Nicole Perlroth
Appearances
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
Over the past two decades, the greatest heist in history has played out on American soil, or rather, in America's digital realm.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
I'm Nicole Perlroth. I spent a decade as the lead cybersecurity reporter at the New York Times. The stories I covered day in and day out of digital espionage and sabotage were stories vital to our national and economic security, and they've flown under the radar for far too long.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
Listen to To Catch a Thief, China's Rise to Cyber Supremacy, wherever you get your podcasts.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
But this wasn't the Robert Redford, George Clooney crowd, or even anonymous 20-somethings cloaked in hoodies. The burglar behind this heist was bigger than you'd ever think.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
The Chinese Communist Party has been behind some of the 21st century's most attention-grabbing breaches. They've targeted our news sources. The New York Times reporting on a cyber attack on its own computers. Our tech giants.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
And our most treasured trade secrets.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
China's state-sponsored hackers have stolen trillions of dollars worth of research and development. And now, their focus has shifted.
To Catch a Thief: China’s Rise to Cyber Supremacy
Coming Soon - To Catch a Thief: China’s Rise to Cyber Supremacy
China has built and exported a surveillance state made off with countless blueprints and now infiltrated our most critical infrastructure. For anyone watching, this wasn't a surprise. It was a decades-long strategy.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
because I feel that I failed and that media failed and business failed and in some ways government failed to really connect the dots for the people on this particular threat. We never went back to Nortel, for instance, when it went bankrupt. And when they wrote all these bankruptcy stories, no one ever mentioned, well, actually, the company was hacked by China several years ago.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So the answer was no, we're not going to draw any red lines.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Before I get to Bipple, I want to ask you, Rob, I think there is this idea that we have entered into a new era of mutually assured digital destruction, where we're all holding guns to each other's heads and saying, you better not hit us because we can just shoot right back at you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think you'd have to be a fly on Vladimir Putin's wall to find out why he hasn't done more in the way of attacks on our infrastructure because of our support for Ukraine. Or maybe our defenses were just that good that we were able to deflect them. And I know you can't speak to the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
capabilities, but what do you say about the deterrence of what we think might be this era of mutually assured digital destruction? And what are sort of the misunderstandings maybe about what our capabilities are in China?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Huawei owns all that IP. They've been subsidizing it, rolling it into global markets, and now Nortel is gone. And we never did that with solar companies. We never did it with turbine makers. We never did it with electric vehicles now. China is now the biggest manufacturer of electric vehicles. It's no longer Tesla as of 2023. We never did it with electric vehicle batteries.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Hi, everyone. Well, welcome to a special live episode of To Catch a Thief. And just to set the stage for the people who are not in this room, we are sitting here at the New York Stock Exchange today, surrounded by an audience of CTOs, CIOs, CISOs, these are the people who control the flow of information inside and outside some of our most vibrant American corporations and beyond.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
One thing that you learn when you talk to these folks is just how creative the Chinese have been at exploiting some of our civil liberties, our Fourth Amendment. You know, I think people don't realize, and I got a kind of front row seat to this on Jen's advisory committee at CISA, people don't realize that the U.S. is really blinded in some ways by
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
on cyber defense because we don't live in domestic traffic. We are not watching in real time what traffic comes in and out of our water treatment facilities. We really count on either our intelligence agencies or the FBI alerting these entities that they've been compromised or the entity discovering they've been compromised and telling the US government.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And so in many ways, we're kind of flying blind in a way that some of our adversaries aren't. And prevention, we need to do all of the things that you would need to do to prevent these attacks. No one knows that more than the people in this room, right? But we also need to start assuming that at some point they're going to get in.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And once they're in, how do we make sure that they don't get our crown jewels or they don't shut down the flow of gas and jet fuel and diesel to the eastern seaboard of the United States of America?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You know, how do we build those cushions of resilience inside the enterprise, inside our infrastructure, is really where the conversation needs to start going, especially based on the targeting that we are learning about. So, Bipul, this question is for you. What are those cushions of resilience?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
We never did it with home routers. Now it's Chinese companies that own the U.S. home router market, as Rob actually testified to Congress the other day. These are routers that have been used. in attacks on American critical infrastructure. In fact, just today I went on Amazon and looked up a TP-Link home router.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Jen, we talked a lot at CISA about target-rich, cyber-poor environments, that this is really where they're coming for, and it's the water. If you want to elaborate on some of those targets, that would be helpful. Right now, and this is probably a difficult question, but right now we're seeing a lot of cuts at the Cybersecurity Infrastructure Security Agency.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You hired more than 2,000 people to that agency. I am acutely aware of the cyber workforce shortage that we have and how hard it is to hire really good people into cyber defense for government. And these are people who have plenty of other options working in the private sector, getting great stock, working at Rubrik, working at Microsoft, working at Google.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Talk us through just your thoughts having just left in January on some of what's happening at CISA and across federal agencies.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It is Amazon's number one overall pick, and they own something like 60% market share of U.S. home routers. And these home routers have been used to funnel attacks into America's critical infrastructure. It's not a hypothetical threat, it's a real threat. And all of this has been going on kind of right under our noses, but we've never really connected the dots.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So really the magic of this episode, of tonight, of where we are, is that sitting next to me are the people who are the dots, and we are about to connect them. On my left here is my former colleague, David Barbosa, who will always be a colleague in my heart. David was the Shanghai bureau chief for the New York Times. He is the reason that we were actually hacked at the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
One thing that came up a bunch in these interviews is that Xi Jinping was watching very carefully what happened with Putin's invasion to Ukraine. And Jen, you said Ukraine's defense is the deterrence on Taiwan. So I'll put this to you first, David, and then maybe you, Jim.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
But first to you, David, since you're the only one who's spent significant time living inside China, what do you think Xi is thinking? What are his takeaways right now watching this administration's current approach to Ukraine?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
His coverage was that good. It earned him a Pulitzer, but it also earned him the wrath of the CCP. And I wrote that story for The New York Times. We actually have our former CTO, Rajiv, in the audience today. So we remember that very well. And I remember when the hack first happened, we thought they were there to maybe shut us down.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
But very quickly, it became clear, nope, they were there for David, and more specifically, David's sources. These days, David is the co-founder of The Wire China, which is doing some fantastic data journalism and news journalism, traditional journalism on China. So it's an honor to have you here today. To his left is Rob Joyce. Until very recently, Rob Joyce was head of cybersecurity at NSA.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
He served at the agency for something like 34 years, right? and had a very storied career there, including leading the Tailored Access Operations Unit at NSA, which is the agency that conducts hacking on behalf of our foreign intelligence collection program. So he knows better than anyone what the Chinese capabilities are.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It actually reminds me, I wrote it down. There's a great quote about this by Ren Zhengfei, the founder of Huawei, who said, a country that doesn't have its own routers and switches is like a country that doesn't have its own military.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
To his left is Jem Easterly, who, until very recently, was the director of CISA, the nation's cyber defense agency. And before that, was actually head of global security at Morgan Stanley. And before that, also had a storied career at NSA, which included standing up Cyber Command. And it's an honor to have her here today. To her left was my favorite phone call at The New York Times, Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
TikTok has been the big shiny object. And I forgot to issue a PSA to everyone to delete TikTok from their phones immediately before this panel. But TikTok has been the big shiny object. Obviously, routers are a huge problem. And actually, you also added, Rob, that on their new, whatever the next gen Wi-Fi router technology is, they actually have 80% market share, TP-Link does.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
So that really drives home this issue. Like I said, I went on Amazon today and looked up home router. The number one overall Amazon pick is a TP-Link home router. But you can replicate that across the cranes at our seaports, drones. It's a Chinese company that owns majority market share in drones, including those used by US law enforcement in some cases. Go ahead, Jen.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I'd love to ask you and Rob about the promise of AI, and you too, Jen, to finally do these things that we have failed at as humans, developing secure code, going back and maybe retroactively, Jen, you mentioned this to me the other day, refactoring code that is vulnerable. Rob, you said the only hopeful thing that I heard at RSA last year was out of your mouth.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I called him every time there was a cybersecurity disaster brewing. Jim, until very recently also, was senior vice president at the Center for Strategic and International Studies in Washington, which tells you nothing about Jim. What you need to know about Jim is that Jim has been privy to, partaken in, supported almost every back channel negotiation that the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
You said using AI tooling, you could bring down the dwell times on these critical infrastructure Chinese hacks from months, years in some cases, down to weeks and days. So maybe in our last four minutes here, we can take the conversation in a more positive direction.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I know that the threats are going to be significant from AI and we'll get there, but talk to me about what the potential benefits are of AI. Let's start with you, Jen.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
has had with China on the cyber threat. And then to his left is Bipol Sinha, the CEO and co-founder of Rubrik, which is leading the charge on cyber resiliency in this country and making sure that our worst day, the day you get hacked, is not your last day. So it's an honor to be here with all of you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I'd be remiss in having a panel on China that mentions AI without asking some of you about DeepSeq. So DeepSeq, we don't know whether there was any stolen IP. We don't know whether there was an evasion of export controls. But they've called it open source. It's not really open source. It's open weight.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
