Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Data Leak

ICE is Using WhatsApp Metadata to Track Suspect Networks, Court Order Reveals

by Nam Phong · October 23, 2025

The U.S. Immigration and Customs Enforcement (ICE) has been using WhatsApp as a tool for surveillance. According to a recently declassified court order, the Homeland Security Investigations (HSI) division obtained authorization to track the contacts of suspects through metadata from the messaging platform — without accessing the content of their conversations. This strategy enables the agency to identify entire networks of individuals involved in illicit activities by analyzing only the timing and recipients of messages.

In one case detailed in the order, HSI, under the Biden administration in 2024, was granted authorization to deploy a pen register — a system for collecting communication metadata — on the account of a Guatemalan national suspected of selling forged documents. Although the contents of WhatsApp messages remain encrypted, ICE could still see who the suspect communicated with and when. By cross-referencing the phone numbers in her contacts with multiple databases, an agent was able to identify most of her interlocutors. One of them turned out to be another seller of counterfeit IDs, who was subsequently arrested and charged. Authorities now intend to trace the buyers of these documents to locate additional undocumented migrants residing in the United States.

The order also permitted the government to unlock a seized phone using biometric methods, such as fingerprint or facial recognition. Such measures have alarmed civil liberties advocates, who argue that these warrants circumvent the traditional requirement of demonstrating “probable cause,” allowing authorities to collect data in an excessively broad and intrusive manner. Court filings reveal that hundreds of similar warrants have been issued across various U.S. states this year, most of which remain classified.

At the core of this surveillance infrastructure lies PenLink, a Nebraska-based company founded by entrepreneur Mike Moorman. PenLink supplies ICE and the FBI with tools for creating pen registers and analyzing data from social networks. Under a $25 million federal contract, the company provides ICE with systems capable of monitoring and analyzing voice, text, and web communications, including interactions on platforms like Facebook, which were previously off-limits for such operations.

A Forbes investigation emphasizes that these practices form part of a broader digital surveillance framework in the United States — one in which technologies originally designed to combat crime are steadily transforming into instruments of mass monitoring and control.

Related coverage

  • FortiBleed Firewall Attack Exposes UK Government Data
  • Predator Spyware Victims Sue Intellexa
  • Android Signing Key Leak Exposes 278 Apps to Fake Updates
  • Apple Hide My Email Vulnerability Exposes Real Addresses
  • BioShocking: How a Fake Game Tricks AI Browsers Into Leaking Secrets

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share

Tags: HSIICEmetadataprivacySurveillanceWhatsApp

Follow:

  • Next story Google’s Billion-Dollar Pivot: AI-Assisted Migration to Arm Architecture
  • Previous story CISA: Critical Windows SMB Flaw Under Active Attack with Public Exploit

  • Recent Posts
  • Popular Posts
  • Tags
  • ZEGO textile factory cyberattack bankruptcy, corporate cyber threat consequences

    Cybercriminals

    ZEGO Cyberattack Bankruptcy: Textile Firm Closes

    July 15, 2026

  • context bombing defense mechanism, AI agent cloud security trap

    Cybercriminals

    Context Bombing: A Novel Defense Against AI Hackers

    July 15, 2026

  • ACSC CMS exploitation campaign web shells installed via WordPress and Joomla CVEs globally

    Cybercriminals

    ACSC Warns: CMS Campaign Installs Web Shells via 17 CVEs

    July 14, 2026

  • U-Boot FIT image signature verification vulnerabilities CVE Binarly bootloader exploit firmware

    Vulnerability

    6 U-Boot Vulnerabilities Let Attackers Hijack Boot Process

    July 14, 2026

  • Progress Software ShareFile Storage Zone Controller shut down over external threat CVE-2026-2699

    Vulnerability

    Progress Software Shuts Down ShareFile Over External Threat

    July 14, 2026

  • Apache Camel vulnerabilities enabling server-side request forgery and authentication bypass in JMS and WebSocket connectors

    Vulnerability

    Apache Camel Patches Five High-Severity Vulnerabilities

    July 9, 2026

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • Solus 4.4 Fortitude releases, Linux distribution

    Linux

    Solus 4.4 Fortitude releases, Linux distribution

    January 26, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro