Risky Bulletin – Srsly Risky Biz: Google's cyber disruption unit kicks its first goal
Podcast: Risky Bulletin
Host: Amberly Jack (A)
Guest: Tom Urian (B), Policy and Intelligence Editor
Date: February 5, 2026
Episode Overview
This episode dives into two major stories in recent cybersecurity policy and intelligence:
- Google's cyber disruption unit achieving a significant success by targeting a major residential proxy network (IP Idea) used by threat actors.
- Starlink's rapid countermeasures to prevent Russian use of its satellite service for drones in Ukraine, and the broader issues of compliance and government leverage with Musk-owned companies.
Key Discussion Points and Insights
1. Google’s Cyber Disruption Unit vs. Residential Proxy Network IP Idea
What is IP Idea and Its Role?
- IP Idea is a large residential proxy service central to modern cybercrime.
- Collects devices (often through paid SDKs in mobile apps) and uses them as proxies for whoever pays – overwhelmingly cybercriminals.
- End users typically have no idea their devices are being used this way. (01:09)
- Used for:
- Evading blocklists
- Espionage, cybercrime, information ops, disinformation
- Google found 550+ different threat actors using the network within a week.
How Google Disrupted IP Idea
- Two-pronged approach:
- Technical analysis and intelligence sharing
- Identified involved domains, SDK integrations, and affected apps across Android, iOS, Windows, and LG OS.
- Shared findings with other platforms and researchers—enabling mass app removal and future prevention. (03:00)
- Legal action
- Secured a court order to take down domains critical to network operation and marketing.
- Immediate operational disruption, including millions of Android devices removed from the proxy network.
- Technical analysis and intelligence sharing
- Impact:
- “They’ve taken a big swipe at a very significant player in the network.” (05:53 B)
- Rare, high-impact action; Google and Microsoft together have done only a handful of such takedowns ever.
Why Aren’t There More Actions Like This?
- Such court-ordered, technical takedowns are complex, slow, and costly; only giants like Google/MS do a few each decade.
- “If you look at cybercrime, I think you’d be hard pressed to find many people who would say that...the good people are winning.” (06:37 B)
How to Make Civil Takedowns Easier
- Referencing Susannah Seymour's policy paper:
- The process is proven but too slow, largely due to legal/technical hurdles and lack of specialized knowledge (08:48).
- Solutions:
- Legislating a specialized court for internet/cyber takedowns (“the gold standard”).
- Create templates for court filings and evidence to help companies repeat these actions faster.
- Implement process and expertise improvements without requiring “big bang” legislation.
Notable Quotes
- “These are in some way the dark matter of cybercrime...the whole business is shady.” (02:00 B)
- “The simplest, easiest thing to do is just to make that [court] process easier and quicker for companies.” (07:30 B)
- “It feels like these [actions] are so infrequent...that no one gets enough time and practice and expertise in really dealing with them.” (09:39 B)
2. Starlink Moves Fast to Block Russian Drones – But Only When It Wants To
Starlink’s Quick Action Against Russian Use (10:37)
- Russians began using Starlink with Molnya drones for long-range attacks inside Ukraine in December.
- Drones were previously controlled by radio; later dragged fiber optics; finally began using Starlink terminals for unlimited range.
- Ukrainians appealed to SpaceX, and within a week:
- Starlink instituted a speed limit (75km/h): disables terminals on fast-moving objects, stopping drone usage (12:52).
- Added an allowlist for Ukrainian terminals: only registered devices can operate, preventing black market misuse.
- Context: Solution could've been implemented far earlier; previously relied on geofencing, easily circumvented at the fluid front line.
Contrast: Starlink’s Complacency Elsewhere
- Scam compounds in SE Asia used Starlink terminals en masse when authorities cut communications; SpaceX did nothing for months until threatened by US Congress.
- “It wasn’t until there was a threat of a congressional investigation that they did anything about them. And...thousands of terminals get disabled all at once.” (14:56 B)
Takeaway: When Do Musk's Companies Act for Governments?
- Starlink/SpaceX moves fast only when politically necessary or when Musk is personally engaged.
- Otherwise, government must apply heavy political or regulatory pressure.
- Example: X (Twitter) in Brazil refused to comply with a court order until local assets were threatened. “Within a couple of days, Musk had folded.” (16:11 B)
Notable Quotes
- “It’s a wonderful illustration of how when SpaceX wants to move very quickly, it can... but unless it kind of appears that unless it catches Musk’s eye, it doesn’t happen.” (13:55 B)
- “For issues where government really cares and SpaceX or Starlink or Musk doesn't, that’s the answer: you just need to be prepared to bring a big stick.” (16:45 B)
Memorable Moments & Speaker Attribution
- Amberly Jack, humorously:
- “What do you mean, Tom? That’s the gist of our show every week.” (06:44 A)
- Tom Urian, summarizing Google’s action:
- “It’s a enabler of cybercrime. They’ve taken a big swipe at a very significant player in the network. How do we get more of this?” (05:53 B)
- On process change:
- “The gold standard...is Congress should legislate for a special court that deals with these issues. And like that makes sense for a lot of reasons...” (08:51 B)
- Realism about Musk’s companies:
- “That’s not an ideal way of doing business, but I think that’s just the way it is.” (16:59 B)
Timestamps for Key Segments
- Intro & Google’s disruption of IP Idea: 00:04–06:40
- The need for more, faster civil takedowns: 06:40–10:37
- Starlink, Russian drones, speedy countermeasures: 10:37–15:32
- Government leverage over Musk’s companies: 15:32–17:12
Summary
This episode gives a forensic look at landmark interventions by tech giants against cybercrime and misuse of digital infrastructure. The discussions highlight not only the technical and legal strategies behind Google’s and SpaceX’s recent actions, but also the broader policy, governance, and accountability issues in getting the private sector to act in the public interest—sometimes only when compelled.
