DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

"Avenge Me, Boys. AVENGE MEEEEE!"

Patrick Duggan
Jan 27
6 min read

"All that hate's gonna burn you up, kid."

Powers Boothe as Col. Tanner

Let's be clear: I'm not writing this out of hate. I'm writing this because I spent three years at the Washington Post Company watching Lally Weymouth throw Blackberrys into desk drawers at 251 W 57th Street, and I learned something important: the people with power don't use the same tools as everyone else.

When I worked federal contracts, we used SIPR and JWICS - classified networks the public can't touch. When I consulted for Fortune 500s, they had dedicated VPNs and hardware tokens. The asymmetry is intentional.

This guide is about operational security for people who might need secure communications when systems fail. Natural disasters. Infrastructure collapse. Or scenarios that looked like fiction in 1984 and feel less fictional watching 3,000 federal agents occupy Minneapolis in January 2026.

I'm not advocating anything. I'm documenting which platforms will get you caught and which ones won't. I've seen the subpoenas. I've read the court filings. I know what the feds can and can't access.

The Tier List: What Actually Works

TIER 1: High-Threat Environments

#### Briar (Android Only)

Field	Detail
E2E Encryption	Yes (always)
Central Server	NONE - P2P only
Phone Number Required	No
Works Offline	YES - Bluetooth/WiFi mesh
Works Over Tor	Yes (built-in)
Russian Connections	None

Why Briar: When the Cubans cut the phone lines, Briar still works. Devices within ~100m can communicate via Bluetooth mesh. No server to subpoena. No infrastructure required.

"It's like a ham radio, but for the smartphone generation."

Limitation: Android only. No iOS support. Contacts must be online simultaneously to sync.

#### Signal (Protocol Still Solid)

Field	Detail
E2E Encryption	Yes (always, all messages)
Central Server	Yes (Signal Foundation, US)
Phone Number Required	Yes
What FBI Gets	Registration timestamp + last connection only

Why Signal is still good: The FBI investigation is about the users, not the protocol. Signal genuinely cannot read your messages. When subpoenaed, they provide:

Account creation date
Last connection timestamp
That's it.

Proven in court. Multiple times.

Limitation: Phone number = identity link. US jurisdiction.

TIER 2: Good Security, Some Trade-offs

#### Session (No Phone Number)

Field	Detail
E2E Encryption	Yes (always)
Phone Number Required	NO (Session ID only)
Onion Routing	Yes (built-in)
Russian Connections	None (Australian)

Why Session: No phone number. Onion routing hides your IP. Decentralized network. Fork of Signal protocol.

Limitation: Australia = Five Eyes. Smaller network.

#### Element/Matrix (Self-Hosted)

Field	Detail
E2E Encryption	Yes (opt-in per room, default on DMs)
Self-Hostable	YES - you control the server
Phone Number Required	No

Why Matrix: If you self-host, no third party has your data. Good for group coordination.

Limitation: E2E not default in all rooms. Complexity to set up.

TIER 3: Acceptable

#### Threema

Field	Detail
E2E Encryption	Yes (always)
Jurisdiction	Switzerland
Phone Number Required	NO
Cost	~$5 (paid model)

Why Threema: Swiss jurisdiction, no phone number, paid model means not ad-driven.

"Because WE LIVE HERE!"

Patrick Swayze as Jed, explaining why they fight

DO NOT USE: The Honeypots

#### Discord - AVOID

Issue	Detail
E2E Encryption	NONE
All Messages	Readable by Discord
LE Cooperation	Yes, readily and quickly
Metadata	Full social graph available

Discord is a honeypot for this use case. I've reviewed Discord's transparency reports. In 2023, they responded to 8,682 legal requests and provided user data in 82% of cases. Average response time? Days, not weeks.

Every message stored in plaintext on their servers. Server membership = instant network mapping for anyone with a subpoena. I've seen the data packages. They're comprehensive.

If you migrate from Signal to Discord, you've made yourself EASIER to track. I watched this happen today in Minneapolis. It hurt to watch.

#### Telegram - RUSSIAN FRONT

Issue	Detail
E2E Encryption	ONLY in "Secret Chats" - OFF by default
Default Chats	Readable by Telegram
Origin	Russian founders (Durov brothers)
Jurisdiction	Dubai (currently)

Telegram's dirty secret: Your messages are NOT encrypted by default. Only "Secret Chats" have E2E - and those don't sync across devices. I've tested this myself. Create a Telegram account, send a regular message, then request your data from Telegram. It's all there. Plaintext.

Pavel Durov built Telegram after leaving VKontakte (Russia's Facebook). The Russian intelligence links are unproven but persistent. In August 2024, French authorities arrested Durov in Paris. MTProto - their proprietary protocol - has never been independently audited by a credible third party.

I tracked DPRK threat actors using Telegram for C2 in December 2025. If North Korean hackers trust it, that tells you something. Or it should.

Do not trust Telegram.

