Risky Bulletin – Srsly Risky Biz: Hacking for Godot (October 23, 2025)

Main Theme

This episode of Seriously Risky Biz dives into contemporary cybersecurity policy and intelligence, focusing on U.S. government utilization of the private sector in offensive cyber operations—with a comparative look at China’s approach—and an exploration of the evolving ransomware ecosystem, as profiled in two major reports. The hosts, Amberly Jack and policy/intelligence editor Tom Uren, unpack government strategies, industry dynamics, and the strange, often paradoxical personalities that thrive in cybercrime.

Key Discussion Points & Insights

1. U.S. Government and Private Sector in Offensive Cyber (00:47–09:08)

Dartmouth Institute Report Overview

A recent report from Dartmouth’s Institute for Security Technology and Society brings together ~30 offensive cyber experts to discuss the U.S. government leveraging the private sector for increased cyberspace dominance.
The report defines “offensive cyber” broadly: from developing tools and gaining access to conducting direct espionage or disruption operations.

Critical Observations

Tom points out a “starting assumption” in the report: more private sector involvement is desirable, but motives and goals aren’t fully clear.

“It assumes that we want to get to a certain place and that place is more private sector involvement in offensive cyber activities…”
— Tom Uren [01:18]
U.S. strategy is contrasted with China:
- China: “Hack first, sort things out later”—multiple buyers, broad targeting, and an opportunistic, marketplace-like approach.
- U.S.: Government defines precise intelligence requirements, has a single (government) “customer,” and targeted operations.
There are potential difficulties in trying to match China’s hacking-at-scale model:

“It strikes me as really hard to figure out what you would do with a whole lot more intelligence from China ... where it’s not clear that the government cares.”
— Tom Uren [04:13]

Policy Recommendations

The report recommends piloting programs authorizing vetted private sector teams to target “low risk actors” (e.g., cryptocurrency scammers, ransomware operators).
The logic: These attackers operate at scale, individually cause limited harm, but collectively represent significant threats—making them suitable for distributed, privately led responses.

“If you want an at scale response, perhaps the private sector is the place to get that.”
— Tom Uren [06:33]
A significant scam baiting community already operates with tacit legal tolerance, indicating the government is “pushing on an open door” to expand these efforts officially.

2. Anatomy of the Ransomware Ecosystem (09:08–16:47)

Profile: Analyst1 Report on ‘Devman’

Discussion shifts to an Analyst1 report by John DiMaggio profiling 'Devman’, a ransomware operator uniquely candid with security researchers.
Devman, a mid-tier, non-exceptional operator, transitions quickly from affiliate to running his own ransomware-as-a-service (RaaS) platform.

“He very quickly goes from being an affiliate for a couple of different ransomware gangs to, within six months, he set up his own ransomware as a service platform.”
— Tom Uren [11:19]
What motivates Devman is largely unclear; control seems a dominant factor, leading to unusual rules for his platform:

“He sets out these codes of conduct... You’re not allowed to be unprofessional.”
— Tom Uren [12:07]

“If you are unprofessional, I’m going to take that negotiation away from you.”
— Tom Uren [12:50]
Despite 'professionalism', Devman’s only targeting “red line” is children—he explicitly encourages targeting critical infrastructure and hospitals.

“He’s perfectly fine with targeting hospitals… If hospitals are going to be so cold and calculating, well, we should be too.”
— Tom Uren [14:39]
Devman justifies this by referencing both overheard, transactional ransom negotiations by hospital staff and historical events (e.g., NATO’s 1999 hospital bombing), revealing individual and sometimes idiosyncratic moral logic.

“He has reasons that relate to him that are totally individual.”
— Tom Uren [15:28]

Ecosystem Implications

The proliferation of these smaller, unpredictable players is seen as inevitable, even as action against 'big fish' is somewhat effective.
Law enforcement “suppressed the ransomware business,” but “there’ll always be these small players popping up with their own agenda that are willing to take risks.”
Further supports the case for a private sector response to the sprawling ransomware landscape.

