Ep 5: A Cyber Detente

45m
Every U.S. administration, dating back to President H.W. Bush has struggled to address the threat of Chinese trade theft. But a growing sense of urgency kicks in as American businesses start hemorrhaging trade secrets and entire product lines start vanishing to Chinese copycats. Just as the Obama Administration is set to do something about it, Edward Snowden shifts the narrative back onto the United States.

For years, the U.S. fends off its own accusations of hacking. But then China goes for the mother lode. And creates an opening for Obama to strike a deal with his Chinese counterpart, Xi Jinping. In Episode 5, host and former New York Times cybersecurity reporter, Nicole Perlroth reveals the ins and outs and backroom dealings of the cyber detente nobody saw coming.

Listen and follow along

Transcript

I raised once again our very serious concerns about growing cyber threats to American companies and American citizens.

I indicated that it has to stop.

The United States government does not engage in cyber economic espionage for commercial gain.

For years, Chinese IP theft was something most U.S.

U.S.

businesses just swallowed with a wink and a nod towards profit.

As for the U.S.

government, they took a gamble.

They hoped that as China's economy grew and the internet took off, China would have no choice but to adopt international norms, improve its track record on human rights, and eventually stop hoovering up all our IP.

But hack after hack made clear just how wrong they were.

And then this happened.

We have jointly affirmed the principle that governments don't engage in cyber espionage for commercial gain against companies.

That all I consider to be progress.

On September 25th, 2015, Obama and Xi Jinping stood side by side in the Rose Garden and announced the cyber detente nobody saw coming.

What I've said to President Xi and what I'd say to the American people is

the question now is,

are words followed by actions?

What you just heard was Obama announcing that Xi Jinping had agreed China would stop hacking for commercial gain.

Well, technically, she and Obama agreed to stop hacking for commercial gain, but this was no doubt a better deal for Obama than it was for Xi.

Nobody saw this one coming.

Not me, not the white hats who were getting called into Chinese cyber attacks all over the country, not even the government officials who pulled it off.

So, how'd we get here?

Well, as Chinese cyber espionage ramped up, so too did the government's agonizing of what to do about it.

I'm Nicole Perlaroth, and this is to catch a thief.

Now, here here I should step back and note there had been government efforts, serious efforts to rein in Chinese IP theft before.

Long before Aurora, even before the dawn of the commercial internet, really, the first Bush administration had put China on notice.

So I think folks seem to forget that in 1991,

George H.W.

Bush brought a Section 301 investigation against the Chinese government for theft of intellectual property and violations of copyrights and other things, and used that to force the Chinese government to the negotiating table so that they would actually start to abide by international rules around respecting copyrights and respecting intellectual property.

That was Matt Turpin, who served as China director at the National Security Council in Trump's first administration, and before that, as China advisor to the chairman of the Joint Chiefs of Staff under Obama, for those not well-versed in the minutiae of trade law, a Section 301 investigation is the first step in imposing tariffs that would have penalized China for its blatant IP theft.

And this was a big deal at the time.

But when it came down to actually enforcing anything, that was another story.

The Bush administration got to a negotiated settlement in 1991 and then chose not to impose sort of retaliatory tariffs on what Beijing was doing.

Beijing agreed to fix its things.

And then essentially four years later, during the Clinton administration,

the Clinton administration is back in 1995, renegotiating compliance on those agreements, right?

That Beijing is not complying.

And essentially, that is the story that we've been dealing with from then on.

Every time the Bush and Clinton administrations debated actual penalties in the form of tariffs or sanctions, there were always people in the room who'd argue back.

It'd be better to kick the can down the road.

American businesses were making too much money in China to disrupt the status quo.

And back then, policymakers still held out hope for a new China.

That once they acquired a certain level of wealth and economic maturity, Once the internet took hold, China would cut out the bad behavior, stop stealing RIP, lay off the internet crackdowns, and inevitably democratize.

This late 90s, early 2000s optimism was perhaps best summed up by this guy.

