Risky Bulletin: Russian Cyber Security Picked a Side

Podcast: Risky Bulletin
Host: Amberly Jack
Guest: Tom Uren (Policy and Intelligence Editor)
Date: August 21, 2025
Episode Theme:
A deep dive into the evolving relationships between Russian cybersecurity companies and the Russian government post-Ukraine invasion, as well as an exploration of Russia’s push for domestic messaging apps and the UK’s encryption policy stumble with Apple.

Main Theme Overview

This episode explores how geopolitical pressures have pushed Russian cybersecurity companies to align closely with the Russian government, the effectiveness and implications of Russia's forced migration to a state-backed messenger app, and the diplomatic tangle surrounding UK demands for access to encrypted Apple iCloud data. Tom Uren and Amberly Jack scrutinize trends showing the end of the era for truly global cybersecurity firms, the intersection of national interests and technology, and the real-world effects on citizens and privacy.

Key Discussion Points and Insights

1. Russian Cybersecurity Firms: Picking a Side

[00:41–08:13]

Core Focus: Examining Kaspersky, Positive Technologies, and Code Security—three Russian firms whose fortunes have shifted post-Ukraine invasion.
Western reactions: All three companies have been sanctioned by the US; Kaspersky has been banned outright in several countries.
Outcome for Russian companies: Despite sanctions and bans, these firms have experienced record profits.
- Tom: "It actually pays to pick sides. ... Prior to, I don't know, maybe 2020 or so, Kaspersky was a global company ... tried to isolate itself from being associated with the Russian government. ... But in fact, it's just adapted." [02:47]
Business Pivot:
- Western bans led these companies to successfully rebrand themselves as non-Western alternatives—attractive to nations wary of US/Western vendors.
- Kaspersky established overseas data centers, which, while met with skepticism in the West, functioned effectively as a marketing and business strategy.
Broader Trend: The increasing alignment of cybersecurity firms with their national governments.
- Tom: "It's a natural consequence of increasing competition that cybersecurity firms are drawn closer to their host countries. ... You’re not just a cybersecurity firm, you’re a Russian cybersecurity firm or a Chinese one or a US one." [07:27]
- The war in Ukraine has made these alignments glaringly clear and highlights an industry-wide, but seldom discussed, reality.

2. Russia Forcing Citizens Off Foreign Messenger Apps

[08:13–13:38]

Government Actions: Since early August, Russia has systematically degraded WhatsApp and Telegram’s voice/video call functionality.
Motivation: Explicit effort to push citizens to adopt Max—a new messenger app built by VK (state-controlled).
- Tom: "The Russian government has decided, well, we'll just guarantee success by making sure that nothing else works." [09:17]
Methods:
- Partial blocking (so far affecting calls, not texts—though full blocking is being considered).
- Pre-installing Max on all new devices.
- Mandating government communications migrate to Max.
Comparison with China: Unlike China’s more organic evolution with WeChat, Russia’s approach is direct government intervention—less carrot, more stick.
- Tom: "When you have the, ‘well, let’s just switch everything else off,’ that seems like a very powerful motivator to adopt this app." [12:14]
Impact on Citizens: Real hardship, particularly for elderly and remote citizens unfamiliar with new tech.
- Tom: "It’s hard to talk through with your grandparents how to install a particularly new app and get it working. They’re used to WhatsApp, that kind of story. Sad." [13:21]

3. UK’s Encryption Policy and the Apple iCloud Debacle

[13:38–18:50]

Background: In January, the UK issued a Technical Capability Notice to Apple demanding backdoor access to iCloud backups; the news broke publicly later, triggering global reactions.
- Tom: "The UK had issued a secret government order called the Technical Capability Notice. ... According to the reporting, 'Please provide us with the capability to access iCloud backups full stop.'" [14:13]
International Fallout: Outcry from US officials, including the Director of National Intelligence and even President Trump.
- Tom (paraphrasing officials): "This is, you know, like something you’d hear out of China." [15:58]
Resulting Policy Shift: The UK has apparently "backed down," but the compromise means Apple will not enable Advanced Data Protection (user-only key access) for UK citizens’ iCloud. US and other non-UK citizens remain unaffected.
- Tom: "Apple said ... for UK citizens, we’re going to essentially switch off advanced data protection. ... So that seems to me like maybe there’s just a compromise position." [17:41]
Conclusion: The incident is cast as a diplomatic blunder by the UK, with a compromise that protects US users but leaves UK citizens exposed.

