Risky Bulletin – Between Two Nerds: "An Internet Blackout Won't Stop NSA in Iran"

Podcast: Risky Bulletin by Risky Business Media
Episode Date: March 9, 2026
Hosts: Tom Uren (A) and grugq (B)

Episode Overview

This episode of Between Two Nerds dives into the practical and strategic impacts of government-imposed internet shutdowns during cyber conflict, focusing on Iran’s response to sustained cyber operations during the recent US-Israeli strike and the assassination of Supreme Leader Ali Khamenei. The hosts explore whether cutting off the Internet is truly an effective defensive measure and examine how top-tier intelligence agencies such as the NSA prepare for these scenarios. Controls, contingency planning, and the technical (and non-technical) methods of maintaining espionage under blackout conditions are discussed, with comparison to other potential "internet-kill-switch" actors.

Key Discussion Points & Insights

1. Initial Context: Iran’s Internet Blackout

• Tom sets the scene: following the high-profile attack (inc. assassination) and cyber operations, Iran shut off the Internet within about 4 hours ([00:10]–[01:14]).

• His original hypothesis: More effective cyberattacks may push regimes to extreme actions like cutting off the Internet.

  "I wrote that they perhaps or speculated that there's this dynamic where the more effective the cyber operations against you are, the more likely you are to take extreme action." — Tom [00:10]

• Both agree: Iran's shutdown is less tactical (not a direct cyber countermeasure) but a regime habit to stifle dissent ([01:15]–[02:15]).

  "It's one of their default reactions to trouble as opposed to a specific response to this specific attack." — grugq [02:06]

2. When Would a State Kill the Internet?

• Drastic measures are plausible under overwhelming pressure—especially for overmatched or unprepared states ([02:15]–[03:54]).

• The issues of infrastructure capability and organizational routine affect shutdown feasibility.

  "Iranians have practice doing exactly this so that they will have plans and procedures and people to call." — grugq [03:33]

• Example: North Korea could do it, but their internet exposure is minimal and wouldn’t even affect their own cyber ops ([03:54]–[04:28]).

3. Practicalities and Attacker Contingencies

• These shutdowns can catch cyber operators off guard—unless they are prepared for loss of traditional ingress/egress routes ([04:59]–[05:53]).

• For high-profile targets like Iran, it's expected; experienced teams build alternative comms and data-exfil methods.

  "I think when it comes to Iran, at least capable cyber actors would be thinking, yeah, they're probably going to switch off the Internet. So what's our plan B?" — Tom [05:53]

  "If they didn't think that, they haven't been operating for longer than three weeks, because just a month ago... that literally happened." — grugq [06:14]

4. Historical Examples: Out-of-Band Espionage

• Discuss the US embassy in Moscow bug (“The Thing”) as an example of clever, non-networked information exfiltration ([07:00]–[08:00]).

• Even in blackout, intelligence flows through creative, hard-to-detect means.

  "Even without the Internet, there's ways of getting information out of places by being clever that are hard to detect." — Tom [07:47]

5. Prioritization and Redundancy in Cyber Espionage

• Espionage priorities change with connectivity loss; not everything can be targeted, but high-value data stays in focus.

  "If you've got a $20 billion black budget... if you're not able to deal with contingency planning, what are you even doing?" — grugq [09:06]

• Iran is a high-priority, standard-shutdown target, so the U.S. and Israel likely prepare non-internet-dependent methods ([10:13]–[11:03]).

6. Wider Applicability and the Limits of Internet Shutdowns

• Not transferable to every nation—economically integrated states (Germany, UK, China) would suffer too much pain ([03:17]–[03:33], [12:12]–[12:44]).

• In China, the Great Firewall could be further hardened rather than shut down ([12:12]–[14:26]).

  "China could actually turn off the Internet, like completely isolate themselves... I don't know if they would want to do that, but they could." — grugq [14:01]

7. China’s "Sovereign Internet" and Contingency Planning

• China’s autochthonous tech stack gives unique resilience, but isolating from the global Internet is still politically/economically risky.
• Operations like Vault Typhoon show China is planning both offense and defense, including potential infrastructure sabotage and adaptive filtering ([14:26]–[15:55]).

8. Espionage "Maslow’s Hierarchy of Needs"

• State priorities: intelligence first, then operational effects ([16:03]–[16:41]).

• If effects aren't possible, fallback is always knowledge gathering, even through non-internet routes.

  "There's probably a Maslow's hierarchy of needs for states... effects at one end and at the bottom end it's like just intelligence is so much more valuable." — grugq [16:03]

9. Nations and Organizations: Who Can Operate Under Blackout?

• Very few nations can maintain cyberespionage without the Internet—probably the US/NSA, Israel, China, Russia, and only a handful more ([19:34]–[20:27]).

• Most countries, even wealthy ones, don't invest enough to attain this.