We're already seeing applications and new businesses built on DeepSeek because of its cost efficiencies and much the same way we saw Huawei spread very quickly because of its cost efficiencies. I'll probably throw it to you, Rob. What is the risk of DeepSeek?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
These are the people who have been targeted by Instrumentl in tracking and engaging the Chinese cyber espionage threat. Without further ado, let's get started. I'm going to ask the first question to my friend David here, which I want to address right away the elephant in the room.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
It was a little strange to see how much cheerleading there was in Silicon Valley for this from Andreessen Horowitz and others. David, I'm going to leave my last question to you.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
When we look back on when these Volt Typhoon, these so-called Volt Typhoon attacks, I know Jen and I are big fans of these names, but this is essentially the Chinese group responsible for a lot of these infrastructure attacks. When you look at really when they start picking up in cadence, It was around 2020 when Trump started calling COVID the China virus.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And you and I have talked about how much the CCP cares about image control and how so much of their actions and cyber espionage and activities against dissidents, et cetera, is because they are so concerned and to Jim's earlier point, paranoid about image control. We are seeing a huge escalation in rhetoric right now. What do you think we can expect right now going forward in this administration?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think the elephant in the room is this, you know, covering this threat at the New York Times and doing a whole podcast series about Chinese cyber espionage. You are walking a very tight rope because this is a very real threat, but you also don't want to stoke the kinds of disgusting xenophobia that we saw during COVID. And it is a tough rope to walk.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Yes, please.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And that is a good place to end. I think we're going to wrap it up and let everyone get some alcohol and then discussion. But thank you so much for being here. Thank you very much to our panelists who've come from long and far. And thank you for having such a far-reaching discussion. And just thank you for all that you all do. So that's it.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And I think you have covered these threats. You've been a target of these threats. And now you are basically covering China full time through the wire. So help explain, how do you walk this tightrope? And how do you help for the novices to this subject, help them conceptualize this difference between the Chinese Communist Party and the Chinese people?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And it's an honor to be here with you today. And before I get to introducing the very special people I have on stage, just a few words about this podcast. Why did we do this on Chinese cyber espionage?
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Speaking of the threat, I'm going to toss this one to you, Rob. You have, I think, what is one of the best quotes on how to conceptualize the threat. You just heard it all in the podcast trailer, and it's this. So you said that basically Russia is the hurricane, China is climate change. Tell us what you mean by that.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
This would have been a project that would have been unheard of 15 years ago, back when McAfee was picking up the pieces of some of the big Chinese cyber espionage campaigns like Night Dragon and Shady Rat. They were not even allowed to say the word China as part of their attribution. It was a very sensitive thing at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Jen, talk to us about what you saw or how you saw this threat morphing at CISA. You know, you oversaw CISA during a period we saw an unrelenting Chinese assault on our federal cloud systems, on our telecommunication networks, and on our critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
Here we are 15 years later, and we have a whole podcast series about Chinese cyber espionage. The reason I felt that it was critical we do this on Chinese cyber espionage is because this is the threat that in some ways I lived and breathed at the New York Times, but it's the threat that has been gnawing at me ever since I left the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I think the only real public glimpse that we have of what this threat could look like that you just outlined is colonial pipeline. And we all sort of remember people inexplicably showing up at gas stations with giant plastic bags
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
to fill up with fuel and one of the things that hit me was there was a doe assessment at the time that found that as a country the united states could have only afforded three or four more days of colonial pipeline being down and it wasn't so much the gas or the jet fuel we had the reserves it was the diesel required to run our factories so three more days and that was one target
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
I hadn't even heard of Colonial Pipeline until this ransomware attack happened. That was one target by a bumbling group of ransomware criminals. And what Jen is describing is think about a coordinated attack on not Colonial Pipeline, but five or seven Colonial Pipelines, and then add in water and... the grid, et cetera. And when you think about it that way, it's not a hypothetical anymore.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
That's what hit me in the course of this podcast project. It's a very real threat based on where we're seeing this targeting. You think about it that way, you think about the psychological impact that that would create for the United States to summon the appetite to go support an island's independence 7,000 miles away.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And then you start to think about how this is really a way to really win a war without firing a single bullet. And when you start to look at these attacks like this, you start to see just how powerful these cyber attacks could be. So the one that always hits home for me is water.
To Catch a Thief: China’s Rise to Cyber Supremacy
BONUS: Live Panel with Top China & Cyber Experts at The New York Stock Exchange
And Jim, you've been in, I think, recent negotiations or conversations with the Chinese on would they agree to draw any red lines around certain targets like water? How have those conversations gone?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
It had traced their movements to more than 100 breaches in the U.S. They had their online handles. They had their physical address.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
When Mandia read China's denial in my story, he decided, screw it. Let's show them the proof. He handed me and my Times colleague David Singer a 74-page report detailing the group's official military designation, their tactics, techniques, victimology, its members, who had names like Ugly Gorilla, and critically, its whereabouts. We sent our Shanghai bureau chief, David Barbosa, to investigate.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And sure enough, next to restaurants, massage parlors, and a wine importer, he found a 12-story nondescript white building surrounded by Chinese soldiers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Once we were sure we could corroborate Mandiant's report, we published everything we had. I turned on CNN.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Even Kevin Mandia was shocked to see its impact.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Nobody was connecting the dots back to Chinese hacking. Nortel didn't just disappear. Huawei stole it. China subsidized it. And they made it so cheap, it wiped Nortel off the map. Now, that's not to say that Chinese companies aren't innovative. It's just that they were playing by different rules. The hacking, the outright theft, gave them a huge leg up.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That story wasn't just news. It empowered the U.S. government to go after the PLA unit. Meet John Carlin, who worked at the Justice Department under the Obama administration.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
While I was busy writing about Chinese cyber attacks, it was Carlin's job to figure out what to do about it. Part of the challenge was that until we outed our own hack and the PLA unit responsible, most everything the US government had on Chinese hackers was classified.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But John's team couldn't just call out the Chinese Communist Party by name.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
One year after we outed the PLA unit 61398, John's team was cleared to prosecute. A grand jury in Pennsylvania indicted five of the unit's members and named their victims. Among them, Solar World, U.S. Steel, which struggled in recent years to compete against low-priced subsidized steel from China, Westinghouse Electrico, the world's biggest supplier of nuclear reactors, and
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Allegheny Technologies, Alcoa, and the United Steel Workers Union.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Our reporting from The Times, combined with Mandiant's APT1 report, meant Carlin's hands were untied. In his mind, the prosecution hadn't come a moment too soon. It was about more than justice for the victimized American companies. This was about establishing global norms of acceptable behavior.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And all that leapfrogging came with a heavy price tag for American companies, American workers, really the American people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
When I first had started covering Chinese cyber attacks, I'd always ask the experts, well, who did it? What they said in those early days, though, surprised me. They'd say, Nicole, attribution doesn't matter. I always read that as, we don't want to piss off China for business reasons.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That was partly true, but the other truth was that we were getting hit so hard and so often that the first priority wasn't the who, but the how to make it stop.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But in the wake of our revelations at the Times, Mandy and CPT One report, John Carlin's indictments, that began to shift.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But Unit 61398 was just one group. Inside the NSA, analysts were tracking an entire Chinese hacking apparatus. Here's Steve Stone again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The intelligence community was tracking some 20 discrete Chinese hacking units. Roughly half were PLA military or Navy units dedicated either to specific industries like microchips, semiconductors, satellite technology, or specific geographies. that were just assigned to hack targets in Australia, for instance. These were military personnel clocking in for their daily hacking to-do list.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But then there was the other half of the groups the NSA was watching. These were looser satellite networks of contractors. They worked at the behest of China's spy agency, the Ministry of State Security, but not necessarily in the building. These were moonlighters tasked with episodic state missions, privately employed engineers who got paid by the state to hack on the side.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And unlike the PLA's hackers, who could be quite sloppy, these soldiers of fortune were good. They had legitimate skills. They were known for their stealth. Here's Paul Moser, who covered China's expanding surveillance state for the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Steve Stone watched in real time as China's hacking unit started handing off missions to the experts. Here's Steve.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That was Dave DeWalt, who had a front-row seat to these developments as CEO of McAfee and later FireEye. Anyone tracking Chinese cyber theft over this period could have told you that this was all entirely predictable. But even as the hacking reached absurd levels, America's leaders in business and government were still hesitant to sound the public alarm.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This is what US intelligence came to understand. There were two pools of Chinese hackers, the day jobbers, military enlisted personnel, and the gunslingers. Imagine if Stanford's top computer science professors and Silicon Valley engineers, even executives, hacked for the NSA on their off hours as a side hustle or because they had no choice.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This allowed China to tap its best and brightest for its sensitive missions. And it also gave the CCP plausible deniability. Should they get caught, the CCP could always say, it's not us. It's these hackers. We can't even control ourselves.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I'd later learn from the Snowden leaks that China actually ran some of its cyber attacks through popular Chinese tech companies like 163.com, China's version of Yahoo, and Sina, the company that runs China's Twitter equivalent, Sina Weibo. At one point, the GCHQ...
