Heather Adkins
Appearances
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Governments are going and trying to hijack your accounts. They have very... front door kinds of ways that they can ask for that information. But here was a government clearly not going through the front door, clearly trying to find a workaround using hacking techniques. And that really did change everything for us.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
What we had thought were norms on the internet weren't actually norms.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Google in 2009 was still a relatively small company, and the people who worked there had worked there for quite some time, right, and built Google, and also were of this generation of people who helped build the internet. And there's a certain philosophy of openness, connectedness, personal responsibility in how the internet was created, its culture.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And that permeated through the culture at Google. And also people worked for Google in 2009 because they really believed the mission. organize all the world's information, make it universally accessible. They could see the information revolution online, how it connected people. And the idea that someone would want to violate that, I think, really spoke very strongly to Googlers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Like, this is a boundary. Why did you cross this boundary? Googlers really saw this as a shocking moment. Like, I can't believe somebody went there and did that. I can't believe a government went there and did that. And people really took that to heart.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
I will say that it switched on a kind of strange paranoia. I remember, and this could have just been the sleep deprivation, but I remember driving into work one morning, it was very early, and I saw a telco truck, a telecoms truck, in the middle of the road.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
They'd coned everything off, and they'd had the manhole cover open, and it was right next to campus, and I thought, what if they're tapping the fiber, right? There's this weird paranoia that kicks in. That I think that kind of thinking did come, you know, not rational, but I think you do start to question everything you see and all the decisions you're making.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
So we set up these honeypots in the hopes that we would learn which other corporate laptops we're going to connect in. And via there, we were able to see the other victims and triangulate who they were.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
I would say there were one or two companies where we called them up and said, you know, hey, you've got this thing. And they said, yeah, we've been having trouble with that for a while.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
It was kind of the end of the day, the end of my working day, and I'd come back to my desk and there were a bunch of engineers standing around a desk and said, Haley, look what we found. We did actually think... What we were seeing, you know, was an intern just with bad business practice.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
You know, once we'd spent a few hours taking a look at it, it was pretty obvious that what we were looking at was very different.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
I would say we did every investigative method you could think of, from forensics to interviews. If a person's machine or an account was used by the threat actor, we interviewed them. We did everything. So yes, we would have talked to interns, Googlers of all kinds.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
all of the systems administrators whose accounts you know the sre's we call them whose accounts were taken over and abused by the threat actor we talked to them i think i even made two people change their username on the systems just so that we could delineate between good guy bad guy kind of thing i would say we deployed all creative resources after the first 12 to 24 hours it was
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
pretty clear that we were dealing with a scale that was going to quickly overwhelm our small team who knew how to do this work. So very quickly we knew we needed to call in people who were doing this on a regular basis.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
When they made the call, the Googlers only had one rule. Don't wear suits. Don't show up in suits, right? If you at the time had shown up at Google in a suit, People would have thought like the FBI was here and hanging out with the security team, that's probably not a good sign. And sure enough, they did come in suits and had to buy clothes for the rest of the engagement on site.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But I think, you know, I have a really clear memory of that day when they came because we gathered, you know, a handful of us in a conference room and we briefed them on what we had seen. And, you know, it was immediate. They were like, yes. We know exactly what this is. I don't know that we've ever seen this particular threat actor before, but this looks just like Chinese APT.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
I think that that moment, it was nice to have experienced adults in the room. It felt like we had a really solid partner. So I've forgiven them for wearing suits.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
As we dug in, it became clear actually that we think it was, the whole attack was about long-term access to Gmail accounts.