Talkin' Bout [Infosec] News – January 9, 2026
Episode: "US Cyberattacks on Venezuela – 2026-01-05"
Episode Overview
This episode of "Talkin’ Bout [Infosec] News" from Black Hills Information Security focuses on the widely reported US operations in Venezuela, specifically the suspected use of cyberattacks to disable power and communications before a high-profile raid. The team delivers their trademark blend of technical breakdowns, candid speculation, and irreverent banter, exploring what’s known, what’s unknown, and what the recent events suggest for global cyber operations and critical infrastructure security.
Main Panel
- Corey Ham (Host)
- John Strand
- Ralph ("Florida Man")
- Wade Wells
- Kent Ickler
- Mary Ellen
- Bronwyn
- Ryan (Production/Sound)
Key Discussion Points & Insights
1. The US Operation in Venezuela: Cyberattack or Not?
- Main Story (10:10–26:16):
- The group analyzes widespread reports that the US took down Venezuelan power and possibly internet connectivity via cyber means before abducting President Maduro.
- Trump’s ambiguous statement (“that’s one of our specialties”) stirs debate about attribution.
- Quote [10:39, John Strand]:
“Can you honestly see an operation like this going off and they didn’t use cyber? ... All the boats. What about cyber?” - They reference BGP anomalies uncovered by independent researcher Graham, noting Border Gateway Protocol (BGP) route manipulations detected during the incident.
Technical Analysis
-
Cyber or Kinetic? (11:27–12:34):
- John suspects the operation used cyber tactics for operational security and minimizing collateral damage.
- NSA, CIA likely provided high-level surveillance and targeting through telecom exploitation.
- Quote [12:40, John Strand]:
“With the way cell phone networks exist, naturally there’s going to be a certain amount of tracking... Actually getting down to the individuals... that's where you have to get inside some cell networks at some point.”
-
BGP Hijacking Explained (15:25–17:39):
- John Strand: Breaks down how BGP hijacking works: advertising more specific routes to reroute national or international internet traffic, referencing famous incidents such as Pakistan’s 2008 YouTube hijack.
- “What’s old is new again. If it works, it works. It doesn’t have to be a zero day.” [15:50, Corey Ham]
- The vulnerability persists within the “core infrastructure of how the Internet actually works.”
- “Forever days,” i.e., never-fixed vulnerabilities, are a real concern with core protocols like BGP.
-
BGP Detection and Mitigation:
- Most organizations lack robust BGP monitoring; detection is relegated to major ISPs and third parties.
- Cloudflare’s bgpsafet.com is mentioned as a helpful monitoring resource.
-
US Expertise vs. Sloppy Ops? (19:54–21:05):
- John doubts the US would rely solely on overt, noisy tricks like BGP prefix hijacking when no-power means no internet.
- Believes US had deep access (“were already in the systems”), so BGP-related events might be incidental.
Collateral/Physical Context
- Operational Complexity:
- Panelists mused about the actual need for glamorous techniques, emphasizing minimizing civilian harm and “photo ops” optics.
- Speculation and Satire:
- Discussion diverged into memes about outfits, speculating on “book deals” for Delta Force/SEAL Team 6, and Gallows humor about rendition/kidnapping fashion.
2. Critical Infrastructure: Assessing US Vulnerabilities
-
Mirror Reflection (24:27–26:16):
- Kent Ickler raises the issue: Does the US infrastructure face similar risks from a capable adversary?
- General consensus: the US grid is larger and nominally more robust, but highly decentralized, inconsistent in security controls.
- John Strand: Legislative capture and the utility commission incentive model create disincentives for investing in security.
- Quote [30:29, John Strand]:
“Security often is not one of those things that power companies are allowed to make good percentages of money or profit on... So they put as minimum amount of money into trying to secure their power grid technologies because there’s literally no profit incentives for them to do so.”
-
Grid Interconnection Risks:
- Grid’s interconnectedness means small failures can cascade widely, as happened with the 1994 Northridge earthquake and more recent multi-state blackouts.
- Mary Ellen [29:44]:
“That cascade effect, in terms of the dominoes toppling, is nothing new… Any type of adversarial planning would probably want to incorporate that.”
3. Global Internet Attacks: Undersea Cables and State Actors
- Finland Undersea Cable Sabotage (32:29–34:43):
- Overview of suspected Russian “shadow fleet” vessels dragging anchors to damage Baltic Sea cables—no hard attribution, but circumstantially strong (33:01).
- Panel reviews a submarine cable map and determines that despite some redundancy, impacts could still be severe or costly to fix.
Tactics and Attribution
- Russia’s naval “incompetence or plausible deniability”—“It’s my first day on the job” [34:46, John Strand]—is called out as cover.
- The tactic is viable but considered unsophisticated and “dumb, but not as dumb as you might think” for causing disruptions quickly.
4. Other Notable Infosec Stories and Banter
Breaches and Exploits
-
MongoBleed Vulnerability (35:48–38:06):
- MongoDB bugs allowed attackers to access data from misconfigured, Internet-exposed databases; even major games (e.g., Rainbow Six: Siege) were affected.