As Justice Earl Warren once said, liberty is the most contagious force in the world.

In the new century, liberty will spread.

by cell phone and cable modem.

In the past year, the number of internet addresses in China has more than quadrupled from 2 million to 9 million.

This year, the number is expected to grow to over 20 million.

When China joins the WTO, by 2005, it will eliminate tariffs on information technology products, making the tools of communication even cheaper, better, and more widely available.

We know how much the Internet has changed America.

And we are already an open society.

Imagine how much it could change China.

Now, there's no question China has been trying to crack down on the Internet.

Good luck.

That's sort of like trying to nail jell-o to the wall.

But I would argue to you that their effort to do that just proves how real these changes are

and how much they threaten.

the status quo.

It's not an argument for slowing down the effort to bring China into the world.

It's an argument for accelerating that effort.

In the knowledge economy, economic innovation and political empowerment, whether anyone likes it or not, will inevitably go hand in hand.

These days, that sounds pretty naive, but back then, to be fair, all signs were pointing that way.

I think we should place ourselves back into sort of the position that our own leaders in the United States were in, as well as leaders from numerous other countries around the world were in in the early 1990s, right?

And they're looking at the world coming out of the Cold War.

We've watched the collapse of communism across Eastern Europe and the Soviet Union.

We've watched the Soviet Union implode.

We've seen the Chinese Communist Party come under significant pressure from its own citizens in June of 1989, culminating in a massacre of students in Tiananmen.

And so you're looking at that landscape and you're saying to yourself, you know, this process, this Leninist sort of political system is truly on its deathbed.

China is a nation at war with itself.

Tension had been building all day Saturday after some early skirmishes between students and soldiers.

The man was alone.

The tank was not.

There was not one voice on the streets which did not express despair and rage.

Tell the world, they said to us.

Here's Jim Lewis, who was involved in some of these internal deliberations at the time.

Well, remember,

the end of the Clinton administration, we thought the Chinese were going to be friends.

It was probably a little naive, but what the heck?

America and China would have a global partnership where they would set the rules and

work together.

And we were all going to be friends.

And

it was the end of history.

And we could say kumbaya.

The Chinese kind of believed it too, at least some of them.

And at the same time, you had this background of intense espionage.

There was a debate in China that wasn't resolved until a few years ago.

Do we become more international, more like what the Americans want us to be, where we play by the rules that the rest of the world plays by?

Or do we become more nationalistic and put China's interests first?

Unfortunately for us, it was the nationalists who won.

And so for the United States, I think in the policymaking community, by the end of 2015,

it had really sort of sunk in that our hopes were sort of dashed, that Xi Jinping was not going to be the reformer that we had hoped he would be, that by continuing to sort of blindly help the Chinese economy develop, become more wealthy, more technologically advanced, underneath the leadership that was manifesting in Beijing, we were essentially making our lives much, much more difficult and much more dangerous.

The intelligence community watched as U.S.

businesses hemorrhaged IP, fighter jets, passenger planes, solar panels, DuPont's genetically modified seeds, turbines, oil and gas tech and exploration strategies, electric vehicles.

Coca-Cola, which paid $4 billion for vitamin water in 2007, watched its Chinese market share plummet overnight.

ousted by Nong Fu's victory vitamin water.

Entire U.S.

product lines lines were vanishing and by 2013 there was this growing sense of urgency that government could no longer let the private sector fend for itself.

It simply wasn't a fair fight.

We could go to people in the private sector and say to your point, what was so you know evidently clear, which is that when you're up against the second largest military in the world, it's not a fault of the New York Times,

however big, 10-person IT team that they can't keep them out of a system.

That's a fight that traditionally has been nation to nation.

We don't leave every company up against major nation-state rivals.

It was such a unique space that we were allowing that to happen in cyber.

That was John Carlin, who led the Justice Department's 2014 indictments of the PLA members who'd hacked us at the New York Times.

And here's Jim Lewis again.

There was always this sense of,

look, it's a trade.

