Nicole Perlroth
Appearances
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
Over the past two decades, the greatest heist in history has played out on American soil, or rather, in America's digital realm.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
I'm Nicole Perlroth. I spent a decade as the lead cybersecurity reporter at the New York Times. The stories I covered day in and day out of digital espionage and sabotage were stories vital to our national and economic security, and they've flown under the radar for far too long.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
Listen to To Catch a Thief, China's Rise to Cyber Supremacy, wherever you get your podcasts.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
But this wasn't the Robert Redford, George Clooney crowd, or even anonymous 20-somethings cloaked in hoodies. The burglar behind this heist was bigger than you'd ever think.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
The Chinese Communist Party has been behind some of the 21st century's most attention-grabbing breaches. They've targeted our news sources. The New York Times reporting on a cyber attack on its own computers. Our tech giants.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
And our most treasured trade secrets.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
China's state-sponsored hackers have stolen trillions of dollars worth of research and development. And now, their focus has shifted.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
China has built and exported a surveillance state made off with countless blueprints and now infiltrated our most critical infrastructure. For anyone watching, this wasn't a surprise. It was a decades-long strategy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
If data is the new oil, then Taiwan is the Saudi Arabia of semiconductors. Taiwan's semiconductor, or TSMC, produces more than 60% of the world's chips, but it has over 90% market share where it counts. The advanced microchips that are mission critical to winning the battle for global economic supremacy, the AI arms race, and the next war.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Because next generation weapons like drones and other AI-enabled precision weapons like smart missiles and autonomous combat vehicles, they require those advanced chips. The tighter the U.S. squeezes China's access to advanced chips through blacklists and export controls, the more critical China's control of Taiwan and TSMC becomes. Here's Jim Lewis at our live panel in March.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But more than anything, experts say Taiwan is personal for Xi Jinping. It's the great unfinished business of the Chinese Communist Party. Xi seeks to resolve what Mao and every other leader since has left unfinished. But Xi is 71, a spring chicken by US political standards. But if he waits until 2049, the PRC centennial, he'll be 96.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The thinking goes, if Xi moves on Taiwan, it won't be decades from now. It will be in the next five to 10 years. What that looks like exactly, we don't know. Here's Dakota Carey, a China consultant at Sentinel-1 and the Atlantic Council.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But this wasn't the work of China or Russia or Iran for that matter. This was a group of cyber criminals looking for a quick payday. Colonial Pipeline was hit by ransomware and the attack didn't even hit the pipeline itself.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But being ready isn't the same thing as pulling the trigger. It is true that China has significantly upped its military budgets and been flexing its military might in a series of drills as recently as March and April of this year. And what the PLA itself called a stern warning
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Now, you'd have to be a fly on Xi's wall to know whether these drills are strategic deterrence, saber-rattling, or rehearsals for the real thing. For the first time ever this year, Taiwan's annual military drills identified 2027 as the potential timeline for a Chinese invasion.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Most analysts consider an invasion by 2027 unlikely. More site 2029 to 2032 is a pivotal window to resolve Taiwan. But the reason these timeframes become so important is because it means China would have to start prepping the battlefield right now. And that battlefield preparation... Experts say it would look exactly like the cyber attacks we're witnessing on America's critical systems right now.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But without any way to bill its customers and with shaky confidence in the air gap between employees' computers and its pipeline operation, Colonial preemptively shut that down too. The country's largest pipeline was out of commission for five days. And had Colonial Pipeline not paid off its extortionists or had backups they could tap into, the paralysis could have been much, much worse.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Here's John Holquist, Mandiant's chief analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Now, what's clear in hindsight is rarely clear before the fact. But looking back on Russia's twin cyber assaults against the Ukraine grid back in 2015 and 2016 is like reading the tea leaves for Putin's eventual military invasion in 2022. So should we be reading China's incursions into our own infrastructure as tea leaves for a Taiwan invasion?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Even saying that out loud risks falling down the creeping determinism trap. The economic and military risks to China of a Taiwan invasion would be massive. But China's cyber assaults on our infrastructure, and by the way, we're seeing very similar intrusions in Japan and Taiwan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
suggests at the very least that Xi is keeping his options open and ensuring that if he ever does pull the trigger, the battlefield is already tilted in his favor. Here's Andrew Scott again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The implications for the U.S. homeland. This brings me to Matt Turpin. Turpin spent his career tracking the PRC's battlefield preparations. His resume spans decades and administrations. As Xi was stepping into power in 2012, Turpin was in Honolulu, serving as the chief war planner for the U.S. Pacific Command.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
In 2013, he moved to the Pentagon, where he served as China advisor to the chairman and vice chairman of the Joint Chiefs of Staff under Obama. When Trump first came to office, Turpin became China director to the National Security Council and Commerce Departments. These days, he's a senior advisor at Palantir and visiting fellow at Stanford's Hoover Institution.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And in his view, we are already locked into a cold war with China. It's just that only one side has admitted this to ourselves. And I should warn you that when Matt Turpin talks, things get very real, very quickly.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Which brings me to the crux of our national security predicament, the one few in our country seem willing to accept, and it's this. If you manage any system that Americans depend on, be it a hospital, a water treatment plant, the grid, a port, a pipeline, air traffic control, or any of the technology that those systems rely on,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Back at the Times, we got our hands on a confidential Department of Energy assessment that found that as a country, we could have only afforded three or four more days of downtime before that attack brought the entire U.S. economy to its knees. It wasn't so much the gas or jet fuel. We had the reserves for those. It was the diesel required to run our factories.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
You are right now a prime target for a catastrophic Chinese cyber attack. You are the new front line. And the reason you have to worry about this right now is because in order to destroy or disable any of those systems, you don't just hack them the day you attack. You have to get in there well ahead of time. Here's Dale Peterson. You may remember Dale from the last episode.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
He specializes in the security of critical systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Stuxnet, if you'll recall, was a surgical U.S.-Israeli cyber strike that sabotaged Iran's nuclear program. But Stuxnet's code was only half the magic. The other half was in the years of preparation, the groundwork, learning the system, sneaking the code in on a USB stick, the pre-positioning. And that is exactly what China is doing with its living off the land attacks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Only this isn't a precision strike. It's a mass infiltration campaign targeting hundreds of critical systems, power, water. And these systems, they're far easier to infiltrate than Iran's nuclear lab. The bulk of our gas, our water pipelines were built decades ago when their primary threat was a tree root, not nation state hackers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Volt Typhoon, China's elite infrastructure hackers, have radically changed the calculus. For now, they're lurking, lying in wait. The fear is, what happens when, or if, they decide to detonate on the access they already have? The everything, everywhere, all at once cyber attack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
To state it plainly, should they so choose, the PRC has the capability to cut off our access to water, power, transportation, gas, and a shutdown might be our best case scenario. The worst case scenario, it's almost too gruesome to spell out, but we've caught flashes.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Saudi Arabia, 2017. Russian hackers got into Petro-Rabig, a major petrochemical facility, and were able to shut off the safety locks that prevent an explosion. Hackers have already demonstrated they have the ability to contaminate our drinking water by hacking into the chemical controls at water treatment facilities. Now, none of these scenarios have come to fruition.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But what these incidents and Colonial Pipeline and Stuxnet before them did show was the art of the possible. With China's strategic embedding of our critical infrastructure, they could do more than cut off access to power, water, gas. They could contaminate the drinking water, trigger explosions at pipelines and chemical factories, send planes colliding or trains careening off track.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And in the everything everywhere all at once cyber scenario, they could do it all simultaneously. We just had a very real glimpse of what happens when air traffic control goes dark over one of the busiest air spaces in the country. And that was just for 90 seconds.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The attack and the dependencies it revealed caught the nation completely off guard. And China's leaders paid careful attention.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Now imagine that wasn't an accident. Imagine it was a coordinated cyber assault, one that didn't just hit Newark, but air traffic control nationwide. What political appetite do you really think we'll have to support an island 7,000 miles away when we can't get internet, we're under a boil order, flights are grounded, or worse? I think we all know the answer, and Beijing does too.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Now, a word of caution here. Just because the CCP can pull the trigger doesn't necessarily mean that they will. It's possible they simply want us to know they can. Here's David Barbosa, my former Times colleague whose reporting put him in the CCP's crosshairs back in 2012.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And here's John Holtquist again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
psychological warfare. That's what David and John are getting at. Maybe it's not the everything everywhere scenario. Maybe it's a gun to our head. Just knowing our infrastructure is held hostage to make us think twice about defending Taiwan. Now, again, you'd have to be in Xi's inner sanctum to know the end game.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
I don't actually believe China's just going to send American passenger jets colliding, at least not until we're in the throes of World War III. That's precisely the kind of attack that, if recent history is any guide, would push Americans towards a fight, not away from it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
More likely, in my view, is a strategic blackout here, a pipeline shutdown there, an outage of air traffic control, maybe just for a few minutes or hours, maybe a day or two, just long enough to send a chilling message. Stand down or Americans will feel real pain. That's the thinking behind why Russian hackers only cut Ukraine's power for hours, not days, back in 2015 and 2016.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It was to shake their confidence, their resolve. And it didn't work there. But here, we're far more digitally dependent than Ukraine ever was. And if there's one takeaway from 2025, it's that our politics can make us an unreliable ally. China sees these cyber attacks as leverage. They watch the panic and chaos that ensued from the Colonial Pipeline ransomware attack. They also watch the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
support for Ukraine and its more recent backpedaling. It's not clear Americans have the stomach for a drawn-out fight, especially one that hits home on American soil. Here's Jen Easterly and I discussing this point just ahead of the 2024 election, when she was still leading CISA. So we've heard a lot of different theories about these living off the land attacks on our infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Dmitry Alperovitch has said he thinks it's an effort to delay military mobilization. Others have said that this is a great political lever to pull. It might make us think twice before we would support Taiwan militarily. when we know that China's inside and could shut off our gas or shut off our access to clean water.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Others say watching Ukraine and the political debates about continuing funding for Ukraine. Perhaps there would be an event where we would support Taiwan But China could basically use their access to diminish the political appetite of Americans to continue to support Taiwan if, say, they couldn't get gas for more than three days.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Some have said this is just the new era of mutually assured digital destruction. We're all in each other's business. We're all sort of holding a gun to each other's heads saying, you better think twice before you turn off access because we could turn around and do the same to you. But you're really in the nexus of this. What in your mind is their end goal?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That was Jen Easterly, who led CISA, the nation's cyber defense agency, under Biden. Cut to present day when China's PLA hackers, right now, right this instant, are inside hundreds of colonial pipeline equivalents across the country.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
As of this recording, President Trump's position on Ukraine has been anything but consistent. He initially cut off military aid and intelligence sharing, only to reverse course a couple of weeks later. More recently, he's been threatening Putin with sanctions if the missile strikes on Ukraine don't stop. But all of this could shift at any moment. Under Trump, the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
has revealed itself to be an unpredictable trading partner and military ally. Taiwan might still be able to count on the U.S. coming to its defense. But what appetite will Americans have to support an island halfway around the world when we can't get access to clean water or even just working Wi-Fi?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We've largely shifted the focus to China's attacks on our infrastructure, but lest you think the CCP has let traditional intelligence go by the wayside, let me introduce you to Volt Typhoon's colleagues, Salt Typhoon. In early October, 2024, news broke that America's biggest telecoms, AT&T, Verizon, T-Mobile, others we don't even know about yet,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
had been hacked by a Chinese group that Microsoft calls Salt Typhoon.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Salt Typhoon is now considered the most significant cyber intrusion we've had on our telecommunications systems to date. And we're still unpacking the damage. We know that they accessed the private calls of President Trump and J.D. Vance, Kamala Harris' staff, and Chuck Schumer. We know they got access to metadata, texts, and phone calls.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And perhaps most damaging of all, we know they got a counterintelligence goldmine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It's May of 2021. Jets are grounded. Up and down the eastern seaboard, lines at gas stations sneak for blocks. Panicked Americans vie to fill up garbage bags with gas.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That was Dakota Carey speaking to China's hacks of our biggest telecom providers. And the worst part is, we don't even know if they're out. In fact, we have to assume they're still inside.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Stepping back here, if China can access our most personal data, eavesdrop on our highest level officials and our most private moments, if they can manipulate our supply chains and have the power to disrupt our critical infrastructure at will, then we don't control our own destiny. By any honest definition, we're not a sovereign nation. That is where we are.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Now, here's where I'm often asked, aren't we in their systems too? Can't we do the same to them? And aren't we better? It's what I call mutually assured digital destruction. China and Russia are in our infrastructure, and we're in theirs. We know less about what the U.S. is doing overseas, but it's no secret that the U.S. is actively exploiting these systems too. Here's Dale Peterson.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Starting about seven years ago, US officials began publicly acknowledging their own digital forays abroad. It was part of a strategy that then NSA director and cyber command chief, Paul Nakasone called defend forward or persistent engagement.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But if we're really counting on mutually assured digital destruction to hold China back, we need to take a sober look at just how mutual that destruction would be. And the hard truth is that the battlefield may be tilted in China's favor. For one, we live in the glassiest of glass houses. Our digital attack surface is larger by a significant margin.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We dove head first into cloud computing, smart devices, automation, and now AI. It makes us incredibly efficient, but also deeply vulnerable. When it comes to our core infrastructure, our economy, our everyday life, we're simply more reliant on tech than they are. Secondly, most of our technology, routers, phones, chips, even the cranes running our ports, is made overseas, much of it in China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Meanwhile, China controls its supply chains and runs a closed internet, the Great Firewall, giving it far greater visibility and control. Third, the Chinese Communist Party is willing to absorb massive amounts of pain in ways that, frankly, we aren't. Think back to Mao's great leap forward. Millions died from famine, and the party didn't flinch.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That legacy still shapes the party's tolerance for suffering in pursuit of strategic goals. Here in the US, Americans can stomach a day without TikTok. Even after Congress voted to ban TikTok or force China to divest, the PRC didn't blink. We did. What happens when it's not access to TikTok, but clean water?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And finally, when it comes to offensive cyber attacks, as a democracy, we play by different rules. On that, here's Rob Joyce, NSA's former cybersecurity chief, who previously led hacking teams at NSA.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The tip of the iceberg. So what's lurking beneath the surface? Before I continue, let me say again what I said at the start. We cannot confuse the Chinese government with the Chinese people. Paranoia and xenophobia can and have pushed nations towards authoritarianism, fascism. They risk turning us into our worst enemy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Here's what most people don't realize. We are locked in a cyber battle where only one side is actually authorized to attack civilian systems. By law, the U.S. can't hack civilian targets like the Chinese power grid or its water systems unless it directly supports some PLA purpose. Here's Dakota Carey on that small but critical point.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Track one and track two diplomacy. Track one is official government on government communications. U.S. officials meeting directly with their CCP counterparts. Track two is unofficial communications between non-government actors. Jim Lewis is a regular presence in those track two dialogues.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Last year, he broached whether the PRC would be open to drawing red lines around civilian targets, like water.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So the answer was no. So long as the U.S. abides by the law of armed conflict, there will be targets that are off limits to us, but fair game to the CCP. And they know it. Which starts to make the mutual and mutually assured digital destruction ring a little hollow.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And speaking of red lines, here's Jenny Sterling in conversation at our live panel in March.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So here we are. China has tilted the digital battlefield in its favor. They're not respecting red lines. They've already crossed them. They're inside the house, inside our most critical infrastructure. And as tensions rise with Trump's trade war, the escalating rhetoric, this dangerous game of chicken, the economic entanglement that once acted as a break, is giving way.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And that, that may have been our last real deterrent. A cyber war with China isn't inevitable, but with every breach of American infrastructure, it's clear they're preparing for one. As for us, we're only expanding the attack surface, and we've barely begun to think about new modes of deterrence, not just in cyber, but across government. Here's Rob Joyce on that point at our live panel last March.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
China's grip on our infrastructure has nothing to do with everyday Chinese people, who in too many cases are themselves held hostage by the party's digital dragnets. And this isn't just a moral distinction. It's strategic. Because xenophobia isn't just repulsive, it's reckless.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Recently, we've heard various Trump officials talk about the need to pull the gloves off and punch back in cyber. Here's Alexi Bulizel, the highest ranking cyber official on Trump's team and the head of cyber at the National Security Council, speaking at RSA, the security conference back in April.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Yeah, absolutely. there is an equal and opposite reaction every cyber attack has a way of boomeranging back unlike bombs and traditional weapons we don't just drop these things and watch them blow this is code we're talking about and code can be dissected reverse engineered and ultimately turned back on its maker.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So if we're going there, then cyber defense absolutely should become our number one national priority. And that defense has to go beyond government targets because we know the CCP doctrine, unrestricted warfare on civilian systems. And we don't just know it, we're seeing it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We don't know if or when they'll pull the trigger or how far they'll go, but it's long past time we pull our heads up out of the sand. This is happening. Pretending it's not is a losing strategy. It guarantees America loses before the real battle has even begun.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
In the 15 years I've been tracking cyber threats, one thing has held true. Human nature tends to ignore the warning signs until it's too late. Even those who are running our most critical infrastructure don't want to believe that they're targets. They want to think that this doesn't apply to them or that they're immune until they're not. People don't get religion on cyber until they're breached.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And only then do they truly understand the stakes, take stock of their dependencies, and do what is necessary to limit the blast radius for the next attack. Everyone else, we're just waiting our turn. And that's where the real danger lies, because the targets we're seeing Chinese hackers infiltrate, these aren't paint and beverage companies anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It fuels violence, pulls us further up the escalation ladder, and drags us closer to a fight that, frankly, the United States is not ready for. As you'll hear, it's time to pause, prepare, and think hard about where this road leads. I'm Nicole Perleroth, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Without solid mitigation and recovery plans in place, it's not just going to be disruption. It's game over. There might be nothing left to recover. Here's Dale Peterson. And just a quick definition repeat here. Dale will refer to OT systems. It stands for operational technology.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
If IT is the business network, OT refers to the computers that control the pipeline, the grid, the actual train switches on the track.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