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
which is essentially the UK's NSA equivalent, discovered that 163.com's mail servers were secretly operated by a Chinese government domain, and that that same Chinese government domain served as a backup server for Sina Weibo. In practical terms, that means that the Chinese government had direct access to any and all traffic, including private messages run through Sina or 163.com.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This would be like discovering that Facebook or Twitter's backend infrastructure was actually run by the NSA. When you hear that, you start to understand why there might be some national security concerns about TikTok. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Fears of upsetting the world's largest market still ruled the day. That's where a certain government shorthand came in.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I'm Nicole Perleroth, and this is To Catch a Thief. I learned the meaning of advanced persistent threat back when I was at the New York Times. I was reporting out a wild story about how Chinese hackers had broken into one oil company. They tried to break in all the usual ways, mainly through phishing emails.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But when that didn't work, they searched for the company's employees on Facebook and discovered several of them had liked the same Chinese takeout restaurant. So what did they do? They hijacked the restaurant's PDF takeout menu. When the oil company employees went to order some General Tso's chicken, they got a helping of Chinese malware instead.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Once they were in, getting these Chinese hackers out of your systems, finding and closing every back door was a huge challenge. In one case, the U.S. Chamber of Commerce, basically the country's biggest business lobby, discovered they'd been breached by Chinese hackers. They brought in the FBI and private security firms and believed they'd cleaned house.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But then months later, one of their printers inexplicably started printing out reams of documents in Mandarin. Separately, some of their lobbyists started complaining that the thermostats in their corporate apartments in D.C. were acting funny. Upon closer inspection, both the printer and these thermostats were still communicating with IP addresses in China months later.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
This was the level of persistence we were dealing with. Back to Dave DeWalt.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The world's top telecom player, Huawei.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
These days, DeWalt runs his own cybersecurity investment firm, Night Dragon. And yes, he named his firm after the Chinese hacking campaign. Some of these thefts still haunt him.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Within a few decades, the Chinese economy went from agrarian backwater to manufacturing middleman to world-class innovator in its own right. American companies had been the pioneers, the innovators, but somewhere along the way, we got beat at our own game. And in too many cases, it was with our own stolen IP. Throughout the 2010s, examples surfaced everywhere.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The Comac C-19 came to market in 2008. It took another 10 years for the U.S. Justice Department to detail in an indictment how Comac narrowed the technological gap between what it could build and what its Western competitors could do. Before 2008, Comac relied on companies like Airbus, GE, Honeywell, Belgium's Safran for major components.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
But China was determined to help Comac, which is short for Commercial Aircraft Corporation of China. stand on its own two feet. Chinese spies bribed employees at these Western suppliers to hand over trade secrets. And some of them did. A few are now in jail. But what China's spies couldn't get from human sources, they stole in a brazen series of cyber attacks against Honeywell,
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Capstone Turbine, GE, and Safran. CrowdStrike and a report of its own concluded that those hacks helped Comac trim, quote, several years and potentially billions of dollars off its development time. And that was all for just one airplane.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Back when DeWalt was CEO of McAfee and then FireEye, he handed the Obama administration a list of American companies he believed were getting raided hand over fist. Over the next few years, as the government debated what to do, how far they were willing to go to make China stop, whole companies, entire towns were eviscerated by Chinese IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
20 miles west of Portland sits Hillsborough, Oregon, a town locals refer to as Silicon Forest because a number of big tech companies have factories here. Intel, Salesforce, and until recently, SolarWorld, a German solar company, housed the largest solar cell manufacturing facility in North America here. At its peak, SolarWorld hired more than a thousand locals.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The company was among the first in the world to manufacture a next-gen solar cell that was highly coveted for its efficiency, and flexibility. These solar cells allowed panels to work in lower light conditions and in extreme heat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
That competitive edge put Solar World and Chinese hackers crosshairs. The CCP first highlighted solar energy on its five-year plan in 1981. And solar has made every five-year plan ever since. In 2012, SolarWorld discovered Chinese hackers had broken into its network and passed its crown jewels over to Chinese state-owned enterprises.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Soon, those companies, aided by Chinese subsidies, were dumping cheaper copies of SolarWorld's panels into US markets. Solar World fought back, both in court and in the corridors of Washington, where they lobbied for tariffs on Chinese panels. But it wasn't enough. By 2017, Solar World laid off more than 800 of its Hillsborough factory workers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
The factory shuffled hands through a series of takeovers and ultimately closed up shop in 2021.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Even the drones flown by U.S. law enforcement are no longer American.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
These shutterings were happening to hundreds of companies and towns across America. Some, like Solar World, tried to fight back. Here's Steve Stone. He worked with a turbine maker that discovered its Chinese competitor had copied its hardware and software. down to mistakes in the original source code.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
It's worth noting that four of the world's top five turbine makers are now Chinese companies. Meanwhile, Western competitors like Capstone Turbine filed for bankruptcy in 2023, citing decreased demand. Factories closing, towns hollowed out, and yet so many Chinese cyberattacks flew under the radar.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
mainly because victims were so reticent to step forward, scared what the disclosures would mean for their reputation, for their stock price, for class action lawsuits. That's why our own disclosure of the Chinese breach of the New York Times was such a game changer.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
China's DJI owns the sky. As for electric vehicles, it's not Tesla anymore. As of 2023, it's China's BYD.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Just before I hit publish on that story, I'd done what any serious journalist does. I'd called the Chinese consulate, walked them through everything I had, and gave them the chance to comment or refute the story. What I got was a full-throated denial. To accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I included that denial word for word in the story. China's denial, especially the part about no solid proof, didn't sit well with Kevin Mandiant. For years, he tracked the group behind our hack, a group Mandiant called APT1. Officially, the group was a Shanghai-based unit of the People's Liberation Army, Unit 61398. Mandiant knew the group better than most.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Scholars say the CCP also felt justified in stealing Western technology as reimbursement for what China calls its century of humiliation when European powers occupied China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
A few analysts got so frustrated that they left the agency to start a private company called Area One. Their company worked with everyday, unwitting Americans whose servers had been compromised by China, servers the Chinese were now using to stage these attacks. At least from the private sector, these analysts could trace the attacks and, when possible, block them at the source.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
What Americans consider unethical thievery, the CCP views as reparations.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The theft was so blatant, at times it almost felt like they were daring their Western counterparts to do something about it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The McDonnell-Douglas story was hardly unique. This level of thievery had become systematic under China's joint venture requirements. Meet John Bedbrook.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the late 1990s, DuPont's primary business was corn. Corn genetics, really. DuPont had figured out a way to make super varietals of the crop that could withstand drought, disease, fungi, pests, and ultimately increase farmers' yield. And DuPont was determined to bring that same know-how to rice. China was the obvious place to start.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Here's what you need to know. China holds 20% of the world's population, but only 10% of its arable land. Food security, really the means to efficiently grow staples like rice, is the top national priority. That partly explains why China was an early pioneer in hybrid rice, where you crossbreed two distinct rice strains to produce a super-efficient varietal.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But China's cultural revolution devastated that progress. Mao villainized China's scientists and skilled ag workers. Most were forced to abandon their work. Many were sent to rural labor camps. Research institutes were shuttered or repurposed for political indoctrination. This is how those millions died from famine. By the time John first set foot in China, he was shocked at the state of things.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Germplasm is just plant DNA. DuPont specialized in corn and soy breeding. If it could bring its proprietary germplasm to China's hybrid rice market, that was a multi-billion dollar opportunity. But remember, DuPont couldn't just come set up shop in China. China forced them into a joint venture.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
It wasn't just DuPont's billions of dollars worth of proprietary know-how. They brought DNA vectors and seedlings. They trained up dozens of Chinese engineers in their implantation process. For three years, everything went swimmingly. Until the day it didn't.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
John couldn't make sense of it. In effect, China was shutting them down. He never got an explanation, and it wasn't for lack of trying. He knew several higher-ups in China's ag world from his student days in Cambridge, and he chased every last one of them down.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Did they give you any color at all about why the permits weren't getting approved anymore?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
And what was it like to just sort of lock up the place and walk away. What's that feeling like when you invest three years of your life into this breakthrough project? It just completely stalls one day, and then you just have to lock up the place and abandon asset.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
container ships of rice were left to rot. Those Chinese engineers DuPont trained, they quietly left, taking all DuPont's IP, its methods, all their training with them. China kept everything.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
