Srsly Risky Biz: The cyberespionage gig economy

Podcast Summary: Risky Bulletin — Srsly Risky Biz: The cyberespionage gig economy
Date: October 2, 2025
Host: Amberly Jack
Guest: Tom Uren, Policy and Intelligence Editor, Risky Business

Episode Overview

This episode of "Seriously Risky Biz" explores the growing trend of foreign intelligence services leveraging domestic surrogates and outsourced operations for cyberespionage, highlighting cases in the Netherlands and New York, and discussing the broader implications for cybersecurity policy, governance, and risk management. The show concludes with a reflection on governance shortfalls found in the recent government oversight of the Doge platform.

Key Discussion Points and Insights

1. Russia’s Recruitment of Domestic Proxies for Espionage

[00:42–02:26]

New Trend: Russia’s intelligence services are now using domestic (local) proxies to conduct cyberespionage and physical surveillance, continuing tactics established during and after the invasion of Ukraine.
Case in Point: Two Dutch teenagers were arrested for allegedly being recruited via Telegram by Russian operatives to conduct Wi-Fi collection near high-value targets in the Netherlands.
- Previous proxy tasks included graffiti, sabotage, surveillance, or arson.
- The new wrinkle: using locals for cyber (Wi-Fi) data collection, not just physical disruption.

Quote:
"They've been getting them to do things that range from the bizarre, which is like just spray painting graffiti ... but they've also got people to do things like sabotage and physical surveillance ... Now, this is new, though, in that they're getting them to do cyber espionage."
— Tom Uren [01:16]

2. The GRU’s Track Record of On-Site Espionage

[02:27–05:26]

Historic Precedents: Russian GRU officers have a track record of direct, on-site cyber operations with Wi-Fi equipment, as in the 2018 OPCW attempted hack in The Hague.
- Dutch intelligence published detailed evidence, including photos and lists of seized equipment (laptops, cell phones).
- Overlap in physical and cyber operations: The Dutch learned the same agents operated in Brazil and Switzerland, targeting anti-doping agencies.

Quote:
"They arrested them when they were sitting outside the OPCW with a car full of Wi-Fi equipment ... and they publicized it. So, extremely embarrassing."
— Tom Uren [03:23]

3. The Risk-Reward Dynamic of Using Local Proxies

[05:26–09:08]

Outsourcing Lowers Operational Risk for the sponsor country: Local “gig workers” carry the real risk of arrest, while the instigators remain hidden.
- Example: BBC journalist offered money to hand over credentials; demonstrates how attackers’ risks are minimal compared to the on-ground actors.
Detection Difficulty: Routine activity (e.g., walking with a laptop) is much harder to spot than overt sabotage; effective counterintelligence is required for detection.
Strategic Use: Wi-Fi mapping provides entry points for lateral movement toward ultimate targets (“nearest neighbor attacks”).
- Local proxies can walk by targets inconspicuously, gathering data for more sophisticated follow-up attacks.

Quote:
"If you don't have good counterintelligence, how are you ever going to catch teenagers walking around a city with a backpack?"
— Tom Uren [06:22]

[07:11]
"I think ... they're using cheap, low-cost, almost risk-free labor to try and get a head up on other operations ... It's, I think, actually a very low-risk thing to do as well."
— Tom Uren

4. SIM Farms: The Outsourced Infrastructure of Covert Communications

[09:08–12:58]

Incident: U.S. Secret Service dismantled a New York SIM farm (300 SIM boxes, 100,000 SIM cards), initially suspected as a network attack threat.
- Not a DoS (too small): More likely “spam-as-a-service” for bulk messaging across multiple actors—both criminal and nation-state.
- Optimal for “covert comms”: One-time-use SIMs make surveillance and lawful intercept much harder.
Mindset Differences:
- Western agencies unlikely to rely on uncontrolled infrastructure.
- Nation-states with less need for operational control (e.g., China) might accept increased risk for greater reach and deniability.