We know they steal from us, but we get a lot of money out of China.

So right now, the trade works in our favor.

Until it didn't.

As Obama's first term came to a close, things started to look bleak.

Whatever profits American businesses were making in China short term were getting far eclipsed by the long-term hits they were taking from Chinese IP theft.

By 2012, Obama decides he's had enough.

Tonight, I'm announcing the creation of a trade enforcement unit that will be charged with investigating unfair trading practices in countries like China.

There will be more inspections.

There will be more inspections to prevent counterfeit or unsafe goods from crossing our borders.

Our workers are the most productive on earth, and if the playing field is level, I promise you, America will always win.

Obama makes moves, real moves, to level the playing field.

One, the White House sets up an interagency task force whose sole mission is to start bringing IP theft cases to the WTO, the World Trade Organization, a necessary first step in banning Chinese products that relied on stolen American IP.

And two,

the White House starts building out its case to the American people.

They couldn't just start banning cheap Chinese goods, not if they expected to win the next election.

The White House knew it would have to run the numbers, and this was critical because without a visceral understanding of just how swindled we were getting, Americans would never stomach the price hikes that would follow from banning cheap Chinese toys, vacuum cleaners, solar panels, and seeds.

And doing this math was no easy feat because, as we've now established, the IP theft victims were doing their damnedest to keep their hacks and losses under wraps.

Plus, to really get an accurate tally, you couldn't just add up losses last quarter.

You'd have to include losses from future American product lines that were now vanishing in the face of Chinese subsidized copycats flooding the markets.

So, Obama sets up a bipartisan bipartisan commission.

He taps Admiral Dennis Blair, his former National Intelligence Director, and Utah's former Republican governor and outgoing ambassador to China, John Huntsman.

And he asks them to figure out just how much the U.S.

is hemorrhaging and stolen IP.

Their answer wasn't pretty.

Spring of 2013, the Obama administration had commissioned the Blair-Huntsman Intellectual Property Commission report, which finds that the Chinese are stealing $300 billion a year worth of intellectual property.

$300 billion

a year.

Let's pause here.

That figure, $300 billion annually, was roughly equal to America's $318 billion trade deficit with China that very same year.

Now, economists will quibble with this, but the simpleton's take here is, look,

if this competition were fair, if China wasn't stealing American IP, but paying American businesses fair market rates to license it, there might be no trade deficit.

$300 billion annually was a staggering figure.

The commission recommended the White House move urgently to establish a quick response capability that could basically ban and sequester any Chinese import that relied on stolen IP.

Obama was ready to move, but first he decided he'd raise the issue forcefully with China's newly promoted president, Xi Jinping.

Here's Evan Medeiros, the China director at the National Security Council under Obama.

So what we realized was we really were going to have to go to the top.

We were going to have to signal to the top.

One of the most difficult diplomatic tasks that we had was trying to sensitize China to this distinction between regular intelligence and, let's call it, economic espionage.

I can remember one conversation in particular in June of 2013 at Sunnylands.

President Obama and his Chinese counterparts, Xiao Jinping, have ended their two-day summit in Southern California.

During a walk walk around the Sunnylands estate in Palm Springs, Mr.

Obama told reporters that his meeting with the president, with President Zing Zhai, has been terrific.

It gives me great pleasure to welcome President Xi back to the United States.

Remember, Obama did something he very, very rarely did.

He raised it with Xi Jinping, and you got the sort of standard, oblique Chinese talking points back.

Obama raised it a second time with Xi Jinping, sort of what we used to call the double tap, and said, No, this is really serious.

And I'm telling you, as the president, our government actors don't conduct economic espionage, and we don't give it to American companies.

And Xi Jinping acknowledged it.

And then Obama did a triple tap and he said, Look, if we don't solve this issue, it's going to become a very serious problem for our governments and our businesses.

And Xi Jinping just sort of stopped, put down in his pen, looked up and said, I got it.

Let's move on.

All the dominoes were in place.

