Srsly Risky Biz: Starlink an internet lifeline for pig butchering compounds - Risky Bulletin

Summary5 min read

Risky Bulletin: Episode Summary Title: Srsly Risky Biz: Starlink an Internet Lifeline for Pig Butchering Compounds
Host: Patrick Gray
Guest: Tom Uren, Policy and Intelligence Editor
Release Date: March 6, 2025

1. Introduction

In this episode of Risky Bulletin, host Patrick Gray and policy and intelligence editor Tom Uren delve into pressing cybersecurity concerns, focusing primarily on the misuse of Starlink services by illicit operations in Myanmar. The discussion also touches upon broader implications for government policy, intelligence sharing, and the role of major tech companies in regulating their services.

2. Starlink’s Role in Illicit Activities

The episode opens with an exploration of how Starlink, SpaceX's satellite internet service, is being exploited by "pig butchering" scam operations in Myanmar. These scams involve deceptive schemes where victims are lured into fraudulent investment opportunities, leading to significant financial losses.

Key Points:

Government Crackdown: The Thai government has taken measures to disrupt these compounds, including cutting electricity and fuel supplies, but civilians have also been inadvertently affected.
Reliance on Starlink: In response to these restrictions, the affected areas have turned to Starlink as a workaround to maintain internet connectivity.

Notable Quote:

Patrick Gray [02:11]: "It looks like SpaceX, which of course is Starlink's parent company, is either unable or unwilling to do much about this sort of thing."

3. SpaceX's Inaction and Possible Reasons

Tom Uren discusses the perplexing lack of action from SpaceX in preventing the misuse of Starlink services in restricted regions.

Key Points:

Enforcement Lapses: Despite regulations, Starlink has been ineffective in enforcing usage restrictions, allowing unauthorized operations to thrive.
Operational Challenges: SpaceX may lack the internal processes or prioritization to address such abuses effectively.
Global Roaming Services: Starlink's global roaming subscriptions enable users to access the service from virtually anywhere, complicating regional enforcement.

Notable Quotes:

Tom Uren [03:56]: "Now my guess, and this is just a guess, is that they're a company that's about launching stuff into space and they never thought about, well, how do we stop abuse?"

Patrick Gray [07:25]: "Elon Musk appears to be somewhat ideologically aligned with Russia at the moment, which might explain some of this."

4. Elon Musk’s Influence

The conversation shifts to Elon Musk's potential ideological stance and its impact on SpaceX's policies.

Key Points:

Perceived Alignment: There are suggestions that Musk's alignment with Russia may influence SpaceX's reluctance to curb misuse of Starlink services.
Corporate Priorities: SpaceX, primarily an aerospace manufacturer, may not prioritize combating illicit uses of its internet service.

Notable Quote:

Patrick Gray [07:01]: "Well, there's the elephant in the room as well, which is that Elon Musk appears to be somewhat ideologically aligned with Russia at the moment."

5. Intelligence Sharing Amid Trump Administration Policies

The episode transitions to a discussion on the Trump administration's actions affecting intelligence sharing, particularly with regard to Russia.

Key Points:

Mark Polymara Paulos's Concerns: Paulos, a former CIA officer, argues that Trump's policies could lead to reduced intelligence sharing, potentially weakening alliances.
Impact on HUMINT and SIGINT: While signals intelligence (SIGINT) might remain relatively unaffected, human intelligence (HUMINT) could suffer due to strained relationships.
Historical Resilience: Despite individual policy shifts, long-standing intelligence-sharing practices may continue due to established frameworks.

Notable Quotes:

Tom Uren [11:55]: "Polymoropoulos called that a sacred bond that you have with your agent."

Patrick Gray [15:04]: "Keep sharing, but maybe share it more carefully."

6. Pause of Cyber Command Operations Against Russia

A significant portion of the discussion centers on reports that the U.S. Cyber Command has been instructed to pause operations against Russian targets.

Key Points:

Conflicting Reports: Initial reports suggested that operations against ransomware groups were unaffected, but later information indicated a broader halt.
Government Denials: The Department of Defense has officially denied these pauses, leading to confusion and skepticism.
Media Coverage: High-profile journalists like Ellen Nakashima and Zetta Kim provided in-depth coverage, highlighting the inconsistencies in official statements.