On the day I visited the Cates, Area 1's sensor lit up. It showed real-time connections to America's biggest brand names and fastest-growing Silicon Valley startups. As a condition of witnessing the inflow and outflows from this one server, I have agreed not to name specific victims.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Some of those very same Chinese engineers started up their own labs, some right down the street. They thrived. Meanwhile, DuPont went to US authorities, who said there was really nothing they could do. And executives didn't have the stomach to press the issue further. DuPont was still managing other joint ventures in China. Word from on high was, best not to rock the boat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
And now?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
You may be wondering why American companies like DuPont and McDonnell Douglas were willing to turn a blind eye here, or why American administrations didn't do more to push back. Entire business lines and billions of dollars worth of R&D were getting swept. Spies were literally rolling into private facilities in the dead of night and stealing everything. The answer, of course, is money.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
There was simply too much to be made in China. Short term, no American business was willing to say or do anything that might turn off the spigot. Even if long term, it risked hollowing out entire industries.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But I watched firsthand as Chinese hackers leapfrogged from the Kate server to a major American airline, a Silicon Valley food delivery startup, a major Manhattan law firm, and some of our most elite university research labs.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
This was a big gamble. American companies bet that so long as they continue to out-innovate the Chinese, they could mitigate their losses. Inside government, U.S. administration after administration mistakenly believed that China's economic liberalization would inevitably bring about a political liberalization as well.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That China would adopt international norms of behavior, cut out the spying, and end the theft of IP. Enter the internet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
At a certain point in the early 2000s, the five-year plans became a roadmap for China's state-sponsored hackers. Here's Dmitry Alperovitch, who started tracking these thefts in their infancy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
For years, the theft was blatant, unapologetic. Subtlety was not high on the list of priorities. At the Times, I got my hands on a U.S. national intelligence estimate, a classified report that represents a consensus of all 18 U.S. intelligence agencies. Their 2009 report ranked countries by their cyber prowess. In terms of skills, the assessment found that Russian hackers were the best.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Chinese hackers were deemed pretty basic. But still, the assessment determined China represented the gravest cyber threat to the United States. Not so much for their skills, but for the sheer volume of their attacks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
It was nauseating watching the CCP cart off America's crown jewels, billions worth of R&D, cutting-edge research, source code, all of it moving through the Kate's dusty server here in Wisconsin, back to China. And on the off chance one of China's targets flagged some strange traffic coming from a Wisconsin welding shop, Well, who would suspect the Kates?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Jim Lewis can draw a direct line from Chinese IP theft to the rise of what is now a Chinese powerhouse.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the early aughts, Nortel's fiber optics equipment was the world's envy. 70% of the world's internet traffic ran through Nortel. For Beijing, that made it more than just an economic rival. That made it a national security threat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Missing from these obituaries was the fact that Nortel's IP had been raided by Chinese hackers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The details of Nortel's hack are now well known. Nortel's IT team discovered Chinese hackers inside their systems back in 2004. When they alerted executives, there just wasn't much urgency to do what it would take to kick them out and keep them out, beyond changing up a few passwords.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Ultimately, Nortel's investigators said they watched China cart off thousands of critical product schematics, sensitive emails, key business strategies. Five years later, Nortel started getting massively underbid on a series of contracts by their Chinese competitor, Huawei. Nortel is now long gone. Huawei is now the world's biggest telecom.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
If, like me, you're asking yourself, why would China go to such great lengths to steal white paint? It actually came up in a number of interviews, like this one with Matt Turpin, a senior China advisor under both Obama and Trump 1.0.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The CCP deployed that Huawei model against thousands of Western companies. China would announce its next five-year plan and almost immediately threat researchers like Dimitri would watch Chinese hackers race to crack every company in listed industries.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The Kate server, and thousands like it across America, from welding shops to Texas saddleries, was precisely where the NSA couldn't look. As for China, well, that made it the perfect cover.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
In the game of spycraft, it's still perfectly acceptable to break into government agencies, even defense contractors. But what the Chinese were doing, breaking in, siphoning off billions, trillions of U.S. trade secrets, that broke all the rules. I'm Nicole Perleroth, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Kevin Mandia. In the early 2000s, his team of incident responders at Mandiant started getting more and more calls from businesses. Hundreds, then thousands of them, frantically calling for Mandiant's help in rooting Chinese hackers out of their systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Drive past the dairy farms, cornfields, and horse pastures, and you'll eventually arrive at Kate Machine and Welding in Belleville, Wisconsin. Population, 2,500. For more than 50 years, the Cates have welded fertilizer tanks, jet fighter parts, cheese molds, even a farmer's broken glasses. They thought they'd seen it all, until the day a few strangers knocked on their door in 2015.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Theft of IP. That was a game changer. Chinese hackers weren't there for state secrets. They were there for commercial gain.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Evan Medeiros, former China director at the National Security Council and Obama's lead China advisor. He makes a critical distinction. Spies spy. That's what they do. What they don't do, at least not in a free market economy, is pick winners. Say the NSA was in position to get the latest in ad tech. Who would they pass it to? DuPont or Monsanto?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Or say the Chinese made a significant AI breakthrough. Who would the NSA pass that to? Microsoft or Google? That's just not how a free market works. But in China's socialist market economy, China's military and spy agencies could pass those trade secrets onto whichever Chinese enterprise stood to benefit most. And that is exactly what they did over and over and over again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But I'm getting ahead of myself. So, Jim, why don't you introduce us to Deng Xiaoping?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
That was Jim Lewis, who spent decades immersed in the issue of Chinese cyber espionage. Now, here's Evan Medeiros again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The men knocking on the Cate store had spent their early careers at the National Security Agency. The NSA. At NSA, they'd watched as Chinese hackers brazenly made off with American trade and defense secrets, pulling them back to servers in China. But increasingly, the Chinese were moving their operations to the one place the NSA couldn't look.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Under Mao, China was something of a hermit kingdom, cut off from global markets unlike its neighbors in Japan and other emerging Asian economies. Mao's mismanagement had left China reeling from a widespread famine that, by some estimates, killed as many as 14 million. When Deng came in in 1978, China's economy and technology lagged decades behind the West. Back to Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
For the party to retain power, Deng knew he would have to prioritize economic growth. It's what scholars call performance legitimacy. If people are suffering, they'll demand change. But if their economic prospects are good, they'll have fewer reasons to challenge the status quo. So, Deng set about a period of reform and opening.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
But rather than go full capitalist, he opted for a socialist market economy, essentially central state planning with free market perks. China's state-owned enterprises were restructured, and companies were allowed to operate based on free market principles. Here's Evan Medeiros again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Deng welcomed Western investment. with a few caveats. Westerners rushed at the chance to take advantage of China's low-cost labor and crack open a consumer market more than a billion strong. But first, movers like Coca-Cola and General Motors couldn't just set up shop in China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Beijing forced foreign companies to enter into something called a joint venture with their Chinese counterparts and capped their ownership at 49%. This gave Chinese companies access to Western technology and the chance to learn from foreign expertise. For American, European, and Japanese companies, this basically entailed forced technology transfer.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Many deluded themselves into thinking they could manage the loss of IP for the reward of partaking in China's growing market. Deng's reforms resulted in China's economic miracle. Tiny fishing villages like Shenzhen transformed into global manufacturing powerhouses.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
The United States, where they started setting up shop in vulnerable servers, like this one, in this dusty back office at the Cates Welding Shop. The NSA can't look at domestic traffic, at least not without a court order. And as the Chinese began staging their attacks from American servers, the NSA started going blind.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
China's economy grew nearly 10% every year after Deng took over, lifting millions of Chinese out of poverty. What was once a poor agrarian society became the world's largest trading partner, and today, the world's second largest economy. But China wasn't content to be the world's manufacturing closet. The CCP's leaders were determined to see to it that China become an innovator in its own right.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Indigenous innovation became a national priority. They announced a series of initiatives like Made in China 2025, a national policy to transform China from a manufacturer of cheap, low-quality goods to a leading innovator in critical industries like next-generation technology, clean energy, robotics, AI.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Every five years, the party dictated a new list of economic priorities in their five-year plan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Corporate thievery has always offended our Western sensibilities, but China sees things differently. China's leadership not only rationalized IP theft, it became a national priority.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 3: The Most Dangerous Time in American History