Notable Quotes & Memorable Moments

On Russian cyber firm realignment:
- Tom: "It actually pays to pick sides ... you’re not just a cybersecurity firm, you’re a Russian cybersecurity firm or a Chinese one or a US one." [07:27]
On Russia’s heavy-handed push for Max:
- Tom: "The Russian government has decided, well, we'll just guarantee success by making sure that nothing else works." [09:17]
On encryption diplomacy failure:
- Tom: "I think the whole story is just kind of a failure of diplomacy... I think the UK probably stumbled into this without understanding the implications for the broader relationship." [18:27]
On the lived impact of Russia’s messenger clampdown:
- Tom: "It’s hard to talk through with your grandparents how to install a particularly new app and get it working. They’re used to WhatsApp, that kind of story. Sad." [13:21]

Timestamps for Key Segments

[00:41] – Russian cybersecurity firms’ alignment with Moscow post-invasion
[07:27] – Analysis of global versus national identity in cybersecurity firms
[08:44] – Russia’s forced migration to the Max messaging app
[13:21] – Real-world disruptions to Russian citizens
[13:59] – UK demands Apple provide backdoor access; international uproar
[17:41] – Policy compromise: advanced encryption withheld from UK citizens

Episode Summary

This episode dissects how geopolitics is fracturing the global cybersecurity landscape, driving firms to choose sides and align with home governments—especially true for Russian companies thriving under sanctions by rebranding themselves as anti-Western alternatives. It highlights Russia's forceful and rapid transition to a state-controlled messenger, stressing its impact on ordinary people and revealing the blunt tools of state digital policy. Finally, the hosts unpack the UK government’s failed maneuver to coerce Apple into compromising the privacy of all iCloud users, resulting in a lopsided outcome that angers privacy advocates and underscores the pitfalls of policy made without global consequences in mind.

Risky Bulletin: Russian Cyber Security Picked a Side

Main Theme Overview

Key Discussion Points and Insights

1. Russian Cybersecurity Firms: Picking a Side

[00:41–08:13]

Core Focus: Examining Kaspersky, Positive Technologies, and Code Security—three Russian firms whose fortunes have shifted post-Ukraine invasion.
Western reactions: All three companies have been sanctioned by the US; Kaspersky has been banned outright in several countries.
Outcome for Russian companies: Despite sanctions and bans, these firms have experienced record profits.
- Tom: "It actually pays to pick sides. ... Prior to, I don't know, maybe 2020 or so, Kaspersky was a global company ... tried to isolate itself from being associated with the Russian government. ... But in fact, it's just adapted." [02:47]
Business Pivot:
- Western bans led these companies to successfully rebrand themselves as non-Western alternatives—attractive to nations wary of US/Western vendors.
- Kaspersky established overseas data centers, which, while met with skepticism in the West, functioned effectively as a marketing and business strategy.
Broader Trend: The increasing alignment of cybersecurity firms with their national governments.
- Tom: "It's a natural consequence of increasing competition that cybersecurity firms are drawn closer to their host countries. ... You’re not just a cybersecurity firm, you’re a Russian cybersecurity firm or a Chinese one or a US one." [07:27]
- The war in Ukraine has made these alignments glaringly clear and highlights an industry-wide, but seldom discussed, reality.