Notable Quotes:

Tom Uren [17:28]: "If that is happening, that's..."

Patrick Gray [19:34]: "It's real messy. And like, how much do you want to trust and share with American services when they're a mess?"

7. Media Reporting and Implications

The episode examines the role of media in shaping the narrative around cybersecurity operations and government actions.

Key Points:

Credible Sources: Esteemed journalists' reports lend credibility to claims of operational pauses, despite official denials.
Public Perception: Misalignment between media reports and government statements creates uncertainty and erodes trust in intelligence operations.
Strategic Communications: The Department of Defense's forceful denials may be an attempt to manage public perception rather than address the underlying issues.

Notable Quotes:

Patrick Gray [18:24]: "The Washington Post reporter who wrote this up has a superb track record."

Tom Uren [19:52]: "To me, I read that paragraph from Kim Zetta is, they're denying the public perception of the stand down rather than the fact of the stand down."

8. Conclusion

Patrick Gray and Tom Uren wrap up the episode by emphasizing the chaotic state of current cybersecurity and intelligence operations. They highlight the need for improved oversight and regulation of major tech services like Starlink to prevent misuse. Additionally, the episode underscores the fragile nature of intelligence sharing amidst political shifts and operational uncertainties.

Closing Remarks:

Patrick Gray [21:08]: "It's like an intelligence community vix, right, that number is just ticking up higher."

Tom Uren [21:45]: "Thanks, Patrick."

Key Takeaways

Starlink's Misuse: The inability of SpaceX to regulate Starlink usage is facilitating illicit activities in restricted regions.
Corporate Responsibility: Major tech companies must develop robust mechanisms to prevent the misuse of their services.
Intelligence Sharing Challenges: Political actions under the Trump administration may strain intelligence alliances, particularly concerning HUMINT.
Operational Uncertainty: Conflicting reports about Cyber Command operations against Russia highlight the need for transparent and consistent communication.
Media's Role: Accurate and credible journalism is essential in uncovering and understanding the complexities of cybersecurity and intelligence operations.

This episode of Risky Bulletin provides a comprehensive analysis of the intersection between technology, policy, and cybersecurity, offering listeners valuable insights into the challenges and implications of current events in these domains.

