reflects institutional planning rather than political improvisation, DHS’s budget justifications do not show it.

The State Department announcement offers a clue: the arrangement demonstrates “the Trump administration’s bold leadership and steadfast commitment to law enforcement and security.” Vice President Vance is leading the U.S. delegation. The framing is political, not operational.

DSS does face staffing pressure. A 2022 study found the agency operating at 73 percent of authorized strength. But DSS managed Paris without HSI integration, despite an unprecedented open-air ceremony on the Seine that French security officials called the most complex Olympic event ever attempted. If DSS cannot staff Milan-Cortina, a smaller Games in a less challenging security environment, something has gone badly wrong at Foggy Bottom. If DSS can staff it, the HSI deployment is theater.

The Italian reaction suggests the latter interpretation.

Former Prime Minister Giuseppe Conte called on the Italian government to “set our own limits” regarding the United States and demanded an end to “capitulation” to Trump.

Interior Minister Piantedosi initially denied ICE involvement before clarifying that Italian authorities would maintain control and American agents would not operate on the streets. Foreign Minister Tajani told reporters HSI would work “in the operations rooms,” not in public.

The prominent LGBT activist and member of the European parliament for the centre-left Democratic party Alessandro Zan said:

“Trump’s private police agents will arrive in Italy for the Milan-Cortina Olympics. Their task? “To verify and mitigate risks arising from transnational criminal organizations.” If that’s the goal, it’s paradoxical to entrust it to those who are the first to commit crimes, operating with violence and killing innocents in cold blood.

In Italy, we don’t want those who trample human rights and act outside any democratic control. It’s unacceptable to think that an agency of this kind could have a role, whatever it may be, in our country.

Giorgia Meloni should stop taking orders from Trump and, for once, act as a patriot of Italy and not of the United States.”

Milan’s mayor called ICE “a militia that kills” and declared HSI agents unwelcome. He cited recent DHS enforcement operations in Minneapolis that left two U.S. citizens dead (one shot by Border Patrol, one by ICE), telling RTL 102.5 radio that,

“This is a militia that kills,” he said. “It’s clear that they are not welcome in Milan, there’s no doubt about it. Can’t we just say no to Trump for once? We can take care of their security ourselves. We don’t need ICE.”

“ICE agents should not come to Italy because they are not aligned with our democratic way of providing security.”

After the Minneapolis shootings, ICE officials threatened to break the car window of Italian Rai TV journalists who were filming the aftermath.

The video aired on Rai 3 and dominated Italian news for the past two days. Journalist Laura Cappon had shown both her press credentials and passport while identifying herself as Italian media. Foreign Minister Tajani, from Meloni’s own coalition, said the images “speak of abuse.” Even Tommaso Foti, a minister from Meloni’s Fratelli d’Italia party, called ICE’s approach “very harsh and censurable, not at all in line with what is adopted by our law enforcement agencies.” The opposition was less diplomatic: Angelo Bonelli of the Green-Left alliance called it

“mafia-like intimidation of the press in the heart of the United States.”

The backlash reflects ICE’s toxic brand, which has little to do with HSI’s actual mission. HSI is the investigative division of ICE, separate from the Enforcement and Removal Operations (ERO) unit that conducts deportations. Italian media has quite reasonably conflated the two, and American officials have struggled to explain the distinction while simultaneously refusing to explain why HSI will be sent.

I have a few unanswered questions: What capabilities does HSI possess that DSS lacks after five decades of Olympic security? Under what legal framework will HSI agents operate in Italy? Will they carry weapons or hold diplomatic credentials? Who commands them? And why divert HSI personnel from investigating transnational criminal organizations to provide event security, while investigating TCOs is the stated justification for their presence?

The public record offers no answers. What it offers instead is an arrangement without documented precedent, announced with political fanfare, defended with misleading claims about prior practice, and seemingly planned for implementation over the objections of the host city’s mayor. If DSS genuinely needs help, that is an institutional failure requiring congressional attention.

If it does not, the Milan-Cortina deployment is something else: an expansion of DHS’s international footprint dressed up as interagency cooperation, which establishes precedent for ad hoc federal deployments beyond statutory missions.

Either way, we Americans should probably ask why.

NPR reports:

Pittman’s father contacted the FBI hours after the fire and said his son had admitted to starting it, the complaint alleges. It states that Life360 map data from Pittman’s cell phone and text messages to his father further corroborated his confession.

According to the FBI, Pittman traveled from his home early Saturday and stopped at a gas station, before heading to Beth Israel. He then texted his father a picture of the back of the synagogue and a series of messages, which read, “There’s a furnace in the back,” “BTW my plate is off,” “Hoodie is on,” and, “they have the best cameras.”

Pittman's father pleaded for his son to return home. Pittman replied that he was "due for a homerun," according to the affidavit. The criminal complaint states that Pittman went on to text his father that he had done his "research." The FBI says Pittman's father noticed burns on his son's ankles, hands, and face and confronted him:

The government’s complaint alleges that when he confessed to his father, with obvious burn injuries visible on his hands and body, he laughed and said he “finally got them.”

Ten days later, standing in federal court with bandaged extremities, Pittman pleaded not guilty. FBI Special Agent Ariel Williams’s testimony revealed something as disturbing as the attack itself: escalating psychiatric deterioration that everyone around him witnessed but no one knew how to stop.

His mother told investigators the family pets were afraid of him. She’d considered locking her bedroom door at night. After he returned on winter break, his behavior changed so dramatically that when his father tried to correct him for saying something offensive, Pittman “bowed up” in his father’s face.

Members of his gym even heard him say he wanted to burn a synagogue.

That laugh of his should haunt us. Not because it confirms Pittman as a monster, but because it suggests a young man whose break from reality coincided with immersion in online antisemitism, creating a perfect storm that existing frameworks for hate crimes and terrorism fail to capture.

The Clinical Picture

Pittman’s trajectory tells an unusual story. I was able to locate quite a few mentions on social media praising his sports prowess amid photographs of a typical all-American youth. He was an honor roll student at St. Joseph Catholic School, a National College Athletic All-Academic Team member, and spent a few semesters at Coahoma Community College before the attack. High achievers don’t typically abandon their tracks without reason.

Mississippi Today reported that, until recently, Pittman had “mainly used his numerous social media accounts to post about baseball, Christianity and his exercise routines.” My review of his X (Twitter) account confirmed this. Notably, he showed little interest in engaging with anyone online—no back-and-forth with peers, no community building, just broadcast. His social media was a limited monologue.

Friends said he “changed a lot” in recent years. He began bragging about money, promoting questionable health trends he called a “Christian diet.” There were videos of himself cracking raw eggs into his mouth on Snapchat. Videos of himself frantically pumping iron at the gym. Discussions of “testosterone optimization.” Linkages to online subcultures where “maxxing” masculinity, finances, and fitness bleed into nationalist religious fervor. His Instagram bio read “Entrepreneur” and “Lawyer of God.”

On December 5th, thirty-six days before the attack, Pittman purchased the domain for “One Purpose,” a website offering “Scripture-backed fitness, brotherhood accountability [and] life-expectancy maxxing” for ninety-nine dollars monthly. The site featured God’s ineffable name in Hebrew, references to Jewish fast days, and the seven biblical species of Israel.

Then he came home from Coahoma Community College in northwest Mississippi for winter break. His parents saw their son transform into someone they feared. Their household pets, being animals that are sensitive to behavioral cues often missed by humans, became afraid. The mother who’d raised him for nineteen years considered locking her bedroom door. He started day trading, and physically confronted his father. Others heard him utter racist threats in their presence.

The cognitive disintegration was visible to everyone in real time, but was stopped by no one. At nineteen, Pittman sits at peak age for first-episode psychosis in males. Schizophrenia incidence shows a steep increase culminating at age 15 to 25 years in males. Up to 75 percent of patients with schizophrenia experience a prodromal phase: subtle changes in perception, thinking, and functioning extending from weeks to years before full symptoms emerge.

The checklist reads like Pittman’s life: Academic dysfunction. Personality changes. Bizarre social behavior. Inappropriate affect. Grandiose thinking. Unusual preoccupations. Paranoid ideation. Behavioral disorganization. Changes so severe that family members become afraid.

When parents are considering locking bedroom doors, that isn’t radicalization. It’s psychiatric emergency.

Pittman’s phrase sits at the intersection of white nationalist propaganda and religious delusion. Religious delusions occur in between one-fifth and two-thirds of patients with delusions, and prevalence rates vary dramatically by country—from 63% in Lithuania to 24% in England to 7% in Japan. In societies where religion plays an important role in everyday life, people with psychiatric disorders tend to show religious delusions more often than in non-religious societies. The content of delusions is determined by cultural context. In Christian-majority societies, common themes include apocalyptic imagery, supernatural persecution, and religious outgroups as existential threats.

Pittman’s inappropriate affect, laughing while confessing to a violent felony, is textbook psychotic disorder. So is the operational chaos: incriminating content posted hours before the attack, texting his father from the scene, his burned cell phone left behind, and severe self-injury to his face, hands, and ankles. This isn’t a picture of methodical ideological terrorism. It’s someone whose relationship with reality has catastrophically failed.

Persecutory delusions correlate strongly with violence risk, particularly when combined with anger. Re-analysis of the MacArthur Violence Risk Assessment Study found that threat delusions of being spied upon, persecutory delusions, and delusions of conspiracy were mediated by anger due to delusional content on the pathway to serious violence. The closeness in time, or temporal proximity, between the delusion and the act, is an important factor. When someone acts violently during or immediately after experiencing a delusion, there’s stronger evidence the delusion caused the violence, versus someone who holds delusional beliefs for months but acts for unrelated reasons.

Pittman’s timeline appears compressed: on Saturday, January 10 at 12:52 a.m, he posted an antisemitic video on Instagram.

“A Jew in my backyard, I can’t believe my Jew crow didn’t work,” an animated Disney princess-style character said to a short yellow figure with a long nose. “You’re getting baptized right now.”

Roughly two hours later, he drove a few miles to commit the arson, catching himself on fire in the process. He drove himself to the hospital for treatment, and was arrested later that evening after his father, who had seen his burns and heard his laughing confession, contacted law enforcement. Two days after that, he replied "Jesus Christ is Lord" when the judge read his rights. The delusion wasn’t incidental background noise. It was actively driving events.

The Radicalization Machine

Pittman wasn’t reading Revelation in isolation. Before October 7th, 2023, antisemitic content lived in dark corners. After Hamas attacked, UK authorities documented dramatic increases in antisemitic incidents.

The ADL documented 8,873 antisemitic incidents in the United States in 2023, more than doubling the 3,698 reported in 2022. Similarly, the British Community Security Trust recorded 4,103 incidents in the UK, up from 1,662 in 2022. The British Community Security Trust recorded 2,019 antisemitic incidents in the first half of 2024 alone (the highest six-month total ever) before declining to 1,521 in the first half of 2025.