How we rise to that challenge is the question we all have to reckon with. I wish I could tell you it's as easy as setting up a firewall and updating your antivirus software. But unfortunately, it's a lot harder than that. I've long said that if cybersecurity was purely a technical problem, we would have solved it decades ago. But we didn't solve it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And that's because technology is only part of the solution. This is a whole-of-society problem. It's an education problem. It's an incentives problem. It's a question of resource allocation. It's a leadership problem, a culture problem. To truly solve our cybersecurity predicament requires a complete rewiring of how we think about our borders.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Americans still like to pretend we live on an island, protected by two vast oceans. But on the internet, those oceans no longer exist. Our enemies, they're mere milliseconds away. And in too many cases, they're already here.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That was Andrew Scott. And what he's talking about here is cyber resilience. Now, resilience can come across as just a buzzword or worse. If you turn your attention to what to do once intruders are inside, it might seem like you're throwing up your hands, throwing open the doors. But shifting our focus to resilience isn't giving up. It's facing the reality of the situation.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
If we can't deter them from getting in, and we can't keep them out, then how do we make sure that the worst day is not the last day? That a breach of you, of your supplier, of your local water department, power, that it's limited in scope, in duration, in impact.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
If you ask me, the most underreported issue of the past five years is not what's happening on our physical borders. It is the total collapse of our digital borders. And the fact, and it is now fact, that China's hackers are, at this very moment, Lurking inside our water, our power, our ports, our communications, our railway, our aviation networks. Sitting idle, waiting.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
A clarion call to action. Which brings me to you, dear listener. It's incumbent on each of us to think very hard about where we fit in this ecosystem, because it only takes one of us to be an entry point or a roadblock. It is true that security is only as good as its weakest link. And in too many cases, that weak link is us. Hackers aren't breaking in anymore. They're logging in.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
They're using our recycled passwords. They're exploiting our lack of multi-factor authentication. That's how hackers breach colonial pipeline and more recently change healthcare and the entire health system with it. We need to start taking cyber hygiene dead seriously. But we also need to start gaming out fallback systems that hold even when the lights go out. I'm talking about backups.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Backup control rooms, backup data rooms at alternate locations, tighter controls, air gaps. So if a hacker does get into the business systems of, say, Colonial Pipeline... they can't de facto shut down our pipelines too and take the nation down with it. Or if they do get into the pipeline, we have ways to override their commands to limit the scope and hasten the recovery. Back to Dale Peterson.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
There's a great untold story in the early days of the Ukraine war. The abbreviated version is that Russia launched an unprecedented cyber assault on Ukraine from all angles. It didn't get much attention at the time. It still doesn't, especially when the bomb started to drop.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But in those first days, Russia launched an attack on Viasat, the internet satellite broadband provider that cut off Ukraine's access to the internet. But in came Starlink, which kept Ukraine's connection to the outside world alive and really gave the country a fighting chance. Russia did launch an unprecedented denial of service attack on Ukraine's banks, on government agencies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But in stepped Amazon and Google and Cloudflare, and they were able to mitigate the onslaught. Russia did get into Ukrainian power stations, but security experts and private industry and Ukraine's cyber defense agency and our own detected the malware before it was time to detonate, and they rooted it out. That is cyber resilience.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Here's Heather Adkins, who you may remember from our first episode as a founding member of Google's security team. You cannot prevent everything.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
A big part of this is gaming out the worst case scenarios. Resiliency is taking stock of your crown jewels and all of your dependencies. It's asking yourself one simple question. What is my one thing? The one thing that if it were to be taken or degraded would be game over for you. And then it's asking, how do I wrap that asset with as much protection and redundancy as possible?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Your answer to this question will vary depending whether you're answering it as an individual or as a professional. As a mom, my one thing might be photos of my kids as babies, letters from deceased relatives. So I do what I can to prevent those from getting hacked. I use MFA. I use a password manager. But resilience is accepting that they might be stolen or that I get hit with ransomware.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So I also back them up on hard drives and keep those offline. I print those photos out. I make copies. These days, it only takes 15 seconds of a voice recording to be used in a deep-faked phone call. So, I have individual code words with my kids. If they call me in distress, my first question will be, what's the code word? As a journalist, it was very different. My one thing was my sources.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So in the most sensitive cases, I took those conversations completely offline. I met in person. I didn't drive to meetings in my car, which is now a smart device. I didn't take Uber. I didn't even bring devices. I used pen and paper and I made my notes unintelligible to anyone but me so that if or when I anyone got a hold of them, it wasn't all out compromise.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That same thinking and vigilance should guide companies. There's a line I think about a lot from Andy Grove, the former Intel CEO, only the paranoid survive. You should absolutely do everything you can to prevent the breach, but perfect security is a pipe dream. So you need to think long and hard about what happens when they do get in, because the odds are they will.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So you need to make sure the compromise of one account, one supplier, one pipeline doesn't lead to a whole nation shutdown. You have to run tabletop exercises starting from hour zero through however long it takes to get you back up and running. And you need to do this repeatedly until it becomes second nature to you, to your company, to our culture.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
I do think it's vital for each of us to be more aware, more vigilant, but I wanna be realistic here. Saying that one individual alone can gird themselves against the full might of a major world power is absurd. It's like saying that one person's decision to use a single paper straw is going to resolve climate change.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
You should absolutely be changing the default password on your home router, using MFA where you can, But that's not going to do any good if router makers keep shipping us devices with gaping holes in them, then refusing to service those devices with patches or other technical support once they reach end of life. That's on them.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And because these companies are more beholden to their shareholders than they are to the security of their customers, it's really on government to force it upon them. to mandate that they sell software and hardware that's secure right out of the box. Like automakers, if there is a defect, they should be forced to fix it and bear the cost of the recall.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
All of this is what's called secure by design. And under Jenny Sterling, this became a major priority at CISA.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
I repeat, the PRC is inside the house. Through meticulous infiltration of our most critical infrastructure, the PRC has assembled a big red button, one they can press at any moment to trigger nationwide panic and chaos. That's terrifying enough all on its own. But then you take a closer look at China's own military doctrine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Secure by design is perhaps most urgent in one particular burgeoning field, AI. Artificial intelligence is rapidly embedding itself in how we communicate, how we diagnose illness, in surveillance and national defense. It promises incredible advancements and efficiency, freeing us to focus on higher order tasks. But behind the scenes, it's unleashed a Pandora's box of complexity.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And complexity is security's greatest enemy. It allows for entirely new points of entry and an entirely new range of dependencies. Many we don't and won't understand until someone exploits them. Every time we engage Gen AI, we're not just asking a question. We're handing over the keys to our private lives, our medical histories, our business secrets, even our unspoken thoughts.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
I find the whole exercise to be a quiet, compounding surrender of trust. And soon that trust will be granted to AI agents, not just to answer our questions, but to manage business operations on our behalf. As a society, it appears we're determined to dive head first into AI, without a second thought as to how this might one day be used against us.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
On this, I want to play you an interview that Paul Tudor Jones, the hedge fund manager, recently gave to Andrew Ross Sorkin this May.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
What he just told you is that behind closed doors, the leaders of every major AI model are deeply afraid that the very systems they're building could one day be used to kill off millions. Not necessarily because AI becomes sentient and suddenly takes over everything, but because it could be used to automate what we have discussed here.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It could be used to do what hackers currently are doing manually, hacking into our critical systems like food and water at scale. And yet no one is hitting pause. Why?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Because the AI arms race, especially with China and very recently with DeepSeek, is so intense that there is simply no incentive at the national or industry level to pause and do what is necessary to mitigate against these harms in the build.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Trump already gutted Biden's AI executive order, which, among other things, required AI developers to test for potential harms before they released these tools into millions of hands. And buried in Trump's new big, beautiful bill, the one that just passed the House,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
lawmakers snuck in a clause that explicitly bans state or local governments from regulating AI on critical systems, like our elections, for 10 years. We don't even know what offensive AI is going to look like a year from now, let alone a decade. And we're tying our own hands behind our back. And that, that is truly terrifying. Because AI is still very much an infant.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
In 1999, two senior PLA colonels, Wang Xianghui and Qiao Liang, wrote a book. A manifesto, really. They called it Unrestricted Warfare. And here is a direct quote. Whether it be the intrusions of hackers, a major explosion at the World Trade Center, or a bombing attack by bin Laden, all of these greatly exceed the frequency bandwidths understood by the American military.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And like a child's earliest years, these first stages are formative. We have a critical but narrow window to get this right. But that window closes a little faster every day. AI is already outpacing Moore's Law. We're in the midst of a full-blown paradigm shift. The question now is, will we repeat the mistakes of our past, or will we do what is necessary to get this right?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The emergence last January of a little-known Chinese AI startup called DeepSeek may be an early stress test.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
When DeepSeek first dropped its AI model last January, it landed like an earthquake, not just for what it did, but for how it did it. DeepSeek was able to accomplish much of what OpenAI and Google and Anthropic and Meta could do with their AI models at a fraction of the cost and computing power. And then came the kicker.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
DeepSeek released its model as quote-unquote open source, and those quotation marks are very much intended. Here's Igor Yablokov, an AI pioneer who sold the technology to Amazon that would later form the basis of Alexa, and more recently serves as the founder and CEO of Kryon. What does it mean that DeepSeek is quote-unquote open source?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The distinction between open source and what Igor refers to as open weight is a critical one. With a truly open source approach like Wikipedia, you can click in and interrogate where all the information you're reading came from, down to who wrote the words and when. You can see which sources they reference. You can investigate those sources. You can check the work, edit, and make improvements.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
DeepSeek is not actually open source in that sense. DeepSeek is open weight. The pre-trained model weights are available for download and use, but the actual training data, the training code, are still a black box. You can't replicate it. You can only build on top of it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Sticking with the Wikipedia analogy, it'd be like going to a page and reading the content, but the footnotes and author sections are blacked out. You can add to it, you can build on it, but you can't check the work.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
So you can build on top of it, but you can't completely understand what's inside. And you can use it at a tiny fraction of the cost of OpenAI's GPT. And we're talking cost savings of 96%. In some sense, it's Huawei in a different form.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It's pricing and efficiency all but guarantee that, without some intervention, these cheaper Chinese AI models will become the de facto backbone of the next generation of technology. And that presents real risk. Now, how much risk depends on how you use it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Littered throughout their manifesto are haunting references to bin Laden and a bombing at the World Trade Center. And again, this published in 1999, two years before 9-11. But their real focus was how China could gain the upper hand against the most advanced military in the world. Their answer? Unrestricted warfare.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We don't know exactly how these risks will materialize, but DeepSeek is already seeing wide global adoption, predominantly in Asia, but we're also starting to see it adopted here. More than a thousand enterprises, including some in the Fortune 500, have integrated DeepSeek into their operations. The bans are starting. Italy moved quickly to ban it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Taiwan and South Korea have banned deep-seek from government and critical sectors like energy. Canada and India banned it from government. Here, we've banned it inside the Pentagon, the Navy. and other federal agencies like NASA. States like Texas and Tennessee are implementing their own bans. And Microsoft has now banned it for its employees and from their app store.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
No doubt others will follow suit. But again, it's still early days. We still have the ability to establish guardrails. We can and should limit how much autonomy we give these tools. And we should start now. But I also want to acknowledge that AI is more than a liability. For many of the experts I spoke with, it's also a beacon of hope.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Here's Nate Fick, our inaugural cyber ambassador who served under Biden.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
What Nate's saying is yes, AI is already being used to hunt for vulnerable systems, to generate zero days and break in. But the same capabilities that can bind flaws can also fix them. all those bugs we introduced in our rush to move fast and break things, AI can do what our puny human mind seemingly cannot. Build secure code from inception.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And theoretically, it could even be used to go back and refactor faulty code at scale. All those sitting duck routers out there, the ones that reached end of life, the ones Chinese hackers are using right now to burrow into our infrastructure, AI could theoretically be used to hunt them, lock them down, and kick hackers out. Not yet, but that application is not far off.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And maybe most exciting of all, right now, AI tools exist that can spot the tiniest blips, the faintest signal, like a Volt typhoon hacker pinging a system every 90 days just to check they still have access. AI could help slash those dwell times from years and months down to days, maybe even down to minutes and seconds. Here's John Holquist.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Essentially, their premise is that China should widen the battlefield, go beyond direct military confrontation with the United States, and take the fight directly to civilians. By hacking into our civilian infrastructure, and they specifically name the U.S. power grid, our banking systems, transportation and telecommunication systems, the PRC could not only physically incapacitate the U.S.,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Exactly how we let this shake out could determine whether AI revolutionizes our cyber defense or undermines it. In the early days of software creation in the internet, we never paused to imagine how all this digital connectivity could be used for information mayhem and mass destruction. Now, we don't have to imagine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And here's where I believe it's time for us to stop admiring the problem and actually move towards solutions. Because cybersecurity is national security. None of this will be easy. Addressing our cyber vulnerability is complex, arguably too complex to enumerate in a podcast. And if you really want my full thoughts here, I suggest you read the final 25-page chapter of my book.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
This is how they tell me the world ends. Solving our digital predicament will involve hard compromises to our economy, to the way we do business, to our way of life. It will involve identifying and defending our weakest links, the so-called target-rich cyber-poor among us, the local water treatment facility that may not have the money or the people to meet this challenge today.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We've seen progress. Think back to Nick Lawler in Littleton, Massachusetts. His attack was detected and rooted out by the very same agency, CISA, that's undergoing massive cuts right now. The worst thing we could do is go backwards. We have levers to pull. We have clear, established ways to shore up our security, our resilience. Doing nothing is leading us down a dangerous path.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We can demand our government representatives do more to mandate and support basic security requirements. And we can and should do this in a bipartisan way. It doesn't have to mean red tape and fines. We could offer tax credits to those that meet security standards and show that they're improving their attack surface over time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We can and should mandate that the products we rely on are secure right out of the box and that our suppliers, whether they sell HR software or HVAC systems, meet these standards too. And very soon, if not already, we can deploy AI to do what we humans are too lazy or too overwhelmed to do on our own.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
We have new tools to pick up and isolate attacks in ways that simply weren't possible as recently as last year. We should find ways to democratize the use of those tools. Because at the end of the day, we exist in an ecosystem. You could be a multi-billion dollar enterprise with all the security bells and whistles.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
But what good is that going to do you when your municipal water supply goes dry or worse? We're all in this together. And while it may feel impossible now, we can and should pursue new levers of diplomacy. We have to climb our way out of this 25-year deterrence hole we're in with China. Here's David Burbo said our live panel back in March.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
but weaken our will to fight. And they could do all of this without firing a single bullet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
In this period of rising tensions, we should absolutely expect more hacking, more IP theft, more targeting of critical infrastructure from China. But this current approach to China, it's not the solution. In many ways, it's too late. Listen, we let China take some of our most valuable assets. our IP. We looked away as companies went bankrupt, factories shut down, entire towns were hollowed out.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
I believe that economic devastation helped sow the resentment that is shaping much of our current politics. But what no one ever talks about is the hacking. In an ideal world, my view is we would have exacted tariffs on China 15 years ago, stiff tariffs, or even outright bans on any Chinese product that relied on our own stolen IP.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And ideally, we would have done this together with our allies to make sure that these Chinese copycats didn't eat up our global market share and wipe out our companies and factories. And then, and again, this is Nicole's ideal world here, we would have all ratcheted up those tariffs and upped the pain each and every time we caught Chinese hackers rifling through our critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Instead, we let them do all of this for free. But what we're doing now, this impulsive trade war we're in, where we carve out exemptions for some but not others, implement one tariff rate one day, another the next, it's not deterrence. Deterrence requires coherent policy and universal enforcement. And we can't do it on our own. We need allies in this fight.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And in case you've been living under a rock lately, we're losing our allies, left and right. Just this month, May, the Democracy Perception Index released a survey of 96 countries. For the first time ever, the vast majority, nearly 80%, said they held a more favorable view of China than the United States. And that, that might be the most glaring red warning light of all.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Because a country is more than its borders. It's a story. And once the world stops believing in the story of America, it's not just our alliances we lose. It's our leverage, our legitimacy, and eventually, our ability to solve the problems that will define the next era. These are the critical assignments of our time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Many will say they're impossible, but we've summoned the best of our scientific community, government, industry, and everyday people to overcome existential challenges before. There's no reason why we can't do it again. So my plea to you is this. Identify where you can put your own finger on the scale and press down hard.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
It's all too easy to tune this out, to think it couldn't be further from you, that some cyber guy somewhere has it all taken care of, but that couldn't be further from the truth. Solving this takes all of us, Even if your job couldn't feel further from the digital realm. Even if you're thinking to yourself, but I'm just a pipeline operator. I run a small town power company.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Ready or not, you're on the new front line. Welcome. Welcome to the battle of our lifetime.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam DeBauer, and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Taiwan. For listeners coming in blind, what we've been seeing with these cyber attacks has really brought Taiwan to the fore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
That was Jim Lewis, who specializes in and has been directly engaged in talks with the CCP on Chinese cyber threats. And like he noted, the CCP has long, shall we say, tolerated Taiwan's de facto autonomy so long as it didn't push for formal independence. But that shifted when Xi Jinping came to power in 2012. He took a much harder line on Taiwan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Xi steps up the rhetoric dramatically. He starts calling China's quote-unquote reunification with Taiwan inevitable. Pretty quickly, he makes clear that Taiwan is the final puzzle piece in his grand vision for what the Chinese Communist Party calls the great rejuvenation of the Chinese nation. And that great rejuvenation, it's not just rhetorical flourish. It has a deadline, 2049.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
2049 marks the 100th anniversary of the founding of the People's Republic of China. The CCP sees it as China's comeuppance. If they consider the century leading up to 1949 as their century of humiliation, as they call it, then the party sees the period between 1949 and 2049 as the century that rightly restores China to its place as a global superpower.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Colonial Pipeline, the 5,500-mile artery that carries America's lifeblood, gas, diesel, jet fuel, from Texas up to New Jersey, had been shut down. A cyber attack took the company's IT systems out of commission, jolting all operations to a sudden halt. People panicked. If someone, say China, wanted to wreak chaos and havoc on the United States, this was how to do it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And in Xi's grand vision, anything less than total reunification with Taiwan would render China's great rejuvenation incomplete. It's Xi's version of manifest destiny. And it's not just symbolic. It's a strategic imperative. In the party's eyes, Taiwan is more than just a renegade province. It's a U.S. outpost, a threat to China's territorial integrity.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