Loading summary

Transcript46 lines

[00:00]
A
Foreign and welcome to Seriously Risky Business. My name's Patrick Gray. Seriously Risky Business is the podcast we do here at Risky Biz HQ which focuses on things like government policy and intelligence when it comes to cyber. And yeah, of course it features our policy and intelligence editor, Mr. Tom Uren. Hello, Tom. Thanks for joining me.
[00:24]
B
G'day, Patrick. How are you?
[00:25]
A
Good, good. And this edition of Seriously Risky Business is brought to you by Prowler, which is a really, really awesome open source cloud security platform. I'll drop a card in for YouTube viewers so you can check out a demo I did with the founder of Prowler, Tolly Delafuente. And yeah, the idea is you can write checks, there's like 1,000 plus checks out of the box, but you can write checks to run against, you know, Azure, GCP and Amazon cloud environments. And indeed you can even do remediation with it as well. The entire thing is free and open source, so you can get it from their gith, but if you would like to use a hosted version, you can do that as well and pay them to cover the cost of hosting. So, yeah, Prowler, very interesting company. Full disclosure, I'm an advisor to Prowler, so yeah, good to get that out of the way with. We would also like to thank the William and Flora Hewlett foundation and Lawfare Media for supporting Tom's work with us here at Risky Business Media. Now, Tom, you have written up a few things for your newsletter this week and people can of course subscribe to that by going to Risky Biz. The first thing you've gone in depth on is reports about Starlink being used by these pig butchering scam compounds in Myanmar. There's been a lot of stuff happening around there, like the Thai government cut electricity to that entire region to try to take down these compounds. They were restricting fuel supplies and stuff. Civilians got caught up in that as well. It's a, it's a, it's a mess, basically. They also cut their connectivity, their Internet connectivity, and it looks like their workaround is Starlink. So what you've done is taken a look at how Starlink is sort of used to do illicit stuff all over the place and how it seems like SpaceX, which of course is Starlink's parent company, is either unable or unwilling to do much about this sort of thing.
[02:12]
B
Yeah, so the mystery I guess is why is it not just, you know, an authority emails Starlink or whatever and says, you know, these terminals at this location are being used to basically keep people in slavery and they switch them off. So that to me is a mystery because it's like, why, why would that not happen? And the story that talks about this is in Wired, it says, you know, a district attorney in the US tried to get SpaceX to do something about it and there's a Thai politician who's reached out to SpaceX and nothing's happened. And so I like, curiously as I was diving into this, the very first thing I found is that in fact in Thailand and Myanmar you're not meant to be able to use Starlink anyway. So there's this immediate contradiction about, well, they clearly are and they're keeping people running scams there with Starling. And so it turns out that Starlink, over its history has just been tremendously bad at enforcing like who can use it and who cannot. And it's in terms of countries where you're not meant to use Starlink, it just works. And to me, and also in the war in Ukraine, like the ideal situation, at least until the last couple of months would have been that Ukrainian forces had access to Starlink and Russian forces did not. But that's never happened. As soon as the Russians were able to get access to the terminals, they've been able to use it on the front line.
[03:56]
A
Yeah.
[03:57]
B
And so basically either they don't care, unwilling or unable. Now my guess, and this is just a guess, is that they're a company that's about launching stuff into space and they never thought about, well, how do we stop abuse? Like what's the, what do we need to be able to see in order to make decisions about who's using terminals maliciously? And like partly I think they don't have the sort of internal processes to deal with that.
[04:27]
A
I'm sure someone at SpaceX thought about this, but it's whether or not those voices internally were listened to.
[04:32]
B
Right.
[04:32]
A
I think that's probably what we're dealing with where it's like any sort of technology company, which is its growth led marketing and like, let's just go, go, go. I mean you and I were talking about this earlier today and one of the reasons where they, while they might allow Starlink dishes to connect in areas where they don't even have permission to operate is because they do sell these global roaming subscriptions that are very expensive and the idea is no matter where you are in the world, you can use your Starlink. So that would explain why people are getting these dishes and they just work when they're not supposed to.
[05:03]
B
