THE BUZZ AT BARKSDALE: Earlier this month, a swarm of unidentified drones repeatedly buzzed Barksdale Air Force Base in Louisiana, home to nuclear-capable B-52 bombers. The drones reportedly loitered for hours, shrugged off jamming attempts, and came back for encores over multiple nights, at one point forcing a runway shutdown and sending airmen into a “shelter in place” alert. Who is behind it? No one knows - or at least no one is saying. Somehow, we don’t think it’s Google Maps.
IRAN EXPANDS TARGET LIST TO INCLUDE…YOUR RETIREMENT ACCOUNT: Iranian officials are helpfully clarifying that the modern battlefield now includes your brokerage statement. In remarks tied to the escalating conflict, an Iranian official warned that entities financing the U.S. military, including investors buying U.S. debt, could be considered legitimate targets. Mohammad Bagher Ghalibaf (who some media claimed was in discussions with Jared Kushner and Steve Witkoff) said on X that, “In addition to military bases, those financial institutions that fund the U.S. military budget are considered legitimate targets. U.S. Treasury bonds are tainted with the blood of Iranians. If you proceed to purchase them, you are in fact attacking your own assets and primary headquarters. We are monitoring your investment portfolios.”
YOU CAN RUN BUT YOU CANNOT HIDE: According to press reports, a sailor aboard the French aircraft carrier Charles de Gaulle recently revealed the exact location of his ship by running circles around the flight deck while underway off the Turkish coast. He was allegedly using an app called Strava, which lets runners share their workouts online. Media reports say the sailor racked up more than four miles in a 36-minute workout which could have helped the Iranians target the ship, if they wanted to. French military leaders are reportedly unhappy with the sailor and “appropriate measures will be taken by the command” per a statement. Presumably that does not include a workout.
DOES THE SHIP OF STATE LEAK FROM THE TOP? The Pentagon escorted senior civilian Dan Caldwell out last year amid a leak investigation into who was feeding sensitive information to journalists. This week, the Office of the Director of National Intelligence hired him to help support the President's Daily Brief. Caldwell is said to have passed his polygraph so apparently the previous allegations were unsubstantiated. But his new home office has its own leak problems. Joe Kent, who led ODNI's National Counterterrorism Center until resigning this week in protest over the Iran war, is now reportedly under FBI investigation for allegedly sharing classified information - an inquiry that is said to predate his departure. Kent told Tucker Carlson on Wednesday these reports were only attempts to discredit him.
HOME SWEET DRONE: The U.S. government has spent years warning about drone threats to military installations. Apparently, they weren’t kidding. The Washington Post says that over the past ten days multiple drones were spotted over Fort McNair - a Washington, DC Army base that sits close to Capitol Hill and lacks the standoff distance of other installations in the capital region. The wrinkle: Fort McNair is where Secretary of Defense Pete Hegseth and Secretary of State Marco Rubio live. Both men moved onto the base citing security concerns. The Post says that officials considered relocating them after the drone sightings and decided against it. No one knows where the drones came from. Kinda concerning, no?
WAGERING WAR: Prediction markets have become a useful but imperfect tool for gauging geopolitical risk. Apparently now they also produce a new breed of threat actor: the enraged gambler with a WhatsApp account and a grudge. Israeli journalist Emanuel Fabian reported on March 10 that an Iranian ballistic missile struck near the city of Beit Shemesh. No one was injured, well at least yet. As Fabian recounted in The Times of Israel, his story had intersected with more than $14 million Polymarket bets on whether Iran would strike Israel that day. The catch: the market's fine print excluded intercepted missiles. Bettors who wanted the strike to not count wanted Fabian to change his story. They asked nicely at first. Then came the threats. A bettor identified only as "Haim" informed Fabian via WhatsApp that he and his associates had lost $900,000, had already located Fabian’s parents, siblings, and neighborhood, and offered a binary choice: rewrite the story or face the consequences. "You will never, ever earn enough money to pay back even half of those you stole from," Haim wrote, somewhat overlooking the fact that Fabian’s story that a missile DID land was accurate. The Intelligence Community has long fought against conspiracy theorists who mangle intelligence to fit a narrative. Journalists are now fighting the same battle - except the people demanding they rewrite reality aren't true believers. They're just trying to win a bet.
TUCKER’S DEEP STATE TALES: Tucker Carlson posted a five-minute video Saturday night claiming that the CIA read his texts with Iranian contacts and is preparing a criminal referral against him to the Department of Justice - punishment, he implies, for his journalism before the U.S. struck Iran. Let’s explore some context, shall we? The CIA is statutorily barred from domestic surveillance on U.S. persons. So if Carlson's texts were collected, it most likely would have been NSA incidental collection under FISA 702 - standard intake when the foreign end of a conversation is a valid target. Carlson claimed the charges against him would involve FARA (the Foreign Agents Registration Act) But that would require evidence of his being paid by a foreign government. Maybe Iran subscribes to his news channel. Carlson himself called the potential case "ludicrous" and doesn't expect charges to materialize. Roger that. In recent years, Carlson has claimed that the NSA had been monitoring his communications when he was working to set up interviews with Russian President Vladimir Putin. Carlson torched his MAGA credentials recently by calling Operation Epic Fury "absolutely disgusting and evil." And Trump has recently cut him loose. He might be on the search for a new identity. "Journalist persecuted by the Deep State for opposing the Iran war" may fill that need.