Why should Chinese companies spend decades and billions on R&D when they could just as easily steal it from foreigners for free? Here's John Holtquist, Mandiant's chief intelligence analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Our own researchers in Beijing had been arrested before. Nearly a decade earlier, a Chinese Times researcher was arrested after the paper published a story about the imminent retirement of a senior party leader. The information hadn't even come from the researcher, but he was sentenced to three years in prison regardless.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
What David was now doing, reporting out the secret wealth of China's prime minister, is as dangerous as it gets. China's whole regime is predicated on a kind of grand bargain. So long as Chinese citizens see their lives materially improving, they're willing to stomach a certain level of authoritarianism from their leaders. But corruption, that can throw a wrench in the whole arrangement.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Corruption, or even just the appearance of it, was the thing China's leaders feared most, arguably even more than the five poisons. Corruption was the surest way to unravel the party's social contract with its people. And what David was reporting, not just corporate corruption, but corruption at the highest levels of Chinese governance, that was a powder keg.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Precisely the kind of story that could sow societal unrest. The kind of story the party would do anything to bury.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But over that same time period, David starts requesting documents from the Chinese government. Documents about Wen's family members and their stakes in several private Chinese companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
David starts shoving sensitive documents in safes. He shreds any he doesn't need. Over the next few weeks and months, he carts suitcases chock full of documents. from Shanghai to New York, then Tokyo, until he approaches something close to a final draft. I was going to ask, what's going to happen at the airport if anyone opens the suitcase?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
That September, unbeknownst to David, the hacking begins. But his anxieties were elsewhere.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Finally, David makes it to the home stretch. He starts making calls. He calls the family members of China's prime minister and their business associates to walk them through everything he has.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Once those editors are confident the reporting's ironclad, they greenlight publication. But before the article goes live, David makes one final call to the powers that be.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
What was the most memorable part of that final conversation?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
At this point, Chinese hackers were deep inside the Times. Back in San Francisco, I'd been tracking them, all for what I'd hoped would be a story detailing their assault on the paper. But my bosses were emphatic. I couldn't publish anything until we'd found and sealed up every last Chinese backdoor. And I was still under strict orders not to tell anyone what I was working on.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
They worried any internal chatter would tip off our Chinese interlopers. While I stayed in this holding pattern, David published his story on October 25, 2012. The CCP immediately blocked mainland access to The Times and shut down our new Chinese-language site.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Google pulled its search engine from China, handing billions in revenue to Google's main Chinese competitor, Baidu. The result was a profound chilling effect. The lesson other Chinese hacking victims took from this was keep quiet. Don't offend the gatekeepers to the world's largest market. It would be years before another company came forward.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was only after David's story published that the two of us finally spoke. I'd assumed someone else at the Times had let him in on the fact that Chinese hackers were crawling through his emails. Nope. I remember dialing you thinking, how am I going to do this? Because if their insight is email, they're most certainly recording this phone call. So I remember calling you. Yes.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And I remember saying, David, hi, this is Nicole Perleroth. We haven't met yet. I'm the cybersecurity reporter in San Francisco. I think you know why I'm calling. And do you remember what you said? No.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
You said, I have no idea why you're calling. No one had actually bothered to tell you or perhaps were too afraid to tell you over phone or email that Chinese state-sponsored hackers were inside our computer systems, inside your inbox at that very moment, reading all of your emails and that they had been into our systems for several months.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Google's is the breach that just gets worse the more you learn. This wasn't just some Chinese hackers gone rogue. Months after Google went public, Wikileaks dumped a U.S. embassy cable that described just how high up the chain of command this went. Google's hack had been orchestrated by a senior member of China's Politburo, the equivalent of a U.S. cabinet member.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Wow. But back to that fall of 2012 at The Times, it took four months to kick the PLA out of our systems. We knew we couldn't hit publish on my story until we'd kicked out our hackers for good. By January of 2013, we were ready to move forward, but some on the masthead were getting cold feet. With my story written, edited, and ready to go, I was summoned to a call.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
One editor asked, why exactly are we publishing this story again? Another worried what our competitors at the Wall Street Journal and the Washington Post would say. These questions went above my pay grade, but I told them, I don't think they're going to say very much. because there is a very high likelihood that they've been breached too. I told them about the two types of companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
I explained that everyone was hiding these breaches. And I made the case that, as a news organization, we had a unique obligation to come forward. That argument seemed to win the day. And to the Times' eternal credit, they decided to publish. After that, there was just one last call to make to China's government spokesman. It was critical to give them a chance to respond.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
The party came back with a full-throated denial, but they'd added a dig. Quote, to accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless. That one would come back to bite them later. We hit publish.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Almost immediately, those competitors we were worried about, they came forward too. The Washington Post.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Suddenly, it was like you weren't even a legitimate news organization if you hadn't been hacked by China. Here's Kevin Mandia.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Once the New York Times came out, the floodgates opened. That two types of companies refrain?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It suddenly felt a lot more real. But China's surveillance apparatus, the one it honed on Uyghurs, the Five Poisons, the dissidents, journalists, it was only the means to achieving an end. Control, obedience, that was only step one. What the party long sought was economic supremacy. to move China from the world's manufacturing closet to an innovator in its own right, a superpower.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
To pull off that pivot, that would require the crown jewels of capitalism, intellectual property. And lest we forget, Aurora went far beyond emails.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Apparently, he Googled himself, found the results to be unacceptably unflattering, and ordered a hit on the company. According to this cable, quote, government operatives, public security experts, and internet outlaws recruited by the Chinese government took it from there.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Intellectual property theft. stealing research, trade secrets. Sit with that for a second. These aren't market competitors we're talking about. This is a world power, a nation state coming for private American companies. Because why spend decades and billions of dollars on your own R&D when you can just hack it? That's next on To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Gebauer, and Amy Machado.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Editing and sound design by Morgan Foose and Carter Wogan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But there's still one element of the breach that Google and US officials were cagey about, still are. And it wouldn't surface for years after the attack. Three years after Google outed its own breach, Microsoft offered a starkly different postmortem. Google's hackers hadn't just gotten access to Chinese activists and dissidents' Gmails, they'd gotten access to a counterintelligence goldmine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
I'm Nicole Perleroth, and this is To Catch a Thief. You may recall that last episode, Heather Atkins, who ran point on Google's breach, mentioned that governments have, quote, front door kinds of ways to access its users' Gmail accounts.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
If they've got evidence that a Gmail user is engaged in a crime or some kind of national security threat, say they have reason to believe a Gmail user is actually a Chinese spy, they'll serve Google with court orders demanding it give the government access to their Gmail account. Well, according to Microsoft, the Aurora hackers got access to the very system the U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
government used to lawfully intercept Gmail accounts. This is important, and it will come up again when we get to a very recent Chinese espionage campaign. But for now, what you need to know is this. China has a keen interest in knowing who the U.S. government is targeting with these lawful intercept requests. They'd especially want to know if any Chinese agents' covers had been blown.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And they could get that intelligence one of three ways. Option one, they could recruit an informant at the FBI or a U.S. intelligence agency. Difficult, but not impossible. Option two, they could hack these agencies. Equally difficult, perhaps. Or option three, they could hack into Google and watch the Watchers. And that, according to Microsoft, is precisely what Aurora's hackers did.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
None of this was mentioned in Google's blog post, by the way, and Google's leaders have never spoken publicly about it. Still, the fact Google went public at all was momentous. But in the silence that followed, the hacks only escalated. That group behind Google's hack would go on to breach thousands more victims. But sometimes these breaches were too big or too serious to keep quiet.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
One year after Google, the very same hackers came for the security world's keys to the kingdom. They hacked a company called RSA and stole the keys to their core security product, RSA's multi-factor authentication devices, the ones used by millions of employees at companies all over the world to log into their corporate networks.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