Yeah, yeah. They've also got marine services and Aviation services. And it'd be very, very annoying to have an aviation service that doesn't work over, you know, X number of countries. So the. My sense is that, yes, I think you're right, they would have thought about it. And actually, it's logical that when you're starting out and trying to launch 10,000 satellites, that's not the first thing on your priority list, is it? Item number 10,000 maybe, I don't know. But I think we're at a point now where, like, just the scale of the harm that's being enabled here, like they need, as they grow up and become a proper telecommunications company, that's something they'll need to do. Now I dive into how it has. It looks like it's been tricky for Starlink to ban Russian forces or evict Russian forces from use of their service in Ukraine. And I think that's the sort of thing is if you were a mature telecommunications company, you would have, like, metadata sources that you'd be able to analyse. And I actually think that would be pretty easy to figure out. So in.
[06:11]
A
Well, I mean, I think. Yeah, again, you and I were talking about this earlier and you were saying the way Russian forces would use Starlink would be different to the way that Ukrainian forces would use Starlink. And you would be able to observe, you know, just the activity on the network and say, well, clearly this is being used by Russian troops. This one's being used by Ukrainian troops.
[06:28]
B
Yeah. And without. It used to be called traffic analysis in the old days. You look at where, where traffic is going and you can sort of sort them into two things into, well, into different groups, which, you know, one side you like, one side you don't like. Tick, tick, tick, tick, tick, ban. But I don't have that. Never thought of it. And maybe there's reasons that that doesn't fit in Starlink's like, you know, within the limitations of Starlink's network, which, where, you know, they're bouncing signals from, with lasers from satellite to satellite, yada, yada.
[07:01]
A
Well, there would be a way to do it. I mean, I think there's the elephant in the room as well, which is that Elon Musk appears to be somewhat ideologically aligned with Russia at the moment, which might explain some of this. I mean, you know, we're trying not to go there, but it's a bit silly to have this conversation and not mention that, right. That he appeared to have sort of almost switched sides in terms of, you know, support which. Which side to support in that war.
[07:26]
B
Yeah, you do have to wonder. Yeah, yeah, like somewhere in the piece I mentioned Elon is a, is a wild card. Like, who knows? But, but I think that this wide article, maybe it'll generate enough publicity that SpaceX will do something. But doing something because of publicity in this isolated incident is not enough. You need a process where you can search for these kinds of abuses and get rid of them. And it doesn't have to be like every abusive use of Starlink. I think if you're getting just the worst of the worst, like that would actually make a significant difference onto how much, how much damage they're facilitating.
[08:14]
A
Well, I mean, top to bottom, it's a bit of a disaster. I mentioned this in the main weekly show yesterday, but I was forced to subsist on Starlin access for a while and I've never seen so many capture prompts in my life. Like if you are coming From a Starlink IP, there is an assumption among a lot of CDNs and website operators that you are like going to do something bad. Right. So that tells you that there's a lot of, there's a lot of bad stuff that emanates from, from their IPs. So I don't think it's just about illicit terminals. I think it's about, you know, people using Starlink just to do shady stuff, you know, on the network kind of thing. Right. I just want to go back to something you said though, because I've been talking about this issue of Starlin in Russia and on the battlefield for literally years and it never occurred to me that you could actually use a network analysis approach to determine who was using which, you know, and it's such a good idea. I just, I'm deeply disappointed in myself for not actually thinking of that earlier.
[09:08]
B
I'll chalk that up as a win for me.
[09:10]
A
Oh, 100%, man. That's a, you know, that's a great idea. But look, I'll tell you why I don't think anything's going to happen here. And it's because, you know, Musk is Donald Trump's golden child and the government's not going to touch him. No regulator is going to go anywhere near tell Elon Musk what to do or a Musk related company what to do. I think I would not expect to see anything change here. I think the best thing that we can hope for is some sort of plea to Elon Musk's humanity and he'll have to sort of do it unilaterally. I don't think regulators are going to have a role here.
[09:43]
B
I actually think that. What's her name? Is it Gwynne Shotwell, the COO of SpaceX? She actually seems like a reasonable person. I hope that she has some autonomy there.
[09:58]
A
Well, and you also make the point that they're seeking permission to operate in Thailand and probably doing something about this scam compounds and, you know, the slavery might go some way to expediting their approval there.
[10:09]
B
Yeah, I think the Thai government has some leverage. I don't know how much. But from their point of view, if they allow sales in Thailand, like, they've, they've seized styling terminals that are going to those compounds. So it would be, I think, stupid to say, okay, you can sell them here when you know that they're going to go straight to those compounds. And those compounds are a huge problem for the Thai government. They're pulling out all the stops to try and clamp down on them.
[10:39]
A