Geographically, Taiwan sits at the heart of the first island chain, a natural barrier to China's naval dominance in the Pacific.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The islands form the first major geographic barrier between mainland China and the Pacific. The US and our allies see it as a containment line. China sees it as a strategic chokehold. And at the center, just 100 miles off the coast of mainland China, sits Taiwan, a linchpin, geographically, militarily, and symbolically. Because lest we forget China's all-consuming five poisons,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
The party worries that the longer it puts off Taiwan's so-called reunification, the more Taiwan drifts away and inspires the party's other poisons, the Tibetans, the Uyghurs, the Falun Gong and pro-democracy activists, to pursue their own autonomy. And from that perspective, Taiwan's independence is more than just a geographic impediment. It's an existential threat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 9: The New Frontline
And then there's the not insignificant issue of the chips.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
because I feel that I failed and that media failed and business failed and in some ways government failed to really connect the dots for the people on this particular threat. We never went back to Nortel, for instance, when it went bankrupt. And when they wrote all these bankruptcy stories, no one ever mentioned, well, actually, the company was hacked by China several years ago.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So the answer was no, we're not going to draw any red lines.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Before I get to Bipple, I want to ask you, Rob, I think there is this idea that we have entered into a new era of mutually assured digital destruction, where we're all holding guns to each other's heads and saying, you better not hit us because we can just shoot right back at you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think you'd have to be a fly on Vladimir Putin's wall to find out why he hasn't done more in the way of attacks on our infrastructure because of our support for Ukraine. Or maybe our defenses were just that good that we were able to deflect them. And I know you can't speak to the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
capabilities, but what do you say about the deterrence of what we think might be this era of mutually assured digital destruction? And what are sort of the misunderstandings maybe about what our capabilities are in China?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Huawei owns all that IP. They've been subsidizing it, rolling it into global markets, and now Nortel is gone. And we never did that with solar companies. We never did it with turbine makers. We never did it with electric vehicles now. China is now the biggest manufacturer of electric vehicles. It's no longer Tesla as of 2023. We never did it with electric vehicle batteries.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Hi, everyone. Well, welcome to a special live episode of To Catch a Thief. And just to set the stage for the people who are not in this room, we are sitting here at the New York Stock Exchange today, surrounded by an audience of CTOs, CIOs, CISOs, these are the people who control the flow of information inside and outside some of our most vibrant American corporations and beyond.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
One thing that you learn when you talk to these folks is just how creative the Chinese have been at exploiting some of our civil liberties, our Fourth Amendment. You know, I think people don't realize, and I got a kind of front row seat to this on Jen's advisory committee at CISA, people don't realize that the U.S. is really blinded in some ways by
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
on cyber defense because we don't live in domestic traffic. We are not watching in real time what traffic comes in and out of our water treatment facilities. We really count on either our intelligence agencies or the FBI alerting these entities that they've been compromised or the entity discovering they've been compromised and telling the US government.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And so in many ways, we're kind of flying blind in a way that some of our adversaries aren't. And prevention, we need to do all of the things that you would need to do to prevent these attacks. No one knows that more than the people in this room, right? But we also need to start assuming that at some point they're going to get in.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And once they're in, how do we make sure that they don't get our crown jewels or they don't shut down the flow of gas and jet fuel and diesel to the eastern seaboard of the United States of America?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You know, how do we build those cushions of resilience inside the enterprise, inside our infrastructure, is really where the conversation needs to start going, especially based on the targeting that we are learning about. So, Bipul, this question is for you. What are those cushions of resilience?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
We never did it with home routers. Now it's Chinese companies that own the U.S. home router market, as Rob actually testified to Congress the other day. These are routers that have been used. in attacks on American critical infrastructure. In fact, just today I went on Amazon and looked up a TP-Link home router.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Jen, we talked a lot at CISA about target-rich, cyber-poor environments, that this is really where they're coming for, and it's the water. If you want to elaborate on some of those targets, that would be helpful. Right now, and this is probably a difficult question, but right now we're seeing a lot of cuts at the Cybersecurity Infrastructure Security Agency.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You hired more than 2,000 people to that agency. I am acutely aware of the cyber workforce shortage that we have and how hard it is to hire really good people into cyber defense for government. And these are people who have plenty of other options working in the private sector, getting great stock, working at Rubrik, working at Microsoft, working at Google.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Talk us through just your thoughts having just left in January on some of what's happening at CISA and across federal agencies.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It is Amazon's number one overall pick, and they own something like 60% market share of U.S. home routers. And these home routers have been used to funnel attacks into America's critical infrastructure. It's not a hypothetical threat, it's a real threat. And all of this has been going on kind of right under our noses, but we've never really connected the dots.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So really the magic of this episode, of tonight, of where we are, is that sitting next to me are the people who are the dots, and we are about to connect them. On my left here is my former colleague, David Barbosa, who will always be a colleague in my heart. David was the Shanghai bureau chief for the New York Times. He is the reason that we were actually hacked at the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
One thing that came up a bunch in these interviews is that Xi Jinping was watching very carefully what happened with Putin's invasion to Ukraine. And Jen, you said Ukraine's defense is the deterrence on Taiwan. So I'll put this to you first, David, and then maybe you, Jim.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
But first to you, David, since you're the only one who's spent significant time living inside China, what do you think Xi is thinking? What are his takeaways right now watching this administration's current approach to Ukraine?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
His coverage was that good. It earned him a Pulitzer, but it also earned him the wrath of the CCP. And I wrote that story for The New York Times. We actually have our former CTO, Rajiv, in the audience today. So we remember that very well. And I remember when the hack first happened, we thought they were there to maybe shut us down.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
But very quickly, it became clear, nope, they were there for David, and more specifically, David's sources. These days, David is the co-founder of The Wire China, which is doing some fantastic data journalism and news journalism, traditional journalism on China. So it's an honor to have you here today. To his left is Rob Joyce. Until very recently, Rob Joyce was head of cybersecurity at NSA.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
He served at the agency for something like 34 years, right? and had a very storied career there, including leading the Tailored Access Operations Unit at NSA, which is the agency that conducts hacking on behalf of our foreign intelligence collection program. So he knows better than anyone what the Chinese capabilities are.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It actually reminds me, I wrote it down. There's a great quote about this by Ren Zhengfei, the founder of Huawei, who said, a country that doesn't have its own routers and switches is like a country that doesn't have its own military.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
To his left is Jem Easterly, who, until very recently, was the director of CISA, the nation's cyber defense agency. And before that, was actually head of global security at Morgan Stanley. And before that, also had a storied career at NSA, which included standing up Cyber Command. And it's an honor to have her here today. To her left was my favorite phone call at The New York Times, Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
TikTok has been the big shiny object. And I forgot to issue a PSA to everyone to delete TikTok from their phones immediately before this panel. But TikTok has been the big shiny object. Obviously, routers are a huge problem. And actually, you also added, Rob, that on their new, whatever the next gen Wi-Fi router technology is, they actually have 80% market share, TP-Link does.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So that really drives home this issue. Like I said, I went on Amazon today and looked up home router. The number one overall Amazon pick is a TP-Link home router. But you can replicate that across the cranes at our seaports, drones. It's a Chinese company that owns majority market share in drones, including those used by US law enforcement in some cases. Go ahead, Jen.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I'd love to ask you and Rob about the promise of AI, and you too, Jen, to finally do these things that we have failed at as humans, developing secure code, going back and maybe retroactively, Jen, you mentioned this to me the other day, refactoring code that is vulnerable. Rob, you said the only hopeful thing that I heard at RSA last year was out of your mouth.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I called him every time there was a cybersecurity disaster brewing. Jim, until very recently also, was senior vice president at the Center for Strategic and International Studies in Washington, which tells you nothing about Jim. What you need to know about Jim is that Jim has been privy to, partaken in, supported almost every back channel negotiation that the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You said using AI tooling, you could bring down the dwell times on these critical infrastructure Chinese hacks from months, years in some cases, down to weeks and days. So maybe in our last four minutes here, we can take the conversation in a more positive direction.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I know that the threats are going to be significant from AI and we'll get there, but talk to me about what the potential benefits are of AI. Let's start with you, Jen.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
has had with China on the cyber threat. And then to his left is Bipol Sinha, the CEO and co-founder of Rubrik, which is leading the charge on cyber resiliency in this country and making sure that our worst day, the day you get hacked, is not your last day. So it's an honor to be here with all of you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I'd be remiss in having a panel on China that mentions AI without asking some of you about DeepSeq. So DeepSeq, we don't know whether there was any stolen IP. We don't know whether there was an evasion of export controls. But they've called it open source. It's not really open source. It's open weight.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
We're already seeing applications and new businesses built on DeepSeek because of its cost efficiencies and much the same way we saw Huawei spread very quickly because of its cost efficiencies. I'll probably throw it to you, Rob. What is the risk of DeepSeek?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
These are the people who have been targeted by Instrumentl in tracking and engaging the Chinese cyber espionage threat. Without further ado, let's get started. I'm going to ask the first question to my friend David here, which I want to address right away the elephant in the room.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It was a little strange to see how much cheerleading there was in Silicon Valley for this from Andreessen Horowitz and others. David, I'm going to leave my last question to you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
When we look back on when these Volt Typhoon, these so-called Volt Typhoon attacks, I know Jen and I are big fans of these names, but this is essentially the Chinese group responsible for a lot of these infrastructure attacks. When you look at really when they start picking up in cadence, It was around 2020 when Trump started calling COVID the China virus.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And you and I have talked about how much the CCP cares about image control and how so much of their actions and cyber espionage and activities against dissidents, et cetera, is because they are so concerned and to Jim's earlier point, paranoid about image control. We are seeing a huge escalation in rhetoric right now. What do you think we can expect right now going forward in this administration?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think the elephant in the room is this, you know, covering this threat at the New York Times and doing a whole podcast series about Chinese cyber espionage. You are walking a very tight rope because this is a very real threat, but you also don't want to stoke the kinds of disgusting xenophobia that we saw during COVID. And it is a tough rope to walk.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Yes, please.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And that is a good place to end. I think we're going to wrap it up and let everyone get some alcohol and then discussion. But thank you so much for being here. Thank you very much to our panelists who've come from long and far. And thank you for having such a far-reaching discussion. And just thank you for all that you all do. So that's it.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think you have covered these threats. You've been a target of these threats. And now you are basically covering China full time through the wire. So help explain, how do you walk this tightrope? And how do you help for the novices to this subject, help them conceptualize this difference between the Chinese Communist Party and the Chinese people?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And it's an honor to be here with you today. And before I get to introducing the very special people I have on stage, just a few words about this podcast. Why did we do this on Chinese cyber espionage?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Speaking of the threat, I'm going to toss this one to you, Rob. You have, I think, what is one of the best quotes on how to conceptualize the threat. You just heard it all in the podcast trailer, and it's this. So you said that basically Russia is the hurricane, China is climate change. Tell us what you mean by that.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
This would have been a project that would have been unheard of 15 years ago, back when McAfee was picking up the pieces of some of the big Chinese cyber espionage campaigns like Night Dragon and Shady Rat. They were not even allowed to say the word China as part of their attribution. It was a very sensitive thing at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Jen, talk to us about what you saw or how you saw this threat morphing at CISA. You know, you oversaw CISA during a period we saw an unrelenting Chinese assault on our federal cloud systems, on our telecommunication networks, and on our critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Here we are 15 years later, and we have a whole podcast series about Chinese cyber espionage. The reason I felt that it was critical we do this on Chinese cyber espionage is because this is the threat that in some ways I lived and breathed at the New York Times, but it's the threat that has been gnawing at me ever since I left the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I think the only real public glimpse that we have of what this threat could look like that you just outlined is colonial pipeline. And we all sort of remember people inexplicably showing up at gas stations with giant plastic bags
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
to fill up with fuel and one of the things that hit me was there was a doe assessment at the time that found that as a country the united states could have only afforded three or four more days of colonial pipeline being down and it wasn't so much the gas or the jet fuel we had the reserves it was the diesel required to run our factories so three more days and that was one target
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I hadn't even heard of Colonial Pipeline until this ransomware attack happened. That was one target by a bumbling group of ransomware criminals. And what Jen is describing is think about a coordinated attack on not Colonial Pipeline, but five or seven Colonial Pipelines, and then add in water and... the grid, et cetera. And when you think about it that way, it's not a hypothetical anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
That's what hit me in the course of this podcast project. It's a very real threat based on where we're seeing this targeting. You think about it that way, you think about the psychological impact that that would create for the United States to summon the appetite to go support an island's independence 7,000 miles away.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And then you start to think about how this is really a way to really win a war without firing a single bullet. And when you start to look at these attacks like this, you start to see just how powerful these cyber attacks could be. So the one that always hits home for me is water.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And Jim, you've been in, I think, recent negotiations or conversations with the Chinese on would they agree to draw any red lines around certain targets like water? How have those conversations gone?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
It had traced their movements to more than 100 breaches in the U.S. They had their online handles. They had their physical address.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
When Mandia read China's denial in my story, he decided, screw it. Let's show them the proof. He handed me and my Times colleague David Singer a 74-page report detailing the group's official military designation, their tactics, techniques, victimology, its members, who had names like Ugly Gorilla, and critically, its whereabouts. We sent our Shanghai bureau chief, David Barbosa, to investigate.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And sure enough, next to restaurants, massage parlors, and a wine importer, he found a 12-story nondescript white building surrounded by Chinese soldiers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Once we were sure we could corroborate Mandiant's report, we published everything we had. I turned on CNN.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Even Kevin Mandia was shocked to see its impact.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Nobody was connecting the dots back to Chinese hacking. Nortel didn't just disappear. Huawei stole it. China subsidized it. And they made it so cheap, it wiped Nortel off the map. Now, that's not to say that Chinese companies aren't innovative. It's just that they were playing by different rules. The hacking, the outright theft, gave them a huge leg up.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That story wasn't just news. It empowered the U.S. government to go after the PLA unit. Meet John Carlin, who worked at the Justice Department under the Obama administration.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
While I was busy writing about Chinese cyber attacks, it was Carlin's job to figure out what to do about it. Part of the challenge was that until we outed our own hack and the PLA unit responsible, most everything the US government had on Chinese hackers was classified.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But John's team couldn't just call out the Chinese Communist Party by name.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
One year after we outed the PLA unit 61398, John's team was cleared to prosecute. A grand jury in Pennsylvania indicted five of the unit's members and named their victims. Among them, Solar World, U.S. Steel, which struggled in recent years to compete against low-priced subsidized steel from China, Westinghouse Electrico, the world's biggest supplier of nuclear reactors, and
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Allegheny Technologies, Alcoa, and the United Steel Workers Union.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Our reporting from The Times, combined with Mandiant's APT1 report, meant Carlin's hands were untied. In his mind, the prosecution hadn't come a moment too soon. It was about more than justice for the victimized American companies. This was about establishing global norms of acceptable behavior.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And all that leapfrogging came with a heavy price tag for American companies, American workers, really the American people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
When I first had started covering Chinese cyber attacks, I'd always ask the experts, well, who did it? What they said in those early days, though, surprised me. They'd say, Nicole, attribution doesn't matter. I always read that as, we don't want to piss off China for business reasons.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That was partly true, but the other truth was that we were getting hit so hard and so often that the first priority wasn't the who, but the how to make it stop.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But in the wake of our revelations at the Times, Mandy and CPT One report, John Carlin's indictments, that began to shift.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But Unit 61398 was just one group. Inside the NSA, analysts were tracking an entire Chinese hacking apparatus. Here's Steve Stone again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The intelligence community was tracking some 20 discrete Chinese hacking units. Roughly half were PLA military or Navy units dedicated either to specific industries like microchips, semiconductors, satellite technology, or specific geographies. that were just assigned to hack targets in Australia, for instance. These were military personnel clocking in for their daily hacking to-do list.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But then there was the other half of the groups the NSA was watching. These were looser satellite networks of contractors. They worked at the behest of China's spy agency, the Ministry of State Security, but not necessarily in the building. These were moonlighters tasked with episodic state missions, privately employed engineers who got paid by the state to hack on the side.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And unlike the PLA's hackers, who could be quite sloppy, these soldiers of fortune were good. They had legitimate skills. They were known for their stealth. Here's Paul Moser, who covered China's expanding surveillance state for the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Steve Stone watched in real time as China's hacking unit started handing off missions to the experts. Here's Steve.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That was Dave DeWalt, who had a front-row seat to these developments as CEO of McAfee and later FireEye. Anyone tracking Chinese cyber theft over this period could have told you that this was all entirely predictable. But even as the hacking reached absurd levels, America's leaders in business and government were still hesitant to sound the public alarm.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This is what US intelligence came to understand. There were two pools of Chinese hackers, the day jobbers, military enlisted personnel, and the gunslingers. Imagine if Stanford's top computer science professors and Silicon Valley engineers, even executives, hacked for the NSA on their off hours as a side hustle or because they had no choice.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This allowed China to tap its best and brightest for its sensitive missions. And it also gave the CCP plausible deniability. Should they get caught, the CCP could always say, it's not us. It's these hackers. We can't even control ourselves.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I'd later learn from the Snowden leaks that China actually ran some of its cyber attacks through popular Chinese tech companies like 163.com, China's version of Yahoo, and Sina, the company that runs China's Twitter equivalent, Sina Weibo. At one point, the GCHQ...