Obama's triple tap at Sunnylands, the Commission, the Interagency Task Force.

Finally, the U.S.

was in position to punish China, to actually ban Chinese imports built off our own stolen IP.

And it might have set the world on a new course

had it not been for a certain someone.

My name is Ed Snowden.

I'm 29 years old.

I work for Booz Allen Hamilton as an infrastructure analyst for NSA in Hawaii.

Edward Snowden is now an international outlaw.

In hindsight, the timing here was stunning.

Within 24 hours of Obama and she's space-off at Sunnylands, Edward Snowden started leaking out classified NSA documents revealing the extent of America's surveillance programs.

Snowden's timing could not have been more convenient for China.

It was the ultimate get-out-of-jail free card.

The leaks gave the PRC the perfect whataboutism to push back and say, see, we're not the problem.

The United States is the problem.

And in the blink of an eye, the U.S.

went from hacking victim to hacking assailant.

And the White House would spend the next two years fending off a relentless drip, drip, drip of damning accusations that it was embedded in everything from America's biggest technology companies to Angela Merkel's cell phone.

In Angela Merkel's summer press conference, the last one before elections, more than half the questions were about the NSA spy scandal.

Europe's anger over surveillance activity by the United States is just the latest foreign policy disruption created by leaked information from the National Security Archives.

The NSA analysts can target your email, can target your browsing history, your online chats without a warrant.

Chinese hacking just seemed to drift from public view.

Occasionally, the government would do something to pull it back on the front page.

Like in 2014, when John Carlin's team at the Justice Department indicted the PLA's hackers, ones with memorable online aliases, like Ugly Gorilla, the ones who'd come for us at the New York times but for the most part it was snowden and really the nsa that continued to occupy global attention chinese hackers had become a footnote

but then in 2015 the ccp overstepped We've got breaking news coming in right now on the hack of the government's Office of Personnel Management.

In the last hour and a half, OPM announced that as many as 25 million people may be affected by the breach.

There were loud calls for the firing of the top administrator at the Office of Personnel Management.

After it was revealed, the hack of government computers is five times worse than previously reported.

In a brazen attack, Chinese hackers came for the mother load, OPM, the U.S.

Office of Personnel Management.

You can think of OPM as the Fed's HR department.

Think of all the personal forms you've had to fill out anytime you've gotten or even applied for a new job.

Now, level that up a few security clearances.

That's the treasure trove Chinese hackers got a hold of at OPM.

Here's Jim Lewis.

When you join the government, you have to fill out a form that lays out, have you ever been arrested?

Did you smoke out?

Blah, blah, blah.

You know, the correct answer is no, by the way.

And they got all those forms.

Chinese hackers got the minute personal details, background checks, and medical histories of every citizen who had ever applied for a security clearance.

All told, some 22 million U.S.

federal workers and contractors saw their most personal details hacked by the Chinese government.

The scale of the attack set a new record.

That information probably wasn't just taken to be taken.

It was probably taken to be put to work.

That was Steve Stone.

He's tracked Chinese threat groups for more than a decade inside government and industry.

Among those stolen bits of information were millions of fingerprints, which, when you stop and think about it, is pretty much the worst case scenario for any American spy.

You can change aliases all you want, but as far as I know, fingerprints can't be burned off or changed.

That means our spies could be compromised with just a touch.

And then there was the not insignificant fact that it wasn't just federal applicants who were impacted, but anyone who lived with them.

Here's John Carlin again.

My daughter's first real piece of mail addressed to her.

She was literally a baby, was old enough, though, to see it and be excited.

Her name was on the envelope, was saying that her identity had been stolen in that hack along with the

rest of our family.

That,

I think, was of such a scope and scale.

that that

along and came shortly on the heels of the PLA indictment where we were talking about it publicly and where they were noisily denying that they ever did such things.

That I think that helped as well to bring China to the table, but also to convince our own

folks in government that something had to be done.

And at that moment, Obama said, I've had it.