This remains historically elevated: the 2025 figure is still 84% higher than the 823 incidents recorded in the first half of 2022. After October 7th, content that once only lived in dark corners began to flood mainstream feeds—algorithmically amplified, packaged as edgy humor or political commentary, and normalized through sheer repetition. For someone like Pittman who was already showing signs of cognitive deterioration, this was the water he swam in.

Hours before the attack, Pittman shared content from “jew_inbackyard_daily,” an Instagram account posting antisemitic material: caricatured figures with exaggerated features stealing bags of money, getting pushed into pools, “baptized.” The account name itself signals industrialized hate production.

Research shows a 413% rise since 2020 in the internet playing the primary role in the radicalization process for those under the age of 30 compared to the previous decade, according to the PIRUS database. Bad actors on platforms like 4chan, 8chan, Parler, Reddit, Gab, TikTok, Truth Social, X, and Instagram employ memes, dark humor, and pseudo-intellectual discourse to normalize racist and antisemitic beliefs, particularly targeting young men.

The Christchurch killer explicitly encouraged followers to “make memes” about his attack, understanding that internet culture perpetuates ideology more effectively than traditional propaganda—a strategy sometimes called “memetic warfare.”

What happens when someone immersed in this ecosystem begins experiencing prodromal psychotic symptoms? Emerging paranoia, difficulty distinguishing reality from digital content, religious preoccupations. These don’t develop in cultural vacuum. They incorporate available material.

The Diagnostic Trap

Was Pittman experiencing genuine psychotic delusions, or what researchers call “extreme overvalued beliefs”: rigidly held convictions that motivate terrorism but aren’t delusional? The distinction matters legally and clinically, but the boundaries blur. Extreme overvalued beliefs are shared by subculture members, maintain internal logic, and develop through social learning rather than psychotic processes.

The difference isn't whether the belief is abhorrent, it's whether it's culturally transmitted or idiosyncratically generated. A neo-Nazi who believes in an international Jewish conspiracy holds an extreme overvalued belief: false and hateful, but shared by a subculture and spread through social learning. Someone who believes his specific neighbor is a Jewish agent implanting thoughts through the television holds a delusion. Conspiracy theories are taught. Delusions emerge from a breaking mind.

But what about someone who builds a fitness website steeped in Hebrew religious content, then burns a synagogue and laughs about “finally getting them”?

Such an incongruous trajectory suggests neither pure ideology nor pure psychosis, but a pathological intersection of both: emergent psychosis shaped by online radicalization with psychotic symptoms providing the disinhibition necessary to act on violence suggested by extremist ideology. Psychosis breaks reality. Ideology fills the void. Algorithms reinforce it constantly.

Arson and the Mind

Swedish registry data reveals dramatically elevated odds ratios for arson convictions among individuals with schizophrenia: 22.6 for males, 38.7 for females. These risk estimates are higher than those reported for other violent crimes and place arson in the same category as homicide as crimes most strongly associated with psychotic disorders.

The symbolic dimension matters. Fire destroys, purifies, attracts attention. In religious delusions, it represents divine judgment. For someone experiencing psychotic-level religious persecution beliefs, burning a “synagogue of Satan” may feel like spiritual warfare.

This is the same synagogue that was bombed by the Ku Klux Klan in 1967 during the civil rights era. The attack allegedly struck the same wing of the octagonal building that burned in that earlier attack.

What We’re Missing

Could this have been prevented? At what point does “concerning behavior” become “imminent risk requiring intervention”? We have no system for this.

Research shows social media activity captures objective markers of psychotic relapse. One study achieved 71% specificity predicting psychiatric hospitalizations from Facebook posts, identifying linguistic shifts in the month before relapse: increased swearing, anger, and death-related language; more first-person pronouns; fewer references to work, friends, and health.

Could similar patterns identify individuals in prodromal phases, before a first psychotic break? Research demonstrates machine learning can predict conversion to psychosis with 93% accuracy by analyzing speech for two markers: low semantic density (vagueness) and increased talk about voices and sounds.

The challenge isn't technical, per se. It's ethical and legal. With that said, who might already be doing it?

The State Actor Question

A colleague with decades in information operations raised a hypothesis: what if hostile state actors are identifying vulnerable individuals and accelerating their radicalization?

Russian intelligence has demonstrated sophisticated social media manipulation. But the true infrastructure is GRU Military Unit 54777, Russia’s formal psychological operations command.

Established in 1994 as successor to the Soviet Special Propaganda Directorate, Unit 54777 operates in peace and wartime with documented involvement in the Crimea annexation, Syria, Ukraine, European elections, and COVID-19 disinformation. Unlike Soviet-era units activating only during military operations, 54777 conducts continuous psychological warfare. Its operations integrate cyberspace with traditional PSYOPS: “information confrontation,” a fusion of cyber-technical and cyber-psychological attacks with the goal of eroding the adversary’s will.

They operate through social media and front organizations (InfoRos, Institute of the Russian Diaspora), with subordinate PSYOPS units in every Russian military district. The “Aquarium Leaks” (declassified GRU documents) reveal a consistent strategy: identify contentious social issues, flood platforms with divisive content through bot networks and troll armies, and amplify societal tensions. Not to win debates, but to paralyze societies through internal conflict.

Industrial-scale psychological operations require precision targeting. Enter surveillance capitalism. Research establishes comprehensive personality profiles can be inferred from as few as 300 Facebook “likes” with spouse-level accuracy. Cambridge Analytica exposed this at scale: combining psychological tests from 270,000 users with machine-learning models, the firm built personality profiles for over one hundred million U.S. voters, then used algorithmic microtargeting to tailor messages to individual psychological vulnerabilities.

Digital footprints predict political orientation, sexual orientation, ethnicity, intelligence, and crucially, psychological states: depression, anxiety, emotional vulnerability. Facebook offered advertisers ability to target users “in moments of psychological vulnerability,” identifying when young people feel insecure and stressed.

This is psy-ops at scale. Personality-tailored messaging increases persuasiveness by approximately 40% compared to untargeted content. Studies show even warnings about microtargeting fail to reduce message persuasiveness for personality-matched content. The manipulated cannot perceive the manipulation.

Social media platforms collect massive behavioral data: linguistic patterns, posting frequency, content shifts, engagement metrics, temporal behaviors. The capability architecture exists to identify individuals showing early signs of psychiatric vulnerability, apply personality profiling to understand specific psychological architecture, and deliver personality-optimized radicalization content through algorithmic amplification.

This remains theoretical vulnerability, not documented practice. While Intelligence Community assessments on foreign malign influence focus on election interference, disinformation campaigns, and diaspora targeting, they haven’t discussed the exploitation of psychiatric vulnerabilities (nor cognitive warfare, more broadly.)

However, the operational capability unquestionably exists, and some of the recent clusters of “random” or “unexplained” attacks by mentally ill individuals in the United States and elsewhere could fit this hypothesis within the framework of non-linear warfare.

Technical components (psychological profiling, microtargeting, radicalization content delivery, vulnerability identification) have all been demonstrated in commercial and intelligence contexts. The intersection of online radicalization and mental illness sits between terrorism research and psychiatry and remains understudied, creating blind spots where such operations are able to develop undetected and flourish.

Whether through deliberate state actor targeting or emergent properties of algorithmic amplification, vulnerable individuals experiencing early psychotic symptoms are being exposed to extreme content precisely when least equipped to evaluate it critically.

The Forensic Dilemma

Pittman faces federal arson charges and state charges with hate crime enhancements. At his January 20th bond hearing, Magistrate Judge LaKeysha Greer Isaac denied bond: “No conditions would ensure community safety.” Trial is set for late February. He faces five to twenty years federal, five to thirty state—up to sixty with hate crime enhancements.

Given suspected psychotic symptoms, substantial basis exists for competency evaluation. When the judge read rights during his initial appearance via video from his hospital bed, Pittman responded: “Jesus Christ is Lord”—possibly indicating tangential thinking or inability to focus on legal proceedings. He appeared with bandaged hands and ankles, carrying a Bible, and said little to his attorney through two hours of proceedings.

The insanity defense proves more complex. Federal law requires proving the defendant “was unable to appreciate the nature and quality or wrongfulness of his acts.” Premeditation and scant signs of operational security such as removing license plates and wearing a hoodie suggest preserved appreciation of consequences. But the text messages, self-immolation, laughing confession, and social media posts before and after the arson indicate profoundly impaired judgment.

Public defender Mike Scott argued Pittman suffered third-degree burns, incarceration could risk his health, posed no community danger. Prosecutor Matthew Wade Allen countered Pittman posed “serious risk he will obstruct justice or threaten, injure or intimidate witness or juror.”

Judge Isaac agreed.

Treatment and Prevention

Early treatment for first-episode psychosis dramatically improves outcomes. But for someone like Pittman, treatment must also address the ideological content of his beliefs—and traditional psychosis programs have no framework for this.

Standard treatment for delusions involves medication and therapy to help patients reality-test their beliefs. Deradicalization programs help people exit extremist ideologies. But what happens when the two overlap? How do clinicians distinguish a psychotic delusion requiring psychiatric treatment from a sincerely held extremist belief requiring deradicalization? Where does illness end and ideology begin? This intersection remains uncharted clinical territory.

The integrated approach Pittman needs essentially doesn’t exist.

Unfortunately, his case isn’t isolated. As a recent example, Australia’s security service ASIO reported in its 2025 Annual Threat Assessment finding a twelve-year-old self-professed neo-Nazi discussing on social media how to livestream a school shooting before moving to religious targets. ASIO’s intelligence enabled U.S. authorities to intervene.

The director-general noted a disturbing pattern: many radicalized minors “did not have a clear or coherent ideology beyond an attraction to violence itself.”

What needs to happen?

• Intervention pathways for families witnessing psychiatric deterioration. NAMI’s crisis intervention resources provide guidance, but we need systematic protocols that empower families to act before crisis becomes catastrophe.

• More interdisciplinary research at the intersection of mental health and radicalization. Current studies remain siloed. The EU Radicalisation Awareness Network’s practitioner handbook presents a start, but NIJ-funded research confirms the need for integrated approaches.

• Early intervention services for psychosis must develop capacity to assess ideological radicalization. NIMH’s EPINET initiative delivers a framework, but clinicians need training to recognize when delusional content intersects with extremist recruitment.

• Platforms must acknowledge their role in algorithmic amplification of extreme content. The Center for Countering Digital Hate’s STAR Framework outlines principles for Safety by Design, Transparency, Accountability, and Responsibility. The ADL’s research on algorithmic amplification documents the problem; proposed legislation offers a regulatory path forward.

• Frameworks for identifying vulnerable individuals without creating new surveillance states. Emerging research on AI that can infer mental states from behavioral patterns (Affective Computing) highlights core tensions between ethical care and patient privacy and autonomy.

