Risky Bulletin – Srsly Risky Biz: The Cyber Regime Change Pipe Dream

Podcast: Risky Bulletin
Hosts: Amberly Jack & Tom Uren
Date: November 6, 2025
Theme: Dissecting the practical—and strategic—limits of cyber operations as tools for regime change, the pervasive risk of location data brokers, and the real-world collision of cybercrime with classic organized theft.

Episode Overview

This episode of Srsly Risky Biz dives deep into three major stories:

1. The limits of using cyber operations for regime change, focusing on US efforts in Venezuela.
2. Investigative reporting exposing how personal geolocation data is globally—and with little resistance—traded and abused by data brokers.
3. The intersection between cybercrime and organized crime in large-scale cargo theft.

The hosts combine thorough analysis, anecdotes, and candid takes, with Tom Uren's optimistic-yet-realistic perspective on cyber threats running throughout.

Key Discussion Points and Insights

1. The Myth of Cyber Regime Change

(Main segment: 00:44-09:02)

• Background:
  During Donald Trump’s first term, the US covertly targeted Venezuela’s Maduro regime with several cyber operations—disrupting military pay, knocking out intelligence networks, and even targeting Russian mercenary communications.

• Outcome:
  These operations, though successful at a tactical level, utterly failed to achieve Trump’s broader goal: unseating Nicolás Maduro.

• Analysis:

  • The US, described as the "orca" to Venezuela’s "sardine" (03:50), easily succeeded in technical objectives.
  • Quote:
    "Of course, you can have a computer fall over, and it doesn't make any difference for the country's leadership." — Tom Uren (03:57)
  • Multiple sources (CNN, Wired) confirmed those cyber strikes caused inconvenience, but not enough to fracture internal loyalty or provoke regime change.
  • The state’s dire situation—citizens losing 25 pounds on average, mass shortages—meant cyber pain was insignificant compared to daily suffering.
  • In context, these cyber ops were less about actual change, more about "a dog and pony show" (07:22), placating leadership pressure for action without real escalation.

• Broader Implications:

  • Cyber operations are extra tools, offering options without kinetic (military) escalation, but do not deliver strategic transformation.
  • Trump later defaulted to traditional military moves (naval deployments, bombings) when cyber failed to deliver “direct action”.
  • Quote:
    "It's a very tenuous path to get from not getting paid to overthrowing a regime." — Tom Uren (05:59)

2. Geolocation Data: A Universal, Unsolved Problem

(Main segment: 09:02-13:45)

• New Reporting:
  A group of European journalists obtained 13 billion records of smartphone geolocation data from data brokers—for free. Each record ties to unique device identifiers, making it easy to reconstruct the routines and identities of politicians, officials, individuals.

• Key Insight:
  GDPR is not enough—strict European privacy rules did not stop the mass flow of sensitive data from ad tech to data brokers.

• Quote:
  "Nowhere has stricter privacy rules than the EU. So if that doesn’t stop it, nothing is stopping it." — Tom Uren (12:59)

• Examples:

  • Visualizations showed pinpointing an individual’s routine in the Swiss report; similar findings across the Netherlands, Norway, Switzerland, Ireland.
  • The problem is worldwide: if Europe with GDPR can’t stop data brokerage, “Australia, Canada, UK, everywhere has this problem” (13:18).

• Conclusion:
  The ad tech-driven data economy enables commercial—and potentially hostile—tracking of almost anyone, everywhere, regardless of privacy laws.

3. Cybercrime, Organized Crime, and the ‘Goodfellas Hackers’ Crossover

(Main segment: 13:54-19:18)

• Emerging Threat:
  Cybercriminals and organized crime are now collaborating to orchestrate large-scale cargo theft. Reports from Proofpoint and US Senate testimony highlight cyber-enabled "strategic theft" in logistics.

• Methods:

  • Hack into trucking and logistics firms to access shipment data.
  • Exploit access to bid for high-value loads or redirect shipments to locations they control.
  • Use real-world theft tactics—impersonation with correct uniforms/trucks, fraudulent paperwork, or rerouting delivery addresses.

• Scale:

  • US cargo theft is estimated at $35 billion annually—enough to support sophisticated cyber and logistical operations.
  • Organized crime groups can operate call centers, appear as legitimate businesses, and even have fully functioning warehouses and marketplaces.

• Quotes:
  "Sometimes it's just turning up with a truck with the right logo and the right uniform and pretending to be the right shipment." — Tom Uren (15:50)
  "Now cybercrime is having real world impacts which seems like bad." — Tom Uren (20:16)

• Anecdote:

  • High-value illegal energy drinks are among the sought-after cargos, due to their black-market value in regions where they're banned.
  • *"Black market illegal energy drink… gone are the days of hijacked cigarette trucks." — Amberly Jack (19:18)

• Analyst Take:
  This convergence of digital access and physical theft is both a sign of maturing cyber defenses (pushing criminals to harder tasks) and of increasing risk as supply chains digitize.

Notable Quotes & Memorable Moments

• On Cyber Regime Change:
  "The US is an orca and Venezuela is a sardine… Even so… no surprise, the operations are a success. Trump's goal was to get rid of Maduro. And… it doesn't make any difference for the country's leadership." — Tom Uren (03:57)
• On Data Brokerage:
  "If Europe with GDPR can’t stop data brokerage, everywhere has this problem. We just haven't known it because there hasn't been good reporting about it." — Tom Uren (13:18)
• On Organized Cyber Theft:
  "Now cybercrime is having real world impacts which seems like bad." — Tom Uren (20:16)

Timestamps for Major Segments

| Timestamp | Segment | |-----------|--------------------------------------------------------------------------------------| | 00:44 | Main story: US cyber ops in Venezuela—background and outcomes | | 03:50 | US vs. Venezuela: "orca and sardine" analogy; effectiveness of operations | | 05:59 | Discussion on futility of cyber regime change in dire political environments | | 07:22 | Cyber ops as “dog and pony show” for political leadership | | 09:02 | New findings: European investigative journalism on geolocation data brokerage | | 11:17 | Data privacy and GDPR’s failure to stop the flow of personal data | | 13:54 | Cargo theft: organized crime & cyber, tactical methods, scale of problem | | 15:50 | Real-world theft methods aided by cyber intelligence | | 18:42 | Unusual black-market goods: energy drinks | | 19:43 | Tom’s “optimist” view: defending as a never-ending, but improving, battle | | 20:54 | Philosophy: Internet’s vulnerability is a result of its open, utilitarian origins |

Tone & Context

• The discussion is frank, practical, and occasionally wry, with Tom Uren framing challenges as both worrying and, in their own way, signs of progress (criminals having to innovate).
• They highlight the persistent, adaptive nature of digital risk, yet resist sensationalizing the threats—preferring strategic, evidence-driven commentary.

Summary for New Listeners

This episode lays bare the real-world limits of cyber operations—how even the world’s top cyber powers can’t force regime change against targets like Venezuela with just bits and bytes. It underscores the perilous, largely unregulated trade in personal geolocation data, showing modern privacy regulations still offer little real protection. And it paints a vivid picture of how organized crime remixes classic theft with digital tactics, turning trucks full of energy drinks into high-tech heists.

If you want to understand what cyber power can—and cannot—actually do on the global stage, how fragile your location privacy really is, and why criminal hackers and gangsters may be swapping notes, this episode delivers thoughtful, unvarnished insight.