With RSA's keys in hand, China's hackers were able to leapfrog from RSA into its customer networks at high-value targets like Lockheed Martin. That same group? They're still hacking today, by the way. In 2023, they came for Microsoft. Using a similar MO, they leapt from Microsoft into its customers' email accounts. But this time, it wasn't dissidents' emails they were after.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was the emails of senior officials, including the U.S. Ambassador to China, Nick Burns, and Commerce Secretary Gina Raimondo. They downloaded 60,000 emails from the State Department alone. All told, they read through emails belonging to more than 500 people at 22 different organizations, all through this one hack of Microsoft. But back to 2010.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Aside from Google, few victims ever stepped forward. Hacking was treated as a crime of shame. As a reporter at the New York Times, trying to get these companies to go on the record was a fool's errand. Nobody would talk. That is, until they came for us. In the fall of 2012, I got a tip that there were hackers inside the Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Outside of our security team, almost no one at the paper was aware of the hack. I was told, tell no one. Our security team had made the oh shit call. They brought in Mandiant. Their analysts traced the malware back to a familiar foe, a group Mandiant internally called APT1. It was a particularly brazen unit of the Chinese military based in Shanghai called Unit 61398.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Our immediate concern was sabotage. This was just two months ahead of the 2012 presidential elections. Our security team was worried this might be an attempt to mess with our coverage. I embedded with our security engineers and watched the hacker we affectionately came to call the PLA summer intern. Every day, they'd roll into our networks at 9 a.m. Shanghai time and roll out around 5.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
They'd phished us. And then they'd started moving laterally, making their way through 53 of my colleagues' computers. Out of an abundance of caution, our IT team confiscated every one of those machines. Confused colleagues would show up to work and find post-it notes where their computers had once been. These notes just said, We have your computer. Signed, IT. Without further explanation.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It's January of 2010. Google has just come forward. They publish a blog post announcing they've, quote, detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China. The uproar is immediate. But rather than trigger an avalanche of disclosures, things went the other way.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Tracking these hackers, I got a sense for Heather's paranoia. There were some nights I'd return home to my empty apartment and wonder if these Chinese hackers had followed me home. When my cable box started making strange sounds, I convinced myself hackers were inside. But based on hackers' queries and other digital crumbs, these hackers weren't there for me.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
And they weren't there to shut us down. At least not yet. They were after our sources. And the sources for one reporter in particular.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
The very same month I got the first tip about the Chinese hackers in our systems, David had been putting the finishing touches on a massive, years-long investigation about the secret wealth of Chinese leaders and their families. Clearly, the party was on to David's reporting, and they were after his sources. But the irony was that his investigation wasn't based on a deep throat.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
It was based on reams of documents, hiding in plain sight.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
David was able to trace the flow of funds through a maze of shell companies to Wen Xiaobao's relatives. Inside China, this was precisely the kind of story that puts a reporter, their family, and their research assistants in danger.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
As David was finalizing his reporting, the Chinese Communist Party was changing hands. In 2012, the party named a new general secretary, Xi Jinping. Less than six months later, Xi would become president. Xi had fought his way through the party ranks with impeccable discretion. That meant no one could say for certain what type of leader he would be.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
But very soon, it became clear that Xi was determined to consolidate power. Xi was haunted by the collapse of the Soviet Union. He referenced it in speech after speech and blamed the collapse on Gorbachev's democratic reforms and political liberalization. For Xi, the lesson was this. For a party so large to stay in power, it would have to demand total obedience and control.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 2: Then They Came for Us
Under Xi, the CCP started clamping down on foreign press. In speeches, party leaders took to calling Western reporters, quote, hostile foreign forces. Reporters started getting roughed up, even detained, for covering something as seemingly innocuous as a Chinese film festival.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
As for that paranoia Jim is talking about, China has long been consumed by its so-called Five Poisons. The whole concept of the Five Poisons grew out of ancient Chinese medicine. They were snakes, centipedes, scorpions, frogs, and spiders. In modern China, the Communist Party has its own version of the Five Poisons. It's the five groups the Party perceives as existential threats to its control.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Uyghurs, the Tibetans, the Falun Gong, the pro-democracy movement, and the Taiwanese. But it's that first group, the Muslim minority known as Uyghurs, that's been subjected to surveillance so over the top, it's been likened to a virtual prison.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That was Paul Moser. Paul spent more than a decade inside China covering their expanding surveillance state for the New York Times. In June of 2009, just a few months before Chinese hackers broke into Google, there was one episode that kicked the party's paranoia into high gear. The Shaoguan incident.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
America has been losing its crown jewels, its intellectual property, to China. Chinese hackers made off with the blueprints to our passenger planes, our prized fighter jets, our turbines, the secrets behind our genetically modified seeds, even the formula for the White House paint. They're long gone. Americans have barely begun to reckon with all that was lost.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The party mobilized the military to Xinjiang. They cut off internet access and they blocked phone calls to the outside. But that was just the beginning. Over the next decade, the CCP turned Xinjiang into a dystopian surveillance lab.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That level of surveillance didn't stop in Xinjiang. Over the next several years, it began to creep into larger China and beyond.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Here, danger and the greatest wealth transfer in history. And your mind goes to heist of the old school variety. Masked thieves making off with diamonds or bags of cash. But this, this was burglary on a global scale.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But these days, China doesn't just want our trade secrets. They want influence. And they're pursuing it in the most disturbing of ways. By hacking our critical infrastructure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That was Jim Lewis again. What Google was now witnessing, hackers inside its systems, that was the first glimpse that China was exporting its surveillance overseas.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That front door Heather's talking about, well, governments, including our own, routinely go to email providers and phone companies with secret court orders demanding access to customers they suspect of engaging in crime or terror threats. Years later, we'd find out Chinese hackers snuck in that front door too, but we'll come back to that.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
One thing to know is that two years before Google set up shop in China, China's CCP minders had gone to its competitor, Yahoo, and demanded Yahoo hand over access to a Chinese journalist's email account. Yahoo had complied, and the journalist paid dearly for it. That journalist was now serving out a 10-year prison sentence. Google went into China with that journalist's experience firmly in mind.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The company intentionally withheld Gmail from Chinese users for fear the party would demand access to its users' private conversations. But now, what Heather's team was witnessing at Google was just that. The Chinese government was clearly willing to go to great lengths to track its own people, no matter where they lived. China was rewriting the rules.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Governments would still come knocking on the front door with national security letters and data requests. But now Google had to expect they would come break down the back door too. Suddenly, private businesses were active targets for advanced nation-state hackers.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Googlers took this personally. Their whole motto was, don't be evil. Google's mission was to make the world's information accessible to everyone, standing by as an authoritarian government surveilled activists and stifled dissent, ran counter to everything they stood for.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Three years earlier, Google had entered the Chinese market on one condition from the CCP, that it sanitized search results for the Dalai Lama, the Falun Gong, Tiananmen Square. Google rationalized this to employees by arguing it was better to give the Chinese censored search results than leave a billion plus people in the dark.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But in the intervening years, the party's list of quote-unquote offensive content expanded to an absurd degree. The party demanded Google censor any talk of time travel or reincarnation. Even Winnie the Pooh would eventually make their blacklist. And when Google didn't move fast enough to block content, Chinese officials took to calling Google an illegal site.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Three years in, the censorship was getting hard to stomach, and now it had gone way beyond that. Google's engineers felt powerless as they watched an authoritarian government hack into their systems in a brazen campaign to surveil its own people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
This realization that Google could be used as a means for China to monitor its critics radically altered the way the company approaches cyber defense and how it informs those of us who may be targets for nation state spies. Today, Google delivers a big red warning banner across your Gmail account. if it detects a nation state hacker attempting to access it. I've seen a few myself.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But for Heather, it caused more personal shifts as well.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The thing is, Heather's paranoia wasn't entirely off base. Google wasn't alone, not by a long shot. This wasn't a single hack, but an opening salvo. Here's Dimitri Alperovitch again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Any other threat researcher might have passed that phrase right on by. But that word, Aurora, stopped Dmitry in his tracks. Dmitry grew up in Russia in the 1980s, and Aurora jolted him right back to his Soviet schooling.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Yes. I'm Nicole Perleroth, and this is To Catch a Thief. I've spent the past 15 years swimming in cyber threats. For a decade, I was the New York Times' lead cybersecurity reporter. I wrote a book, This Is How They Tell Me the World Ends. investigating the ins and outs of the cyber arms market.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