• Funded treatment capacity instead of prisons as de facto psychiatric hospitals. The Treatment Advocacy Center documents how 383,000 individuals with severe mental illness are incarcerated versus 38,000 in state psychiatric hospitals. NAMI’s policy position and the Prison Policy Initiative’s research outline evidence-based alternatives to this.

The Uncomfortable Conclusion

Antisemitism isn’t a symptom of mental illness. The vast majority of antisemitic violence is perpetrated by individuals without mental illness, motivated by ideology, hatred, political extremism. Attributing hate to mental illness risks excusing ideologically-motivated violence while reinforcing unfair stigma.

But some percentage of cases (we don’t know how many, because I’m not sure anyone is looking systematically yet) represent this dangerous intersection: vulnerable individuals experiencing psychotic symptoms, immersed in online radicalization, and lacking insight to seek help or support systems to intervene.

These cases don’t fit existing categories: Not pure mental illness. Not pure terrorism. They are hybrid threats at the intersection of psychiatry, counterterrorism, technology policy, and public health. Everyone around Pittman saw what was happening, but no one could stop it.

His laugh wasn’t evil triumphant. Those behavioral changes weren’t simple signs of ideological radicalization. That incongruous website wasn’t some act of strategic deception. His mother’s fear wasn’t an overreaction. These acts were the signatures of a mind fragmenting in real time, with unregulated algorithms and hateful ideology filling the cracks.

The question isn't simply whether hostile state actors are deliberately exploiting psychiatric vulnerability for radicalization; capability and motive exist.

The more crucial question is whether we're willing to acknowledge that the digital environment Big Tech has created has effectively automated the same process: algorithmic amplification of extreme content, precision targeting of vulnerable individuals, and radicalization at scale. Either way, we’re unprepared.

Pittman’s trial begins February 23rd. Perhaps it will answer legal questions about guilt and responsibility. But it won’t answer what matters most: How many others are fragmenting right now? How many families are watching the same deterioration with no idea where to turn? How many more Pittmans are fragmenting right now, and what are we doing about it?

This publication runs on reader subscriptions. If this analysis demonstrated value, please consider becoming a paid subscriber to help my research reach more people.

Subscribe now

Get 25% off for 1 year

Yesterday, I received what appeared to be an internal HR announcement about updated company policies for 2026.

At first glance, the email appeared somewhat legitimate. It passed every authentication check Google runs, appeared in an existing business conversation thread, and used professional formatting that mimicked Microsoft Teams notifications.

I wasn’t tricked into clicking a bad link. Instead, I spent the next couple of hours reverse engineering the attack infrastructure. What I found was a professionally operated phishing campaign:

• A throwaway email account on a conservative-branded email service ($33/year, no verification required)

• A compromised router in Cape Town, South Africa routing the attack traffic

• The same infrastructure targeting at least three other organizations across multiple countries

• A Phishing-as-a-Service platform called Tycoon 2FA with tens of thousands of documented incidents

• Multi-national infrastructure spanning Russia, South Africa, the United States, and Croatia

Here are a few things we can learn from taking apart a single phishing email.

How I Spotted It

The email appeared to be from Human |Resourcesgeneral <humanresources@reagan.com>.

The subject line read: “New policy documents have been posted. Please review the updated Employee Agreement and Workbook for 2026.REF#09098”.

Because I did not click the Gmail button to “Show images” above the email body, the content is not visually formatted in the manner the attacker intended.

💡 Generally speaking, you should avoid clicking “Show images” in spam or phishing emails, because image loading in emails is a common phishing technique that can leak your email address to attacker-controlled servers.

This helps provide a glimpse of your Internet activity and confirms to the cybercriminal that your email is active and monitored by a real person. This is a process called “email validation” that increases the likelihood your address will be targeted in future campaigns.

Depending on your email client, you may also inadvertently reveal your IP address in the process, giving attackers additional data for targeting and geolocation. However, that particular technique doesn’t work in Gmail or Google Workspace because Google’s infrastructure loads all images through their own proxy servers, stripping away your real IP address and preventing attackers from confirming email validity or collecting device information via tracking pixels).

Importance Marker Applied

Google automatically marked the email as “Important” without my intervention based on its interpretation of the contents.

I unmarked the email to help ensure Gmail will learn not to do that again in the future, but there is also a way to change your importance marker settings to prevent Gmail from using your “past actions to predict which messages are important”.

What Looked Wrong?

I have manually analyzed many phishing emails over the course of my career. Because of this, three things immediately felt wrong:

• First, the timing was convenient. The date was January 20, 2026. Annual policy updates are expected this time of year. The social engineering was textbook: invoke authority (HR department), create urgency (new policies require review), add legitimacy (“reference number REF#09098”).

• Second, the sender was suspicious. The email appeared to come from one account, but when I examined it more closely, the actual sending account was a different address entirely, belonging to a person I don't know and who doesn't work with me.

• Third, the call-to-action was wrong. The email showed a file icon (📄 Employee Policy 2026.docx) but included no actual attachment. Instead, there was a button: “Open to Read Policy.” That button contained a URL to mail.notifyvisitors.com (an email marketing platform) with a 576-character Base64-encoded parameter obscuring the final destination.

First Bypass Technique: Email Authentication

My Google account has Advanced Protection Program enabled.

This is Google’s strongest security tier designed for high-risk users like journalists, campaign staffers, and business executives. It’s supposed to catch sophisticated phishing, and anecdotally does a fantastic job 95%+ of the time.

This particular email sailed right through.

I pulled the full email headers (technical information inside) to understand why. Here’s what Google’s authentication system saw:

SPF: PASS (173.203.187.109 designated as permitted sender for reagan.com)
DKIM: PASS (cryptographic signature valid for @reagan.com)
DMARC: PASS (sender alignment verified)

Every single check passed. Gmail didn’t seem to think this was a spoofed (faked) email. Was it?

What is Reagan.com?

Reagan.com markets itself as a “private email” service emphasizing conservative American values and privacy.

For $40 to $99 per year, anyone can register an email address like financedepartment@reagan.com with no identity verification required.

The “Ronald Reagan” Attack

When the email arrived in my Gmail inbox, it displayed as coming from humanresources@reagan.com. The subject line, timing, and sender all appeared vaguely legitimate.

Only when I examined the email headers did the attack become clear.

The attacker logged into a legitimate berrelli@reagan.com account and manually forged the From: header field to impersonate humanresources@reagan.com.

The email’s To: field listed Human@resourcesmailonlinesespr.com. This is a domain name that, upon investigation, does not exist in any registrar, DNS system, or search engine. This is not an oversight or typo; it’s a deliberate design choice by the attacker.

The To: field address serves a purely social engineering function here.

When victims receive this email, seeing it addressed to a plausible-sounding HR domain reinforces the illusion of legitimacy. But the address was never meant to receive email. Instead, stolen credentials are collected through a different mechanism: the Adversary-in-the-Middle proxy infrastructure hidden behind the NotifyVisitors redirect chain.

Received: by webmail.reagan.com
(Authenticated sender: berrelli@reagan.com, from: humanresources@reagan.com)

X-Auth-ID: berrelli@reagan.com
From: “Human Resources general” humanresources@reagan.com

The authenticated sender is the person who actually owns and logged into the account. The From: is what users see. These should match, but Reagan.com allows their senders to set the From: field to any address they choose.

Google’s SPF check validated that berrelli@reagan.com is authorized to send email from reagan.com, which is true. The DKIM signature cryptographically proves the email came from Reagan.com’s servers; also true. DMARC confirmed sender alignment; also correct, because the domain legitimately sent it. Every authentication protocol did exactly what it was designed to do. But none of them verify that the From: field matches the authenticated sender.

In Check Point’s original write-up, Gmail relied on an X-Sender-Id field. In this case, Reagan.com instead exposes X-Auth-ID to record the authenticated account, but the effect is identical: the authenticated sender differs from the forged From: address.

This is a gap in email protocol design that has existed for decades.

The attack pattern was documented by researcher Yoav Nathaniel at Check Point Research in 2018, who named it the “Ronald Reagan Attack” specifically because Reagan.com’s permissive webmail settings made it ideal infrastructure for this type of impersonation. Attackers would register inexpensive accounts, forge email headers to appear as HR departments or executives, and send thousands of phishing emails that passed every standard authentication check.

Most email providers implement controls to prevent this, either by limiting which addresses users can send from or by appending disclaimers when the From: doesn’t match the authenticated account. Reagan.com has apparently chosen not to implement such controls, making their infrastructure attractive to attackers and problematic for users who receive emails that appear to come from addresses they don’t recognize but still pass all technical validation checks.

My instinct was to check if berrelli@reagan.com was a compromised account from a public breach. I searched HaveIBeenPwned, the definitive database of breached credentials founded by Troy Hunt, and found nothing there or on Google either, which is somewhat unusual for a typical email account used over a period of time.

This suggested one of three possibilities: the account was created recently (within days) specifically for this campaign, it was compromised via targeted phishing rather than a public data breach, or it’s a throwaway account used for a limited campaign and then abandoned.

Bottom Line: The attacker controlled a real email account with valid authentication, so the email got through.

Second Bypass Technique: Thread Hijacking

The email didn’t arrive standalone. It appeared as a reply in what appeared to be an existing conversation about Kinetic GPO membership, Saskatchewan Health Authority procurement policies, and Los Angeles Department of Building and Safety regulations.

This technique is called “thread hijacking,” and it’s becoming the gold standard for bypassing email security.

In our case, an attacker has possibly compromised a third-party email account that had access to a business conversation thread, and has added that content to make their message appear as a eal reply to an existing thread.

By injecting their phishing payload at the top of a long, legitimate business discussion, the attacker attempts to exploit three psychological vulnerabilities:

1. Trust in context: There were other legitimate-looking participants in the thread (real organizations)

2. Cognitive overload: Scrolling through various legitimate messages could make the single malicious one at the top seem plausible

3. Authority reinforcement: The thread discussed HR policies and organizational procedures, making the fake HR announcement seem contextually appropriate

The British security firm Darktrace published research on thread hijacking on January 14, just six days before I received the email. They documented how attackers create mailbox rules that forward responses to hidden archive folders, allowing them to monitor conversations without the compromised account owner noticing.

The technique has proven effective because it defeats one of the primary ways people identify phishing: checking to see if the email “fits” the conversation.

Third Bypass Technique: Teams Interface Mimicry

The email’s visual design appears crafted to resemble a Microsoft Teams channel notification:

• The button color (#6264a7) is the exact purple used in Microsoft Teams

• The text “Human Resources posted a message in General Feeds” mimics Teams channel syntax

• The grey message box matches Teams’ visual design language

• The file icon emoji (📄) adds visual authenticity

This wasn’t accidental. Abnormal Security documented near-identical HR policy phishing campaigns in November 2025, showing that attackers are systematically studying collaboration platform interfaces and replicating them in email.

The psychology is straightforward: people see the familiar Teams purple button and their brain pattern-matches to “legitimate company announcement.” The fact that it arrived via email instead of the Teams app itself gets lost in the visual noise.