Quote:
"If you look at it from the point of view of a different nation where they're willing to just ... outsource a whole lot of cyber espionage, what they're giving up is operational control ... but what they get in return is some level of plausible deniability ... and far greater collection aperture."
— Tom Uren [11:14]

Quote:
"If it gets pinged, oh, well, I guess we'll move on and figure something else out ... from a Western point of view, they're outside-the-box thinking."
— Tom Uren [12:31]

5. Governance Failures Exposed by the Doge Oversight Report

[13:21–16:50]

Backdrop: U.S. Congressional and Senate Democrats released a report on the government’s use of Doge (platform), citing whistleblower testimony, press, and oversight visits.
- Indicates “red flags” in basic governance, lack of clear policies, and chain-of-command confusion.
Trade-Off: Prioritizing speed over security isn’t inherently wrong, but must be a conscious, risk-accepted choice—often it’s simply ungoverned.
- No evidence of current breach, but lack of monitoring might mean issues could go undetected.

Quote:
"There's always going to be this kind of trade-off between speed and security ... And foregoing security at the expense of speed, that's not necessarily the wrong answer. Like, it really depends on the situation."
— Tom Uren [15:38]

Quote:
"It does make you wonder whether you would even know if you haven't set up the right kind of protections and monitoring ... It doesn't appear that anything's happened. So all we can do is hope that nothing does happen."
— Tom Uren [17:00]

Notable Quotes & Memorable Moments

“In one sense, this is just an extension of what Russia has been doing over the last couple of years.”
— Tom Uren [01:16]
“I think that ... they're using cheap, low-cost, almost risk-free labor...”
— Tom Uren [07:11]
“If you don't have good counterintelligence, how are you ever going to catch teenagers walking around a city with a backpack?”
— Tom Uren [06:22]
"From a Western point of view, they're outside the box thinking."
— Amberly Jack [12:58]

Key Timestamps

00:42 — Introduction to Russian recruitment of local proxies and the Dutch teenage case
02:27 — Russian GRU’s hands-on cyber ops history in the Netherlands
05:26 — Why local proxies reduce risk for foreign intelligence (case: BBC journalist)
09:08 — Analysis of New York SIM farm; implications for nation-state and criminal use
13:21 — Discussion of the Doge oversight report and the endemic speed/security trade-off

Final Takeaways

The cyberespionage gig economy is real: Foreign actors, especially Russia, are scaling out operations by using local “contractors” for risky or covert tasks—dramatically altering risk profiles and detection strategies.
Operational outsourcing is rising: Nation-states willing to accept some loss of control in exchange for plausible deniability and broader reach are leveraging “as-a-service” models for everything from spam to covert communications.
Governance gaps remain a persistent risk: The Doge report underscores the need for clear governance and risk acceptance in adopting fast-moving tech—security must be recognized as a managed trade-off, not an afterthought.

For further reading and to subscribe to the Seriously Risky Business newsletter, visit Risky Biz.

Podcast Summary: Risky Bulletin — Srsly Risky Biz: The cyberespionage gig economy
Date: October 2, 2025
Host: Amberly Jack
Guest: Tom Uren, Policy and Intelligence Editor, Risky Business

Episode Overview

Key Discussion Points and Insights

1. Russia’s Recruitment of Domestic Proxies for Espionage

[00:42–02:26]

New Trend: Russia’s intelligence services are now using domestic (local) proxies to conduct cyberespionage and physical surveillance, continuing tactics established during and after the invasion of Ukraine.
Case in Point: Two Dutch teenagers were arrested for allegedly being recruited via Telegram by Russian operatives to conduct Wi-Fi collection near high-value targets in the Netherlands.
- Previous proxy tasks included graffiti, sabotage, surveillance, or arson.
- The new wrinkle: using locals for cyber (Wi-Fi) data collection, not just physical disruption.

2. The GRU’s Track Record of On-Site Espionage

[02:27–05:26]

Historic Precedents: Russian GRU officers have a track record of direct, on-site cyber operations with Wi-Fi equipment, as in the 2018 OPCW attempted hack in The Hague.
- Dutch intelligence published detailed evidence, including photos and lists of seized equipment (laptops, cell phones).
- Overlap in physical and cyber operations: The Dutch learned the same agents operated in Brazil and Switzerland, targeting anti-doping agencies.

Quote:
"They arrested them when they were sitting outside the OPCW with a car full of Wi-Fi equipment ... and they publicized it. So, extremely embarrassing."
— Tom Uren [03:23]

3. The Risk-Reward Dynamic of Using Local Proxies

[05:26–09:08]

Outsourcing Lowers Operational Risk for the sponsor country: Local “gig workers” carry the real risk of arrest, while the instigators remain hidden.
- Example: BBC journalist offered money to hand over credentials; demonstrates how attackers’ risks are minimal compared to the on-ground actors.
Detection Difficulty: Routine activity (e.g., walking with a laptop) is much harder to spot than overt sabotage; effective counterintelligence is required for detection.
Strategic Use: Wi-Fi mapping provides entry points for lateral movement toward ultimate targets (“nearest neighbor attacks”).
- Local proxies can walk by targets inconspicuously, gathering data for more sophisticated follow-up attacks.