TAKE YOUR KID TO THE ROCKET RANGE DAY: North Korean leader Kim Jong Un has been busy modeling fatherly bonding for the world - at the business end of a 600mm rocket launcher. State media reports that Kim, accompanied by his teenage daughter, observed a live-fire test of multiple rocket launch systems off North Korea's east coast, a likely response to the ongoing U.S. - South Korean Freedom Shield exercises that Pyongyang habitually treats as a provocation. News aggregator KCNA reported that twelve 600 mm-caliber ultraprecision rocket launchers were tested, and Kim told observers the weapons would give enemies "a deep understanding of the destructive power of tactical nuclear weapons." It was not Kim's only recent father-daughter weapons outing. Earlier, state media showed him and his daughter Kim Ju Ae (who is believed to be about 13 or 14 years old) test firing a pistol at an arms factory. The girl has been accompanying her father at numerous high-profile events like missile tests and military parades since late 2022, stoking outside speculation that she's being groomed as his heir. Most families do the zoo. The Kims do tactical nukes and pistol ranges.
DOES THIS MAKE MY BUTTRESS LOOK BIG? Speaking of Kim Jong Un, the North Korean leader marked International Women's Day this month with what may go down as history's most backhanded tribute to women. In a speech in Pyongyang, Kim praised the "physically weak" but "strong-willed" women of his country, calling them a "solid buttress of the revolution." Here’s a killer quote from him: "Though physically weak, they are obviously strong-willed, their plain faces assuming courage and the wrinkles on them denoting their strenuous exertion," he said.
THE PENTAGON'S NEWEST OPSEC NIGHTMARE: TWITTER RANDOS WITH A FLIGHT APP: The Pentagon has a spy problem, and its name is FlightRadar24. A U.S. Air Force officer laid bare her alarm at a late January conference: "You have feeds on Twitter of random people who are just researching where our planes are flying and posting that," said Maj. Claire Randolph - head of the weapons and tactics branch at U.S. Air Forces Central Command and a planner of Operation Midnight Hammer. Randolph added, "If U.S. analysts did some of that, we would consider it secret or maybe even top secret. But that stuff is just allowed on the open internet. So operational security is really, really difficult to conceal." The problem isn't hypothetical. During the buildup to Operation Midnight Hammer, the lead tanker became the most tracked flight in the world as users on Flightradar24 spotted tankers fanning out south of Whiteman Air Force Base - home to the B-2 fleet. (The Pentagon's countermove was to send bombers west as a decoy while the actual strike package flew east over the Atlantic - a feint that worked, but only barely.) Now, a Shanghai-based firm widely assessed as a Chinese government front, called MizarVision, has been publicly posting satellite imagery of American military movements throughout Operation Epic Fury, including locations of F-22 fighters, command and control aircraft, and carrier strike groups - with some sites subsequently targeted by Iranian retaliation. The intelligence community spent decades building classified systems to track adversary movements. Turns out, adversaries just need a Wi-Fi connection and an app.
GRU = “GOOGLING RUSSIANS UNCOVERED” - A new investigation by The Insider and Der Spiegel, says that after Unit 29155 - the GRU covert operations unit behind the Salisbury nerve agent attack - got many of their officers exposed by open-source investigators (by using sequential passport numbers, etc), Moscow built a replacement. Called “Center 795” was staffed largely with FSB and GRU veterans, backed by a billionaire arms dealer, and designed to operate “air-gapped” from outside surveillance. But 795 may need to be deep-sixed after news broke that it was undone because two operatives didn't speak the same language and used Google Translate to run an assassination-or-abduction plot. Because Google’s translation service runs on U.S. servers, the FBI reportedly obtained a warrant and quietly collected the translation logs in real time. As one source noted, it was even better than a wiretap. One operative who allegedly put a $1.5 million bounty on two Chechen dissidents - dead or deported - was arrested at a Colombian airport on Defender of the Fatherland Day, enroute to a beach resort. The investigation lays out the unit's full org chart, leadership, and financing. Center 795 is as burned as its predecessor. Russia will, no doubt, build a third unit. Perhaps they will invest in Rosetta Stone - or at least a subscription to a non-U.S. based LLM.
Got news to share? Drop us a note: Editor@thecipherbrief.com
Read more expert-driven national security insights exclusively in www.thecipherbrief.com.