Fourth Bypass Technique: The Tracking Link

The “Open to Read Policy” button linked to “mail.notifyvisitors.com”:

https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/59300/1423?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVitXcUIyNzk4NkEwWE4zaFJWMWNNRjRIdFM2RTJaV2YvaHNxOVVTcVRETTdQdE9jazJFeG1LT2dYMDR4aThCeDlDTlZoc3VhSEw5Ymw4U1lhRE[...]

This link *appears* to be a legitimate email tracking link, but in reality, the attacker has embedded a hidden phishing destination inside.

When you click a link in an email, you assume the domain you see is where you're going. But attackers exploit a loophole in how legitimate websites work: they use trusted companies' redirect functions to secretly send you somewhere dangerous.

NotifyVisitors is a legitimate email marketing platform used by thousands of businesses for campaign tracking and analytics. Email providers and network protection suites “whitelist” established services like NotifyVisitors, Mailchimp, and HubSpot because they send millions of legitimate emails daily, meaning phishing emails inherit that institutional trust.

Because of this, email authentication systems have a harder time distinguishing between legitimate emails from NotifyVisitors and phishing emails using NotifyVisitors infrastructure. Both come from the same real servers and may be able to pass all security checks. Users will see a professional domain and assume legitimacy without realizing it's a redirect to a phishing page.

For attackers, this is ideal: they pay for a cheap monthly subscription, send thousands of phishing emails through legitimate infrastructure, extract profit before the account is suspended, all without needing to build their own email servers or compromise major email providers. This pattern repeats across dozens of legitimate services: Mailchimp, Amazon SES, SendGrid, Google Forms, Bit.ly, and others have all been abused for phishing by actors violating their Terms of Service because they are designed to be trusted, useful, and legitimate.

NotifyVisitors isn't just abused for its high reputation. Bad guys use it because it can generate tracking links with redirects.

To identify the final phishing destination hidden behind the Base64-encoded redirect chain, I used Unfurl, a free OSINT tool that automatically follows URL redirects and extracts metadata at each hop, easily revealing the complete attack infrastructure without requiring me to click the malicious link myself.

The URL structure breaks down like this:

• Domain: mail.notifyvisitors.com (legitimate ESP subdomain)

• Path: /tracker/email_tracker/handler/click/

• Campaign ID: 59300

• Tracking ID: 1423

• Parameter: cd=[576 characters of Base64-encoded data]

That last cd parameter is the key. It contains a Base64-encoded redirect chain. This is a technique that helps obscure the final destination from email security scanners that had the opportunity to intercept the message before it arrived in my inbox.

Another way we can tell something is off is that legitimate NotifyVisitors tracking typically appends a nv_uid parameter for conversion tracking, but compromised campaigns replace legitimate redirects with multi-stage phishing chains.

When decoded, these types of parameters typically reveal multiple redirect hops:

1. First hop: Disposable domain (.icu, .xyz, .sbs, or similar low-reputation top level domain)

2. Second hop: Cloudflare Workers instance acting as a traffic filter

3. CAPTCHA challenge: Blocks automated security scanners while appearing legitimate to humans

4. Final destination: Reverse proxy server mimicking Google Workspace or Microsoft 365 login

This architecture is characteristic of Phishing-as-a-Service (PhaaS) platforms which are professionally operated services that rent attack infrastructure to cybercriminals.

What is Phishing-as-a-Service?

PhaaS works exactly like Netflix, Spotify, or any other subscription service, but instead of streaming movies, you're renting complete phishing attack infrastructure. You don't need coding skills, hacking knowledge, or technical infrastructure.

The PhaaS provider handles everything. You just pay, point it at your targets, and collect stolen credentials.

Tycoon 2FA: The PhaaS Behind the Attack

The email wasn’t an isolated attack. Multiple security researchers have detonated highly similar NotifyVisitors tracking URLs in public malware sandboxes.

An ANY.RUN analysis from February 17, 2025 explicitly tagged the infrastructure as Tycoon 2FA, a PhaaS platform designed to bypass multi-factor authentication on Microsoft 365 and Gmail accounts. Additional targets documented on ANY.RUN include Habi (Colombian real estate unicorn, March 26, 2025), Conde Nast (January 7, 2026), and Keyline Ltd (UK construction supplier, January 7, 2026). The titles of the above-named targets include Vice President of Finance, Finance Director, and Branch Manager. Their domains (habi.co, condenast.com, and keyline.co.uk) all use Google Workspace services.

The reports match on the NotifyVisitors infrastructure with the same HR policy lure and Base64-encoded redirect parameters.

This suggests attackers may be running large-scale operations targeting:

• Western countries

• Multiple industries

• Teams with procurement/financial authority over large financial transactions

Cybereason documented Tycoon 2FA in December 2024, noting over 64,000 incidents. In January 2025, Barracuda reported the platform had been updated with enhanced evasion capabilities.

Microsoft Threat Intelligence tracks Tycoon 2FA as “Storm-1747” and reported in November 2025 that it was “the most prolific phishing-as-a-service platform observed by Microsoft” throughout 2025, with Microsoft Defender for Office 365 blocking more than 13 million malicious emails linked to the platform in October 2025 alone.

How AiTM works for credential theft

Traditional phishing sends you to a fake login page, captures your password, and that’s pretty much it, but modern PhaaS platforms use Adversary-in-the-Middle (AitM) techniques:

1. You enter credentials on the fake Microsoft login page

2. The attacker’s server relays those credentials to the real Microsoft server

3. Microsoft sends back an MFA challenge (SMS code, authenticator app prompt)

4. The fake page shows you the same MFA prompt

5. You complete MFA authentication

6. Microsoft issues a session cookie proving you authenticated successfully

7. The attacker captures that session cookie

The session cookie is the prize.

It remains valid for days or weeks, allowing the attacker to access your account even after you change your password. This is why standard MFA (SMS codes, authenticator apps, push notifications) provides zero protection against these attacks.

Only phishing-resistant authentication (hardware security keys using FIDO2/WebAuthn cryptographic verification) can prevent AitM credential theft. The authentication is cryptographically bound to the origin domain, so even if you try to authenticate on the phishing site, your security key detects the domain mismatch and refuses.

The Intelligence Agency Angle

PhaaS platforms like Tycoon 2FA don’t just enable cybercriminals. They also provide plausible deniability for nation-state actors.

Intelligence agencies and Advanced Persistent Threat (APT) groups increasingly use commodity tools and commercial phishing infrastructure alongside custom malware, a trend documented extensively with tools like Cobalt Strike (which saw 161% increased use by cybercrime actors between 2019-2020.

By routing operations through the same PhaaS platforms, compromised routers, and email marketing services used by common cybercriminals, state-sponsored groups can “blend in with the crowd,” making attribution nearly impossible.

When a phishing email originates from a South African compromised router, routes through a US marketing platform (NotifyVisitors), and uses Russian hosting infrastructure, investigators face the attribution problem; determining whether the attack came from organized crime, a lone hacker, or a nation-state intelligence service.

North Korea’s Lazarus Group exemplifies this convergence: the same APT group conducts both state-sponsored espionage and financially motivated cybercrime (with a focus on cryptocurrency theft to fund weapons programs under international sanctions), while using commercial tools and infrastructure that are often indistinguishable from typical cybercrime.

For intelligence agencies, PhaaS platforms reduce operational costs, provide ready-made infrastructure, and most importantly, create ambiguity. Every phishing attack could be criminal fraud, or it could be espionage.

The operational security benefit is immense: if caught, the attacker appears to be just another cybercriminal using rented infrastructure rather than a state intelligence operative.

Fifth Bypass Technique: The Compromised Router

When I examined the email headers more closely, I found something unexpected.

x-client-ip: 165.0.0.143

This is the IP address where the email was actually composed and sent from (not the mail server, but the device the attacker used to access the Reagan.com webmail interface).

I ran the IP through Shodan, a search engine that indexes internet-connected devices, and widened my search to match similar systems. The results were both alarming and devastatingly common, revealing thousands of vulnerable systems.

These appear to be home or business routers with TR-069 exposed to the public internet, which is a protocol (CPE WAN Management Protocol, or CWMP) that Internet Service Providers use to remotely manage customer routers and perform necessary functions such as updating firmware, changing settings, and troubleshooting issues.

A correctly configured server will demand authentication *before* processing any HTTP request, and will respond with an HTTP 401 Unauthorized and a challenge for credentials. If an unauthenticated scanner like Shodan receives HTTP 404 Not Found instead, it means the server processed the request without authentication, routed it through its application logic, and determined the requested path didn't exist, proving authentication was bypassed entirely.

This service should never be accessible from the public internet.

Why? Well, once an attacker confirms the router responds to unauthenticated HTTP requests, they can probe for known vulnerabilities and exploit Remote Code Execution flaws to take complete control of the device.

📌 The Mirai botnet famously used TR-069 exploits to compromise hundreds of thousands of routers in 2016, knocking Deutsche Telekom offline.

More recently, Chinese APT groups have used the Quad7 botnet (200,000+ compromised routers) for Microsoft 365 password spraying campaigns.

The threat actor didn’t send this phishing email from their own computer or a VPN. They routed it through a compromised router in South Africa which is possibly owned by some innocent RSAWEB customer who has no idea their internet connection is being used for international cybercrime.

This adds three layers of operational security for the attacker:

1. IP diversity: Thousands of residential IPs instead of a few datacenter IPs that trigger spam filters

2. Geographic misdirection: The attack appears to originate from South Africa when the attacker could be anywhere

3. Legal deniability: If traced, investigators initially find an innocent router owner in Cape Town, not the actual culprit

Sixth Bypass Technique: Scale of the Infrastructure

The most concerning finding came when I investigated whether the South African router compromise was an isolated incident.

I ran a Shodan query for all RSAWEB customer IP addresses with port 7547 exposed:

Results: 7,676 vulnerable RSAWEB devices in South Africa are completely unauthenticated and accessible to anyone who connects.

For context, when Virgin Media had a similar TR-069 exposure in October 2020, Shodan indexed 800,000 vulnerable routers out of their 5.6 million UK customers (about 14% of their customer base).

RSAWEB is a mid-sized South African ISP with an estimated 50,000 to 200,000 customers. If 7,676 routers are exposed, that represents 3% to 15% of their entire customer base. This is a systemic security failure, not isolated compromises.

Each of these routers can be exploited for:

• Botnet recruitment: DDoS attacks, spam campaigns, cryptocurrency mining

• Phishing infrastructure: Email send proxies (like the one used to target me)

• Traffic interception: All unencrypted data passing through the router is visible to the attacker

• Lateral movement: Compromising devices on the home/business network behind the router

A Shodan search for the open port and vulnerable status shows 123,315 vulnerable devices exposed to the Internet, with the vast majority of devices located in Russia, Brazil, Ukraine, Belarus, and Taiwan.

port:7547 http.status:404 “cwmp”

Widening the Shodan search to remove the “cwmp” server string and searching on port and http status alone widens the results to 8.2 million records, with the majority of potentially-vulnerable systems located in the United States, Russia, and Australia.

port:7547 http.status:404

How Google APP Missed This One

Google’s Advanced Protection Program is supposed to represent the state of the art in email security. It’s designed for high-risk users who face targeted attacks: journalists, campaign staffers, activists, business executives.