Notable Quotes & Memorable Moments

U.S. vs. China Cyber Models:

"So their system is the exact opposite where the government is the customer. ... Whereas China is the opposite. Many customers, many intelligence requirements, hack first, figure it out later."
— Tom Uren [04:48]
On ‘Devman’s’ RaaS Platform:

"I’m sick of people being rude to each other, so I’m going to set up my own ransomware as a service platform where people will be nice."
— Tom Uren [12:15]
On Targeting Hospitals:

"He sat in a negotiation that the Conti Ransomware group did with a hospital ... [the hospital] was talking about the ransom in terms of weighing-up how much it would cost to pay versus the payouts to people who die."
— Tom Uren [14:40]
On Ransomware’s Unstoppable Splintering:

"The ransomware ecosystem is going to splinter because you’ll have all sorts of people who have their own individual reasons for doing things."
— Tom Uren [13:28]

Important Segment Timestamps

00:47–03:38: Dartmouth report on U.S. private sector offensive cyber strategy
03:38–09:08: Comparison of U.S. and Chinese cyber approaches, pilot program suggestions
09:08–11:19: Analyst1 report intro—ransomware operator ‘Devman’
11:19–13:23: How and why ‘Devman’ launches his own RaaS platform
13:23–16:47: Codes of conduct, unusual targeting choices, and moral logic in the ransomware ecosystem

Summary

This episode highlights pressing questions about the optimal role of the private sector in America’s cyber offensive posture, contrasted with China’s market-driven hacker ecosystem, and demonstrates—through a Dr.-Strangelove-meets-true-crime profile—just how the ransomware underground continually mutates around every attempted clampdown. The interplay of policy, real-world criminal behavior, and the limits of both official and private action reveals the deeply human, messy nature of cybersecurity’s front lines.

For full analysis and more insights, the hosts direct listeners to the Seriously Risky Business newsletter at Risky Biz.

Risky Bulletin – Srsly Risky Biz: Hacking for Godot (October 23, 2025)

Main Theme

Key Discussion Points & Insights

1. U.S. Government and Private Sector in Offensive Cyber (00:47–09:08)

Dartmouth Institute Report Overview

A recent report from Dartmouth’s Institute for Security Technology and Society brings together ~30 offensive cyber experts to discuss the U.S. government leveraging the private sector for increased cyberspace dominance.
The report defines “offensive cyber” broadly: from developing tools and gaining access to conducting direct espionage or disruption operations.

Critical Observations

Tom points out a “starting assumption” in the report: more private sector involvement is desirable, but motives and goals aren’t fully clear.

“It assumes that we want to get to a certain place and that place is more private sector involvement in offensive cyber activities…”
— Tom Uren [01:18]
U.S. strategy is contrasted with China:
- China: “Hack first, sort things out later”—multiple buyers, broad targeting, and an opportunistic, marketplace-like approach.
- U.S.: Government defines precise intelligence requirements, has a single (government) “customer,” and targeted operations.
There are potential difficulties in trying to match China’s hacking-at-scale model:

“It strikes me as really hard to figure out what you would do with a whole lot more intelligence from China ... where it’s not clear that the government cares.”
— Tom Uren [04:13]

Policy Recommendations

The report recommends piloting programs authorizing vetted private sector teams to target “low risk actors” (e.g., cryptocurrency scammers, ransomware operators).
The logic: These attackers operate at scale, individually cause limited harm, but collectively represent significant threats—making them suitable for distributed, privately led responses.

“If you want an at scale response, perhaps the private sector is the place to get that.”
— Tom Uren [06:33]
A significant scam baiting community already operates with tacit legal tolerance, indicating the government is “pushing on an open door” to expand these efforts officially.