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
which is essentially the UK's NSA equivalent, discovered that 163.com's mail servers were secretly operated by a Chinese government domain, and that that same Chinese government domain served as a backup server for Sina Weibo. In practical terms, that means that the Chinese government had direct access to any and all traffic, including private messages run through Sina or 163.com.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This would be like discovering that Facebook or Twitter's backend infrastructure was actually run by the NSA. When you hear that, you start to understand why there might be some national security concerns about TikTok. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Fears of upsetting the world's largest market still ruled the day. That's where a certain government shorthand came in.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I'm Nicole Perleroth, and this is To Catch a Thief. I learned the meaning of advanced persistent threat back when I was at the New York Times. I was reporting out a wild story about how Chinese hackers had broken into one oil company. They tried to break in all the usual ways, mainly through phishing emails.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But when that didn't work, they searched for the company's employees on Facebook and discovered several of them had liked the same Chinese takeout restaurant. So what did they do? They hijacked the restaurant's PDF takeout menu. When the oil company employees went to order some General Tso's chicken, they got a helping of Chinese malware instead.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Once they were in, getting these Chinese hackers out of your systems, finding and closing every back door was a huge challenge. In one case, the U.S. Chamber of Commerce, basically the country's biggest business lobby, discovered they'd been breached by Chinese hackers. They brought in the FBI and private security firms and believed they'd cleaned house.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But then months later, one of their printers inexplicably started printing out reams of documents in Mandarin. Separately, some of their lobbyists started complaining that the thermostats in their corporate apartments in D.C. were acting funny. Upon closer inspection, both the printer and these thermostats were still communicating with IP addresses in China months later.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This was the level of persistence we were dealing with. Back to Dave DeWalt.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The world's top telecom player, Huawei.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
These days, DeWalt runs his own cybersecurity investment firm, Night Dragon. And yes, he named his firm after the Chinese hacking campaign. Some of these thefts still haunt him.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Within a few decades, the Chinese economy went from agrarian backwater to manufacturing middleman to world-class innovator in its own right. American companies had been the pioneers, the innovators, but somewhere along the way, we got beat at our own game. And in too many cases, it was with our own stolen IP. Throughout the 2010s, examples surfaced everywhere.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The Comac C-19 came to market in 2008. It took another 10 years for the U.S. Justice Department to detail in an indictment how Comac narrowed the technological gap between what it could build and what its Western competitors could do. Before 2008, Comac relied on companies like Airbus, GE, Honeywell, Belgium's Safran for major components.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But China was determined to help Comac, which is short for Commercial Aircraft Corporation of China. stand on its own two feet. Chinese spies bribed employees at these Western suppliers to hand over trade secrets. And some of them did. A few are now in jail. But what China's spies couldn't get from human sources, they stole in a brazen series of cyber attacks against Honeywell,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Capstone Turbine, GE, and Safran. CrowdStrike and a report of its own concluded that those hacks helped Comac trim, quote, several years and potentially billions of dollars off its development time. And that was all for just one airplane.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Back when DeWalt was CEO of McAfee and then FireEye, he handed the Obama administration a list of American companies he believed were getting raided hand over fist. Over the next few years, as the government debated what to do, how far they were willing to go to make China stop, whole companies, entire towns were eviscerated by Chinese IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
20 miles west of Portland sits Hillsborough, Oregon, a town locals refer to as Silicon Forest because a number of big tech companies have factories here. Intel, Salesforce, and until recently, SolarWorld, a German solar company, housed the largest solar cell manufacturing facility in North America here. At its peak, SolarWorld hired more than a thousand locals.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The company was among the first in the world to manufacture a next-gen solar cell that was highly coveted for its efficiency, and flexibility. These solar cells allowed panels to work in lower light conditions and in extreme heat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That competitive edge put Solar World and Chinese hackers crosshairs. The CCP first highlighted solar energy on its five-year plan in 1981. And solar has made every five-year plan ever since. In 2012, SolarWorld discovered Chinese hackers had broken into its network and passed its crown jewels over to Chinese state-owned enterprises.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Soon, those companies, aided by Chinese subsidies, were dumping cheaper copies of SolarWorld's panels into US markets. Solar World fought back, both in court and in the corridors of Washington, where they lobbied for tariffs on Chinese panels. But it wasn't enough. By 2017, Solar World laid off more than 800 of its Hillsborough factory workers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The factory shuffled hands through a series of takeovers and ultimately closed up shop in 2021.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Even the drones flown by U.S. law enforcement are no longer American.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
These shutterings were happening to hundreds of companies and towns across America. Some, like Solar World, tried to fight back. Here's Steve Stone. He worked with a turbine maker that discovered its Chinese competitor had copied its hardware and software. down to mistakes in the original source code.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
It's worth noting that four of the world's top five turbine makers are now Chinese companies. Meanwhile, Western competitors like Capstone Turbine filed for bankruptcy in 2023, citing decreased demand. Factories closing, towns hollowed out, and yet so many Chinese cyberattacks flew under the radar.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
mainly because victims were so reticent to step forward, scared what the disclosures would mean for their reputation, for their stock price, for class action lawsuits. That's why our own disclosure of the Chinese breach of the New York Times was such a game changer.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
China's DJI owns the sky. As for electric vehicles, it's not Tesla anymore. As of 2023, it's China's BYD.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Just before I hit publish on that story, I'd done what any serious journalist does. I'd called the Chinese consulate, walked them through everything I had, and gave them the chance to comment or refute the story. What I got was a full-throated denial. To accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I included that denial word for word in the story. China's denial, especially the part about no solid proof, didn't sit well with Kevin Mandiant. For years, he tracked the group behind our hack, a group Mandiant called APT1. Officially, the group was a Shanghai-based unit of the People's Liberation Army, Unit 61398. Mandiant knew the group better than most.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And it was a masterpiece. Until the day it got out. How it got out, we still don't know exactly. But sometime in 2010, Stuxnet fled the coop, escaped Natanz, zoomed around the world, and infected hundreds of thousands of machines, including right here in the U.S. at companies like Chevron.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Now, it didn't do these systems any harm. Our saving grace was that Stuxnet's code was clearly designed with lawyers standing over developers' shoulders. The worm had been carefully calibrated to exact destruction only on the centrifuges at Natanz, and nowhere else.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But once it was discovered, dissected, reverse engineered, Stuxnet showed the world, perhaps no one more so than our adversaries, the endless opportunities to use code for mayhem and destruction. And it set new rules for the game. You could now jump into another nation's most critical infrastructure, their nuclear labs. And so long as you did it with code, you'd probably get away with it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Littleton is about the last place you'd expect would be a target for advanced nation-state hackers. It's a small farming community about a 45-minute drive west of Boston.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Here's Ralph Langner speaking at TED in 2011. Ralph was among the first to dissect Stuxnet and to publicly point the finger at its makers, the U.S. and Israel. And he was the first to warn the world that this weapon we had just unleashed could come boomeranging back on us.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
As Ralph spoke those words, Iran was already preparing its retribution. One year later, Tehran's hackers came for Saudi Aramco, a key source of US oil. And though they tried, they never did make the jump from Aramco's IT network into its pipelines. Tehran's hackers were still light years behind those of the US and Israel, but they still managed to decimate 30,000 Aramco computers on their way out.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And just in case their motive wasn't clear here, they made a point to replace all that data with one unmistakable image, a burning American flag.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But the Aramco attack still felt a world away when, one month later, Chinese hackers hit Telvent. This wasn't Tehran. This was Beijing. And initially, at least, there was no reason to think its hackers were doing anything beyond the usual IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Automation had been listed high up on the CCP's latest five-year plan, and that would have put Telvent's industrial automation software firmly in CCP crosshairs. But Dale suspected there was more to the story.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
That last bit bears repeating. If I can compromise this one system, I can compromise all these others. Telvent wasn't the end goal. It was the gateway. If someone wanted to map out America's pipeline network, shut us down, or, God forbid, trigger simultaneous explosions across America, Telvent was precisely the company to hack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
When I wrote out my television investigation for The Times in early 2013, I laid this all out. But I left the motive as a question mark. Was this more Chinese industrial espionage? Or was this the first sign of the unimaginable? Twitter didn't like that very much. Many accused me of fear-mongering.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
The idea China would want to hack our pipelines for anything other than IP theft was simply beyond our imagination. The U.S. and China were so economically entangled, the idea that PRC would do anything to paralyze us was inconceivable. They'd only be shooting themselves in the foot. Or so the thinking went at the time. Now, with hindsight being 2020,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
I would have worded that article more strongly. And if I hadn't been getting dunked in breaches every day, I might have been able to pull my face out of the water, taken a deep breath, heard the warnings, and seen the Telvent attack for what it really was.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
That was Obama sounding the alarm in his 2013 State of the Union. And here's former Defense Secretary Leon Panetta sounding an even more dire warning right around the time Tillvent was installing its attack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Panetta's cyber Pearl Harbor speech was also derided as hyperbolic at the time. But in retrospect, that stark vision he described of hackers seizing our critical switches, contaminating our water supply, it was clairvoyant. It would take another nine years for U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
intelligence officials to declassify their findings that, yes, the Telvin attack, along with a dozen other Chinese incursions into America's pipelines over that same window, attacks that never even crossed my radar, were the beginnings of a strategic Chinese pivot.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Over the next decade, Chinese hackers started coming for American targets with little to no intelligence value at all. But their value for sabotage? Enormous.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
It wasn't just oil and gas pipelines. Over the next decade, they started breaking into major logistics hubs like Houston Seaport, the critical artery for American oil, gas, and petrochemicals. They broke into U.S. airports and railway systems. They broke into the Texas power grid. And we don't even have to imagine what a shutdown of that looks like.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
They started showing up in utilities that oversee power and water across the nation. Some of these were obvious targets, others not, like that one in Littleton, Massachusetts, and hundreds just like it. Now, it's worth pausing here. It's important to take a macro view of what China was doing over the very same time period its hackers were popping up in our infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
The Belt and Road Initiative. In 2013, China announced Belt and Road, a trillion-dollar-plus investment in building out major infrastructure projects all around the globe with a focus on the developing world. We're talking billions of dollars of Chinese investment into foreign railways,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Highways and bridges.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Yeah, right. He was going to hand over his personal email and click on a link from some dude claiming to be from the FBI.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But a couple of years into Belt and Road, China quietly announced a new initiative under the same umbrella, the Digital Silk Road.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Officially, Digital Silk Road was to help usher developing nations into the internet age. But by providing them with cheap fiber optics cables, networks, routers, and switches, it also guaranteed the PRC permanent footing in the world's digital backbone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Chinese companies like Huawei and ZTE sold these companies on the promise of total digital optimization at sweet subsidized bargain basement prices.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
They'd frequently quote 20, 30, even 40% cheaper pricing than Western competitors like Cisco and Ericsson. This all but guaranteed global adoption.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Has Huawei stolen trade secrets from Cisco?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And they're still stealing, right? I mean, to the tune of $600 billion a year, Gordon. Well, it's hundreds of billions of dollars a year.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And that pricing made it mighty easy to ignore Washington's admonitions about potential security risks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
U.S. officials have been especially quick to note that Huawei's founder, Ren Zhengfei, started his career as an engineer in the Chinese military, the PLA. Ren's PLA background consumed Huawei's entire culture, even its vernacular. Sales guys were known as guerrillas. Ren called his engineers soldiers. Their managers, generals. Altogether, Huawei's employees were Ren's, quote, iron army.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Even their salaries? Rations. And in Huawei's earliest days, Ren had a saying. A country without its own program-controlled switches is like one without an army. As Ren himself alluded, what companies like Huawei, and it wasn't just Huawei, but ZTE and others, what they were doing, building out the world's digital backbone, it gave China the keys to global data flows.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And those keys didn't just give China the ability to intercept data. It theoretically gave them the ability to hit a kill switch at any time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Huawei reportedly has even more access to information possibly about you than previously thought. Intel sources say that they've known for years that Huawei builds covert access for the Chinese government into its mobile hardware, software and systems known in the cyber world as back doors.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Now, we should note that US officials have never offered any proof that the PRC has used Huawei or ZTE systems for espionage or sabotage. And Huawei has emphatically denied it has ever or would ever give the Chinese government any information or freely hand its equipment over for all-out cyberwar.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But it's very much worth noting that in 2017, China passed a suite of intelligence laws requiring, quote, "...any organization or citizen shall support, assist, and cooperate with state intelligence work." In effect, Chinese companies are required by law to give the PRC access to these systems or turn over data at any time. No warrant, no oversight, no due process.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But with Snowden as a backdrop over the same time period, the U.S. didn't exactly have moral standing to be warning other countries about foreign surveillance and backdoors. In fact, in 2014, my former Times colleague David Sanger and I reported that at one point, the NSA had actually broken into Huawei and used it as a conduit for its own spy ops.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
all of which made Washington's warnings even easier to ignore. And just as the U.S. has failed to convince the 170 million Americans to stop using TikTok, their admonitions on Huawei have been to meager effect.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
By 2020, Huawei wasn't just selling phones and routers anymore. They were selling the entire stack. 5G networks, data centers, satellite systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
They were building out smart cities.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And then safe cities complete with AI enabled surveillance cameras, facial recognition technology, crowd monitoring, behavioral analytics.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And all of it came with Chinese hardware, firmware, and software that could be remotely accessed or frequently maintained with updates from China. Software was eating the world. China was baking its digital sensors and software into cities. Bridges, traffic systems, waste collection, water treatment, hospitals, homes, cars.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And nobody paused to think about how all this digitization might come back to eat us. Now, here's where I should tell you that I am among those who thought US warnings about Huawei were totally over the top. If there were actual instances of Chinese spies intercepting data through Huawei or ZTE, my personal feeling here is that the US intelligence community should present them.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Same goes for TikTok. Listen, I'm sensitive to the need to protect sources and methods here. But if the Chinese government is using TikTok to spy on Americans or somehow tweaking the algorithms to spoon feed CCP propaganda to Gen Z, the U.S. government should declassify that because we know their finger wagging doesn't work.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And the reason we know it doesn't work is because all you have to do is travel to any major European city these days, and you will see Huawei all over the place. In downtown Kiev, in downtown Copenhagen, they are running hundreds of smart city pilots around the globe.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Huawei's equipment is baked into 5G networks in Germany and even cell towers in rural America, many of them uncomfortably close to our most sensitive missile sites in places like Wyoming, Nebraska, and Montana.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Now, last year, Germany said it would start excluding Huawei and ZTE from its 5G networks. But ripping these systems out isn't easy. Under Biden, Congress allocated billions of dollars to rip and replace these Huawei systems from rural America. And that wasn't nearly enough.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Volt Typhoon. Volt Typhoon is industry code for Chinese state-sponsored hackers, but not just any hackers. These guys were elite specialists tasked with one insidious mission, embedding themselves in our critical infrastructure. The agents told him these specialists were inside his utility at that very moment and that it wasn't alone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And again, I maintain what I still believe is a healthy skepticism about U.S. concerns on Huawei and other Chinese suppliers throughout the 2010s. But all of that went out the window when, in 2020, Chinese hackers started coming for U.S. infrastructure with unnerving frequency.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
What started with these Chinese hacks of US pipeline operations and their software suppliers became an all-out assault on US critical infrastructure. By 2020, Volt Typhoon was turning up across the country. And the fact that anyone picked these up at all was a tiny miracle. These weren't smash and grab hacks. Far from it. They weren't even hacking in anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
They were logging in, in low and slow attacks, blending in like any other employee. They didn't use malware. They didn't siphon much out. They were careful to delete their tracks. Their primary goal appears to have been to get in, stay in, and ensure they had the ability to come back any time. Experts have a name for this style of attack. They call it living off the land.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
They're here, lying quiet. The only question now is what's the trigger and what happens when they pull it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
That's next on To Catch a Thief. Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth, and Rebecca Chasson.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Additional thanks to Hannah Pedersen, Sam DeBauer, and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Some 200 other critical entities across the nation were hit too.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
This is truly an everything, everywhere, all at once scenario.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Like, what are you talking about?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
By the time the two men from FBI and CISA, the cyber defense agency, arrived at Nick's office that Monday in 2023, Volt Typhoon had been in Littleton's networks for 10 months. But beyond Littleton, they'd been burrowing into American infrastructure, ports, airports, railways, water, pipelines, the power grid, for years.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
This is real. What was the response or range of responses?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
I'm Nicole Perleroth, and this is To Catch a Thief. Imagine you're the general manager for a local utility. Your company handles power and drinking water for a population of about 15,000. It has for more than a century. Even at this relatively small scale, there are still miles of pipes and untold numbers of valves to maintain and keep an eye on.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
For Nick, the implications of this kind of infiltration are clear.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
The first inkling that the PRC might be pivoting into U.S. infrastructure had surfaced well over a decade ago, buried in the noise of 2012. Late that year, a Canadian company you've never heard of, in an industry that's as dry as they come, discovered it had been hacked, badly, by China. This wasn't huge news. At the time, I was busy unspooling our own attack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And remember, this was a period when every company with any data of interest was getting hacked by the CCP. And at first glance, this case looked no different. The victim was the Canadian division of a company called Telvent.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Telvent's, quote, industrial automation software gives companies the ability to keep tabs on their oil and water pipelines and power lines from afar. Using Telvent software, engineers can detect a pipeline leak 100 miles offshore or a faulty circuit breaker in the grid.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
A water utility worker could use Telvent software to detect a burst pipe or potentially any unhealthy fluctuations in chemicals, like fluoride. If you've ever heard techies talk about software eating the world, this is what they mean.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
We have been baking software into everything from our gas and water systems to your Domino's pizza order, with nary a care for how all this digital convenience and connectivity might one day be used against us. I'd never heard of Telvent until I got a call from a guy named Dale Peterson. Dale spent his early career doing cryptography at NSA.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