This email bypassed it completely. The reason why might be lost somewhere within the following layers of “swiss cheese”:

1. Perfect Authentication (By Design)

Advanced Protection can’t distinguish between a legitimate Reagan.com user and an attacker who registered a throwaway Reagan.com account. Both pass SPF, DKIM, and DMARC because both are using the same legitimate infrastructure.

The authentication protocols verify identity (this email came from reagan.com), but they cannot verify intent (this email was sent for malicious purposes).

2. Content Legitimacy (Machine Learning Poisoning)

The email contained 95% legitimate business correspondence: real quotes from Kinetic GPO, Saskatchewan Health Authority, and Los Angeles Department of Building and Safety.

Only 5% was the malicious payload at the top. Therefore, Google’s machine learning models might have calculated something like this:

Risk Score = malicious_indicators / total_content_signals
           = 1 suspicious link / 50+ legitimate content elements
           = LOW RISK → DELIVER

The massive HTML padding (hundreds of blank and unnecessary tags, white space, useless content, and email signatures) was specifically designed to dilute the suspicious indicators and fool ML-based detection.

3. No Domain Spoofing (Expected External Email)

Advanced Protection aggressively flags emails that spoof internal domains or impersonate specific individuals. But this email came from Reagan.com (an external domain) and didn’t claim to be from anyone in my organization.

It appeared in an existing thread with external participants, so Google’s systems correctly categorized it as “expected external correspondence” rather than “suspicious impersonation attempt.”

However, as I flagged earlier in this report, Gmail also independently decided to upgrade the email’s visibility in my inbox by tagging it with an “Important” importance marker.

4. High-Reputation Link Dilution

The email thread contained legitimate links to:

• eventbrite.com and eventbrite.ca (calendar scheduling)

• kineticgpo.ca (procurement organization)

• ladbs.org (LA Department of Building and Safety)

• dbs.lacity.gov (Los Angeles city government)

These high-reputation domains helped to drown out the single suspicious NotifyVisitors link in the risk calculation.

5. No Attachment-Based Malware

Advanced Protection includes aggressive attachment scanning (sandboxing suspicious files, blocking macros, flagging executables). But this attack had no attachments. Just a link, and not even a link to an obviously malicious domain: a link to NotifyVisitors, a legitimate email marketing platform used by thousands of businesses.

5. Display name and Header Forgery

Gmail correctly validated that a legitimate Reagan.com account sent the email, but it displayed the forged From: header to the user, mirroring the “Ronald Reagan Attack” pattern documented by Check Point Research in which authentication passes while the visible sender is silently impersonated.​

How To Protect Yourself

Report It Immediately

Folks who aren’t cybersecurity analysts can use the three-dot menu once a Gmail message is open to “Report phishing”. This will move the email to your Spam folder, limit your ability to load images, and alert Google Threat Intelligence to help protect other Internet users.

Besides Google, other email providers like Microsoft, Apple Mail, Yahoo Mail, ProtonMail, etc. have equivalent reporting capabilities built into their platforms.

Search “report phishing [service name]” to find the specific steps for your provider.

Spotting Thread Hijacking

1. Verify strange content via secondary channel: If an email appears in an existing thread but seems odd or off-topic, call the sender or message them on Signal/Teams/Slack to verify

2. Check for topic drift: Legitimate conversations evolve naturally, but phishing payloads sometimes introduce abrupt topic changes

3. Hover over all links before clicking: In today’s email, the display text says “Employee Policy 2026.docx” but the URL is mail.notifyvisitors.com

4. Watch for missing attachments: If an email references a file but provides only a link to “view” it, that’s a red flag!

Get a Hardware Security Key

If you use Gmail, Google Workspace, or any service supporting FIDO2/WebAuthn authentication, the single most effective defense against phishing is a hardware security key. These devices are small USB or USB-C authenticators that cryptographically verify you’re logging into the legitimate service, not a phishing replica.

The YubiKey 5C is one of the most popular options: it’s durable, widely compatible with major platforms (Google, Microsoft, GitHub, Apple, social media platforms, etc.), and costs less than $50. When you attempt to authenticate on a phishing site, your YubiKey detects the domain mismatch and refuses to complete the authentication, providing absolute protection against AitM attacks.

This is why Google Advanced Protection Program requires hardware security keys for enrollment. They represent the only authentication method that cannot be compromised by credential theft or session hijacking. You can also consider purchasing Google’s own hardware key, the Titan Security Key.

The Big Picture

This probably wasn’t a targeted attack against me specifically. I happened to end up on a list that was possibly scraped from LinkedIn, a data broker, or a prior breach. The attack landed in my inbox, not because of sophisticated zero-day exploits or advanced persistent threat techniques, but because it exploited the gap between what email authentication can verify (sender identity) and what users need to know (sender intent).

PhaaS has industrialized cybercrime. What I experienced wasn't built by a lone hacker. It was rented from Tycoon 2FA for probably less than $500/month.

The attacker didn't need to know how TR-069 exploits work, how to bypass Google Advanced Protection Program, or how to build AitM infrastructure. They just logged into a dashboard, selected “HR Policy Campaign,” uploaded a target list, and clicked “Launch.”

The person in Cape Town whose router was used to send the email and the US- and Canada-based office workers shown in the stolen email exchanges used as decoys have no clue they’ve been made unwitting parts of a cybercrime operation. If just one wire transfer fraud succeeds, those who deployed the campaign stand to profit handsomely.

This is modern phishing: anonymized, industrialized, globally distributed, and profitable enough to sustain professional criminal organizations.

This publication runs on reader subscriptions. If this analysis demonstrated value, please consider becoming a paid subscriber to help my research reach more people.

Get 25% off for 1 year

• The UN Secretary-General has implicitly challenged President Trump’s authority to withhold assessed contributions, asserting they are “a legal obligation under the UN Charter” that cannot be unilaterally abrogated by executive action.

• The United States owes approximately $4 billion in unpaid UN dues, representing 80% of all regular budget arrears globally. America has already crossed the threshold where voting rights suspension becomes legally mandated.

• This withdrawal follows the UN’s criticism of the January 3 Venezuela military operation, mirroring the administration’s sanctions campaign against the ICC after it issued arrest warrants for Israeli officials.

• New investigative reporting reveals that Russia proposed the Venezuela-Greenland strategy to Trump as early as 2017: America gets the Western Hemisphere, Russia gets Ukraine. Fiona Hill testified to Congress that her NSC team received these offers directly from Russian counterparts. John Bolton blocked them. Bolton was indicted in October 2025.

• The UN headquarters occupies 17 acres of extraterritorial land in Manhattan under the 1947 Headquarters Agreement. The U.S. cannot unilaterally abrogate this treaty or expel the UN.

• NYC Mayor Zohran Mamdani controls the NYPD and city services surrounding UN headquarters. He has already demonstrated willingness to oppose Trump’s foreign policy on legal grounds.

• Silicon Valley ideologues are proposing “Freedom Cities” to replace institutions destroyed by regime change. Two days after the Venezuela operation, Charter Cities Institute director Mark Lutter called for corporate-governed enclaves there. Russia provides the geopolitical logic; the Thiel network provides the economic model for what comes after.

• The UN has announced it will continue operations regardless of U.S. participation. China will fill the vacuum America creates.

• Historical precedent is ominous: The League of Nations collapsed after major powers withdrew, paving the way for World War II.

The statement reads like diplomatic boilerplate: four sentences, no named officials beyond the spokesperson, a formulaic expression of “regret.” To the casual observer, it might appear that the United Nations simply acknowledged another policy dispute and moved on.

Those who understand the context know better. The $4 billion in unpaid American dues. The systematic defunding campaign. The looming voting rights suspension. The military strike on Caracas five days earlier that the Secretary-General condemned as potentially violating international law. These words constitute something far more consequential than diplomatic pleasantries. They are the opening salvo in what could become the most significant constitutional crisis in United Nations history.

Less than 24 hours after President Donald Trump signed the presidential memorandum withdrawing the United States from 66 international organizations, UN Secretary-General António Guterres issued a response through his spokesperson Stéphane Dujarric that amounts to a reminder of Charter law and of the Trump administration’s treaty obligations:

“Assessed contributions to the United Nations regular budget and peacekeeping budget, as approved by the General Assembly, are a legal obligation under the UN Charter for all Member States, including the United States... All United Nations entities will go on with the implementation of their mandates as given by Member States. The United Nations has a responsibility to deliver for those who depend on us. We will continue to carry out our mandates with determination.”

The diplomatic language barely conceals the message: The UN will not allow American financial pressure to halt operations. The United States remains legally bound to pay its assessed contributions regardless of what President Trump orders.

The statement does not function as a negotiation, but as a legal confrontation.

This essay is the third part of an ongoing analysis of President Trump’s withdrawal from international organizations.

Part One, “America Exits 66 International Organizations,” examines the institutional and geopolitical consequences abroad. Part Two, “The Psychological Costs of America’s Exit,” traces the domestic psychological, media, and coercive dynamics that make this retreat possible.

Why the UN Matters to Americans

The United Nations is not, as its critics caricature, a world government or a forum for anti-American rhetoric. It is the infrastructure through which the United States has exercised global leadership for 80 years.

The UN system encompasses far more than General Assembly debates. The World Health Organization coordinates pandemic response that protects Americans from outbreaks originating abroad. The International Atomic Energy Agency monitors nuclear programs in Iran and North Korea. The World Food Programme feeds 150 million people annually and prevents the famines that destabilize regions and create refugee crises. Peacekeeping operations keep conflicts from escalating into wars requiring American military intervention.

The UN also provides forums where the United States sets international standards on telecommunications, aviation, shipping, and intellectual property. American businesses benefit from rules America helped write. When the U.S. withdraws from these standard-setting bodies, it does not eliminate the standards. It simply transfers control to China.

For Americans specifically, reduced UN engagement means:

• Diminished early warning on disease outbreaks that could become pandemics affecting U.S. public health

• Reduced intelligence sharing on terrorism, trafficking, and transnational crime through UN coordination mechanisms

• Lost influence over trade standards that affect billions of dollars in American exports

• Increased likelihood of regional conflicts escalating into crises requiring expensive U.S. military intervention

• Accelerated climate impacts as coordinated global response collapses, affecting American agriculture, coastal cities, and disaster costs

• Brain drain as American scientists excluded from international bodies lose professional standing and career opportunities

American withdrawal creates vacuums that authoritarian powers are eager to fill. The rules-based international order that has prevented great power war for 80 years depends on its architect remaining committed to its maintenance.