2. Russia Forcing Citizens Off Foreign Messenger Apps

[08:13–13:38]

Government Actions: Since early August, Russia has systematically degraded WhatsApp and Telegram’s voice/video call functionality.
Motivation: Explicit effort to push citizens to adopt Max—a new messenger app built by VK (state-controlled).
- Tom: "The Russian government has decided, well, we'll just guarantee success by making sure that nothing else works." [09:17]
Methods:
- Partial blocking (so far affecting calls, not texts—though full blocking is being considered).
- Pre-installing Max on all new devices.
- Mandating government communications migrate to Max.
Comparison with China: Unlike China’s more organic evolution with WeChat, Russia’s approach is direct government intervention—less carrot, more stick.
- Tom: "When you have the, ‘well, let’s just switch everything else off,’ that seems like a very powerful motivator to adopt this app." [12:14]
Impact on Citizens: Real hardship, particularly for elderly and remote citizens unfamiliar with new tech.
- Tom: "It’s hard to talk through with your grandparents how to install a particularly new app and get it working. They’re used to WhatsApp, that kind of story. Sad." [13:21]

3. UK’s Encryption Policy and the Apple iCloud Debacle

[13:38–18:50]

Background: In January, the UK issued a Technical Capability Notice to Apple demanding backdoor access to iCloud backups; the news broke publicly later, triggering global reactions.
- Tom: "The UK had issued a secret government order called the Technical Capability Notice. ... According to the reporting, 'Please provide us with the capability to access iCloud backups full stop.'" [14:13]
International Fallout: Outcry from US officials, including the Director of National Intelligence and even President Trump.
- Tom (paraphrasing officials): "This is, you know, like something you’d hear out of China." [15:58]
Resulting Policy Shift: The UK has apparently "backed down," but the compromise means Apple will not enable Advanced Data Protection (user-only key access) for UK citizens’ iCloud. US and other non-UK citizens remain unaffected.
- Tom: "Apple said ... for UK citizens, we’re going to essentially switch off advanced data protection. ... So that seems to me like maybe there’s just a compromise position." [17:41]
Conclusion: The incident is cast as a diplomatic blunder by the UK, with a compromise that protects US users but leaves UK citizens exposed.

Notable Quotes & Memorable Moments

On Russian cyber firm realignment:
- Tom: "It actually pays to pick sides ... you’re not just a cybersecurity firm, you’re a Russian cybersecurity firm or a Chinese one or a US one." [07:27]
On Russia’s heavy-handed push for Max:
- Tom: "The Russian government has decided, well, we'll just guarantee success by making sure that nothing else works." [09:17]
On encryption diplomacy failure:
- Tom: "I think the whole story is just kind of a failure of diplomacy... I think the UK probably stumbled into this without understanding the implications for the broader relationship." [18:27]
On the lived impact of Russia’s messenger clampdown:
- Tom: "It’s hard to talk through with your grandparents how to install a particularly new app and get it working. They’re used to WhatsApp, that kind of story. Sad." [13:21]

Timestamps for Key Segments

[00:41] – Russian cybersecurity firms’ alignment with Moscow post-invasion
[07:27] – Analysis of global versus national identity in cybersecurity firms
[08:44] – Russia’s forced migration to the Max messaging app
[13:21] – Real-world disruptions to Russian citizens
[13:59] – UK demands Apple provide backdoor access; international uproar
[17:41] – Policy compromise: advanced encryption withheld from UK citizens

wavePod

Srsly Risky Biz: Russian cyber security picked a side

Powered by Wave AI

Summary

Risky Bulletin: Russian Cyber Security Picked a Side

Main Theme Overview

Key Discussion Points and Insights

1. Russian Cybersecurity Firms: Picking a Side

2. Russia Forcing Citizens Off Foreign Messenger Apps

3. UK’s Encryption Policy and the Apple iCloud Debacle

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Episode Summary

Summary

Risky Bulletin: Russian Cyber Security Picked a Side

Main Theme Overview

Key Discussion Points and Insights

1. Russian Cybersecurity Firms: Picking a Side

2. Russia Forcing Citizens Off Foreign Messenger Apps

3. UK’s Encryption Policy and the Apple iCloud Debacle

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Episode Summary