Federal agents on Thursday announced the arrest of a suspect charged with planting the two pipe bombs discovered near the US Capitol complex on the eve of January 6, 2021. Authorities identified the man as Brian J. Cole Jr., a resident of Woodbridge, Virginia. The arrest marks a major break in a case that has vexed authorities for nearly five years.

Cole, 30, is charged with transporting an explosive device across state lines with the intent to kill, injure, intimidate, or destroy property and with attempting to damage and destroy the headquarters of the Republican and Democratic national committees by means of an explosive device. If convicted, he would face the prospect of decades in prison.

According to an affidavit, investigators linked Cole to the bombs through a combination of surveillance footage, historical cell-site data, and years of purchase records showing he bought each major component used to construct the devices. Agents allege Cole acquired the same model of galvanized pipe, matching end caps, and nine-volt connectors, among other items, across multiple hardware stores in northern Virginia in 2019 and 2020.

Cole continued buying components used in bomb-making after his bombs in the Capitol were discovered, agents allege, listing the purchase of a white kitchen timer and two nine-volt batteries from a Walmart on January 21, as well as galvanized pipes from Home Depot the following day.

Senior Trump administration officials quickly cast the arrest as a vindication of their own leadership, claiming the case had gone cold. Attorney General Pam Bondi said she hoped the arrest would restore public trust following what she characterized as a “total lack of movement” on a case that had “languished for four years.” In their telling, the breakthrough was proof that the case only advanced once they were empowered to “go get the bad guys” and stop “focusing on other extraneous things,” as FBI deputy director Dan Bongino put it.

“Though it had been nearly five years, our team continued to churn through massive amounts of data and tips that we used to identify this suspect,” said Darren Cox, deputy assistant director of the FBI’s criminal investigative division.

The bombs were planted near the headquarters of the Republican and Democratic national committees the night of January 5, 2021, as Congress prepared to certify Joe Biden’s electoral victory over Donald Trump. Both failed to detonate, but their discovery the following day added to the chaos and confusion unfolding as a pro-Trump mob stormed the US Capitol building, causing millions of dollars in damage and injuring approximately 140 Capitol and Metropolitan Police Department officers.

As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too.

“I don’t know of anybody who’s ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.”

Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it’s all a means to an end for him,” she says. “And the end is privacy for everyone.”

Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash.

Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says.

But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren’t doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon.

In 2025, trust became the most exploited surface in modern computing. For decades, cyber security has centered on vulnerabilities, software bugs, misconfigured systems and weak network protections. Recent incidents in cyber security marked a clear turning point, as attackers no longer needed to rely solely on traditional techniques.

This shift wasn’t subtle. Instead, it emerged across nearly every major incident: supply chain breaches leveraging trusted platforms, credential abuse across federated identity systems, misuse of legitimate remote access tools and cloud services, and AI-generated content slipping past traditional detection mechanisms. In other words, even well-configured systems could be abused if defenders assumed that trusted equals safe.

Highlighting the lessons learned in 2025 is essential for cyber security professionals to understand the evolving threat landscape and adapt strategies accordingly.