The Legal Foundation

The Secretary-General’s position rests on solid legal ground. Article 17(2) of the UN Charter states unequivocally: “The expenses of the Organization shall be borne by the Members as apportioned by the General Assembly.”

This language is not discretionary. It does not say “may be borne” or “should be borne if Members agree.” It says “shall be borne,” which in treaty law constitutes a binding obligation.

The definitive interpretation came in 1962, when the International Court of Justice ruled that peacekeeping expenses constitute “expenses of the Organization” and that the General Assembly’s apportionment creates binding legal obligations on all member states.

Under the U.S. Constitution’s Article VI, treaties ratified by the Senate are “the supreme Law of the Land.” The UN Charter was ratified in 1945. President Trump cannot unilaterally abrogate treaty obligations through executive action any more than he could unilaterally repeal a federal statute.

The Trump memorandum itself tacitly acknowledges these constraints, specifying that “withdrawal means ceasing participation in or funding to those entities to the extent permitted by law.” That caveat matters enormously.

The $4 Billion Question

The Secretary-General’s statement gains urgency from a financial reality that has reached crisis proportions. As of January 2026, the United States owes the United Nations approximately $4 billion in unpaid assessed contributions.

According to the Congressional Research Service, U.S. unpaid assessments stand at $1.5 billion for the regular budget and $2.4 billion for peacekeeping. The United States alone accounts for 80% of all regular budget arrears globally. China, the second-largest debtor, owes less than a quarter of U.S. arrears.

The Secretary-General warned in December 2025 that the organization faces “a race to bankruptcy” unless member states pay their dues. The financial strangulation has been ongoing. According to testimony before the UN Fifth Committee, the organization started 2024 with only $67 million in liquidity reserves. To make payroll, it borrowed from the Working Capital Fund, Special Account, and closed tribunals. A senior official told the committee that “the Secretariat almost ran out of cash in December.”

The Trump administration’s FY2026 budget request proposed ending UN peacekeeping payments entirely. This represents an 83% reduction from pre-rescission funding levels. Call it what it is: effective organizational destruction.

The Voting Rights Threshold

Embedded in the Secretary-General’s statement is an implicit warning. Article 19 of the UN Charter provides that a member in arrears “shall have no vote in the General Assembly if the amount of its arrears equals or exceeds the amount of the contributions due from it for the preceding two full years.”

The United States is already at this threshold. Current arrears of $1.5 billion essentially equal the two-year assessment of roughly $1.52 billion.

If the United States continues non-payment through 2026, the General Assembly would be legally entitled to suspend U.S. voting rights. America would become the first permanent Security Council member ever sanctioned for non-payment.

The Trump administration likely views this as acceptable, perhaps even desirable. Article 19 applies only to General Assembly voting; U.S. veto power in the Security Council remains unaffected. Being sanctioned might reinforce Trump’s narrative that the UN is biased against American interests.

The precedent could run deeper. In theory, crossing the Article 19 threshold creates legal grounds, as some scholars argue, for other members to invoke Article 60 of the Vienna Convention on the Law of Treaties, which permits states to suspend obligations toward a party in “material breach.” U.S. refusal to pay could release other nations from their Charter obligations toward America.

What the Statement Does Not Say

The Secretary-General’s statement is notable for what it omits. It does not mention Article 19 voting rights suspension, despite the U.S. being at the threshold. It does not threaten expulsion under Article 6 (persistent Charter violations) or invoke Article 60 of the Vienna Convention permitting other states to suspend treaty obligations toward a state in material breach.

This restraint reflects political reality. The UN cannot effectively sanction its most powerful member and largest financial contributor without triggering the cascade of consequences described above.

The Secretary-General also refrains from directly criticizing the withdrawal decision itself. He expresses “regret” but does not characterize the action as wrong, harmful, or counterproductive. This diplomatic caution contrasts with stronger statements from others.

The Executive Secretary of the UN Framework Convention on Climate Change (UNFCCC) called the climate withdrawal a “strategic blunder that gives away American advantage.” Former Secretary of State John Kerry characterized it as “a gift to China and Russia and a get-out-of-jail-free card to polluters who want to avoid responsibility.” The Natural Resources Defense Council warned it is “not only self-defeating to let other countries write global rules of the road but also to skip out on trillions of dollars in investment.”

By remaining diplomatically neutral, the Secretary-General preserves space for future U.S. re-engagement while avoiding giving Trump ammunition to claim the UN is “attacking” America. But this restraint also reveals the organization’s fundamental weakness. The UN cannot compel U.S. compliance. It can only assert legal obligations and hope that domestic political constraints, allied pressure, or future administrations restore American participation.

An Attempted Humiliation

Part and parcel of political reality is Trump’s September 2025 address to the UN General Assembly. This attempt to publicly humiliate the institution from its own podium largely backfired, drawing international condemnation and reinforcing perceptions of American chaos and unreliability.

Trump asked “What is the purpose of the United Nations?” while standing at its lectern. He complained about broken escalators and a malfunctioning teleprompter, mobilizing the Secret Service to investigate alleged UN “sabotage” of his equipment. He dismissed climate science as “the greatest con job ever perpetrated” and predictions as “made by stupid people.” He accused the organization of “funding an assault on Western countries” through migration support.

He told assembled world leaders their countries were “going to hell” and warned that “if you don’t get away from this green scam, your country is going to fail.” The rambling, nearly hour-long speech veered repeatedly off-script.

The global response was swift and negative. French President Emmanuel Macron responded that same day by declaring France “proud to be among the people of the United Nations” and asserting the organization “cannot be replaced.” South African President Cyril Ramaphosa criticized the use of trade as “a weapon against a number of countries in the world.”

A foreign diplomat texted the Washington Post’s Ishaan Tharoor: “This man is stark, raving mad. Do Americans not see how embarrassing this is?”

The Chicago Council on Global Affairs noted that Trump’s views diverged sharply from American public opinion: 79% of Americans consider climate change at least an important threat, and majorities support multilateral engagement. Former U.S. diplomat Hugh Dugan observed that despite hammering the UN, Trump “left a vacuum instead of a narrative” on reform. “Next: let’s see if China is editing its speech now to swoop down to fill the missing narrative vacuum,” he predicted.

The speech was not diplomacy. It was performance; one that damaged American credibility far more than the institution it targeted.

Why U.S. Withdrawal Could Destroy the UN

The Secretary-General’s restraint in not threatening punitive measures reflects a brutal reality: the UN cannot effectively sanction its most powerful member without triggering consequences that could destroy the organization itself.

The United States provides approximately 22% of the UN regular budget and 26% of peacekeeping funding. No obvious combination of other contributors can easily replace this. If the U.S. withdraws entirely:

• Immediate operational collapse: Many UN agencies would face 20-30% budget cuts overnight. The World Food Programme, UNHCR refugee operations, and peacekeeping missions would require immediate downsizing. Peacekeeping missions already reduced by 25% due to cash shortages would face further troop repatriations, potentially allowing conflicts in Mali, South Sudan, and the Democratic Republic of Congo to reignite.

• Headquarters relocation pressure: The UN headquarters in New York operates on U.S. soil under a 1947 headquarters agreement. A hostile administration could make operations increasingly difficult through visa restrictions on diplomats, security complications, and infrastructure neglect. Pressure to relocate to Geneva, Vienna, or elsewhere would intensify—an enormously expensive and disruptive proposition.

• Legitimacy crisis: The UN’s authority rests partly on the participation of all major powers. An organization that excludes the world’s largest economy and most powerful military loses credibility as a universal forum. Other nations might question why they should remain bound by UN decisions the United States ignores.

• Security Council paralysis: While the U.S. would presumably maintain its Security Council seat even if General Assembly voting rights are suspended, relations would deteriorate to the point where productive Council action becomes nearly impossible. The U.S. might begin vetoing resolutions out of spite, grinding the Council to a halt.

• Cascade of withdrawals: If the United States demonstrates that withdrawal carries no meaningful consequences, other dissatisfied members (Ex. Russia, which has its own UN grievances, or developing nations frustrated by Western dominance) might follow. The organization could fragment into irrelevance.

This is why the Secretary-General treads carefully. Any punitive action risks provoking the very outcome it seeks to prevent.

The Venezuela Connection

The timing of this withdrawal raises an unavoidable question: Is this punitive?

On January 3-4, 2026, U.S. forces struck targets around Caracas and captured Venezuelan President Nicolás Maduro. The Secretary-General responded: “These developments constitute a dangerous precedent... The rules of international law have not been respected.”

Less than a week later, the Trump administration announced withdrawal from 66 international organizations.

The pattern mirrors the administration’s approach to the International Criminal Court. After the ICC issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu in November 2024, the administration launched sanctions against the court itself. Secretary of State Marco Rubio has sanctioned 11 ICC judges and prosecutors, freezing assets, revoking visas, and devastating their ability to function. Canadian ICC judge Kimberly Prost told reporters she lost access to all credit cards and bank accounts: “How do you order an Uber? How do you get a hotel?”

The administration has even demanded that the ICC amend its Rome Statute to guarantee that Donald Trump himself can never be prosecuted for war crimes.

The message is consistent: International institutions that criticize or constrain U.S. actions will face retaliation.

Calling Trump’s Bluff

The Secretary-General’s commitment to continue mandate implementation despite U.S. withdrawal represents operational defiance, not rhetoric. It signals specific survival strategies the UN is already implementing.

The organization has proposed unprecedented measures to continue operations without full U.S. funding. These include suspending the return of $298.9 million in unspent funds to member states (keeping it as cash reserve instead), authorizing supplementary assessments on member states not in arrears to cover amounts owed by delinquent states, and exploring voluntary contributions from non-traditional donors.

The supplementary assessment option is particularly significant. The General Assembly could effectively make compliant countries subsidize U.S. non-payment by increasing their assessment rates to compensate for American arrears. This would shift the financial burden to European nations, Japan, Canada, and other reliable contributors.

The alternative funding strategy carries its own risks. Increased reliance on voluntary contributions from China, Gulf states, and private foundations risks what some experts call “donor capture,” where funders gain disproportionate influence over UN priorities and operations.

But the core message is unmistakable: the UN will not allow U.S. financial pressure to force organizational collapse. This demonstrates resilience, but it also normalizes a UN system functioning without American participation; a situation that China has been positioning itself to exploit.

The China Opportunity

While the Secretary-General’s statement carefully avoids mentioning alternative funders, the geopolitical reality is impossible to ignore. China has systematically positioned itself to fill the upcoming vacuum.

Beijing now pays approximately 20% of the UN regular budget, second only to the United States. Chinese nationals lead four of 17 specialized UN agencies. China has expanded its civil servant presence across the UN system. The Belt and Road Initiative provides alternative development financing for more than 150 countries. China is championing the “Global Development Initiative” and “Global Security Initiative” as alternatives to Western frameworks.

Chinese Foreign Ministry statements characterize U.S. withdrawals as America “placing self-interest first” and drawing “growing, intense criticism from the international community.” This narrative positions China as the responsible stakeholder committed to multilateral cooperation while America retreats into isolationism.

If the UN successfully continues mandate implementation with reduced U.S. involvement but increased Chinese financial and diplomatic support, it permanently shifts the organization’s center of gravity eastward. American influence contracts to Security Council veto power while China gains operational control over developmental, humanitarian, and environmental programs.

This is already underway. China leads the International Telecommunication Union, the Food and Agriculture Organization, the International Civil Aviation Organization, and the UN Industrial Development Organization. Chinese officials occupy senior positions throughout the UN system, embedding Beijing’s priorities in institutional DNA.

The Secretary-General’s statement attempts to maintain the fiction that the UN can continue current operations with existing resources, even as internal documents reveal desperate cash shortages. The reality is that continued operations will require someone to fill the funding gap. Europe lacks the fiscal capacity. That leaves China, Gulf states, or a combination thereof.

Each option transforms the UN’s character. European dominance would preserve Western influence but at reduced capacity. Gulf state funding comes with conservative social policy strings attached. Chinese funding comes with geopolitical expectations. None preserves the U.S.-led order of the past 80 years.

The “My Way or the Highway” Doctrine

Daniel Forti of the International Crisis Group characterizes U.S. policy: “What we’re witnessing is the crystallization of the U.S. stance on multilateralism, which can be summarized as ‘my way or the highway.’”

This approach fundamentally misunderstands power in the 21st century. Unlike the post-Cold War era when the U.S. could dictate terms, today’s world requires coalition-building and sustained engagement. By demanding compliance rather than seeking partnership, the U.S. accelerates the formation of blocs designed to counter American influence.

Secretary of State Marco Rubio framed the withdrawals in ideological terms, characterizing the targeted organizations as part of “a sprawling architecture of global governance, often dominated by progressive ideology and detached from national interests. From DEI mandates to ‘gender equity’ campaigns to climate orthodoxy, many international organizations now serve a globalist project rooted in the discredited fantasy of the ‘End of History.’”

This rhetoric positions multilateralism itself as an enemy. But the institutions being abandoned are not ideological constructs; these are the mechanisms through which the United States has exercised global leadership for 80 years.

Their abandonment does not eliminate the functions they serve. It simply transfers control to others.

Movement Towards Full UN Withdrawal

The escalating pattern suggests the Trump administration may be deliberately building toward complete UN withdrawal, pursuing a strategy similar to its apparent goal of weakening NATO until American withdrawal becomes politically feasible.

The progression is unmistakable. During Trump’s first term (2017-2021), the U.S. withdrew from UNESCO, the UN Human Rights Council, WHO, and stopped funding UNRWA. Biden reversed these decisions (2021-2025), rejoining WHO, restoring UNESCO funding, and re-engaging with UN agencies. Now in his second term, Trump has re-withdrawn from WHO, the Paris Agreement, and the Human Rights Council (January 2025), ordered a comprehensive review of all international organizations (February 2025), and withdrawn from 66 organizations including 31 UN entities (January 2026).

This trajectory suggests not selective pruning but systematic dismantling.

Congressional legislation reveals growing Republican consensus on full withdrawal. Senator Mike Lee and Senator Marsha Blackburn introduced the “DEFUND Act” on February 20, 2025. The bill would repeal the 1945 UN Participation Act, terminate U.S. membership, close the U.S. Mission to the United Nations, expel UN headquarters from U.S. territory, withdraw diplomatic immunity for UN employees, end all payments, and prohibit participation in peacekeeping.

While this bill has not passed, its existence signals that full withdrawal has moved from fringe position to mainstream Republican policy option. The Trump administration’s systematic defunding and withdrawal creates conditions where the DEFUND Act becomes not radical departure but logical conclusion.

The parallels to NATO are instructive. Trump has repeatedly questioned NATO’s value, threatened withdrawal, and demanded that allies pay more. His administration’s actions, including reducing troop commitments, questioning Article 5 obligations, and publicly berating allies, have weakened the alliance without formally leaving it. The pattern suggests a strategy of gradual disengagement that makes formal withdrawal appear inevitable rather than revolutionary.

The same pattern is visible with the UN: systematic non-payment, hostile rhetoric, withdrawal from component organizations, and public humiliation of the institution all working synergistically to create conditions where complete withdrawal seems like merely the final step in an already-accomplished transition.

17 Acres of Extraterritorial Land

One dimension of this confrontation has received insufficient attention: the physical territory of the United Nations itself.

The UN Headquarters occupies 17 acres along the East River that is, under the 1947 Headquarters Agreement, “under the control and authority of the United Nations.” This is not a metaphor. The Agreement, signed by Secretary of State George Marshall and ratified by Congress, creates essentially extraterritorial space within U.S. borders.

Section 9(a) states: “The headquarters district shall be inviolable. Federal, state or local officers or officials of the United States... shall not enter the headquarters district to perform any official duties therein except with the consent of and under conditions agreed to by the Secretary-General.”

The FBI, federal marshals, and ICE cannot enter UN territory without explicit permission. Section 23 provides: “The seat of the United Nations shall not be removed from the headquarters district unless the United Nations should so decide.” The U.S. cannot unilaterally expel the UN.

The 1988 ICJ precedent reinforces these protections. When Congress prohibited the PLO from maintaining UN offices, the Secretary-General invoked arbitration. The ICJ ruled that the United States is legally obligated to arbitrate such disputes. The U.S. backed down rather than face international condemnation.

The DEFUND Act explicitly calls for expelling UN headquarters and withdrawing diplomatic immunity. If enacted, it would trigger the most significant property dispute between the U.S. and an international organization in history.

But there is a complicating factor.

The Mamdani Variable

On January 1, 2026, one week before Trump announced the 66-organization withdrawal, Zohran Mamdani was inaugurated as New York City’s 112th mayor.

Mamdani is a 34-year-old democratic socialist, DSA member, immigrant from Uganda, the city’s first Muslim mayor, and youngest to hold the office in over a century. He was sworn in by Senator Bernie Sanders and declared he would “govern as a democratic socialist” and not “abandon my principles for fear of being deemed radical.”

His relevance became immediately apparent. Two days after his inauguration, when Trump launched the operation that captured Maduro, Mamdani called Trump directly to register opposition. In a public statement:

“Unilaterally attacking a sovereign nation is an act of war and a violation of federal and international law.”

This matters because the Mayor controls the NYPD, city services, permits, and infrastructure surrounding the UN campus. The 1947 Agreement establishes UN territory as inviolable by federal authorities, but depends on a cooperative relationship with the host city for external security, utilities, and the thousands of diplomatic missions generating $3.69 billion in annual economic output.

Mamdani’s political profile suggests he views the UN as a bulwark against Trump’s unilateralism. He has pledged to arrest Netanyahu if he visits New York under ICC warrants. His immigrant background as a refugee from Idi Amin’s Uganda means he understands personally what happens when international protections fail.

If the administration attempts to make UN headquarters “uncomfortable” through harassment tactics, Mamdani could become an active obstacle. The NYPD provides external security. City agencies control permits and infrastructure. A mayor determined to protect UN operations could use these levers to counteract federal pressure.

This creates a potential three-way standoff: Trump pushing to expel the UN, the Secretary-General asserting legal protections, and New York City’s mayor actively defending operations through municipal authority.

The first week of Mamdani’s term already involved coordinating with the NYPD on security for Maduro’s federal prosecution. His statement condemning the Venezuela operation as illegal under international law signals ideological alignment with the UN’s position.

International law lacks effective enforcement mechanisms against powerful states. The United States can violate the Headquarters Agreement with impunity. ICJ advisory opinions and General Assembly resolutions carry no material consequences.

A 34-year-old democratic socialist mayor of New York City might provide more effective resistance than the entire UN system. If federal agents attempt to enter UN headquarters without Secretary-General consent, Mamdani could order NYPD to maintain a protective perimeter. If federal authorities attempt to seize UN property, the city could challenge it in court.

The irony: the international legal order’s survival depending not on international law itself, but on domestic political resistance within the host country.

What remains unclear is whether Mamdani will actually fight. His first week has shown willingness to criticize Trump publicly and coordinate on security matters professionally. But there is a difference between rhetorical opposition and the kind of sustained institutional resistance that would genuinely protect UN operations against determined federal pressure.

The next 90-180 days will reveal whether Mamdani is a true obstacle to Trump’s UN agenda or merely a symbolic critic. If the former, the UN headquarters question becomes far more complicated than the administration anticipated. If the latter, the path to eventual expulsion clears considerably.

The Freedom City Scenario

One dimension of this crisis connects the Venezuela operation, recent threats towards Greenland, UN withdrawal, and Silicon Valley ideologues in ways that have received insufficient attention.

Two days after U.S. forces captured Maduro, Mark Lutter, executive director of the Charter Cities Institute (funded by Peter Thiel’s venture network), issued a public call:

“Venezuela doesn’t need to become another Iraq. It needs a Freedom City... A Freedom City = new land, new rules, real property rights, real rule of law—jointly built with the U.S.”

“Freedom City” is Trump’s term for what the tech-right calls a “Network State”: sovereign territory governed by corporations rather than democratic governments. The concept has developed in Silicon Valley for over a decade, backed by Thiel, Marc Andreessen, and other tech billionaires through Pronomos Capital.

The operational prototype exists. Próspera, a charter city on Honduras’s Roatán island, operates under its own legal framework: 1% business taxes, Bitcoin as legal tender, governance by corporate board rather than elected officials. When Honduras attempted to repeal enabling legislation, Próspera’s backers filed an $11 billion lawsuit. That’s 31% of Honduras’s GDP.

The connection to the Trump administration is direct. JD Vance is a former Thiel employee. Roger Stone argued that pardoning Honduras’s drug-trafficking ex-president could “crush socialism and save a freedom city.” Trump’s 2024 platform included plans for “Freedom Cities” on federal land.

These projects emerge from what researchers Timnit Gebru and Émile Torres call “TESCREAL” ideology: overlapping beliefs (Transhumanism, Extropianism, Singularitarianism, Cosmism, Rationalism, Effective Altruism, Longtermism) that justify authoritarian means through appeals to civilizational advancement. As Dave Troy writes, TESCREAL proponents have an “ends justify the means” mindset antithetical to democratic governance. The charter city movement operationalizes this: if democratic governments obstruct progress, create territories where democracy and its bothersome regulations don’t apply.

The Pattern: Venezuela, Cuba, Greenland, Manhattan

Now apply this framework across four targets, each facing different forms of U.S. pressure, each with charter city interests waiting.

Venezuela: Military Capture. Trump stated January 6: “I’ve spoken with several U.S. oil companies about commitments to rebuilding Venezuela’s infrastructure. They wanna go in so bad.” Within 48 hours of Maduro’s capture, Lutter proposed his Freedom City.