These days, he's one of the world's leading consultants in industrial control security, an especially terrifying subset of the cybersecurity industry that examines the myriad ways hackers can break into our pipelines, water systems, chemical plants, and, well, you get the picture. If there's an incident brewing at a utility or a pipeline, chances are Dale knows about it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Dale has a cryptographer's calm, careful way about him. He's not easily spooked. But when he rang me in late 2012, he sounded noticeably shaken.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Key to what Dale just said are two words, remote connections. Telvent software didn't just monitor critical infrastructure. It had direct remote access. And now that access belonged to Beijing, too. As Dale spoke, I googled Telvent, and there, in big bright letters on its website, was the following stat. Telvent software connected into more than half of the pipelines in North America.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Now, it's critical to place ourselves here. This was 2012. Russia wouldn't hack Ukraine's grid for another three years. At that point, it was still hard to fathom why China's hackers would even want direct access to our water and gas pipelines. We had yet to see any serious cyber attack on critical infrastructure anywhere in the world, with one notable exception.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Like utilities across the country, you've enlisted the help of technology, software, to keep the power on and the water flowing smoothly. And save for hurricanes and the occasional downed power line, it has. And then, one Friday afternoon, you get a call. It's the FBI. They tell you, you've been compromised. This is not a hypothetical. Meet Nick Lawler.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
To this day, Stuxnet remains the most sophisticated cyber attack on record. For the uninitiated, Stuxnet was a joint U.S.-Israeli effort to sabotage Iran's nuclear program with code. and it worked spectacularly for a time. It was a computer worm that someone, we still don't know who exactly, injected into the computers at Ron's Natanz nuclear plant with a thumb drive.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
And what that thumb drive unleashed was a string of zero days that enabled the worm to jump the air gap from engineers' computers on the IT side into the actual operations network, where the worm buried itself inside Natan's nuclear enrichment operations, and specifically the computers that control Iran's uranium centrifuges.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Those centrifuges, they form the beating heart of Iran's nuclear aspirations. Because to get weapons-grade uranium, you need to enrich uranium to a very high concentration of the isotope. And that, that requires spinning thousands of centrifuges at unthinkable speeds. We're talking more than 100,000 revolutions a minute.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
But the rotors that spin these centrifuges, they're incredibly fragile and can be quite fickle. They break all the time, and they're controlled by these specialized computers that monitor and dictate their speed. And in 2009, those very computers were now controlled by code, working at the command of two of the world's most advanced intelligence agencies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Stuxnet got to work spinning centrifuge rotors up. Then it would sit back for a few weeks and do nothing. Then it would slow the rotors way down. Sleep, speed up. Sleep, slow down. Sleep, repeat. And all the while, there was this Ocean's Eleven quality to the whole operation. If any of Natan's engineers happened to be watching their computer screens, everything appeared to be spinning just fine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
When right under their noses, Stuxnet was actively destroying a fifth of Iran's uranium supply and pushing Tehran's nuclear ambitions back years, all carefully choreographed to look like a natural accident. Inside Natan's, technicians couldn't make sense of it. The centrifuges were breaking down, but careful inspection turned up nothing unusual.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Suspecting subterfuge, Natan's officials started turning on each other. Several of the technicians were fired, and those remaining were told to physically guard the centrifuges with their lives. And all the while, their computers told them everything was just fine. The first inkling nuclear inspectors had that something was off here came in January 2010.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 7: Everything Everywhere All At Once
Security camera footage outside Natan's centrifuge rooms showed frantic technicians in white lab coats and blue plastic shoe coverings carting out centrifuge after centrifuge. By public accounts, 2,000 of their 8,700 centrifuges were taken out. It was, in many ways, the digital Manhattan Project. Only in reverse. Because this, this was a counter-nuclear proliferation effort.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Scholars say the CCP also felt justified in stealing Western technology as reimbursement for what China calls its century of humiliation when European powers occupied China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
A few analysts got so frustrated that they left the agency to start a private company called Area One. Their company worked with everyday, unwitting Americans whose servers had been compromised by China, servers the Chinese were now using to stage these attacks. At least from the private sector, these analysts could trace the attacks and, when possible, block them at the source.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
What Americans consider unethical thievery, the CCP views as reparations.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The theft was so blatant, at times it almost felt like they were daring their Western counterparts to do something about it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The McDonnell-Douglas story was hardly unique. This level of thievery had become systematic under China's joint venture requirements. Meet John Bedbrook.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the late 1990s, DuPont's primary business was corn. Corn genetics, really. DuPont had figured out a way to make super varietals of the crop that could withstand drought, disease, fungi, pests, and ultimately increase farmers' yield. And DuPont was determined to bring that same know-how to rice. China was the obvious place to start.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Here's what you need to know. China holds 20% of the world's population, but only 10% of its arable land. Food security, really the means to efficiently grow staples like rice, is the top national priority. That partly explains why China was an early pioneer in hybrid rice, where you crossbreed two distinct rice strains to produce a super-efficient varietal.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But China's cultural revolution devastated that progress. Mao villainized China's scientists and skilled ag workers. Most were forced to abandon their work. Many were sent to rural labor camps. Research institutes were shuttered or repurposed for political indoctrination. This is how those millions died from famine. By the time John first set foot in China, he was shocked at the state of things.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Germplasm is just plant DNA. DuPont specialized in corn and soy breeding. If it could bring its proprietary germplasm to China's hybrid rice market, that was a multi-billion dollar opportunity. But remember, DuPont couldn't just come set up shop in China. China forced them into a joint venture.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
It wasn't just DuPont's billions of dollars worth of proprietary know-how. They brought DNA vectors and seedlings. They trained up dozens of Chinese engineers in their implantation process. For three years, everything went swimmingly. Until the day it didn't.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
John couldn't make sense of it. In effect, China was shutting them down. He never got an explanation, and it wasn't for lack of trying. He knew several higher-ups in China's ag world from his student days in Cambridge, and he chased every last one of them down.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Did they give you any color at all about why the permits weren't getting approved anymore?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
And what was it like to just sort of lock up the place and walk away. What's that feeling like when you invest three years of your life into this breakthrough project? It just completely stalls one day, and then you just have to lock up the place and abandon asset.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
container ships of rice were left to rot. Those Chinese engineers DuPont trained, they quietly left, taking all DuPont's IP, its methods, all their training with them. China kept everything.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
On the day I visited the Cates, Area 1's sensor lit up. It showed real-time connections to America's biggest brand names and fastest-growing Silicon Valley startups. As a condition of witnessing the inflow and outflows from this one server, I have agreed not to name specific victims.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Some of those very same Chinese engineers started up their own labs, some right down the street. They thrived. Meanwhile, DuPont went to US authorities, who said there was really nothing they could do. And executives didn't have the stomach to press the issue further. DuPont was still managing other joint ventures in China. Word from on high was, best not to rock the boat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
And now?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
You may be wondering why American companies like DuPont and McDonnell Douglas were willing to turn a blind eye here, or why American administrations didn't do more to push back. Entire business lines and billions of dollars worth of R&D were getting swept. Spies were literally rolling into private facilities in the dead of night and stealing everything. The answer, of course, is money.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
There was simply too much to be made in China. Short term, no American business was willing to say or do anything that might turn off the spigot. Even if long term, it risked hollowing out entire industries.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But I watched firsthand as Chinese hackers leapfrogged from the Kate server to a major American airline, a Silicon Valley food delivery startup, a major Manhattan law firm, and some of our most elite university research labs.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
This was a big gamble. American companies bet that so long as they continue to out-innovate the Chinese, they could mitigate their losses. Inside government, U.S. administration after administration mistakenly believed that China's economic liberalization would inevitably bring about a political liberalization as well.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That China would adopt international norms of behavior, cut out the spying, and end the theft of IP. Enter the internet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
At a certain point in the early 2000s, the five-year plans became a roadmap for China's state-sponsored hackers. Here's Dmitry Alperovitch, who started tracking these thefts in their infancy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
For years, the theft was blatant, unapologetic. Subtlety was not high on the list of priorities. At the Times, I got my hands on a U.S. national intelligence estimate, a classified report that represents a consensus of all 18 U.S. intelligence agencies. Their 2009 report ranked countries by their cyber prowess. In terms of skills, the assessment found that Russian hackers were the best.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Chinese hackers were deemed pretty basic. But still, the assessment determined China represented the gravest cyber threat to the United States. Not so much for their skills, but for the sheer volume of their attacks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
It was nauseating watching the CCP cart off America's crown jewels, billions worth of R&D, cutting-edge research, source code, all of it moving through the Kate's dusty server here in Wisconsin, back to China. And on the off chance one of China's targets flagged some strange traffic coming from a Wisconsin welding shop, Well, who would suspect the Kates?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Jim Lewis can draw a direct line from Chinese IP theft to the rise of what is now a Chinese powerhouse.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the early aughts, Nortel's fiber optics equipment was the world's envy. 70% of the world's internet traffic ran through Nortel. For Beijing, that made it more than just an economic rival. That made it a national security threat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Missing from these obituaries was the fact that Nortel's IP had been raided by Chinese hackers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The details of Nortel's hack are now well known. Nortel's IT team discovered Chinese hackers inside their systems back in 2004. When they alerted executives, there just wasn't much urgency to do what it would take to kick them out and keep them out, beyond changing up a few passwords.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Ultimately, Nortel's investigators said they watched China cart off thousands of critical product schematics, sensitive emails, key business strategies. Five years later, Nortel started getting massively underbid on a series of contracts by their Chinese competitor, Huawei. Nortel is now long gone. Huawei is now the world's biggest telecom.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
If, like me, you're asking yourself, why would China go to such great lengths to steal white paint? It actually came up in a number of interviews, like this one with Matt Turpin, a senior China advisor under both Obama and Trump 1.0.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The CCP deployed that Huawei model against thousands of Western companies. China would announce its next five-year plan and almost immediately threat researchers like Dimitri would watch Chinese hackers race to crack every company in listed industries.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The Kate server, and thousands like it across America, from welding shops to Texas saddleries, was precisely where the NSA couldn't look. As for China, well, that made it the perfect cover.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the game of spycraft, it's still perfectly acceptable to break into government agencies, even defense contractors. But what the Chinese were doing, breaking in, siphoning off billions, trillions of U.S. trade secrets, that broke all the rules. I'm Nicole Perleroth, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Kevin Mandia. In the early 2000s, his team of incident responders at Mandiant started getting more and more calls from businesses. Hundreds, then thousands of them, frantically calling for Mandiant's help in rooting Chinese hackers out of their systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Drive past the dairy farms, cornfields, and horse pastures, and you'll eventually arrive at Kate Machine and Welding in Belleville, Wisconsin. Population, 2,500. For more than 50 years, the Cates have welded fertilizer tanks, jet fighter parts, cheese molds, even a farmer's broken glasses. They thought they'd seen it all, until the day a few strangers knocked on their door in 2015.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Theft of IP. That was a game changer. Chinese hackers weren't there for state secrets. They were there for commercial gain.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Evan Medeiros, former China director at the National Security Council and Obama's lead China advisor. He makes a critical distinction. Spies spy. That's what they do. What they don't do, at least not in a free market economy, is pick winners. Say the NSA was in position to get the latest in ad tech. Who would they pass it to? DuPont or Monsanto?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Or say the Chinese made a significant AI breakthrough. Who would the NSA pass that to? Microsoft or Google? That's just not how a free market works. But in China's socialist market economy, China's military and spy agencies could pass those trade secrets onto whichever Chinese enterprise stood to benefit most. And that is exactly what they did over and over and over again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But I'm getting ahead of myself. So, Jim, why don't you introduce us to Deng Xiaoping?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Jim Lewis, who spent decades immersed in the issue of Chinese cyber espionage. Now, here's Evan Medeiros again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The men knocking on the Cate store had spent their early careers at the National Security Agency. The NSA. At NSA, they'd watched as Chinese hackers brazenly made off with American trade and defense secrets, pulling them back to servers in China. But increasingly, the Chinese were moving their operations to the one place the NSA couldn't look.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Under Mao, China was something of a hermit kingdom, cut off from global markets unlike its neighbors in Japan and other emerging Asian economies. Mao's mismanagement had left China reeling from a widespread famine that, by some estimates, killed as many as 14 million. When Deng came in in 1978, China's economy and technology lagged decades behind the West. Back to Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
For the party to retain power, Deng knew he would have to prioritize economic growth. It's what scholars call performance legitimacy. If people are suffering, they'll demand change. But if their economic prospects are good, they'll have fewer reasons to challenge the status quo. So, Deng set about a period of reform and opening.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But rather than go full capitalist, he opted for a socialist market economy, essentially central state planning with free market perks. China's state-owned enterprises were restructured, and companies were allowed to operate based on free market principles. Here's Evan Medeiros again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Deng welcomed Western investment. with a few caveats. Westerners rushed at the chance to take advantage of China's low-cost labor and crack open a consumer market more than a billion strong. But first, movers like Coca-Cola and General Motors couldn't just set up shop in China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Beijing forced foreign companies to enter into something called a joint venture with their Chinese counterparts and capped their ownership at 49%. This gave Chinese companies access to Western technology and the chance to learn from foreign expertise. For American, European, and Japanese companies, this basically entailed forced technology transfer.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Many deluded themselves into thinking they could manage the loss of IP for the reward of partaking in China's growing market. Deng's reforms resulted in China's economic miracle. Tiny fishing villages like Shenzhen transformed into global manufacturing powerhouses.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The United States, where they started setting up shop in vulnerable servers, like this one, in this dusty back office at the Cates Welding Shop. The NSA can't look at domestic traffic, at least not without a court order. And as the Chinese began staging their attacks from American servers, the NSA started going blind.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
China's economy grew nearly 10% every year after Deng took over, lifting millions of Chinese out of poverty. What was once a poor agrarian society became the world's largest trading partner, and today, the world's second largest economy. But China wasn't content to be the world's manufacturing closet. The CCP's leaders were determined to see to it that China become an innovator in its own right.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Indigenous innovation became a national priority. They announced a series of initiatives like Made in China 2025, a national policy to transform China from a manufacturer of cheap, low-quality goods to a leading innovator in critical industries like next-generation technology, clean energy, robotics, AI.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Every five years, the party dictated a new list of economic priorities in their five-year plan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Corporate thievery has always offended our Western sensibilities, but China sees things differently. China's leadership not only rationalized IP theft, it became a national priority.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Why should Chinese companies spend decades and billions on R&D when they could just as easily steal it from foreigners for free? Here's John Holtquist, Mandiant's chief intelligence analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Our own researchers in Beijing had been arrested before. Nearly a decade earlier, a Chinese Times researcher was arrested after the paper published a story about the imminent retirement of a senior party leader. The information hadn't even come from the researcher, but he was sentenced to three years in prison regardless.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
What David was now doing, reporting out the secret wealth of China's prime minister, is as dangerous as it gets. China's whole regime is predicated on a kind of grand bargain. So long as Chinese citizens see their lives materially improving, they're willing to stomach a certain level of authoritarianism from their leaders. But corruption, that can throw a wrench in the whole arrangement.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Corruption, or even just the appearance of it, was the thing China's leaders feared most, arguably even more than the five poisons. Corruption was the surest way to unravel the party's social contract with its people. And what David was reporting, not just corporate corruption, but corruption at the highest levels of Chinese governance, that was a powder keg.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Precisely the kind of story that could sow societal unrest. The kind of story the party would do anything to bury.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But over that same time period, David starts requesting documents from the Chinese government. Documents about Wen's family members and their stakes in several private Chinese companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
David starts shoving sensitive documents in safes. He shreds any he doesn't need. Over the next few weeks and months, he carts suitcases chock full of documents. from Shanghai to New York, then Tokyo, until he approaches something close to a final draft. I was going to ask, what's going to happen at the airport if anyone opens the suitcase?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
That September, unbeknownst to David, the hacking begins. But his anxieties were elsewhere.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Finally, David makes it to the home stretch. He starts making calls. He calls the family members of China's prime minister and their business associates to walk them through everything he has.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Once those editors are confident the reporting's ironclad, they greenlight publication. But before the article goes live, David makes one final call to the powers that be.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
What was the most memorable part of that final conversation?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
At this point, Chinese hackers were deep inside the Times. Back in San Francisco, I'd been tracking them, all for what I'd hoped would be a story detailing their assault on the paper. But my bosses were emphatic. I couldn't publish anything until we'd found and sealed up every last Chinese backdoor. And I was still under strict orders not to tell anyone what I was working on.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
They worried any internal chatter would tip off our Chinese interlopers. While I stayed in this holding pattern, David published his story on October 25, 2012. The CCP immediately blocked mainland access to The Times and shut down our new Chinese-language site.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Google pulled its search engine from China, handing billions in revenue to Google's main Chinese competitor, Baidu. The result was a profound chilling effect. The lesson other Chinese hacking victims took from this was keep quiet. Don't offend the gatekeepers to the world's largest market. It would be years before another company came forward.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was only after David's story published that the two of us finally spoke. I'd assumed someone else at the Times had let him in on the fact that Chinese hackers were crawling through his emails. Nope. I remember dialing you thinking, how am I going to do this? Because if their insight is email, they're most certainly recording this phone call. So I remember calling you. Yes.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And I remember saying, David, hi, this is Nicole Perleroth. We haven't met yet. I'm the cybersecurity reporter in San Francisco. I think you know why I'm calling. And do you remember what you said? No.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
You said, I have no idea why you're calling. No one had actually bothered to tell you or perhaps were too afraid to tell you over phone or email that Chinese state-sponsored hackers were inside our computer systems, inside your inbox at that very moment, reading all of your emails and that they had been into our systems for several months.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Google's is the breach that just gets worse the more you learn. This wasn't just some Chinese hackers gone rogue. Months after Google went public, Wikileaks dumped a U.S. embassy cable that described just how high up the chain of command this went. Google's hack had been orchestrated by a senior member of China's Politburo, the equivalent of a U.S. cabinet member.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Wow. But back to that fall of 2012 at The Times, it took four months to kick the PLA out of our systems. We knew we couldn't hit publish on my story until we'd kicked out our hackers for good. By January of 2013, we were ready to move forward, but some on the masthead were getting cold feet. With my story written, edited, and ready to go, I was summoned to a call.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