A breach of OPM's scale, its severity, could not be allowed to stand.

But here's the catch.

As the unwritten rules of espionage go, the OPM breach was actually fair game.

Technically, the hack was government on government.

The CCP seeking intel about an adversary, about American government workers, and potentially U.S.

spies.

It's the kind of thing spy agencies target all the time.

The Obama administration couldn't set the red line at the OPM breach, not without hamstringing its own intelligence operations.

But it also couldn't turn a blind eye.

Not with the whole country and the entire U.S.

government apparatus watching.

Continuing with our breaking news this hour, we are learning more now about the breach at the Office of Personnel Management.

The massive computer hack that the Obama administration says may have compromised the personal information of more than 21 million people.

At first, the federal government said only federal employees were targeted, but the administration then said the number was much bigger.

We're going to have to be much more aggressive, much more attentive than we have been.

And this problem is not going to go away.

It is going to accelerate.

The OPM breach, its scope, and the publicity around it gave the administration the opening they needed to come down hard on all the hacks that weren't fair game.

The economic espionage, IP theft.

In just a few months, Xi Jinping was scheduled to come to the White House for his first official state visit as president.

That gave the White House some leverage.

Obama's team was prepared to cancel Xi's visit entirely or welcome him with sanctions.

For a man and a party obsessed with image control, this would have been unacceptable.

Here's Dmitri Alperovich, who was liaising with Obama officials at the time.

They didn't want any hitches.

They didn't want any embarrassments.

The month before Xi was slated to visit, the Washington Post reported that the White House was preparing to greet President Xi with a package of unprecedented sanctions against the Chinese companies and individuals who'd profited off Chinese hacking.

And the Chinese absolutely panicked over that.

And literally within 48 hours, a huge delegation of Chinese officials, senior officials flies in to negotiate.

with the U.S.

and really ask, please, please don't do anything while Xi is here.

We can't embarrass him.

What can we promise you to avoid that?

They sat down with their Chinese counterparts and had very long negotiations.

Some of them ran from dinner time to the next morning on what would the Chinese be willing to give up.

It's not like the Chinese said, okay, we give up.

You caught us.

They, of course, fought every inch of any concession.

Right.

And it took the powerful threat of Obama canceling xi's visit of obama telling the world he's canceling xi's visit because of this espionage the chinese couldn't accept that and here's dimitri again

they

proposed this idea of how about we do a moratorium sort of deal where we both decide not to engage in economic espionage of course that was an easy gift for the u.s because the u.s had a standing policy to not do it to begin with uh but the chinese obviously wanted it to kind of safe face and claim that both countries are disarming themselves in a way.

And I was told by participants in the room that were negotiating this in a Marriott hotel in Washington, D.C., because they couldn't actually get into the White House.

It was so late that their negotiations were going for so long.

And they were in shock.

They like went out of the room and they're like, did we just hear them say that?

In sweeping tales of espionage and intrigue, back-channel diplomatic negotiations at a Marriott don't typically get their moment moment in the sun.

And in cyber circles, there's a healthy dose of skepticism for the role diplomacy can realistically play in securing digital borders.

For one, governments frequently rely on proxies to do their dirty work.

So they can always say, it wasn't us.

It was these hackers.

We can't control ourselves.

For another, hackers are tucked so deeply into the shadows that establishing what they can and cannot do there can be a fool's errand.

But diplomats say it shouldn't be underestimated.

Meet Ambassador Nate Fick, who until very recently served as the United States' first ever cyber ambassador.

Like it or not, in the digital domain, we're kind of stuck with each other.

One of the things that diplomacy can do is to make clear that we know what you're doing.

We know what your intent is behind it.

Here's the evidence.

And here's why we believe it's outside the bounds of responsible state behavior.

Here's Jim Lewis again.

Talking to some of the current leaders on the Hill who are

very concerned with China, as they should be.

And I said to them, what's your engagement strategy with China?

And their response was, oh, we don't have an engagement strategy with China because they don't agree with us.