In rewinding the tapes, Google, Mandian, and now McAfee all found trails from Google's hack back to dozens of other companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The victim list included companies just up the road in Silicon Valley like Adobe, but the targets also included banks like Morgan Stanley, defense contractors like Northrop Grumman, even cybersecurity firms like Symantec were caught in the fray, and many more that to this day have never acknowledged they were breached.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Heather's team made it their mission to warn their counterparts at these other companies. They'd call and say, look, you have a problem. Check out this IP address and you'll see something scary. On the other end of the line, someone's face would go white and then radio silence.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Back at McAfee, Dimitri's team found inroads back to more than 100 companies.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Steve DeWalt, Dimitri's boss and McAfee's CEO at the time. What struck Dave wasn't just the number of companies that were hit, but how long Chinese hackers had been there.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And in many cases, that's exactly what they did. They didn't just go for the emails, they went for the source code. And with that, they could alter the systems themselves. They could plant back doors that allowed them to come back anytime they so pleased.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And now, I travel the world educating people about the very real potential for a cataclysmic cyber attack. It's a threat that, for whatever reason, has never quite reached the American mainstream. Despite my best efforts, most Chinese cyber attacks were still understood as one-offs rather than the carefully laid pieces of a longer master plan.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
It wasn't until a decidedly analog espionage threat hit the nightly news that Americans started to pay attention.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
But if there were spy balloons floating over every military installation, company, university, law firm, or research lab that has been breached by China, the sky would be a sea of white. A note here before we go any further, you'll hear me and others refer to Chinese hackers or being hacked by the Chinese.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Something crucial to understand is that what you're about to hear has nothing to do with the Chinese people. It has everything to do with the calculated efforts and strategic plans of China's leaders in the Chinese Communist Party, the CCP. efforts that have been playing out below our radar for a long, long time. Looking back, I had no idea what I had gotten myself into. It was 2010.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The New York Times had hired me to cover cybersecurity. Not only did I not know anything about cybersecurity at the time, I had gone out of my way to not know anything about cybersecurity. It was technical and a little terrifying. And as I dug in, it became clear that even the word cybersecurity was a misnomer. There was no cybersecurity.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Hackers were breaking into companies left and right, doing whatever they could to get the goods and whatever they could to stay there, undetected. In talking to experts, government officials, security researchers, hackers themselves, One refrain kept coming up. The two companies refrain.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
You might recognize that voice. That was former FBI Director James Comey. He's regurgitating a phrase I've heard so many times, it's easy to forget who first said it. I want to get the words out of your mouth. There is a phrase in our industry that has been plagiarized to death, and I believe I have traced the origin to you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Dmitry Alperovitch. Back in 2011, Dmitry ran threat research at McAfee, the antivirus shop. The Chinese cyberattacks he witnessed there compelled him to leave and co-found CrowdStrike with George Kurtz. He'd later write a book, World on the Brink, How America Can Beat China in the Race for the 21st Century. Suffice to say, you'll be hearing plenty from him.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
As I started covering these hacks, it became abundantly clear that Dimitri's two companies refrain was not overhyping, not even a little bit.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
It's late 2009. Google is hurtling towards its prime. For Heather Adkins, the director of Google's information security team, it started out as just another Monday.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Heather and her team realized that this was no intern. But whoever it was, they were taking over real employee accounts. In that initial fog of war, Heather and her team couldn't rule out the possibility that whoever this was might be getting insider help.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Google called in cybersecurity's equivalent of the wolf from Pulp Fiction, the Harvey Keitel character in the suit, the one who gets called in when things are spinning out of control and you need a real professional to mop up the mess.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
For two decades now, trillions of dollars worth of American R&D, trade secrets, intellectual property have crept out the back door. And when you peel the mask off the thieves, it's the same culprit every single time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
When it comes to digital messes, the wolf is Kevin Mandia, founder of Mandiant. Mandy, it's the 1-800-OH-SHIT call. The guy in the suit you call when your breach gets out of hand. And it wasn't just Google who was calling. Here's the wolf himself.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Advanced Persistent Threat. That's government shorthand for state-sponsored hackers. In those early days, the vast majority of these groups originated from one country. APT became a politically expedient way to say China. But back to Kevin.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
At the same time Google caught Chinese hackers in its systems, cybersecurity experts elsewhere were responding to breaches that were unprecedented in aggression.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Steve Stone. Steve has tracked cyber threats in government and private industry for more than 15 years. He's seen it all. But it was the offensive against this one hospital that stuck with him. This wasn't just the A-team. It was an absolute ambush. Every single Chinese APT he was tracking simultaneously went full force against this one hospital.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
So just what was it that they were after? Why was nearly every single Chinese hacking group coming for this one hospital?
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
Our adversarial focus has long been on our Russian comrades across the Atlantic. But in the meantime, a more insidious rivalry has quietly taken shape on the far side of the Pacific.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Chinese Communist Party, or CCP, was willing to deploy the full weight of its hacking apparatus just to spy on the Dalai Lama. Likewise, what Google was witnessing in late 2009 was just how far the CCP was willing to go to track the Chinese diaspora overseas. By tracking hackers' movements, Googlers, in concert with Mandiant, were able to piece together their motives.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
The Chinese were after the email accounts of Chinese activists and dissidents. They wanted to know who was talking to whom and what they were saying.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
That's Jim Lewis. Today, he's a senior vice president at the Center for Strategic and International Studies in Washington, where he specializes in China and tech policy. But his career has spanned back-channel negotiations between the U.S. and China for years. Any discussions between the two on cyber espionage? Chances are he's had a hand in them.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
All the dominoes were in place. Obama's triple tap at Sunnylands, the Commission, the Interagency Task Force. Finally, the U.S. was in position to punish China, to actually ban Chinese imports built off our own stolen IP. And it might have set the world on a new course, had it not been for a certain someone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In hindsight, the timing here was stunning. Within 24 hours of Obama and Xi's face-off at Sunnylands, Edward Snowden started leaking out classified NSA documents revealing the extent of America's surveillance programs. Snowden's timing could not have been more convenient for China. It was the ultimate get-out-of-jail-free card.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The leaks gave the PRC the perfect whataboutism to push back and say, "'See? We're not the problem. The United States is the problem.'" And in the blink of an eye, the U.S. went from hacking victim to hacking assailant.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And the White House would spend the next two years fending off a relentless drip, drip, drip of damning accusations that it was embedded in everything from America's biggest technology companies to Angela Merkel's cell phone.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Chinese hacking just seemed to drift from public view. Occasionally, the government would do something to pull it back on the front page. Like in 2014, when John Carlin's team at the Justice Department indicted the PLA's hackers, ones with memorable online aliases like Ugly Gorilla, the ones who'd come for us at the New York Times.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
But for the most part, it was Snowden and really the NSA that continued to occupy global attention. Chinese hackers had become a footnote. But then in 2015, the CCP overstepped.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Not me, not the white hats who were getting called into Chinese cyber attacks all over the country, not even the government officials who pulled it off. So how'd we get here? Well, as Chinese cyber espionage ramped up, so too did the government's agonizing of what to do about it. I'm Nicole Perleroth, and this is To Catch a Thief.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In a brazen attack, Chinese hackers came for the motherlode, OPM, the U.S. Office of Personnel Management. You can think of OPM as the Fed's HR department. Think of all the personal forms you've had to fill out any time you've gotten or even applied for a new job. Now, level that up a few security clearances. That's the treasure trove Chinese hackers got a hold of at OPM. Here's Jim Lewis.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Chinese hackers got the minute personal details, background checks, and medical histories of every citizen who had ever applied for a security clearance. All told, some 22 million U.S. federal workers and contractors saw their most personal details hacked by the Chinese government. The scale of the attack set a new record.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was Steve Stone. He's tracked Chinese threat groups for more than a decade inside government and industry. Among those stolen bits of information were millions of fingerprints, which, when you stop and think about it, is pretty much the worst case scenario for any American spy. You can change aliases all you want, but as far as I know, fingerprints can't be burned off or changed.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That means our spies could be compromised with just a touch. And then there was the not insignificant fact that it wasn't just federal applicants who were impacted, but anyone who lived with them. Here's John Carlin again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
A breach of OPM's scale, its severity, could not be allowed to stand. But here's the catch. As the unwritten rules of espionage go, the OPM breach was actually fair game. Technically, the hack was government on government. The CCP seeking intel about an adversary, about American government workers, and potentially U.S. spies. It's the kind of thing spy agencies target all the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The Obama administration couldn't set the red line at the OPM breach, not without hamstringing its own intelligence operations. But it also couldn't turn a blind eye, not with the whole country and the entire U.S. government apparatus watching.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The OPM breach, its scope, and the publicity around it gave the administration the opening they needed to come down hard on all the hacks that weren't fair game. The economic espionage, IP theft. In just a few months, Xi Jinping was scheduled to come to the White House for his first official state visit as president. That gave the White House some leverage.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Obama's team was prepared to cancel Xi's visit entirely or welcome him with sanctions. For a man and a party obsessed with image control, this would have been unacceptable. Here's Dmitry Alperovitch, who was liaising with Obama officials at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Now, here I should step back and note there had been government efforts, serious efforts, to rein in Chinese IP theft before. Long before Aurora, even before the dawn of the commercial internet really, the first Bush administration had put China on notice.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The month before Xi was slated to visit, the Washington Post reported that the White House was preparing to greet President Xi with a package of unprecedented sanctions against the Chinese companies and individuals who'd profited off Chinese hacking.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