One editor asked, why exactly are we publishing this story again? Another worried what our competitors at the Wall Street Journal and the Washington Post would say. These questions went above my pay grade, but I told them, I don't think they're going to say very much. because there is a very high likelihood that they've been breached too. I told them about the two types of companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
I explained that everyone was hiding these breaches. And I made the case that, as a news organization, we had a unique obligation to come forward. That argument seemed to win the day. And to the Times' eternal credit, they decided to publish. After that, there was just one last call to make to China's government spokesman. It was critical to give them a chance to respond.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
The party came back with a full-throated denial, but they'd added a dig. Quote, to accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless. That one would come back to bite them later. We hit publish.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Almost immediately, those competitors we were worried about, they came forward too. The Washington Post.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Suddenly, it was like you weren't even a legitimate news organization if you hadn't been hacked by China. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Once the New York Times came out, the floodgates opened. That two types of companies refrain?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It suddenly felt a lot more real. But China's surveillance apparatus, the one it honed on Uyghurs, the Five Poisons, the dissidents, journalists, it was only the means to achieving an end. Control, obedience, that was only step one. What the party long sought was economic supremacy. to move China from the world's manufacturing closet to an innovator in its own right, a superpower.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
To pull off that pivot, that would require the crown jewels of capitalism, intellectual property. And lest we forget, Aurora went far beyond emails.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Apparently, he Googled himself, found the results to be unacceptably unflattering, and ordered a hit on the company. According to this cable, quote, government operatives, public security experts, and internet outlaws recruited by the Chinese government took it from there.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Intellectual property theft. stealing research, trade secrets. Sit with that for a second. These aren't market competitors we're talking about. This is a world power, a nation state coming for private American companies. Because why spend decades and billions of dollars on your own R&D when you can just hack it? That's next on To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Gebauer, and Amy Machado.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Editing and sound design by Morgan Foose and Carter Wogan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But there's still one element of the breach that Google and US officials were cagey about, still are. And it wouldn't surface for years after the attack. Three years after Google outed its own breach, Microsoft offered a starkly different postmortem. Google's hackers hadn't just gotten access to Chinese activists and dissidents' Gmails, they'd gotten access to a counterintelligence goldmine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
I'm Nicole Perleroth, and this is To Catch a Thief. You may recall that last episode, Heather Atkins, who ran point on Google's breach, mentioned that governments have, quote, front door kinds of ways to access its users' Gmail accounts.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
If they've got evidence that a Gmail user is engaged in a crime or some kind of national security threat, say they have reason to believe a Gmail user is actually a Chinese spy, they'll serve Google with court orders demanding it give the government access to their Gmail account. Well, according to Microsoft, the Aurora hackers got access to the very system the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
government used to lawfully intercept Gmail accounts. This is important, and it will come up again when we get to a very recent Chinese espionage campaign. But for now, what you need to know is this. China has a keen interest in knowing who the U.S. government is targeting with these lawful intercept requests. They'd especially want to know if any Chinese agents' covers had been blown.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And they could get that intelligence one of three ways. Option one, they could recruit an informant at the FBI or a U.S. intelligence agency. Difficult, but not impossible. Option two, they could hack these agencies. Equally difficult, perhaps. Or option three, they could hack into Google and watch the Watchers. And that, according to Microsoft, is precisely what Aurora's hackers did.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
None of this was mentioned in Google's blog post, by the way, and Google's leaders have never spoken publicly about it. Still, the fact Google went public at all was momentous. But in the silence that followed, the hacks only escalated. That group behind Google's hack would go on to breach thousands more victims. But sometimes these breaches were too big or too serious to keep quiet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
One year after Google, the very same hackers came for the security world's keys to the kingdom. They hacked a company called RSA and stole the keys to their core security product, RSA's multi-factor authentication devices, the ones used by millions of employees at companies all over the world to log into their corporate networks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
With RSA's keys in hand, China's hackers were able to leapfrog from RSA into its customer networks at high-value targets like Lockheed Martin. That same group? They're still hacking today, by the way. In 2023, they came for Microsoft. Using a similar MO, they leapt from Microsoft into its customers' email accounts. But this time, it wasn't dissidents' emails they were after.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was the emails of senior officials, including the U.S. Ambassador to China, Nick Burns, and Commerce Secretary Gina Raimondo. They downloaded 60,000 emails from the State Department alone. All told, they read through emails belonging to more than 500 people at 22 different organizations, all through this one hack of Microsoft. But back to 2010.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Aside from Google, few victims ever stepped forward. Hacking was treated as a crime of shame. As a reporter at the New York Times, trying to get these companies to go on the record was a fool's errand. Nobody would talk. That is, until they came for us. In the fall of 2012, I got a tip that there were hackers inside the Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Outside of our security team, almost no one at the paper was aware of the hack. I was told, tell no one. Our security team had made the oh shit call. They brought in Mandiant. Their analysts traced the malware back to a familiar foe, a group Mandiant internally called APT1. It was a particularly brazen unit of the Chinese military based in Shanghai called Unit 61398.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Our immediate concern was sabotage. This was just two months ahead of the 2012 presidential elections. Our security team was worried this might be an attempt to mess with our coverage. I embedded with our security engineers and watched the hacker we affectionately came to call the PLA summer intern. Every day, they'd roll into our networks at 9 a.m. Shanghai time and roll out around 5.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
They'd phished us. And then they'd started moving laterally, making their way through 53 of my colleagues' computers. Out of an abundance of caution, our IT team confiscated every one of those machines. Confused colleagues would show up to work and find post-it notes where their computers had once been. These notes just said, We have your computer. Signed, IT. Without further explanation.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It's January of 2010. Google has just come forward. They publish a blog post announcing they've, quote, detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China. The uproar is immediate. But rather than trigger an avalanche of disclosures, things went the other way.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Tracking these hackers, I got a sense for Heather's paranoia. There were some nights I'd return home to my empty apartment and wonder if these Chinese hackers had followed me home. When my cable box started making strange sounds, I convinced myself hackers were inside. But based on hackers' queries and other digital crumbs, these hackers weren't there for me.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And they weren't there to shut us down. At least not yet. They were after our sources. And the sources for one reporter in particular.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
The very same month I got the first tip about the Chinese hackers in our systems, David had been putting the finishing touches on a massive, years-long investigation about the secret wealth of Chinese leaders and their families. Clearly, the party was on to David's reporting, and they were after his sources. But the irony was that his investigation wasn't based on a deep throat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was based on reams of documents, hiding in plain sight.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
David was able to trace the flow of funds through a maze of shell companies to Wen Xiaobao's relatives. Inside China, this was precisely the kind of story that puts a reporter, their family, and their research assistants in danger.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
As David was finalizing his reporting, the Chinese Communist Party was changing hands. In 2012, the party named a new general secretary, Xi Jinping. Less than six months later, Xi would become president. Xi had fought his way through the party ranks with impeccable discretion. That meant no one could say for certain what type of leader he would be.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But very soon, it became clear that Xi was determined to consolidate power. Xi was haunted by the collapse of the Soviet Union. He referenced it in speech after speech and blamed the collapse on Gorbachev's democratic reforms and political liberalization. For Xi, the lesson was this. For a party so large to stay in power, it would have to demand total obedience and control.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Under Xi, the CCP started clamping down on foreign press. In speeches, party leaders took to calling Western reporters, quote, hostile foreign forces. Reporters started getting roughed up, even detained, for covering something as seemingly innocuous as a Chinese film festival.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
As for that paranoia Jim is talking about, China has long been consumed by its so-called Five Poisons. The whole concept of the Five Poisons grew out of ancient Chinese medicine. They were snakes, centipedes, scorpions, frogs, and spiders. In modern China, the Communist Party has its own version of the Five Poisons. It's the five groups the Party perceives as existential threats to its control.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Uyghurs, the Tibetans, the Falun Gong, the pro-democracy movement, and the Taiwanese. But it's that first group, the Muslim minority known as Uyghurs, that's been subjected to surveillance so over the top, it's been likened to a virtual prison.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That was Paul Moser. Paul spent more than a decade inside China covering their expanding surveillance state for the New York Times. In June of 2009, just a few months before Chinese hackers broke into Google, there was one episode that kicked the party's paranoia into high gear. The Shaoguan incident.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
America has been losing its crown jewels, its intellectual property, to China. Chinese hackers made off with the blueprints to our passenger planes, our prized fighter jets, our turbines, the secrets behind our genetically modified seeds, even the formula for the White House paint. They're long gone. Americans have barely begun to reckon with all that was lost.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The party mobilized the military to Xinjiang. They cut off internet access and they blocked phone calls to the outside. But that was just the beginning. Over the next decade, the CCP turned Xinjiang into a dystopian surveillance lab.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That level of surveillance didn't stop in Xinjiang. Over the next several years, it began to creep into larger China and beyond.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Here, danger and the greatest wealth transfer in history. And your mind goes to heist of the old school variety. Masked thieves making off with diamonds or bags of cash. But this, this was burglary on a global scale.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But these days, China doesn't just want our trade secrets. They want influence. And they're pursuing it in the most disturbing of ways. By hacking our critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That was Jim Lewis again. What Google was now witnessing, hackers inside its systems, that was the first glimpse that China was exporting its surveillance overseas.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That front door Heather's talking about, well, governments, including our own, routinely go to email providers and phone companies with secret court orders demanding access to customers they suspect of engaging in crime or terror threats. Years later, we'd find out Chinese hackers snuck in that front door too, but we'll come back to that.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
One thing to know is that two years before Google set up shop in China, China's CCP minders had gone to its competitor, Yahoo, and demanded Yahoo hand over access to a Chinese journalist's email account. Yahoo had complied, and the journalist paid dearly for it. That journalist was now serving out a 10-year prison sentence. Google went into China with that journalist's experience firmly in mind.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The company intentionally withheld Gmail from Chinese users for fear the party would demand access to its users' private conversations. But now, what Heather's team was witnessing at Google was just that. The Chinese government was clearly willing to go to great lengths to track its own people, no matter where they lived. China was rewriting the rules.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Governments would still come knocking on the front door with national security letters and data requests. But now Google had to expect they would come break down the back door too. Suddenly, private businesses were active targets for advanced nation-state hackers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Googlers took this personally. Their whole motto was, don't be evil. Google's mission was to make the world's information accessible to everyone, standing by as an authoritarian government surveilled activists and stifled dissent, ran counter to everything they stood for.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Three years earlier, Google had entered the Chinese market on one condition from the CCP, that it sanitized search results for the Dalai Lama, the Falun Gong, Tiananmen Square. Google rationalized this to employees by arguing it was better to give the Chinese censored search results than leave a billion plus people in the dark.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But in the intervening years, the party's list of quote-unquote offensive content expanded to an absurd degree. The party demanded Google censor any talk of time travel or reincarnation. Even Winnie the Pooh would eventually make their blacklist. And when Google didn't move fast enough to block content, Chinese officials took to calling Google an illegal site.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Three years in, the censorship was getting hard to stomach, and now it had gone way beyond that. Google's engineers felt powerless as they watched an authoritarian government hack into their systems in a brazen campaign to surveil its own people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
This realization that Google could be used as a means for China to monitor its critics radically altered the way the company approaches cyber defense and how it informs those of us who may be targets for nation state spies. Today, Google delivers a big red warning banner across your Gmail account. if it detects a nation state hacker attempting to access it. I've seen a few myself.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But for Heather, it caused more personal shifts as well.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The thing is, Heather's paranoia wasn't entirely off base. Google wasn't alone, not by a long shot. This wasn't a single hack, but an opening salvo. Here's Dimitri Alperovitch again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Any other threat researcher might have passed that phrase right on by. But that word, Aurora, stopped Dmitry in his tracks. Dmitry grew up in Russia in the 1980s, and Aurora jolted him right back to his Soviet schooling.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Yes. I'm Nicole Perleroth, and this is To Catch a Thief. I've spent the past 15 years swimming in cyber threats. For a decade, I was the New York Times' lead cybersecurity reporter. I wrote a book, This Is How They Tell Me the World Ends. investigating the ins and outs of the cyber arms market.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
In rewinding the tapes, Google, Mandian, and now McAfee all found trails from Google's hack back to dozens of other companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The victim list included companies just up the road in Silicon Valley like Adobe, but the targets also included banks like Morgan Stanley, defense contractors like Northrop Grumman, even cybersecurity firms like Symantec were caught in the fray, and many more that to this day have never acknowledged they were breached.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Heather's team made it their mission to warn their counterparts at these other companies. They'd call and say, look, you have a problem. Check out this IP address and you'll see something scary. On the other end of the line, someone's face would go white and then radio silence.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Back at McAfee, Dimitri's team found inroads back to more than 100 companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Steve DeWalt, Dimitri's boss and McAfee's CEO at the time. What struck Dave wasn't just the number of companies that were hit, but how long Chinese hackers had been there.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And in many cases, that's exactly what they did. They didn't just go for the emails, they went for the source code. And with that, they could alter the systems themselves. They could plant back doors that allowed them to come back anytime they so pleased.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And now, I travel the world educating people about the very real potential for a cataclysmic cyber attack. It's a threat that, for whatever reason, has never quite reached the American mainstream. Despite my best efforts, most Chinese cyber attacks were still understood as one-offs rather than the carefully laid pieces of a longer master plan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
It wasn't until a decidedly analog espionage threat hit the nightly news that Americans started to pay attention.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But if there were spy balloons floating over every military installation, company, university, law firm, or research lab that has been breached by China, the sky would be a sea of white. A note here before we go any further, you'll hear me and others refer to Chinese hackers or being hacked by the Chinese.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Something crucial to understand is that what you're about to hear has nothing to do with the Chinese people. It has everything to do with the calculated efforts and strategic plans of China's leaders in the Chinese Communist Party, the CCP. efforts that have been playing out below our radar for a long, long time. Looking back, I had no idea what I had gotten myself into. It was 2010.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The New York Times had hired me to cover cybersecurity. Not only did I not know anything about cybersecurity at the time, I had gone out of my way to not know anything about cybersecurity. It was technical and a little terrifying. And as I dug in, it became clear that even the word cybersecurity was a misnomer. There was no cybersecurity.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Hackers were breaking into companies left and right, doing whatever they could to get the goods and whatever they could to stay there, undetected. In talking to experts, government officials, security researchers, hackers themselves, One refrain kept coming up. The two companies refrain.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
You might recognize that voice. That was former FBI Director James Comey. He's regurgitating a phrase I've heard so many times, it's easy to forget who first said it. I want to get the words out of your mouth. There is a phrase in our industry that has been plagiarized to death, and I believe I have traced the origin to you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Dmitry Alperovitch. Back in 2011, Dmitry ran threat research at McAfee, the antivirus shop. The Chinese cyberattacks he witnessed there compelled him to leave and co-found CrowdStrike with George Kurtz. He'd later write a book, World on the Brink, How America Can Beat China in the Race for the 21st Century. Suffice to say, you'll be hearing plenty from him.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
As I started covering these hacks, it became abundantly clear that Dimitri's two companies refrain was not overhyping, not even a little bit.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
It's late 2009. Google is hurtling towards its prime. For Heather Adkins, the director of Google's information security team, it started out as just another Monday.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Heather and her team realized that this was no intern. But whoever it was, they were taking over real employee accounts. In that initial fog of war, Heather and her team couldn't rule out the possibility that whoever this was might be getting insider help.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Google called in cybersecurity's equivalent of the wolf from Pulp Fiction, the Harvey Keitel character in the suit, the one who gets called in when things are spinning out of control and you need a real professional to mop up the mess.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
For two decades now, trillions of dollars worth of American R&D, trade secrets, intellectual property have crept out the back door. And when you peel the mask off the thieves, it's the same culprit every single time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
When it comes to digital messes, the wolf is Kevin Mandia, founder of Mandiant. Mandy, it's the 1-800-OH-SHIT call. The guy in the suit you call when your breach gets out of hand. And it wasn't just Google who was calling. Here's the wolf himself.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Advanced Persistent Threat. That's government shorthand for state-sponsored hackers. In those early days, the vast majority of these groups originated from one country. APT became a politically expedient way to say China. But back to Kevin.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
At the same time Google caught Chinese hackers in its systems, cybersecurity experts elsewhere were responding to breaches that were unprecedented in aggression.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Steve Stone. Steve has tracked cyber threats in government and private industry for more than 15 years. He's seen it all. But it was the offensive against this one hospital that stuck with him. This wasn't just the A-team. It was an absolute ambush. Every single Chinese APT he was tracking simultaneously went full force against this one hospital.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
So just what was it that they were after? Why was nearly every single Chinese hacking group coming for this one hospital?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Our adversarial focus has long been on our Russian comrades across the Atlantic. But in the meantime, a more insidious rivalry has quietly taken shape on the far side of the Pacific.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Chinese Communist Party, or CCP, was willing to deploy the full weight of its hacking apparatus just to spy on the Dalai Lama. Likewise, what Google was witnessing in late 2009 was just how far the CCP was willing to go to track the Chinese diaspora overseas. By tracking hackers' movements, Googlers, in concert with Mandiant, were able to piece together their motives.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Chinese were after the email accounts of Chinese activists and dissidents. They wanted to know who was talking to whom and what they were saying.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Jim Lewis. Today, he's a senior vice president at the Center for Strategic and International Studies in Washington, where he specializes in China and tech policy. But his career has spanned back-channel negotiations between the U.S. and China for years. Any discussions between the two on cyber espionage? Chances are he's had a hand in them.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
And just so there was no ambiguity here, the CCP formalized this practice into law, banning the unauthorized disclosure of vulnerabilities. These laws forced Chinese citizens to give the state right of first refusal on any zero day they found. Over the previous five years, I'd watched Chinese hacking teams dominate the big annual hacking competitions.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
