Risky Bulletin Between Two Nerds: An internet blackout won't stop NSA in Iran
16 snips
Mar 9, 2026 A brisk look at why cutting internet access in Iran may not stop foreign cyber operations. They compare shutdown capabilities across countries and how attackers adapt with contingency access. Cold War spying tech and Starlink contingencies get discussed. The segment weighs intelligence collection priorities versus disruptive effects during network outages.
AI Snips
Chapters
Transcript
Episode notes
Internet Shutdowns Are Default Regime Responses
- Internet shutdowns are a default authoritarian reaction to domestic unrest rather than a targeted response to specific cyberattacks.
- Tom Uren notes Iran routinely cuts internet access to stop organisation and dissent, not necessarily because of particular offensive cyber operations.
Default Tools Get You Caught When Networks Harden
- A shutdown can blunt attackers who lack contingency plans because insurgent tools often rely on common protocols and ports.
- The Grugq explains operators using defaults like SSH can be stranded if a country restricts traffic to only port 443 without prior preparation.
Prepare Ranked Contingency Plans For Shutdowns
- Plan contingencies for predictable shutdowns and prioritise essential collection targets.
- Tom Uren and The Grugq recommend prepping alternate egress and ranked mission lists so NSA-level operations still capture high-value targets during outages.