So I think also, like, do you want to financially reward a company, you know, by giving it freedom to operate in your jurisdiction when they're involved in that sort of thing? And the answer is no. Yeah, yeah. Simple as that. All right, so we're moving on to our next piece here, which is a look at some comments about. Who was it? It was Mark Polymara Paulos, who's a former CIA intelligence service officer, did a podcast interview on Deep State Radio and said he was absolutely convinced that the Trump administration's actions in terms of cozying up to Russia will result in less intelligence sharing. So this is something that you've taken a bit of a look at. Right. You've looked at what those actions have been so far, which are like things like Trump's blow up with Zelenskyy, halting military aid to Ukraine, or at least announcing that it doesn't seem to have happened yet, you know, pausing U.S. cyber Command operations against Russia, which is, you know, this is disputed on and on and on. You know, his argument is that, you know, this is absolutely going to affect intelligence sharing. You've spoken to other sources who've said they're not convinced it will affect it, but they are convinced that everybody's re examining their processes around sharing intelligence with the United States. Probably less so in SIGINT and more so around things like humint.
[11:56]
B
Yeah. So there's, I guess, two different drivers for the, for it to have more impact on humint. One is that if you're running agents, it is very, very important as an agency that you keep those agents safe, keep your sources safe. And so humint Agencies, if they make mistakes and get their sources arrested or killed, that's super bad for business. So Polymoropoulos called that a sacred bond that you have with your agent. Now, the person I spoke to didn't go far so far as to say it's a sacred bond, but he agrees that that's super important. And so that's like a top priority. And all the actions that the Trump administration have been doing, you know, each one, you examine them in isolation, and you can put on your. Put on your, you know, your sort.
[12:56]
A
Of your she'll be right. I'm calling it the she'll be right hat. You can look at each one and you can go, she'll be right. But you look at them all together and it's a bit like, oh, exactly.
[13:06]
B
Well, you can look at them and you can come up with an individual justification that, like, well, maybe a reasonable person could go the other way. But when you put them all up together, they line up very, very nicely in favor of Russia, which is not nice. So, like, he basically said to me, look, I don't think sharing will stop. These agencies have a very long history of, he said, relatively successful, you know, barring the occasional stuff up, which I think, you know, for government businesses is actually pretty good. But he said it's a slightly too long a bow to draw, so. Because Polymeropoulos argument is slightly too long a bow to draw. So because of that history, it'll continue. But he thought, you know, he said to me, you'd have to be nuts not to be thinking about it. So there's. There's genuine concern. Interestingly, the things he highlighted were not the list of sort of, I would call them tactical actions. He talked more just about the arbitrary nature of how the White House behaves and that the phrase he used was that alliances are just marriages of convenience. Yeah, I mean, I've said this as.
[14:19]
A
Well, like, that it appears that there's, you know, from an Australian perspective, it's less of an ideological alliance now and much more of a practical one about sharing intelligence, access to defense material and technology and things like this. Right. It's like less of a, you know, shared vision of our place in the world and much more about, well, what can we do for each other?
[14:38]
B
Yeah, yeah. So that meant that basically he wouldn't change anything immediately, but he would also be really thinking very hard about. He didn't use the word Plan B, but very hard about making sure your own house is in order. So if there is any security stuff up, it doesn't sort of flow through and have bigger consequences than it should.
[15:04]
A
Keep sharing, but maybe share it more carefully.
[15:07]
B
Exactly. Yeah, yeah, I think so.
[15:09]
A
Yeah. So this is the person that you spoke to about Polymeropoulos's comments, who you describe in here? Yes. Wonderful. Named source of another former human officer.
[15:20]
B
Yeah, yeah, yeah, that's right.
[15:23]
A
Didn't want to be named, I'm guessing, in a newsletter.
[15:25]
B
That's right.
[15:27]
A
Funny that they love it when you name them. All right, cool, cool. Let's move on to the next thing. And look, we just mentioned it in that. In that last item, but there are those reports that Cyber Command was ordered to pause operations against Russian targets and even to pause, you know, preparing to, you know, conduct further operations in Russia. Initially, my information was that it wasn't affecting operations against ransomware crews in Russia. I'm now told that it actually, those operations are being impacted, and all of this information that's coming to me is occurring While the U.S. government is now denying these reports, of course, SISA, there was also talk of a memo at CISA instructing people not to think of Russia as an adversary. That's been denied as well. It's a little bit unclear what happened there. So the whole thing's a mess in terms of what we know, what we don't know, who's telling the truth and who's not. I suspect the Cyber Command thing is. Is. Is real. And, you know, you've just walked through again, like, when you look at this in isolation, there might actually be some logic here, but the broader goal seems less than ideal, which is, you know, to normalize relations with Russia. And, I don't know, the whole thing's a mess, I guess, is what.