#### WhatsApp - Meta Owns Your Metadata

Issue	Detail
E2E Encryption	Yes (Signal protocol)
Owner	Meta/Facebook
Metadata	Extensively collected
Cloud Backups	Often unencrypted

The loophole: WhatsApp uses Signal's protocol for messages, but Meta harvests all the metadata. Who you talk to, when, how often. And if you back up to iCloud or Google? Those backups may be unencrypted.

Under active investigation in Minneapolis as of January 27, 2026.

"How did you get tough?"

Matt: "I was always tough."

The Decision Tree

Need highest security + offline capability?
  → Briar (Android only)

Need cross-platform + no phone number? → Session

Need group coordination + self-host capability? → Element/Matrix (self-hosted)

Need Swiss jurisdiction + easy setup? → Threema

General secure messaging, phone number acceptable? → Signal (still best protocol)

Russian origins or no E2E by default? → DO NOT USE ```

Operational Principles

1. Compartmentalization Different channels for different purposes. Don't mix social and operational. Assume any channel can be burned.

2. Phone Numbers Are Identity Platforms requiring phone numbers link to real identity. Use Session, Briar, or Threema to avoid this. Burner phones help but aren't foolproof.

3. Metadata Kills WHO talks to WHOM, WHEN, WHERE. Content encryption doesn't hide metadata. Onion routing (Briar, Session) helps.

4. Assume Compromise Channels get burned. Have migration plans ready. Don't put anything in writing you wouldn't say in court.

5. Mesh Networks for Network Disruption Briar works over Bluetooth/WiFi when internet is cut. Range: ~100m between devices. Plan for infrastructure going down.

"The chair is against the wall. John has a long mustache."

That's the BBC broadcast signaling the D-Day invasion in WWII. Pre-arranged signals over broadcast media. Low-tech. Effective.

Sometimes the best OPSEC is the simplest.

What's Happening in Minnesota Right Now

I've been tracking this since January 7th, when Hector Rogelio Chacon-Orellana was killed outside a West St. Paul gas station. I've indexed over 59,000 IOCs in our threat intel platform, but this hit different. This was my state.

As of January 27, 2026 - the day I'm writing this:

3,000+ federal agents deployed to Minneapolis metro - I counted the vehicles at Fort Snelling myself
Fort Snelling converted to regional detention hub (500-800 permanent capacity) - on the site of an 1862 concentration camp for Dakota people. The historical irony is not lost on anyone.
Alex Jeffery Pretti, 27, killed by federal agents on January 24th on the 2400 block of Bloomington Avenue. DHS admitted today that two officers fired at least 10 rounds in 5 seconds. Their own report doesn't claim he reached for his weapon.
Signal channel under FBI investigation - announced this morning
Operations expanding to St. Cloud (65 miles northwest, significant Somali community), Maple Grove, St. Paul, and Willmar (100 miles west, Jennie-O turkey plant, Latino workforce)

I watched the ICEout tracker today. While CNN covered Tom Homan's meeting with Tim Walz at the State Capitol, enforcement activity spiked in Willmar and St. Cloud. The "de-escalation" narrative is misdirection. The ground truth from community observers shows operations expanding, not contracting.

They gave the media a shiny object. They burned the community's comms. They expanded the geographic footprint.

This is why OPSEC matters. Not theory. Practice. Right now. In Minnesota.

Resources

EFF Surveillance Self-Defense
Signal Court Subpoena Response
Briar Project
Matrix.org Security
ICEout Community Tracking (Community resource)

"Wolverines!"

The kids in Red Dawn didn't have a communications plan. They spray-painted "WOLVERINES" on every attack site. They shouted their identifier from rooftops. The Soviets mapped their network in weeks. They lost.

I watched Patrick Swayze die in that movie when I was 12. It was the first time I understood that being brave wasn't enough. You had to be smart.

Forty years later, I'm watching people in my home state migrate from Signal to Discord because they're scared and Discord feels familiar. I get it. I do. Fear makes you reach for comfort, not security.

But Discord is a honeypot. Every message stored in plaintext. Every server membership a social graph. Every subpoena answered within days.

You can do better. You have to do better.

Note: This is defensive security documentation. I'm a cybersecurity professional in Minnesota writing this on January 27, 2026, watching federal agents occupy my state while the FBI investigates community communication channels.

I hope you never need this guide. I hope the infrastructure never fails. I hope you never find yourself in a situation where secure communications are the difference between safety and danger.

But if you do? Use Briar. Use Session. Use Signal. Self-host Matrix.

Do not use Discord. Do not use Telegram. Do not trust platforms that can read your messages.

The best OPSEC is not needing it.

But if you need it, use the right tools. The Wolverines didn't. Don't make their mistake.

Documented by: DugganUSA LLC Date: 2026-01-27

CTA

STIX Feed: analytics.dugganusa.com/api/v1/stix-feed
OTX Pulse: AlienVault OTX - DugganUSA