Quote:
"If you don't have good counterintelligence, how are you ever going to catch teenagers walking around a city with a backpack?"
— Tom Uren [06:22]

4. SIM Farms: The Outsourced Infrastructure of Covert Communications

[09:08–12:58]

Incident: U.S. Secret Service dismantled a New York SIM farm (300 SIM boxes, 100,000 SIM cards), initially suspected as a network attack threat.
- Not a DoS (too small): More likely “spam-as-a-service” for bulk messaging across multiple actors—both criminal and nation-state.
- Optimal for “covert comms”: One-time-use SIMs make surveillance and lawful intercept much harder.
Mindset Differences:
- Western agencies unlikely to rely on uncontrolled infrastructure.
- Nation-states with less need for operational control (e.g., China) might accept increased risk for greater reach and deniability.

Quote:
"If it gets pinged, oh, well, I guess we'll move on and figure something else out ... from a Western point of view, they're outside-the-box thinking."
— Tom Uren [12:31]

5. Governance Failures Exposed by the Doge Oversight Report

[13:21–16:50]

Backdrop: U.S. Congressional and Senate Democrats released a report on the government’s use of Doge (platform), citing whistleblower testimony, press, and oversight visits.
- Indicates “red flags” in basic governance, lack of clear policies, and chain-of-command confusion.
Trade-Off: Prioritizing speed over security isn’t inherently wrong, but must be a conscious, risk-accepted choice—often it’s simply ungoverned.
- No evidence of current breach, but lack of monitoring might mean issues could go undetected.

Notable Quotes & Memorable Moments

“In one sense, this is just an extension of what Russia has been doing over the last couple of years.”
— Tom Uren [01:16]
“I think that ... they're using cheap, low-cost, almost risk-free labor...”
— Tom Uren [07:11]
“If you don't have good counterintelligence, how are you ever going to catch teenagers walking around a city with a backpack?”
— Tom Uren [06:22]
"From a Western point of view, they're outside the box thinking."
— Amberly Jack [12:58]

Key Timestamps

00:42 — Introduction to Russian recruitment of local proxies and the Dutch teenage case
02:27 — Russian GRU’s hands-on cyber ops history in the Netherlands
05:26 — Why local proxies reduce risk for foreign intelligence (case: BBC journalist)
09:08 — Analysis of New York SIM farm; implications for nation-state and criminal use
13:21 — Discussion of the Doge oversight report and the endemic speed/security trade-off

Final Takeaways

The cyberespionage gig economy is real: Foreign actors, especially Russia, are scaling out operations by using local “contractors” for risky or covert tasks—dramatically altering risk profiles and detection strategies.
Operational outsourcing is rising: Nation-states willing to accept some loss of control in exchange for plausible deniability and broader reach are leveraging “as-a-service” models for everything from spam to covert communications.
Governance gaps remain a persistent risk: The Doge report underscores the need for clear governance and risk acceptance in adopting fast-moving tech—security must be recognized as a managed trade-off, not an afterthought.

For further reading and to subscribe to the Seriously Risky Business newsletter, visit Risky Biz.

wavePod

Powered by Wave AI

Summary

Episode Overview

Key Discussion Points and Insights

1. Russia’s Recruitment of Domestic Proxies for Espionage

2. The GRU’s Track Record of On-Site Espionage

3. The Risk-Reward Dynamic of Using Local Proxies

4. SIM Farms: The Outsourced Infrastructure of Covert Communications

5. Governance Failures Exposed by the Doge Oversight Report

Notable Quotes & Memorable Moments

Key Timestamps

Final Takeaways

Summary

Episode Overview

Key Discussion Points and Insights

1. Russia’s Recruitment of Domestic Proxies for Espionage

2. The GRU’s Track Record of On-Site Espionage

3. The Risk-Reward Dynamic of Using Local Proxies

4. SIM Farms: The Outsourced Infrastructure of Covert Communications

5. Governance Failures Exposed by the Doge Oversight Report

Notable Quotes & Memorable Moments

Key Timestamps

Final Takeaways