Steve Stone
Appearances
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
I don't think people understand just how big this machine is. They tend to think about a group or an intrusion.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Everything started with what we now know as the PLA or even the PLA Air Force or PLA Navy operations. So what we've learned was these were very consistent groups. They were big, they were good at what they did, but they were predictable and they didn't evolve much. So we really thought we had our arms around these groups in particular.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
As you mentioned, there's this really emerging moment where we just recognized things were different. And at first we thought maybe they're just, these are other military units we hadn't run across yet. And what we really started to get an appreciation for was there was really different skill levels.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
There was groups that were really proficient in other things, and you could almost begin tracking how they would work together. We would see APT-1 struggle with an intrusion, and they just could not figure it out. And then all of a sudden, APT would show up, blast through the doors, get the intrusion going, and then leave and hand it back off to APT-1.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And so we were really trying to understand how all these groups were going together. And what we ended up finding out and why we kind of called those three groups the Gunslingers was Those people, the actual people behind them, started as young people. They knew each other and they formed hacking groups.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
They went to university and they studied together and then they end up forming actual companies. And then they also did this hacking on behalf of the Chinese government for profit. They were so much more capable because they just stayed on keyboard. They didn't age out and then teaching, literally teaching, like actually teaching in classrooms and also in these hacking groups, the next generation.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And we would actually start to see the ecosystem and the groups evolve. And that's how we really got to understand where we're at today, which is this ecosystem of private contractors and private groups. If you were in a military unit, you got promoted to a point and now you're off and now the next person comes in and it's a machine.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
There was only a handful of companies that really built that technology, both the software and the hardware. And one of those U.S. companies went out of business and then they sued the Chinese government in U.S. court because they said they literally stole our design and then they just sold turbines at a much discounted rate and they displaced our business.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
And the court case came down to an actual source code review, and it had the US company's name in the Chinese source code. The US company went and bought one of these Chinese turbines and then just mapped everything out. So they were able to say, this isn't just a manifestation of our source code, it's our actual source code. We're going to point out spelling errors.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 4: Naming and Shaming
Our actual company name is in this. And that company no longer exists. It was taken to create a viable Chinese business, which now is one of the top turbine producers. This is a very much a long game for the Chinese side of the house.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And that's how that feels. And it was very apparent that the business had just been stolen. The entire business was stolen. There's nothing we were going to do on the incident response side. Like, it's over. It's a wash.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
We saw a particular hospital just out of nowhere. It's like somebody flicked a switch. We saw one hospital just get compromised by multiple Chinese groups, military, private hackers, and all skill levels. Like it was all of a sudden, like if you watch the John Wick movies, like when they say, okay, this person is now on the list. just like that.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And all of these groups showed up and it didn't make sense to us.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And we thought, well, maybe there's some cutting edge research. Maybe there's something because health care is a huge issue for the Chinese government. It was like, hey, we're going to pay whoever gets it.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 1: The Five Poisons
And what we ended up finding out was the Dalai Lama was being treated there. So we think it wasn't what we thought it was initially. Like, yeah, they're trying to find the new cancer or whatever. We think it was just, is the Dalai Lama sick? And if he's sick, we want to know. And everybody go figure it out.
To Catch a Thief: China’s Rise to Cyber Supremacy
Ep 5: A Cyber Detente
That information probably wasn't just taken to be taken. It was probably taken to be put to work.