But after these laws passed, they stopped showing up on states' orders. If they wanted to attend an international hacking competition, now they had to apply for a waiver with the Chinese police. But they were welcome to compete at hacking competitions inside China, albeit with a new sponsor, the Ministry of State Security.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
China's hackers had been forced into conscription, and penalties for noncompliance were severe.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
In December 2021, a Chinese security engineer at Alibaba went rogue. He disclosed a serious zero-day that would have proved mighty useful to Chinese spies. What that Alibaba engineer found was a zero-day in an open-source library called Log4J. Here's Jenn Easterly, formerly the director of the U.S. Cyber Defense Agency, CISA.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Log4j was used in millions of applications. In terms of severity, this was a 10 out of 10. Hair on fire, drop everything and find a patch situation. Using this zero day, you could take full remote control of potentially millions of systems around the world. For cyber criminals, that meant you could have used it to steal banking credentials or deployed ransomware on God knows how many systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
For spies, it would have made the digital world their oyster. In cybersecurity circles, what that Alibaba engineer did was heroic. But for Beijing, it was a slap in the face. And they made his employer pay a steep price, suspending Alibaba's government contracts for six months. Just long enough to send its stock in a free fall and send a clear message to every Chinese hacker and their employer.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
It set up front companies that usually marketed themselves as cybersecurity firms. But in reality, their only job was to carry out clandestine attacks for the MSS. In other cases, they paid or forcefully encouraged individual gunslingers, think top engineers at China's most successful tech companies or students at its universities, to hack the world's most valuable targets.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Play by state rules or prepare to go through some things. By 2019, we caught glimpses of where all these zero days were going. That year, security researchers discovered a Chinese hacking operation that was as slick as any I'd seen. Just as a lion waits for its prey to come to water, Chinese hackers had pulled off what's known as a watering hole attack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They'd infected a slew of Uyghur websites with a string of zero-day exploits. Anyone who navigated to these websites would have been immediately infected with spyware that turned their iPhone or Android phone into a CCP portal. These were zero days that on the gray market would have easily fetched $10 million. But Beijing was now getting them for free.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
And not long after they turned up on Uyghur phones, researchers discovered a parallel effort hacking Tibetans and then Chinese activists. the five poisons. But inevitably, they turned up here, against us. China's zero days started popping up in our most widely used technology.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
At one point, researchers uncovered a string of zero days in a Microsoft Exchange email system used by everyone from US military contractors, state and local governments, to small businesses. These zero days allowed Chinese hackers to invisibly read emails. Once those zero days were discovered, Microsoft raced to put out a patch. But this time, China's hackers didn't give up.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They ratcheted their attack up several notches. Ten of its elite hacking divisions started firing the zero days and back doors at thousands. We're talking tens, hundreds of thousands of systems. That let them and really anyone who now knew how to scan for that zero day in backdoor come back at any time and do whatever they pleased.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
I remember calling you the day that was discovered and saying my usual help. And you said that they were exploiting these systems with an aggression that you hadn't seen before. And well, tell us what it looked like and why it was the most aggressive operation you'd seen from China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
That was John Holtquist. Now, it's easy to get lost in the technicality here, but really, it's hard to overstate the magnitude of this attack. In the real world, it would be like spies or mercenaries robbing thousands of American homes and dousing them with fuel on the way out so that any digital arsonist with a match could come back at any time and burn it all down.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
This infusion of new blood, new talent into the hacking pool meant more than just a shift in the chain of command. It meant a radical advance in skill and tactics. I'm Nicole Perleroth, and this is To Catch a Thief. These hackers were no longer blasting into the building and announcing their presence. Here's John Holquist, Mandiant's chief analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
The situation was so dire that the Justice Department did something it had never done before, authorizing one of the broadest FBI search warrants on record. The warrant gave the FBI the ability to covertly go into any infected exchange system, patch it, and remove China's backdoor.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Now, it's important to note here that this was a tad controversial, and there were many who screamed government overreach. But given the severity of China's attack, the potential for mass disruption, most privacy activists seemed to give the government a pass. And that attack, I'm sorry to say, was just the opening salvo. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They're no longer the most polite player in cyber.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
So far, we've trained our eye across the Pacific, but as all this was going on, there was arguably a far more sinister disturbance in the digital world order. One that experts in industry and classified government skiffs were watching with horror.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
When digital historians look back, there's no doubt that December 23rd, 2015 will go down as the day everything changed. That day, just ahead of Christmas Eve, Russian hackers crossed the digital Rubicon, shutting off power to Western Ukraine. And for good measure, they shut down emergency phone lines too. The power wasn't out long in Ukraine, less than six hours.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
But it was just long enough to send a message. We can shut you down at any time of our choosing. They followed it up one year later with a second cyber attack on Ukraine's power grid. Only this time, they shut off power to the nation's heart, Kiev, in a display that made the White House wince. Until that point, covering these attacks was like watching an international game of chicken.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
With every new attack, you watch spy agencies pushing, pushing, testing for that red line that never came. But Russia's twin attacks on Ukraine's grid changed the whole game. This careful gentleman's game of spy versus spy had come to an abrupt end. We were no longer in the gray zone. We'd entered the red zone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Looking back on Russia's twin attacks on Ukraine's grid and some of the attacks that followed, it's a little like reading the tea leaves. Maybe if we'd spent more time connecting the dots, we could have foreseen Putin's 2022 military invasion earlier. Certainly in Beijing, officials watched Russia's cyber attacks and the absence of any serious international response with keen interest.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Here's Jen Easterly again, who led the U.S. cyber defense agency CISA under Biden.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
But China had already been laying the blueprints for their own attack. Most people just missed it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Before 2015, attributing Chinese APTs by their attack style, whether phishing tactics or their malware, was a fairly straightforward practice. Rarely would you see a Chinese APT deploy advanced techniques or custom code. They barely tried to hide their tracks. By late 2016, it was a different story. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
The everything, everywhere, all at once cyber attack. That's in two weeks on the next To Catch a Thief. Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
It was written and produced by me, Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Gebauer, and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
The first sign the game had changed is when I started getting tips about a spate of Chinese intrusions at aviation and aerospace companies in late 2016. Hackers weren't coming in the usual ways anymore. Instead of hacking their targets head-on, they were slipping in through a side door. They'd hacked the service providers that companies hire to manage their backend IT systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
In industry parlance, these companies are known as MSPs, managed service providers. Breach one, and you get entry to potentially thousands of their customers. Some of these MSPs had names you've never heard of, but others, like IBM, you would definitely know. And the Chinese hackers doing this, they weren't one group working from one drab PLA building anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
This was a coordinated surge by disparate elite hackers. And unlike the PLA, these hackers weren't getting paid by the hour. They were getting paid by the outcome. Incident responders started getting frantic calls from MSPs all over the world seeking help. And these weren't just in the US. These were MSPs in Japan, South Korea, Thailand, all across Europe, Canada, the UK, South Africa, Australia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They had all been popped in a campaign that they'd go on to call Operation Cloud Hopper because hackers would hop from these MSPs into their customer networks at some of the world's leading pharmaceuticals, engineering, retail, manufacturing, telecom, aerospace, and satellite technology makers. They took Rio Tinto's prospecting secrets and sensitive health research from Philips.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They took more than 100,000 detailed personnel records from the U.S. Navy. They even managed to slip into NASA's Jet Propulsion Lab. With the first Trump administration's trade war as a backdrop, they were back to hacking trade secrets with a vengeance. Here's Steve Stone, who lived and breathed this transition.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
In retrospect, it appears the PRC carefully studied the Snowden documents, got a look at the NSA's signals intelligence, and asked, how do we get that? Within months of the first leaks, Xi set up a standing cyber committee, one of a handful of committees that operates at the highest levels of the Chinese Communist Party.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
These new hackers were meticulous digital ninjas working with a laser-like precision. They took great pains to cover their tracks, encrypting their traffic, deleting log files and other digital crumbs, and burrowing in so deeply that even when victims wiped and rebooted their machines, these Chinese hackers found a way to remain. But occasionally, they just couldn't help themselves.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
At one point, they registered a hacking domain as NSAmefound.com. They were messing with us. Years later, we learned just how little they cared about getting caught. In 2024, someone, we still don't even know who, doxxed a mid-level Chinese hacker-for-hire contract shop called iSoon. Among the leaks were transcripts of hackers' group chats. They'd been messaging about who had been named in a U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
indictment of APT41, their hacking unit. But they weren't concerned. They were celebrating. The chats showed hackers promising to buy their colleagues 41 shots at the next rager. But for the most part, these MSS hackers laid low and were light years ahead of their predecessors.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
When I'd interview the people charged with responding to these attacks, I couldn't help but notice that they were impressed.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Which brings us to zero days.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
A word on zero days. In essence, zero days are holes in the foundation of a system. Holes developer missed. For simplicity's sake here, let's just say I'm a hacker. I find a programming mistake in your iPhone's iOS software. It could be as simple as a misplaced zero or a missing hyphen. Just something that Apple's programmers missed. That's a zero day.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Looking back now, it seems he charged it with mirroring and innovating upon the way the U.S. conducts its cyber operations. During its digital ceasefire, the PRC was actually busy consolidating disparate PLA hacking units under a new strategic support force, very similar to the Pentagon's own Cyber Command.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
It's called that because once it's found, programmers have had zero days to fix it. Now, let's say I'm a hacker who can write a program to actually exploit that zero day to do things like read your text messages, track your location, spy on your phone calls. That's a zero day exploit. Really, it's an invisible ankle bracelet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
So you can see the immense value a single zero-day exploit would have for a spy agency. And indeed, there is an entire classified gray market for zero days, where hackers routinely sell their zero-day exploits to governments or brokers for hundreds of thousands, sometimes millions of dollars.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
The going rate for that zero-day exploit I just described in your iPhone, right now, at this very minute, a Saudi broker's offering $3.5 million for it. And if it's really good, so good the target wouldn't have to so much as click to get infected, that same broker will pay you $9 million. And if this market sounds titillating, I get it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
I spent seven years investigating the zero-day market for my book. This is how they tell me the world ends. You should read it. But for now, what you need to know is that before 2015, it was incredibly rare that you would find a zero-day in a Chinese APT attack. Google's Aurora hackers used a Microsoft zero day to break in, but that was an exception.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
Finding and exploiting zero days is incredibly difficult. It can take months, years even, to hone a flawless zero day. And even if you can manage that, rarely would you actually use it. There's a saying in the intelligence world, you use it, you lose it. Nobody is willing to risk earning a multi-million dollar zero day when they can just as easily break in through a rudimentary phishing attack.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
In fact, when my book came out in 2021, I got a ton of flack from industry critics who said, Nicole, why'd you focus so heavily on the zero-day market when the vast majority of these attacks start with phishing? And to be fair, they had a good point. But even I was surprised when that same year, a record number of zero-days cropped up, the most serious of them in Chinese cyber attacks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
For 18 months, a fragile calm descended on our digital borders. The CCP's hackers seemed to have just hung up their hats. And for a time, that giant whooshing noise of American IP being sucked back to China just stopped. All was quiet on the Eastern Front. Or so we thought.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
So there's clearly been a sea change here. But tell me what it looked like from your vantage point.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
It moved responsibility for the country's most sensitive operations away from the smash-and-grab PLA to the stealthier and far more strategic Ministry of State Security, or MSS. Think of the MSS as a sort of combination of the FBI and NSA. It conducts espionage at home and abroad. But unlike the NSA, the MSS outsourced its sensitive operations to elite Chinese hackers all over the country.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
the top down. Really, in retrospect, what the CCP took from Washington's threats and the naming and shaming campaign wasn't to stop hacking, but to move it underground. And Zero Days offered the perfect cover. When nobody knows about the existence of your secret tunnel, you can move in and out as you please.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
And part of the reason the CCP was suddenly so willing to burn so many zero days is that they had plenty of them to burn. And how they acquired their stash is just another window into the advantage authoritarians have in the digital realm. You see, here in the West, intelligence agencies have to develop zero days in-house or pay six, seven figures to procure them from hackers on the gray market.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
That's not the case in China, where the CCP can simply force hackers to turn them over for free. And that's exactly what happened. Beijing started hoarding its own zero days, eliminating any above or below ground market for them in China. Authorities abruptly shuttered China's best known platform for reporting zero days.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 6: The Gunslingers
They arrested its founder and they started forcing China's hackers to turn over their best finds. Here's Jim Lewis, longtime liaison on All Things China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
All the dominoes were in place. Obama's triple tap at Sunnylands, the Commission, the Interagency Task Force. Finally, the U.S. was in position to punish China, to actually ban Chinese imports built off our own stolen IP. And it might have set the world on a new course, had it not been for a certain someone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In hindsight, the timing here was stunning. Within 24 hours of Obama and Xi's face-off at Sunnylands, Edward Snowden started leaking out classified NSA documents revealing the extent of America's surveillance programs. Snowden's timing could not have been more convenient for China. It was the ultimate get-out-of-jail-free card.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The leaks gave the PRC the perfect whataboutism to push back and say, "'See? We're not the problem. The United States is the problem.'" And in the blink of an eye, the U.S. went from hacking victim to hacking assailant.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And the White House would spend the next two years fending off a relentless drip, drip, drip of damning accusations that it was embedded in everything from America's biggest technology companies to Angela Merkel's cell phone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Chinese hacking just seemed to drift from public view. Occasionally, the government would do something to pull it back on the front page. Like in 2014, when John Carlin's team at the Justice Department indicted the PLA's hackers, ones with memorable online aliases like Ugly Gorilla, the ones who'd come for us at the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
But for the most part, it was Snowden and really the NSA that continued to occupy global attention. Chinese hackers had become a footnote. But then in 2015, the CCP overstepped.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Not me, not the white hats who were getting called into Chinese cyber attacks all over the country, not even the government officials who pulled it off. So how'd we get here? Well, as Chinese cyber espionage ramped up, so too did the government's agonizing of what to do about it. I'm Nicole Perleroth, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In a brazen attack, Chinese hackers came for the motherlode, OPM, the U.S. Office of Personnel Management. You can think of OPM as the Fed's HR department. Think of all the personal forms you've had to fill out any time you've gotten or even applied for a new job. Now, level that up a few security clearances. That's the treasure trove Chinese hackers got a hold of at OPM. Here's Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Chinese hackers got the minute personal details, background checks, and medical histories of every citizen who had ever applied for a security clearance. All told, some 22 million U.S. federal workers and contractors saw their most personal details hacked by the Chinese government. The scale of the attack set a new record.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was Steve Stone. He's tracked Chinese threat groups for more than a decade inside government and industry. Among those stolen bits of information were millions of fingerprints, which, when you stop and think about it, is pretty much the worst case scenario for any American spy. You can change aliases all you want, but as far as I know, fingerprints can't be burned off or changed.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That means our spies could be compromised with just a touch. And then there was the not insignificant fact that it wasn't just federal applicants who were impacted, but anyone who lived with them. Here's John Carlin again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
A breach of OPM's scale, its severity, could not be allowed to stand. But here's the catch. As the unwritten rules of espionage go, the OPM breach was actually fair game. Technically, the hack was government on government. The CCP seeking intel about an adversary, about American government workers, and potentially U.S. spies. It's the kind of thing spy agencies target all the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The Obama administration couldn't set the red line at the OPM breach, not without hamstringing its own intelligence operations. But it also couldn't turn a blind eye, not with the whole country and the entire U.S. government apparatus watching.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The OPM breach, its scope, and the publicity around it gave the administration the opening they needed to come down hard on all the hacks that weren't fair game. The economic espionage, IP theft. In just a few months, Xi Jinping was scheduled to come to the White House for his first official state visit as president. That gave the White House some leverage.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Obama's team was prepared to cancel Xi's visit entirely or welcome him with sanctions. For a man and a party obsessed with image control, this would have been unacceptable. Here's Dmitry Alperovitch, who was liaising with Obama officials at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Now, here I should step back and note there had been government efforts, serious efforts, to rein in Chinese IP theft before. Long before Aurora, even before the dawn of the commercial internet really, the first Bush administration had put China on notice.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The month before Xi was slated to visit, the Washington Post reported that the White House was preparing to greet President Xi with a package of unprecedented sanctions against the Chinese companies and individuals who'd profited off Chinese hacking.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In sweeping tales of espionage and intrigue, back-channel diplomatic negotiations at a Marriott don't typically get their moment in the sun. And in cyber circles, there's a healthy dose of skepticism for the role diplomacy can realistically play in securing digital borders.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
For one, governments frequently rely on proxies to do their dirty work so they can always say, it wasn't us, it was these hackers, we can't control ourselves. For another, hackers are tucked so deeply into the shadows that establishing what they can and cannot do there can be a fool's errand. But diplomats say it shouldn't be underestimated.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Meet Ambassador Nate Fick, who until very recently served as the United States' first ever cyber ambassador.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
By the way, that phone that Nate's talking about, it's not just metaphorical. In an operations center at the State Department sits a relic from the Cold War, a red phone. It's connected to Moscow.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The darkest days are when that red phone comes in handy. But the U.S. has no red phone with China, or really any historical pattern of managing through conflict, which is what made the PRC's willingness to concede on cyber theft so stunning back in 2015.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The explicit language that Obama and Xi were able to agree upon was unprecedented. The fact that they stood side by side to announce that agreement publicly, that was revolutionary.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
There were plenty who thought that Xi's public acknowledgement of corporate cyber espionage was the victory in itself. No one thought China would actually abide by the terms of the deal. Back at the times, I was beyond skeptical. The PRC had been cheating the system for so long, and it had been so vital for China's so-called economic miracle.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