[16:38]
B
Yeah, yeah. So until you told me that they were also halting operations against ransomware groups, you know, according to sources, the logic would be, okay, we want to do something with our relationship with Russia. Let's throw them a bone. The operations, the offensive cyber operations, like, they're not a huge deal. They'll incrementally make a difference, but they're a good thing to stop because we can say we've stopped something. Yeah, that would be the logic. And in a different situation with a different adversary, you could maybe think that that might make sense. I think there's an argument there. Anyway, now it makes absolutely no sense to stop ransomware operations. That's just dumb. So if that is happening, that's.
[17:29]
A
Well, I mean, it's a mess. Right? So I was initially, you know, under the impression that those operations weren't Affected. Now, I'm hearing that they are, but I'm not sure what the effect is, if this is a byproduct of other shutdowns or like, I got no idea. And I think that's the point, right. Is that it's a mess.
[17:46]
B
Yeah. Yeah. So I actually looked at the people, the reports who said that this stand down had happened. So there was one from the record, and the next day that was followed up by the Washington Post and later on the Associated Press. So the Associated Press actually wrote that a US Official speaking on condition of anonymity to discuss sensitive operations on Monday, confirmed the pause. So that seems to me like, yes, a US official is directly telling a reporter that this is happening. And then almost immediately afterwards, the Department of Defence came out and denied it.
[18:24]
A
Yeah.
[18:25]
B
Quite forcefully. And it's just like, this is.
[18:28]
A
Well, just to put something in context, right. Like not all media coverage is equal. Let's just say that. But the Washington Post reporter who wrote this up has a superb track record. That's Ellen Nakashima, who does listen to Risky Business every now and then. I'm not sure if she listens to Seriously Risky Biz as well, but. Hi, Ellen, if you're listening. And Zeta Kim Zetta, who's a, you know, veteran cybersecurity journalist, in her excellent reporting about all of this, quoted. Oh, this copy block from her, her reporting here, which says that Nakashima believes the DoD denial was aimed at the public's perception that they were standing down much bigger Russian operations that would, if halted, put the US At a big security disadvantage. But they weren't engaging in these types of operations against Russia anyway. So they're sort of. I mean, the whole thing is just so nuts. Right. And I guess this feeds into that previous story in that, okay, they're kind of aligning themselves with Russia a little bit more closely, but it's. It's messy. You know what I mean? It's real messy. And like, how much do you want to trust and share with American services when they're a mess?
[19:35]
B
Yeah, yeah, exactly. And it's. To me, I read that paragraph from Kim Zetta is, they're denying the public perception of the standout rather than the fact of the standout. And it's. It's just ridiculous.
[19:52]
A
Oh, man. You know, and of course, like, just for anyone listening who, you know, might not have spent way too long looking at the way intelligence services operate, there's going to be some stuff that, you know, there's always going to be cooperation around certain things. You know, like someone gets wind of a terrorist plot happening in, you know, that that's going to kick off in a. In a friendly nation, you know, even an unfriendly nation quite often, like, if there is a terrorist plot, say Australia were to detect a terrorist plot that was about to happen in Beijing, we've got a very tense relationship with China. We would notify. Right. Like that. There's always going to be that sort of sharing, but some of this more strategic level stuff where there's maybe humid sources are going to be exposed and they're quite high level, like, that can get dangerous. So, you know, we're not talking about a blanket cessation in sharing here, but just the shape of it might change, I guess, is what we're saying.
[20:43]
B
Yeah, yeah. I think I originally had said that sharing won't stop, but the warning lights are flashing red or something like that. I guess what we're talking about here is it just raises uncertainty and like, uncertainty is risk, so you have to manage that. And you don't manage risk by doing nothing at all. You manage risk by. By changing stuff. Yeah, I think that's.
[21:08]
A
So it's like. It's like, you know, the vix, right, which is the volatility. Volatility index. So it's sort of like an intelligence community vix, right. That number is just ticking up higher.
[21:20]
B
And that number was at zero, and it's now definitely not at zero.
[21:23]
A
Yeah, that's right. All right, mate, we're going to wrap it up there. Thank you so much for joining me. I wasn't supposed to be doing this podcast today because I wasn't expecting to have electricity because I am sitting in the path of a approaching cyclone. But, yeah, so far plenty of people I know don't have electricity. There have been some evacuations and whatever, but we're still okay here and should remain. So great to chat to you, my friend. And we'll do it all again next week.
[21:45]
B
Thanks, Patrick.