Can you imagine Brzezinski or Kissinger saying we're not going to talk to them because they don't agree with us?

That's kind of the whole point.

It will be difficult, but we are going to need to sit down with the Chinese, with our allies, and say, you're not going away.

How do you fit into the world?

What is the end game here?

How do we integrate China as a responsible participant?

You know, the U.S.

is still kind of, we're in like that early 1950s hysteria.

uh over china chinese are bad no doubt about it and hacking is part of that but we have to come up with an engagement plan that eventually leads to China being more responsible in international relations.

We don't have that now.

So diplomacy, of course, also requires that people pick up the phone.

You know, it takes two.

And I think one of the challenges with the PRC, with China, in the last couple of years, has been it hasn't always felt like we had a willing interlocutor.

By the way, that phone that Nate's talking about, it's not just metaphorical.

In an operations center at the State Department, sits a relic from the Cold War, a red phone.

It's connected to Moscow.

If you remember last year, there was a missile that detonated in Poland and it killed a Polish farmer.

And shortly after that happened, there was speculation in real time that it was a Russian missile.

Well, the phone rang at the State Department and it was the Russians.

And the basic message was, we don't know what that was, but it wasn't us, which was a really important piece of information

for NATO at that moment.

The darkest days are when that red phone comes in handy.

But the U.S.

has no red phone with China or really any historical pattern of managing through conflict, which is what made the PRC's willingness to concede on cyber theft so stunning back in 2015.

The Chinese were so concerned that she was going to end up with egg on his face that they put this forward of how about we do a moratorium.

And, you know, the people that were in the room were just like trying to hide their excitement that they could not believe that they could get something like this.

And there was obviously a lot of skepticism about whether they would honor it, but just the idea that they would commit to something like that publicly was a really big deal.

The explicit language that Obama and she were able to agree upon was unprecedented.

The fact that they stood stood side by side to announce that agreement publicly, that was revolutionary.

We've agreed that neither the U.S.

or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including freight secrets or other confidential business information for commercial advantage.

So this is progress.

There were plenty who thought that Xi's public acknowledgement of corporate cyber espionage was the victory in itself.

No one thought China would actually abide by the terms of the deal.

Back at the times, I was beyond skeptical.

The PRC had been cheating the system for so long, and it had been so vital for China's so-called economic miracle.

This notion that China would suddenly follow the rules, turn off its golden spigot, struck me as implausible, to say the least.

But then,

that's exactly what happened.

Almost overnight, the pace and frequency of these breaches plummeted.

Here's John Carlin again.

I was surprised that we reached the norm and I was even more surprised when we actually saw a decrease in hacks that looked like they were occurring in that space.

And here's Kevin Mandia, who was tracking Chinese APTs as closely as anyone over that 2015 time period.

We could lock in on the Chinese threat pretty well.

And again, again, between seven, 80 companies a month, sometimes only 30 companies were compromised in a month.

And it went down to four or five in August of 2015.

And it never comes back up really for a while.

And people will say, well, it didn't come back up because China evaded your detection.

No, not really.

Their behavior changed.

You know,

they're not going to change.

We've observed them for so long,

you know, they change their behavior when they have to.

They were told to change their behavior.

The thing is, they weren't told to change all their behavior.

The frequency of attacks dropped dramatically, but back at the times, I started getting tips about breaches at health insurers and travel and hospitality companies.

Anthem, Primera, Marriott, the Fed's preferred hotel chain, were all getting hit.

A number of back-end airline reservation systems had also been popped around the same time.

The digital crumbs all led back to Chinese APTs.

I called higher-ups in the Obama administration and asked if this meant their moratorium was off.

These were private American businesses getting hacked by the Chinese.

On its face, it was a blatant violation of the Obama-Xi agreement.

But the officials had an awkward response.

Actually, no, they told me.

The attacks on Anthem, on Marriott, were fair game.

Chinese hackers weren't there for intellectual property.

This, like the OPM breach, was standard counterintelligence.