This notion that China would suddenly follow the rules, turn off its golden spigot, struck me as implausible, to say the least. But then, that's exactly what happened. Almost overnight, the pace and frequency of these breaches plummeted. Here's John Carlin again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And here's Kevin Mandia, who was tracking Chinese APTs as closely as anyone over that 2015 time period.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was Matt Turpin, who served as China director at the National Security Council in Trump's first administration. And before that, as China advisor to the chairman of the Joint Chiefs of Staff under Obama. For those not well-versed in the minutiae of trade law, the Section 301 investigation is the first step in imposing tariffs that would have penalized China for its blatant IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The thing is, they weren't told to change all their behavior. The frequency of attacks dropped dramatically, but back at the times, I started getting tips about breaches at health insurers and travel and hospitality companies. Anthem, Primera, Marriott, the Fed's preferred hotel chain, were all getting hit. A number of backend airline reservation systems had also been popped around the same time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The digital crumbs all led back to Chinese APTs. I called higher-ups in the Obama administration and asked if this meant their moratorium was off. These were private American businesses getting hacked by the Chinese. On its face, it was a blatant violation of the Obama-Xi agreement. But the officials had an awkward response. Actually, no, they told me.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The attacks on Anthem, on Marriott, were fair game. Chinese hackers weren't there for intellectual property. This, like the OPM breach, was standard counterintelligence. Here's John Holquist, Mandiant's chief analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The Chinese were building a repository of Americans' personal data. The PRC could take the information they already had on U.S. government workers from the OPM breach and layer on the data they stole from backend airline and hotel reservation systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Using that, Chinese analysts could cross-check a government employee's flight itineraries and hotel stays with those of Chinese citizens to see who is flying to which cities or staying at the same hotels at the same time. Bingo, you've got yourself a shortlist of suspected American spies and Chinese double agents. This wasn't a violation of the Obama-Xi moratorium on IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
This was spycraft 101. And if the PRC could mine that data effectively, it would make it much, much harder, if not virtually impossible, for American operatives to build effective covers and recruit Chinese intelligence assets. This, by the way, coincided with a broader and brutal campaign by the CCP to dismantle American intelligence gathering in China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Here's my friend and former Times colleague Mark Mazzetti talking to NPR.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And this was a big deal at the time. But when it came down to actually enforcing anything, that was another story.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
For years, Chinese IP theft was something most US businesses just swallowed with a wink and a nod towards profit. As for the US government, they took a gamble. They hoped that as China's economy grew and the internet took off, China would have no choice but to adopt international norms, improve its track record on human rights, and eventually stop hoovering up all our IP.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Every time the Bush and Clinton administrations debated actual penalties in the form of tariffs or sanctions, there were always people in the room who'd argue back. It'd be better to kick the can down the road. American businesses were making too much money in China to disrupt the status quo. And back then, policymakers still held out hope for a new China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That once they acquired a certain level of wealth and economic maturity, once the internet took hold, China would cut out the bad behavior, stop stealing RIP, lay off the internet crackdowns, and inevitably democratize. This late 90s, early 2000s optimism was perhaps best summed up by this guy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
These days, that sounds pretty naive. But back then, to be fair, all signs were pointing that way.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Here's Jim Lewis, who was involved in some of these internal deliberations at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
But hack after hack made clear just how wrong they were. And then this happened.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The intelligence community watched as US businesses hemorrhaged IP, fighter jets, passenger planes, solar panels, DuPont's genetically modified seeds, turbines, oil and gas tech and exploration strategies, electric vehicles. Coca-Cola, which paid $4 billion for vitamin water in 2007, watched its Chinese market share plummet overnight, ousted by Nongfu's victory vitamin water. Entire U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
product lines were vanishing. And by 2013, there was this growing sense of urgency that government could no longer let the private sector fend for itself. It simply wasn't a fair fight.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was John Carlin, who led the Justice Department's 2014 indictments of the PLA members who'd hacked us at the New York Times. And here's Jim Lewis again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Until it didn't. As Obama's first term came to a close, things started to look bleak. Whatever profits American businesses were making in China short-term were getting far eclipsed by the long-term hits they were taking from Chinese IP theft. By 2012, Obama decides he's had enough.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Obama makes moves, real moves, to level the playing field. One, the White House sets up an interagency task force whose sole mission is to start bringing IP theft cases to the WTO, the World Trade Organization, a necessary first step in banning Chinese products that relied on stolen American IP. And two, the White House starts building out its case to the American people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
On September 25th, 2015, Obama and Xi Jinping stood side by side in the Rose Garden and announced the cyber detente nobody saw coming.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
They couldn't just start banning cheap Chinese goods, not if they expected to win the next election. The White House knew it would have to run the numbers. And this was critical because without a visceral understanding of just how swindled we were getting, Americans would never stomach the price hikes that would follow from banning cheap Chinese toys, vacuum cleaners, solar panels, and seeds.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And doing this math was no easy feat. Because, as we've now established, the IP theft victims were doing their damnedest to keep their hacks and losses under wraps. Plus, to really get an accurate tally, you couldn't just add up losses last quarter.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
You'd have to include losses from future American product lines that were now vanishing in the face of Chinese subsidized copycats flooding the markets. So Obama sets up a bipartisan commission. He taps Admiral Dennis Blair, his former national intelligence director, and Utah's former Republican governor and outgoing ambassador to China, John Huntsman.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And he asks them to figure out just how much the U.S. is hemorrhaging in stolen IP. Their answer wasn't pretty.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
$300 billion a year. Let's pause here. That figure, $300 billion annually, was roughly equal to America's $318 billion trade deficit with China that very same year.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Now, economists will quibble with this, but the simpletons take care is, look, if this competition were fair, if China wasn't stealing American IP, but paying American businesses fair market rates to license it, there might be no trade deficits. $300 billion annually was a staggering figure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The commission recommended the White House move urgently to establish a quick response capability that could basically ban and sequester any Chinese import that relied on stolen IP. Obama was ready to move, but first he decided he'd raise the issue, forcefully, with China's newly promoted president, Xi Jinping. Here's Evan Medeiros, the China director at the National Security Council under Obama.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
What you just heard was Obama announcing that Xi Jinping had agreed China would stop hacking for commercial gain. Well, technically Xi and Obama agreed to stop hacking for commercial gain, but this was no doubt a better deal for Obama than it was for Xi. Nobody saw this one coming.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
It's 2020. We start spotting Chinese hackers tucked deep inside our infrastructure, quiet, patient, just waiting. The industry calls this living off the land, but don't let that rustic name fool you. These hacks are far from harmless. They're sleeper cells waiting for marching orders. We just didn't know what exactly. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
TP-Link's routers, I should note here, aren't just sold on Amazon. They're everywhere. In fact, if you go to any U.S. military base and head to the commissary, you'll find TP-Link routers featured prominently on the shelves. But the routers are just the first step in breaking into U.S. infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
It's what these hackers do or don't do once they're in that makes these attacks really difficult to detect. Once they're in, they often don't act immediately. In some cases, they lie completely dormant on a victim's networks for 60, sometimes 90 days, which puts them well outside the period most companies even keep logs or can flag anything unusual. Here's John Holquist again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
IOC, indicators of compromise. That's tech speak for the digital crumbs, artifacts, and other clues that indicate you've been breached. And Volt Typhoon has figured out how to leave as few crumbs or IOCs as possible. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
After Telvent, China's infrastructure hackers started coming for other pipeline operations across the country. But in 2020, they started hacking U.S. infrastructure with an unnerving frequency. Something had changed. Something set them off.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
You might recall from episode one, the CCP is obsessive about image control. It's why they hacked Google. It's why Xi agreed to the 2015 cyber detente. The CCP weren't willing to risk the embarrassment of the White House canceling Xi's first official trip or risk being greeted with sanctions. It's impossible to say what set them off in 2020. You'd have to be a fly on the CCP's wall.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Maybe they were set off by the mocking. Maybe it was the isolation and undercurrents of suspicion that dominated COVID. If we were already looking at each other through straws, then after COVID, we were now looking through needles, as Tom Friedman, the Times columnist, puts it. Whatever it was, in 2020, China's Volt Typhoon became the broadest, most active, most persistent cyber threat to U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
infrastructure that American intelligence officials have ever seen.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
To fully understand just what it was like to reckon with the scale and severity of this problem, you have to go beyond the news clips. You have to go beyond the public statements. It's time I bring in someone from inside the classified tent. Someone who's been tracking the Chinese cyber threat more than anyone. Meet Andrew Scott.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
The answer to that question of how we let things get this out of hand is where a number of trends converge. I've walked you through China's hacking advancements and the creeping emergency of global supply chains. But what made this the perfect storm was our uniquely American blind spots.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Frankly, it's a miracle we're hearing from Andrew at all. Because over that same decade, I was stumbling around in the dark, trying to shine a spotlight on these breaches. Andrew was also tracing these assaults. Only he was doing it from classified skips, with the benefit of a giant intelligence apparatus at his back.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And man, would I wouldn't have given to speak to him over that decade I was at the Times. If you happen to be watching C-SPAN during any major congressional testimony on Chinese cyber espionage, you may have glimpsed Andrew in the audience, sitting just beyond the agency heads.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
He tracked Chinese cyber threats at the CIA, at the National Security Council, and most recently at CISA, the Cyber Defense Agency. And here I should disclose that as this threat began metastasizing in 2021, I left the New York Times. After writing about this threat for more than a decade, I could see pretty clearly where things were headed. And it wasn't good.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
I reckoned I could keep writing about these cyber attacks, or I could do something about it. So in 2021, I put down my pen and picked up a shovel. I joined CISA's advisory committee, and I served there through its disbanding in January 2025. And that is how I came to know Andrew.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Tell us how long you have been working on the threat of cyber espionage, cyber campaigns from the People's Republic of China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
I should note here that Andrew left CISA after I interviewed him for this episode. What he describes here is what he witnessed while he was there.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
for one despite the impression left by snowden the nsa and other u.s intelligence agencies aren't actually in your private networks watching what you do or in this case what chinese hackers are doing not without running straight into the fourth amendment the nsa is a foreign intelligence agency It hunts for threats abroad.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Pre-position on a network. That means get in and stay in. Jim Lewis puts it more succinctly.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
A sinking realization started to creep in. China was and is making strategic inroads into America's most critical infrastructure. They're not just sightseeing, they're strategically positioning themselves. And big picture, what Andrew and his colleagues were seeing with each new living off the land attack, with the access Chinese hackers were gaining to U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
power and water supplies, our ports, our supply chains, our gas pipelines, our railways, aviation, all of it makes for a big red button. One CCP leadership can push in the event of a conflict. And so I'm curious what it was like inside government when you all made this realization that, oh, this is not just IP theft anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
What did it take for the intelligence community to make that determination that, wait a minute, this looks like it could be the beginnings of something far more aggressive? Was it the victims?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Its charter doesn't allow it to hunt for hackers on private American networks, not without a warrant or a special court order. And what you need to understand is that the vast majority of U.S. critical infrastructure — pipelines, the power grid, water, hospitals — more than 80% of it is in private sector hands. meaning the government has no visibility into it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
The PRC was inside the house, not just a fear, a fact. U.S. officials watched as Chinese hackers crept through dozens, then hundreds of critical systems across the country. Smaller utilities in Littleton, Massachusetts, major infrastructure hubs, power, water, transportation. This wasn't spycraft as usual.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
This was sabotage in slow motion, a silent crawl through the machinery that keeps America running. They weren't gathering secrets. They were laying tripwires. And that was enough to drag U.S. officials out of the shadows and into the open.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
That was former FBI Director Chris Wray. In January of 2024, he, along with Jenny Sterling and General Paul Nakasone, the now former director of NSA and U.S. Cyber Command, testified before the House Select Committee on China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Three top officials speaking plainly before Congress. That should give you a sense of the severity of the situation.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Most Americans can't even fathom the everything, everywhere, all at once cyber attack. We've only caught one-off glimpses, like flashes in the dark, but the full scope, the full capability, we haven't seen it, not yet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
They can't deflect attacks on those private systems or even hunt there unless they've got a court order or they're invited in. To a large degree, when it comes to these living off the land attacks, we're flying blind. Our second big gaping vulnerability is that the United States is among the most digitally dependent nations on earth.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
All we know for certain is they've prepared the battlefield. But have we? That's next on To Catch a Thief. Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
It was written and produced by me, Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam DeBauer, and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
We've been baking technology, code into everything with security as little more than an afterthought. We let software eat the world. And we did it with this, quote unquote, move fast and break things approach, as Mark Zuckerberg coined Facebook's motto in its early days.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
The idea was just get the application, get the code, get the router to market, and we can worry about the bugs and security issues later. What this means, in effect, is that we've been plugging vulnerable software and hardware into our infrastructure with little, if any, security baked in by default.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And then we leave it to these businesses and critical infrastructure operators like Nick Lawler and Littleton to figure out the security piece on the backend. The people who designed routers never thought that one day they'd be the linchpin for advanced nation-state attacks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And China has been using all of this to its advantage because by 2020, most Americans had grown somewhat wise to China's ways. If an IT operator picked up some unnerving traffic coming from a Chinese server, they knew to look into it. But Volt Typhoon, these Chinese infrastructure hackers, they weren't breaking in from Chinese servers anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
They're coming in from routers inside the country, precisely where our intelligence agencies can't look. Remember way back in episode three, Keep Machine in Welding, when China's hackers broke in and used the Wisconsin welding shop server to hack major American businesses? Well, China's living off the land hackers are running the same playbook. Only now they're using Americans' home routers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Here's John Holquist, Mandiant's chief intelligence analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
That last bit, it's an understatement. Volt Typhoon made a habit out of targeting home routers that, as I was saying earlier, were sold without security baked in. To break into these routers, hackers only need to type in the default password, usually admin. And even if the user has bothered to change the password, these routers are riddled with vulnerabilities.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And in too many cases, they've reached quote-unquote end of life, which basically means that even when we detect a vulnerability, there is no patch to install, no technical support. They're just sitting ducks. And by 2020, China's Volt typhoon hackers started capturing these home routers en masse and using them as a launchpad to infiltrate U.S. critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Think of a botnet like the iconic Spider-Man villain, Doc Ock, that evil mastermind who wields his robotic, tentacle-like arms. Only in this case, his tentacles are hooked into hundreds, thousands of these vulnerable home routers, commanding them to infiltrate America's critical infrastructure. You lose.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And these zombie routers, they're just dusty, ordinary looking devices in living rooms and small offices, quietly moving packets for Chinese state hackers halfway across the world. Cyber experts have a Marvel-esque name for these compromised routers. They call them orbs, short for operational relay boxes.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
So literally, you could be home right now baking apple pie and have zero idea that your home router is being used by China as a conduit to hack the U.S. power grid. From China's point of view, this approach is elegant. From ours, it's dangerous. For one, it's the perfect disguise.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
It's like the Wisconsin welding shop, leveled up.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And it's not just one botnet using these orbs to hack us. China has employed nearly a dozen that we know about. They're managed by mid-level Chinese contractors like iSoon and Chengdu 404, who lease them out to Volt Typhoon and these other Chinese APTs. It's layers on layers, like a hall of mirrors, each one giving Beijing just enough distance to shrug and say, wasn't us.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Second, routers are easily replaceable. If one gets burned, hackers can just hop to the one next door.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Third, these routers are really hard to monitor. Rarely do they have logs or any kind of security. Bull Typhoon has used routers from U.S. companies like Cisco, Fortinet, Netgear, and others, many of them unpatched, still running those default passwords, or others that have reached end of life and been abandoned by their vendors.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
But these days, American brands are getting squeezed out by a Chinese giant.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
While the White House dithers back and forth on TikTok, few Americans have ever even heard of TP-Link. And I get it. When you buy a home router, you don't care what brand you get. You just want it to work. TP-Link's routers are ubiquitous and easily forgotten. If you've bought a home or small office router recently, chances are your data is flowing through TP-Link. In fact, go on Amazon right now.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Search the words home router. And Amazon's overall pick is a TP-Link router. It's by far the cheapest option, as in less than half the cost of its next closest competitor. TP-Link's share of the U.S. router market has exploded from 10% in 2019 to over 60% today. That's according to the Wall Street Journal, which found that TP-Link's share of next-gen Wi-Fi systems is even higher, 80%.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
And as early as October 2023, China's Volt Typhoon hackers started using TP-Link routers to burrow into U.S. infrastructure. Now, to be clear, TP-Link isn't the only brand they've used. But what makes TP-Link different is this. It's a Chinese company. It was started by two Chinese brothers and for three decades operated from Shenzhen. But last year, TP-Link split in two.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
One base stayed in China, while the other moved its new official headquarters to Irvine, California to serve the U.S. market. TP-Link wants you to believe this split means it's no longer Chinese. And as this episode was coming together, TP-Link's general counsel sent me a tersely worded message saying, quote, Any claim TP-Link is a Chinese company is, quote, unlawful and legally actionable.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
According to this lawyer, quote, TP-Link is a US-based company that manufactures routers for the US market in Vietnam. But a week after TP-Link's lawyers put me on notice, Bloomberg published its own investigation, which found that Vietnam is effectively just a final assembly point. Their words, that only half a percent of TP-Link's components come from Vietnam.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
The rest are still imported from China. And then there's what Rob Joyce, the NSA's former cybersecurity chief, testified to Congress and told our live panel podcast in March. He testified that TP-Link's push into the U.S. isn't just smart business. It's strategic. Rob told us the company is selling its routers at a loss, a deliberate move to flood the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
with cheap routers and build what he called a PRC platform.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
It reminded me of that line from Huawei's founder, a country without its own program controlled switches is like one without an army. TP-Link disputes all of this and emphasizes that its security is on par, if not better, than leading routers. That said, a recent Microsoft assessment took a careful look at one of these Chinese botnets.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
They call it Covert Network 1658, and it's used by multiple Chinese APTs. Microsoft determined it was comprised of 8,000 compromised devices, the vast majority of them TP-Link. Now, that could just come back to the fact that more Americans are using TP-Link routers than ever before. Or it could not. U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
investigators are now probing just how closely TP-Link Systems Inc., the new American incarnation of the company, is tied to China. And if they find it presents a, quote, unacceptable risk, Washington could use new authorities to ban TP-Link from the U.S., Politicians across the aisle are now zeroing in on the issue.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
By this point, you almost certainly understand the CCP absolutely has the patience, time, and skill. But in theory, so do we. So how did we let it get this far? How did we allow China's hackers to so intimately invade our most critical infrastructure? I'm Nicole Prolorath, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 8: Living Off The Land
Here's Democratic Congressman Raja Krishnamoorthi at a hearing on cyber threats in March. For context, he's holding up a TP-Link router.