DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

ICE's $28.7 Billion Surveillance Machine Has a Security Problem

Patrick Duggan
Jan 13
4 min read

The Irony

Immigration and Customs Enforcement just received its largest budget in history: $28.7 billion - ten times the agency's total surveillance expenditures over the past 13 years. Much of that money flows to private contractors who provide phone tracking, location data, facial recognition, and device forensics.

There's just one problem: these surveillance vendors have serious security issues of their own.

Gravy Analytics: 17 Terabytes Gone

In January 2025, Gravy Analytics - the parent company of Venntel, ICE's primary location data supplier - suffered a catastrophic breach.

What Happened	Details
Data exfiltrated	17 terabytes
Attack method	Root server access + S3 bucket compromise
Attacker	Russian cybercriminals
Sample released	1.4 GB on XSS cybercrime forum
Locations exposed	~30 million worldwide

The hackers gained root access to Gravy's servers and control over their Amazon S3 storage buckets. They released samples showing precise latitude/longitude coordinates, timestamps, and device identifiers.

What Gravy/Venntel sells to ICE: Location data from 250+ million mobile devices, processing 17 billion location signals daily. The data allows ICE to conduct "pattern of life analysis" and track individuals to sensitive locations including healthcare facilities, places of worship, and protest sites.

Current status: Gravy Analytics' website has been down since early January 2025. The FTC took action against them in December 2024, ordering them to delete historical location data and prohibiting sales of sensitive location information.

The location data ICE has been using to track people is now in the hands of Russian criminals.

Cellebrite: The Forensics Tool That Can Be Forensicked

Cellebrite makes the UFED (Universal Forensic Extraction Device) - the tool ICE uses to unlock phones and extract data. ICE has an $11 million contract with them.

Cellebrite has three significant security exposures:

1. The Hacktivist Leak (2023)

Full UFED suite
Physical Analyzer
License tools
Technical documentation
Customer documents

The entire toolkit ICE pays millions for is available on torrent sites.

2. Signal's Vulnerability Disclosure

In 2021, Signal's Moxie Marlinspike published research demonstrating that Cellebrite's own software is vulnerable to exploitation. A file on a target phone could execute arbitrary code on the Cellebrite machine analyzing it.

From Signal's blog:

"By including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it's possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports."

The forensics tool can be weaponized against the forensics examiner.

3. Zero-Day Exploit Chain Exposed (2025)

In February 2025, Amnesty International documented Cellebrite being used against a Serbian student activist. The analysis revealed a zero-day exploit chain targeting Android USB drivers:

CVE-2024-53104 (CVSS 7.8) - USB Video Class privilege escalation
CVE-2024-53197 - Linux kernel USB vulnerability
CVE-2024-50302 - Additional USB driver flaw

These vulnerabilities affect potentially over a billion Android devices.

Cellebrite responded by banning Serbia from using their products. The vulnerabilities have since been patched by Google.

Babel Street: Access Control Issues

Babel Street sells "Locate X" - a location tracking service ICE and CBP use to monitor phone movements. ICE has contracts totaling nearly $3 million with them.

Investigation by Atlas Data Privacy Corp found that access to Locate X - supposedly restricted to government agencies - was available to almost anyone who claimed government ties. No rigorous verification.

A class action lawsuit has been filed alleging privacy violations.

Babel Street sources much of its data from the same ecosystem as Gravy Analytics - meaning the 17TB breach potentially compromises their data supply chain as well.

The Full Surveillance Stack

Here's what ICE is buying and from whom:

Vendor	Product	Contract	Known Issues
Gravy/Venntel	Location data	$2M+	17TB breach, FTC action
Babel Street	Locate X tracking	$3M	Lawsuit, lax access controls
Cellebrite	Phone forensics	$11M	Software leaked, CVEs exposed
Magnet Forensics	Graykey unlock	$3M	None public
Paragon	Graphite spyware	$2M	Controversial, no breach known
PenLink	Webloc/Tangles	$5M	None public
ShadowDragon	Social media intel	$4.2M	None public
TOSV	Stingray vehicles	$1.5M	None public

What This Means

The surveillance-industrial complex has a security problem.

For immigrants and activists: The tools being used to track you are built on compromised infrastructure. Gravy's location data is in criminal hands. Cellebrite's software is on torrent sites. The "pattern of life analysis" ICE conducts relies on vendors who can't secure their own systems.

For ICE: You're spending billions on tools from companies that have been breached, leaked, and sued. The Gravy Analytics data you purchased is now in Russian hands. The Cellebrite toolkit is freely available online. Your operational security is only as good as your weakest vendor.

For the vendors: Your customers are government agencies conducting sensitive operations. Your security failures don't just expose your company - they expose the operations of your clients and the data of millions of people.

The Accountability Gap

When a surveillance vendor gets breached, who's accountable?

Gravy Analytics' website is down. No public statement.
The FTC acted, but only after years of violations.
ICE continues operations using potentially compromised data.
Cellebrite banned Serbia but continues selling globally.

The companies that track hundreds of millions of people can't track their own attack surface.

The author runs DugganUSA's threat intelligence platform from Minneapolis, where ICE is currently conducting what DHS calls its "largest enforcement operation ever." He has reported 102,171 malicious IPs to AbuseIPDB and maintains situational awareness of surveillance technology.

Her name is Renee Nicole Good.