In sweeping tales of espionage and intrigue, back-channel diplomatic negotiations at a Marriott don't typically get their moment in the sun. And in cyber circles, there's a healthy dose of skepticism for the role diplomacy can realistically play in securing digital borders.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
For one, governments frequently rely on proxies to do their dirty work so they can always say, it wasn't us, it was these hackers, we can't control ourselves. For another, hackers are tucked so deeply into the shadows that establishing what they can and cannot do there can be a fool's errand. But diplomats say it shouldn't be underestimated.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Meet Ambassador Nate Fick, who until very recently served as the United States' first ever cyber ambassador.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
By the way, that phone that Nate's talking about, it's not just metaphorical. In an operations center at the State Department sits a relic from the Cold War, a red phone. It's connected to Moscow.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The darkest days are when that red phone comes in handy. But the U.S. has no red phone with China, or really any historical pattern of managing through conflict, which is what made the PRC's willingness to concede on cyber theft so stunning back in 2015.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The explicit language that Obama and Xi were able to agree upon was unprecedented. The fact that they stood side by side to announce that agreement publicly, that was revolutionary.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
There were plenty who thought that Xi's public acknowledgement of corporate cyber espionage was the victory in itself. No one thought China would actually abide by the terms of the deal. Back at the times, I was beyond skeptical. The PRC had been cheating the system for so long, and it had been so vital for China's so-called economic miracle.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
This notion that China would suddenly follow the rules, turn off its golden spigot, struck me as implausible, to say the least. But then, that's exactly what happened. Almost overnight, the pace and frequency of these breaches plummeted. Here's John Carlin again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And here's Kevin Mandia, who was tracking Chinese APTs as closely as anyone over that 2015 time period.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was Matt Turpin, who served as China director at the National Security Council in Trump's first administration. And before that, as China advisor to the chairman of the Joint Chiefs of Staff under Obama. For those not well-versed in the minutiae of trade law, the Section 301 investigation is the first step in imposing tariffs that would have penalized China for its blatant IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The thing is, they weren't told to change all their behavior. The frequency of attacks dropped dramatically, but back at the times, I started getting tips about breaches at health insurers and travel and hospitality companies. Anthem, Primera, Marriott, the Fed's preferred hotel chain, were all getting hit. A number of backend airline reservation systems had also been popped around the same time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The digital crumbs all led back to Chinese APTs. I called higher-ups in the Obama administration and asked if this meant their moratorium was off. These were private American businesses getting hacked by the Chinese. On its face, it was a blatant violation of the Obama-Xi agreement. But the officials had an awkward response. Actually, no, they told me.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The attacks on Anthem, on Marriott, were fair game. Chinese hackers weren't there for intellectual property. This, like the OPM breach, was standard counterintelligence. Here's John Holquist, Mandiant's chief analyst.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The Chinese were building a repository of Americans' personal data. The PRC could take the information they already had on U.S. government workers from the OPM breach and layer on the data they stole from backend airline and hotel reservation systems.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Using that, Chinese analysts could cross-check a government employee's flight itineraries and hotel stays with those of Chinese citizens to see who is flying to which cities or staying at the same hotels at the same time. Bingo, you've got yourself a shortlist of suspected American spies and Chinese double agents. This wasn't a violation of the Obama-Xi moratorium on IP theft.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
This was spycraft 101. And if the PRC could mine that data effectively, it would make it much, much harder, if not virtually impossible, for American operatives to build effective covers and recruit Chinese intelligence assets. This, by the way, coincided with a broader and brutal campaign by the CCP to dismantle American intelligence gathering in China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Here's my friend and former Times colleague Mark Mazzetti talking to NPR.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And this was a big deal at the time. But when it came down to actually enforcing anything, that was another story.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
For years, Chinese IP theft was something most US businesses just swallowed with a wink and a nod towards profit. As for the US government, they took a gamble. They hoped that as China's economy grew and the internet took off, China would have no choice but to adopt international norms, improve its track record on human rights, and eventually stop hoovering up all our IP.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Every time the Bush and Clinton administrations debated actual penalties in the form of tariffs or sanctions, there were always people in the room who'd argue back. It'd be better to kick the can down the road. American businesses were making too much money in China to disrupt the status quo. And back then, policymakers still held out hope for a new China.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Thank you. Thank you. Thank you.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That once they acquired a certain level of wealth and economic maturity, once the internet took hold, China would cut out the bad behavior, stop stealing RIP, lay off the internet crackdowns, and inevitably democratize. This late 90s, early 2000s optimism was perhaps best summed up by this guy.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
These days, that sounds pretty naive. But back then, to be fair, all signs were pointing that way.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Here's Jim Lewis, who was involved in some of these internal deliberations at the time.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
But hack after hack made clear just how wrong they were. And then this happened.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The intelligence community watched as US businesses hemorrhaged IP, fighter jets, passenger planes, solar panels, DuPont's genetically modified seeds, turbines, oil and gas tech and exploration strategies, electric vehicles. Coca-Cola, which paid $4 billion for vitamin water in 2007, watched its Chinese market share plummet overnight, ousted by Nongfu's victory vitamin water. Entire U.S.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
product lines were vanishing. And by 2013, there was this growing sense of urgency that government could no longer let the private sector fend for itself. It simply wasn't a fair fight.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That was John Carlin, who led the Justice Department's 2014 indictments of the PLA members who'd hacked us at the New York Times. And here's Jim Lewis again.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Until it didn't. As Obama's first term came to a close, things started to look bleak. Whatever profits American businesses were making in China short-term were getting far eclipsed by the long-term hits they were taking from Chinese IP theft. By 2012, Obama decides he's had enough.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Obama makes moves, real moves, to level the playing field. One, the White House sets up an interagency task force whose sole mission is to start bringing IP theft cases to the WTO, the World Trade Organization, a necessary first step in banning Chinese products that relied on stolen American IP. And two, the White House starts building out its case to the American people.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
On September 25th, 2015, Obama and Xi Jinping stood side by side in the Rose Garden and announced the cyber detente nobody saw coming.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
They couldn't just start banning cheap Chinese goods, not if they expected to win the next election. The White House knew it would have to run the numbers. And this was critical because without a visceral understanding of just how swindled we were getting, Americans would never stomach the price hikes that would follow from banning cheap Chinese toys, vacuum cleaners, solar panels, and seeds.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And doing this math was no easy feat. Because, as we've now established, the IP theft victims were doing their damnedest to keep their hacks and losses under wraps. Plus, to really get an accurate tally, you couldn't just add up losses last quarter.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
You'd have to include losses from future American product lines that were now vanishing in the face of Chinese subsidized copycats flooding the markets. So Obama sets up a bipartisan commission. He taps Admiral Dennis Blair, his former national intelligence director, and Utah's former Republican governor and outgoing ambassador to China, John Huntsman.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
And he asks them to figure out just how much the U.S. is hemorrhaging in stolen IP. Their answer wasn't pretty.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
$300 billion a year. Let's pause here. That figure, $300 billion annually, was roughly equal to America's $318 billion trade deficit with China that very same year.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
Now, economists will quibble with this, but the simpletons take care is, look, if this competition were fair, if China wasn't stealing American IP, but paying American businesses fair market rates to license it, there might be no trade deficits. $300 billion annually was a staggering figure.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
The commission recommended the White House move urgently to establish a quick response capability that could basically ban and sequester any Chinese import that relied on stolen IP. Obama was ready to move, but first he decided he'd raise the issue, forcefully, with China's newly promoted president, Xi Jinping. Here's Evan Medeiros, the China director at the National Security Council under Obama.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
What you just heard was Obama announcing that Xi Jinping had agreed China would stop hacking for commercial gain. Well, technically Xi and Obama agreed to stop hacking for commercial gain, but this was no doubt a better deal for Obama than it was for Xi. Nobody saw this one coming.