  "The ability to have non Internet reliant cyber espionage capability is very, very thin. Like there's a couple of countries..." — Tom [20:15]

10. Iran’s and Other Targets’ Mindsets

• Even knowing some adversaries might get in, states continue attempts to secure their networks ([21:29]–[21:54]).

• Most of the time, most entities aren’t actively breached.

  "For most people most of the time it's a fair assumption that you're not being surveilled. It's a big call." — Tom [22:22]

11. Starlink as an Alternative Channel

• Recent reports: US sent ~8,000 Starlink terminals to Iran following a shutdown ([23:06]–[23:41]).

• Raises possibility these terminals shipped with USG-modified firmware/hardware, offering covert communication routes ([23:41]–[24:37]).

  "If that was me and I'm the government, I'm probably sending the special firmware pack with, you know, like, why wouldn't you?" — grugq [23:48]

• Tom points out the visibility of Starlink’s wifi component, but agrees special hardware is plausible if it’s government-provided.

12. If the Only Way to Stop Collection is Complete Shutdown

• The only way to shut out the NSA (et al.) completely would be a draconian, all-encompassing shutdown—crippling the state, but "a win" for the attacker ([24:37]–[25:55]).
• Cutting even internal networks would leave the country inoperable and constitute "success" for foreign adversaries who otherwise couldn’t achieve that with normal cyberattacks.

Notable Quotes & Memorable Moments

• On Academic Politeness:

  "[Arguable.] Yeah. Like that's the polite way in academia of saying you're wrong." — grugq ([01:27])

• On Ransomware Analogy:

  "This felt to me a bit like Jaguar Land Rover... turned off a whole lot of stuff. Because doing that was better than letting a ransomware group run." — Tom ([02:32])

• On Preparedness for Iranian Blackouts:

  "If they didn't think that, they haven't been operating for longer than three weeks... that literally happened." — grugq ([06:14])

• On US Security Blunders:

  "The problem was that the websites were built off, not exactly a template, but they were... similar enough... you could just Google for particular strings..." — Tom ([18:12])

• On $20B Black Budget and Planning:

  "If you've got a $20 billion black budget... and you're not able to, to deal with contingency planning, what are you even doing?" — grugq ([09:06])

• On Sovereign Internets:

  "China... could actually turn off the Internet, like completely isolate themselves... I think they're one of the very, very few countries that could and could still operate internally..." — grugq ([14:01])

• On Espionage Prioritization:

  "There's probably a Maslow's hierarchy of needs for states... at the bottom end it's like just intelligence is so much more valuable." — grugq ([16:03])

• On Starlink shipments:

  "If that was me and I'm the government, I'm probably sending the special firmware pack with, you know, like, why wouldn't you?" — grugq ([23:48])

Important Timestamps

• 00:10 – Tom introduces the theme and his initial hypothesis about cyber ops and internet shutdowns
• 02:06 – Default regime reactions; internet shutdown as standard, not exceptional, response
• 03:33 – Discussion of which states can or will execute their own shutdowns; comparison to Jaguar Land Rover
• 06:14 – Emphasis on operator preparedness and "lessons learned" over repeated shutdowns, particularly in Iran
• 07:00–08:00 – The story of covert Soviet bugging (the "Thing") in the US embassy in Moscow, illustrating non-digital espionage
• 09:06 – The criticality of contingency planning in major intelligence agencies
• 14:01 – China’s possible capability to isolate itself fully, thanks to domestic alternatives
• 16:03 – "Maslow’s hierarchy" for cyber priorities: knowledge first, effects later
• 23:41 – Starlink terminals shipped to Iran and the plausibility of embedded special access for the USG

Tone and Approach

Conversational, humorous, and deeply technical, the hosts (Tom and grugq) balance historical anecdotes, plausible hypotheticals, and scathing observations about government cyber stupidity and operational realism. They blend practical advice ("If you’re not ready by Iran blackout #5, shame on you") with tongue-in-cheek asides ("You probably couldn’t even listen to Between Two Nerds—that could crash your entire economy right there!" [12:44]), keeping the mood light even on strategic matters.

Summary for Non-Listeners

• Cutting the Internet is not a panacea for cyber defense—top intelligence agencies are prepared for it and have alternative methods.
• Only a handful of states are capable of both executing such shutdowns and continuing effective cyber defense/offense.
• Real contingencies for "internet blackout" scenarios exist and are regularly tested—especially where shutdowns are routine (like Iran).
• Intelligence priorities shift under blackout: most critical collection continues through alternative channels, while broad targeting is reduced.
• Technically and historically, espionage adapts—whether by new tech (like Starlink) or old-school tricks (passive bugs, carrier pigeons).
• The episode is rich in context, humor, and specifics, offering a skilled overview of real-world cyber strategy and how states endure—even thrive—when the network cables are cut.