- Reminder: “No database should be directly exposed.” [37:15, Mary Ellen]
- Shodan showed thousands of unpatched, potentially vulnerable MongoDBs.
-
Honeypots as Breach Defense (39:08–41:19):
- Companies caught in breaches increasingly claim “it was a honeypot” as a deflection.
- Satirical dialogue: “We replicated our entire production environment as a honeypot—real credentials, real data!” [40:24]
- Noted trend: Asserting dummy data exposure post-breach as a new PR move, e.g., in response to NordVPN’s reported Salesforce developer server incident.
-
Wired Data Leak (42:46–43:08):
- Real customer data leaked, including names and addresses from print magazine subscribers. “Who subscribes to print anything?” [43:22, Ralph]
-
Tinder for Nazis Hacked Live (43:48–45:11):
- Activists live-hacked and deleted an extreme right dating site at the Chaos Computer Club, all while in Pink Power Ranger cosplay (“the world’s first victimless crime”—45:41).
Devices and Threats in Real Life
- Flipper Zeros & Raspberry Pis Banned at DC Event (47:13–52:18):
- DC mayoral inauguration bans “hacker” hardware tools, raising questions about public understanding of such tools, realistic threats, and the security theater involved.
- “Everything’s going to become a Flipper Zero that they don’t understand.” [51:36, John Strand]
Surveillance, IoT, and Privacy
-
Flock Security Cameras Exploit (55:16–61:21):
- A viral exposé uncovered massive vulnerabilities in Flock car/license plate surveillance devices; zero security, default creds, grossly outdated software, yet widely used by law enforcement.
- “If one device is to make things more secure... But they have zero security on the device itself.” [57:40, Ralph]
- Discussion of poor incentives and “minimum viable” product mentality fueling IoT’s expansion at the expense of user security.
- “IoT is just an absolute smoking pile of dog crap. It’s just bad all the way across and no one cares.” [59:22, John Strand]
-
Legal Responses and Deflection:
- Flock’s PR response: dismissing criticism as “fake news” and, jokingly, perhaps calling the open cameras honeypots.
Physical Pentesting
- Pen Tester Best Practices (65:01–66:30):
- Tips for blending in: Don’t show up with tactical gear, stand-out hats, or “ninja” attire—look like someone who doesn’t want to be at work.
- Anecdote: A tester used a clipboard for a banana, not a badge cloner—“Didn’t want to cramp up.” [66:30]
Notable Quotes & Memorable Moments
| Timestamp | Speaker | Quote | |----------------|---------------|-------------------------------------------------------------------------------------------------------| | 10:39 | John Strand | “Can you honestly see an operation like this going off and they didn’t use cyber?... What about cyber?”| | 15:50 | Corey Ham | “What’s old is new again. If it works, it works. It doesn’t have to be a zero day.” | | 30:29 | John Strand | “Security often is not one of those things that power companies are allowed to make good percentages of money or profit on...”| | 37:15 | Mary Ellen | “No database should be directly exposed.” | | 40:24 | Ralph | “This was our most elaborate honeypot. We actually replicated our entire production [environment].” | | 43:22 | Ralph | “Who suggests to print anything.” | | 45:41 | Corey Ham | “Have we just discovered the world’s first victimless crime on the news show?” | | 51:36 | John Strand | “Everything’s going to become a Flipper Zero that they don’t understand. Right. And maybe they should have that level of paranoia. I don’t know.” | | 59:22 | John Strand | “IoT is just an absolute smoking pile of dog crap. It's just bad all the way across and no one cares.”|
Important Segment Timestamps
- US Venezuela Cyberattack Discussion: 10:10–26:16
- BGP Hijacking Explainer: 15:23–17:39
- Infrastructure Resilience & Failures: 24:27–30:29
- Undersea Cable Sabotage (Finland): 32:29–34:43
- MongoBleed Vulnerability: 35:48–38:06
- Honeypots & PR Spin: 39:08–41:19
- Flock Security Camera Insecurity: 55:16–61:21
- Flipper Zero Discussion: 47:13–52:18
- Physical Pentest Tips: 65:01–66:30
Episode Tone & Style
The episode is lively, irreverent, and fast-paced, blending serious technical analysis with a healthy dose of sarcasm and inside jokes. The team doesn’t take themselves too seriously—even when discussing major global events. The banter punctuates the content, making sometimes dry infrastructure topics highly accessible.
For Further Research
- Cloudflare on BGP Route Security and Monitoring
- Submarine Cable Map - TeleGeography
- Ben Jordan’s critical teardown of Flock cameras (YouTube)
- Black Hills Information Security webcast archives for in-depth technical breakdowns
Conclusion
This episode supplies a thorough but unvarnished look at recent high-stakes cyber operations, widespread infrastructure weaknesses, and the state of security across both public and private sectors. The panel’s skeptical view on attribution, enthusiasm for "old school" attacks that still work, and calls for better regulation and incentives in infrastructure security make for compelling listening—whether you missed the episode or want a refresher on the facts behind the headlines.