Cuba: Economic Strangulation. Trump and Rubio have explicitly stated their goal of collapsing Cuba’s government by cutting off Venezuelan oil. “Cuba is ready to fall,” Trump said. Rubio warned: “If I lived in Havana and I was in the government, I’d be concerned.” Lutter has published proposals for converting Guantanamo Bay into a charter city.

Greenland: Threats Against a NATO Ally. The same week, the administration escalated threats to seize Greenland from Denmark, declaring “utilizing the U.S. military is always an option.” Danish Prime Minister Mette Frederiksen warned this would end NATO.

Praxis, a $525 million “network state” startup backed by Thiel through Pronomos Capital, has pursued Greenland since 2019. That’s the same year Trump first proposed buying the island. Founder Dryden Brown traveled to Nuuk in 2024, tweeting: “I went to Greenland to try to buy it.” When Trump renewed acquisition threats in January 2026, Praxis’s account responded: “According to plan.”

Trump’s nominated ambassador to Denmark is Ken Howery, Thiel’s former business partner and Founders Fund co-founder. If confirmed, Howery would lead Greenland negotiations while maintaining financial ties to the network state movement.

The 1951 U.S.-Denmark Defense Agreement already gives America extensive military access to Greenland. Danish officials are baffled by Trump’s threats because the U.S. can achieve virtually any legitimate security objective under existing agreements. The threats make sense only if the goal is sovereignty transfer for projects requiring territorial control beyond what treaties permit.

UN Headquarters: Financial Strangulation. Now apply the same logic to 17 acres of prime Manhattan waterfront.

If the UN relocates to Geneva, Vienna, or Nairobi, the property becomes available. Under Section 22 of the Headquarters Agreement, the UN must offer it first to the U.S. government. The federal government could claim $4 billion in arrears as offset against fair market value.

The site could be designated a “Special Economic Zone” under expanded Opportunity Zone legislation. Private governance by Thiel network figures, crypto billionaires, and Trump associates could replace democratic accountability. Corporate tenants would replace diplomatic missions.

The marketing writes itself: “Freedom City Manhattan: Former site of failed international bureaucracy, now global innovation hub.”

The Russian Angle

The Greenland dimension becomes more troubling when examined through recent investigative reporting by Dave Troy, which reveals that the Venezuela-Greenland strategy did not originate in Silicon Valley boardrooms. It appears to have originated in the Kremlin.

According to Troy’s investigation, Vladimir Putin has been attempting to influence Trump to seize both Venezuela and Greenland since at least 2017. The reasoning is simple: if Trump would disengage in Ukraine, Putin would give Trump free rein in Venezuela. Each country is in the other’s “backyard.”

A swap.

The Greenland idea came not from security officials but from Ron Lauder, the Estée Lauder cosmetics heir and confidant to both Trump and Putin. As reported in The Divider by Peter Baker and Susan Glasser, Lauder approached Trump in 2017 saying he could help acquire Greenland. Lauder volunteered to serve as “back channel” to the Danish government. Kremlin records confirm that Lauder met with Putin on March 19, 2019, right when the administration’s still-private Greenland talks were at their peak. Lauder subsequently made direct investments in Greenland’s infrastructure, energy, and mining sectors.

The explicit quid pro quo came in spring 2019. Fiona Hill, then serving on the National Security Council under John Bolton, testified to Congress that her team received informal proposals from Russian counterparts signaling willingness to back off Venezuela if the United States would disengage in Ukraine:

“You have your Monroe Doctrine. You want us out of your backyard. Well, you know, we have our own version of this. You’re in our backyard in Ukraine.”

Bolton blocked the overtures, dismissing them as absurd. Hill was instructed to “go out to Russia to basically tell the Russians to knock this off.” The deal went nowhere during Trump’s first term.

On Russian state television in November 2020, days after Trump’s election loss, nationalist commentator Vladimir Zhirinovsky articulated the offer explicitly: “He will take Venezuela, we will take Ukraine. And he will say to everyone: Look—Venezuela. Tomorrow I will take Cuba. I would help him... If we need Trump, then let’s help him.”

Bolton resigned in September 2019 after repeated clashes with Trump over Russia policy. In August 2025, FBI agents raided Bolton’s home. He was indicted in October 2025 on 18 counts related to classified information in his memoir that documented these incidents. The man who blocked Russia’s Monroe Doctrine offers is now facing prosecution. The man who made those offers is executing them.

This reframes the Thiel network’s charter city interests not as the origin of the strategy but as opportunistic alignment with it. Putin provides the geopolitical logic. Silicon Valley provides the economic model for what comes after. The destination is the same: American withdrawal from the international order, territorial expansion in the Western Hemisphere, and corporate governance in the vacuum.

As Troy concludes: “NATO, the United Nations, and the European Union will all be challenged if the US continues on this hemispheric romp.”

The Through-Line

This is the thread connecting Venezuela, Cuba, Greenland, and potentially UN headquarters: weaponization of U.S. power to create “inflection points” where desperate governments or displaced institutions cede territory to corporate governance projects.

The pattern is consistent: create crisis, force institutional collapse, establish private governance in the vacuum. The actors overlap. The funding sources overlap. The ideology is explicit.

This is not speculative fiction. The legal infrastructure exists. The ideological framework exists. The operational prototype exists. The political access exists. The Venezuela precedent demonstrates willingness to convert regime change into corporate territorial control.

A Historical Warning

The current crisis invites comparison to the most consequential failure of international organization in modern history: the League of Nations.

The League was Woodrow Wilson’s brainchild, the centerpiece of his Fourteen Points for peace after World War I. But the United States never joined. Despite Wilson’s advocacy, including a speaking tour that contributed to his incapacitating stroke, the Senate refused ratification. Republican Senator Henry Cabot Lodge led opposition, arguing League membership would entangle America in foreign conflicts.

Without its most powerful potential member, the League was set to fail from its inception. Its failures accumulated: Japan invaded Manchuria in 1931, the League condemned it, Japan withdrew and kept Manchuria. Italy invaded Ethiopia in 1935; limited sanctions proved ineffective. Hitler remilitarized the Rhineland, annexed Austria, dismembered Czechoslovakia. The League proved impotent.

By 1939, the League was irrelevant. World War II killed an estimated 70-85 million people.

The United Nations was explicitly designed to avoid these failures. It gave major powers permanent Security Council seats with veto authority, ensuring continued participation. It established assessed contributions as legal obligations. Most importantly, the United States joined, and for 80 years remained committed.

The parallels are uncomfortable. Then as now, American critics argued international organization constrained national sovereignty. Then as now, isolationists promised withdrawal would free America from costly obligations. Then as now, absence of American leadership created vacuums aggressive powers exploited.

The lesson is not that international organizations always succeed. It is that their failure carries catastrophic consequences.

The Trust Deficit

Even if a future administration attempts to reverse withdrawals and resume funding, the credibility collapse may prove irreversible. Developing countries have now experienced two full cycles of U.S. withdrawal-reengagement-rewithdrawal: Trump 1.0 withdrew from Paris, WHO, and UNESCO. Biden rejoined. Trump 2.0 withdrew again, far more comprehensively.

No rational actor will structure long-term planning around American commitments after this pattern. Countries will not build energy transitions around U.S. climate commitments. Allies question NATO reliability if the U.S. won’t honor UN Charter obligations. Aid recipients diversify toward Chinese, European, and Gulf alternatives. Trading partners negotiate frameworks designed to function without U.S. participation.

The League of Nations’ inability to function after major power withdrawal led to World War II. The difference this time: China stands ready to lead a post-American international order. Not to destroy the UN, but to remake it in Beijing’s image.

Probability Assessment

How likely is any of this? Unlikely, but no longer absurd.

The chain of events faces obstacles at each stage. Most probable outcome: the UN stays put, operates under financial strain, and the headquarters question remains theoretical.

But “most probable” isn’t “certain.” A year ago, U.S. forces capturing a sitting head of state and flying him to Brooklyn for arraignment would have seemed like fiction. Now Maduro sits in the Metropolitan Detention Center. The Overton window for what this administration will attempt has shifted dramatically.

What to watch: Thiel network figures meeting with State Department or NSC officials. Legislation expanding Opportunity Zone authority. Trump riffing about “wasted space” at the UN. Ken Howery’s confirmation hearing. Quiet property acquisitions near Turtle Bay. Any of these would suggest the scenario is moving from ideological fantasy toward operational planning.

Conclusion

The UN Secretary-General’s statement today, while measured in tone, constitutes a sophisticated legal and political counteroffensive. Its goal: establish a firewall around UN operations allowing continued functioning as the U.S. withdraws. Whether this succeeds depends on factors beyond the Secretary-General’s control: European willingness to increase contributions, Chinese restraint, developing country loyalty to multilateral institutions, and the posture of New York City’s government.

The headquarters dimension adds complexity the Trump administration may not have anticipated. The 1947 Agreement creates legal obligations that cannot be abrogated by executive fiat. The mayor who controls the surrounding city has already challenged Trump’s foreign policy on legal grounds. And waiting in the wings are Silicon Valley ideologues with blueprints for converting institutional collapse into corporate territorial control.

International law lacks effective enforcement mechanisms against powerful states. The United States can violate treaty obligations with impunity. But domestic political resistance from courts, Congress, states, or cities can provide constraints international institutions cannot. The strange truth emerging from this crisis: the international legal order’s survival may depend less on international law itself than on subnational actors within powerful states who refuse to comply with federal abandonment of treaty obligations. A 34-year-old democratic socialist immigrant from Uganda may matter more to the UN’s physical survival than the Security Council.

The liberal international order constructed after 1945 provided frameworks that prevented major power war for eight decades, lifted billions from poverty, and facilitated unprecedented prosperity. That order is now in its death throes.

The question is what replaces it: a Chinese-centric order with the UN as instrument, a fractured world of competing blocs unable to cooperate on existential challenges, or a network of corporate enclaves where the billionaires who helped destroy multilateralism profit from its ruins.

The League of Nations collapsed because its most powerful potential member refused to join. The United Nations may collapse because its most powerful founding member decided to leave. America, having learned from the League’s failure that international institutions require great power commitment, is now teaching the world that American commitments cannot be trusted.

The contest is joined. On one side: the Secretary-General, developing countries clinging to multilateral frameworks, European allies torn between Atlantic partnership and institutional preservation, and a democratic socialist mayor who may or may not choose to fight. On the other: a president determined to destroy what he sees as constraints on sovereignty, a Congress aligned with withdrawal, and an ideological movement viewing democratic governance itself as obsolete.

The stakes could not be higher. The battle will be fought not only in diplomatic forums but on 17 acres of Manhattan real estate representing either the enduring promise of international law or its final grave.

This publication operates on reader subscriptions. If this analysis demonstrated value, please consider becoming a paid subscriber to help my research reach more readers.

Get 25% off for 1 year