Here's John Holtquist, Mandiant's chief analyst.

It took us a while to realize what was going on.

I realized that, you know, the connecting tissue here was the activity seemed to be all really things that you would need to track people, right?

Or to surveil people.

Even though at first it didn't really make a lot of sense, you know, if you watch it for long enough, all those clues start adding up.

And that group, you know, in particular, we just slowly started to see this interest in that sort of data.

The Chinese were building a repository of Americans' personal data.

The PRC could take the information they already had on U.S.

government workers from the OPM breach and layer on the data they stole from back-end airline and hotel reservation systems.

Using that, Chinese analysts could cross-check a government employee's flight itineraries and hotel stays with those of Chinese citizens to see who is flying to which cities or staying at the same hotels at the same time.

Bingo, you've got yourself a shortlist of suspected American spies and Chinese double agents.

This wasn't a violation of the Obama-She moratorium on IP theft.

This was Spycraft 101.

And if the PRC could mine that data effectively, it would make it much, much harder, if not virtually impossible, for American operatives to build effective covers and recruit Chinese intelligence assets.

This, by the way, coincided with a broader and brutal campaign by the CCP to dismantle American intelligence gathering in China.

Here's my friend and former Times colleague Mark Mazzetti talking to NPR.

People were captured, they're killed.

More than a dozen of the CIA informants were killed and executed.

One was even, we're told, shot in a sort of courtyard of a government building in front of his colleagues as a sort of message

for those who might be thinking about spying for the CIA.

They didn't ultimately determine what had happened, how this breach had occurred.

There were some who thought that there was a mole in the CIA giving the Chinese the sources, or some thought that there was a technical problem, that the Chinese had hacked into the encrypted system that the CIA uses to talk to its informants.

There's no question that this was a huge setback for the CIA in terms of understanding what is going on in China.

What China was advancing with its hacks of OPM, Marriott, Anthem would set the CIA back even further.

Essentially, they were building out a tracking program that could catch American spies even before they went operational.

Yeah, there was a clear strategy by China to collect as much data as possible on every living American from birth to try to get their health records, to try to get their travel data.

It wasn't just the

hotel companies that are getting hacked, but travel agencies and airlines so you could map out where everyone was going and when and why.

And that would be very helpful for them to identify the assets that they're recruiting because the hotel registration data would tell them when a Chinese national was in the same hotel as one of the people that they suspect might be an FBI agent or a CIA agent, right?

Huge for trying to identify our assets in country, even when they're traveling outside of the country.

And then the idea that this really breaks down, particularly when you add biometric data to this as well, the idea of a cover, right, in the intelligence world, that if all of this data is collected on you since birth, And, you know, at some point in your career, in your life, you know, once you graduate from college, you decide to join the intelligence community.

Well, it doesn't matter if you get a fake name and a fake passport.

So much of your data has already been collected that there's no way that you can operate under a cover.

We started seeing them target the bulk collection of personally identifiable data or sensitive data, health data, travel data.

And to your point, that could be used quite potently for counterintelligence purposes, both for seeing what someone else's spy services are trying to do, tracking military movements, but also targeting particular individuals for recruitment, for blackmail, if you steal their emails or other content.

That was John Carlin.

Now, here I should pause and note that China is not the only nation state engaged in bulk data collection.

Edward Snowden clarified what most in the intelligence world already knew.

The U.S.

is definitely engaged in this kind of surveillance too.

It's as Jeremy Bash, the former chief of staff at the CIA put it.

If you're looking for a needle in a haystack, you need a haystack.

But the sheer volume of data that PRC was collecting baffled its U.S.

counterparts.

Analysts assumed the haystack would so overwhelm Chinese hackers they'd drown in it.

Enter machine learning and artificial intelligence.

I think we assessed at the time they were collecting data of such scale that they really couldn't analyze analyze it, but at the same time, they were investing in machine learning and the move towards artificial intelligence, which in part you need data to train on, but that if they could collect this data of financial, travel, health, et cetera, and then apply machine learning, they could generate insights, and they didn't even know what they could generate yet that would be used by the state, not by private companies for private commercial gain.