2. Anatomy of the Ransomware Ecosystem (09:08–16:47)

Profile: Analyst1 Report on ‘Devman’

Discussion shifts to an Analyst1 report by John DiMaggio profiling 'Devman’, a ransomware operator uniquely candid with security researchers.
Devman, a mid-tier, non-exceptional operator, transitions quickly from affiliate to running his own ransomware-as-a-service (RaaS) platform.

“He very quickly goes from being an affiliate for a couple of different ransomware gangs to, within six months, he set up his own ransomware as a service platform.”
— Tom Uren [11:19]
What motivates Devman is largely unclear; control seems a dominant factor, leading to unusual rules for his platform:

“He sets out these codes of conduct... You’re not allowed to be unprofessional.”
— Tom Uren [12:07]

“If you are unprofessional, I’m going to take that negotiation away from you.”
— Tom Uren [12:50]
Despite 'professionalism', Devman’s only targeting “red line” is children—he explicitly encourages targeting critical infrastructure and hospitals.

“He’s perfectly fine with targeting hospitals… If hospitals are going to be so cold and calculating, well, we should be too.”
— Tom Uren [14:39]
Devman justifies this by referencing both overheard, transactional ransom negotiations by hospital staff and historical events (e.g., NATO’s 1999 hospital bombing), revealing individual and sometimes idiosyncratic moral logic.

“He has reasons that relate to him that are totally individual.”
— Tom Uren [15:28]

Ecosystem Implications

The proliferation of these smaller, unpredictable players is seen as inevitable, even as action against 'big fish' is somewhat effective.
Law enforcement “suppressed the ransomware business,” but “there’ll always be these small players popping up with their own agenda that are willing to take risks.”
Further supports the case for a private sector response to the sprawling ransomware landscape.

Notable Quotes & Memorable Moments

U.S. vs. China Cyber Models:

"So their system is the exact opposite where the government is the customer. ... Whereas China is the opposite. Many customers, many intelligence requirements, hack first, figure it out later."
— Tom Uren [04:48]
On ‘Devman’s’ RaaS Platform:

"I’m sick of people being rude to each other, so I’m going to set up my own ransomware as a service platform where people will be nice."
— Tom Uren [12:15]
On Targeting Hospitals:

"He sat in a negotiation that the Conti Ransomware group did with a hospital ... [the hospital] was talking about the ransom in terms of weighing-up how much it would cost to pay versus the payouts to people who die."
— Tom Uren [14:40]
On Ransomware’s Unstoppable Splintering:

"The ransomware ecosystem is going to splinter because you’ll have all sorts of people who have their own individual reasons for doing things."
— Tom Uren [13:28]

Important Segment Timestamps

00:47–03:38: Dartmouth report on U.S. private sector offensive cyber strategy
03:38–09:08: Comparison of U.S. and Chinese cyber approaches, pilot program suggestions
09:08–11:19: Analyst1 report intro—ransomware operator ‘Devman’
11:19–13:23: How and why ‘Devman’ launches his own RaaS platform
13:23–16:47: Codes of conduct, unusual targeting choices, and moral logic in the ransomware ecosystem

Summary

For full analysis and more insights, the hosts direct listeners to the Seriously Risky Business newsletter at Risky Biz.

wavePod

Srsly Risky Biz: Hacking for Godot

Powered by Wave AI

Summary

Risky Bulletin – Srsly Risky Biz: Hacking for Godot (October 23, 2025)

Main Theme

Key Discussion Points & Insights

1. U.S. Government and Private Sector in Offensive Cyber (00:47–09:08)

2. Anatomy of the Ransomware Ecosystem (09:08–16:47)

Notable Quotes & Memorable Moments

Important Segment Timestamps

Summary

Summary

Risky Bulletin – Srsly Risky Biz: Hacking for Godot (October 23, 2025)

Main Theme

Key Discussion Points & Insights

1. U.S. Government and Private Sector in Offensive Cyber (00:47–09:08)

2. Anatomy of the Ransomware Ecosystem (09:08–16:47)

Notable Quotes & Memorable Moments

Important Segment Timestamps

Summary