They stole more than they had the capability to analyze at first with the idea that they were going to develop that capability over time and help train it on some of the data sets that they were stealing.

So today, all that data stolen in the 20 teens could be used for prompts like, give me a list of likely Chinese informants and American spies based on OPM files, facial recognition data, and overlapping travel itineraries.

Essentially, it's taking that pilot surveillance program the CCP built for its Uyghur minorities in Xinjiang and applying it broadly in an effort to catch U.S.

spies and their Chinese informants.

And when you step back, just knowing about the sheer existence of China's AI-enabled dragnet is a powerful deterrent in and of itself.

Because who in their right mind would risk it all to be a CIA informant in China, knowing you're being so closely monitored and that your American handler's cover was likely blown long ago.

Here's Steve Stone.

I would be very cautious if I really thought that the government of the country I was working in had visibility into my medical records and my flight records.

All of that is at their fingertips based on what they've stolen.

And I think that's from my opinion, the most impactful piece.

It's all people.

Every business is people business.

And the Chinese hacking entities really love to steal data on people year after year.

The number of American adults who had their personal data scraped over this time period will make your head spin.

Here's Bill Evenina, who served as America's top counterintelligence official through 2021.

80% of American adults have had all their personally identifiable information stolen by the Communist Party of China.

The concern is that the Chinese regime is taking all that information about us, what we eat, how we live, when we exercise and sleep, and then combining it with our DNA data.

With information about heredity and environment, suddenly they know more about us than we know about ourselves.

U.S.

intelligence officials tell CBS News that China is trying to collect Americans' DNA in hopes of controlling the future of healthcare.

A Chinese gene company that sells prenatal tests around the world has been harvesting genetic data from millions of women.

The company, VGI Group, worked with the Chinese military to develop the tests.

All this scraping and cross-matching of Americans' personal data was happening quietly in the background, even as the IP theft dropped to near zero.

Over those 18 months, Mandiant, CrowdStrike, Microsoft all watched with utter amazement as Chinese cyber-enabled industrial espionage just seemed to magically melt away.

But in the backdrop, something big was brewing.

A lot of activity diminished and stayed there for about a year, a year and a half.

And I think part of it was due to the deal.

Part of it was actually due to the fact that the PLA, the Chinese military, was getting reformed massively.

And of course, the other thing that happened is that Donald Trump got elected and he launched a trade war.

Other countries cheated and broke the rules.

They went after our companies and they stole our intellectual property

like it never even belonged to us, like it wasn't our idea in the first place.

Today, news that even more businesses could pay the price with China warning of another $60 billion in tariffs, targeting more than 5,000 U.S.

products, everything from coffee to furniture to auto parts.

I think the combination of all of these things ultimately made China say, screw this, we're going back at it.

Less than two years in, the Obama-Xi agreement fell apart.

Now, skeptics argue Xi never planned to stick to the deal in the first place.

That it was always a ruse, a way to get the White House off its back while the PRC reset and re-entrenched.

Others maintain the moratorium would have stuck had Trump not kicked the tables over.

What we do know is that when Chinese IP theft resumed, it looked nothing like it did before.

China used the lull of the agreement to radically overhaul its hacking operations.

Gone were the most polite hackers in cyberspace.

Gone were the clumsy calling cards.

They'd still leave them, but only when they wanted to.

This next iteration of hackers had skills the likes of which we'd never seen.

And once the deal was off, the CCP put them to use with a vengeance.

That's next on To Catch a Thief.

Follow To Catch a Thief to make sure you don't miss the next episode.

And if you like what you hear, rate and review the show.

To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee.

It was written and produced by me, Nicole Perleroth, and Rebecca Shasson.

Additional thanks to Hannah Pedersen, Sam Gabauer, and Amy Michado.

Editing and sound design by Morgan Foos and Carter Wogan.