Ep 4: Naming and Shaming

Within a few decades, the Chinese economy went from agrarian backwater to manufacturing middleman to world-class innovator in its own right.

American companies had been the pioneers, the innovators.

But somewhere along the way, we got beat at our own game.

And in too many cases, it was with our own stolen IP.

Throughout the 2010s, examples surfaced everywhere.

The world's top telecom player, Huawei.

They're the biggest supplier of telecoms equipment in the world.

So why are countries increasingly turning away from Huawei? The world's top solar panel makers, all Chinese. The first solar panels were invented in America in 1954.
And yet it's been China that's been better able to capitalize on the technology. Now China controls over 80% of the global solar panel supply chain, while the United States manufactures virtually none of the required components for solar panel production.
The fastest growing social media app, TikTok. TikTok is the latest app to capture the attention of teens and young adults across the world.
The app came as the number one downloaded app of 2018. Even the drones flown by US law enforcement are no longer American.
For almost the last two decades, Chinese-made drones have dominated the consumer market. China's DJI owns the sky.
As for electric vehicles, it's not Tesla anymore. As of 2023, it's China's BYD.
In the world of electric vehicles, Tesla has reigned supreme. But its days as top dog may be numbered.
In China, the world's largest EV market, it's been losing ground to domestic automakers as a ruthless price war has inflamed an already competitive market. Nobody was connecting the dots back to Chinese hacking.
Nortel didn't just disappear. Huawei stole it.
China subsidized it. And they made it so cheap, it wiped Nortel off the map.
Now, that's not to say that Chinese companies aren't innovative. It's just that they were playing by different rules.
The hacking, the outright theft gave them a huge leg up. And all that leapfrogging came with a heavy price tag for American companies, American workers, really the American people.
That time period was the most dangerous in America's history, I think, as we really got a superpower elevated, probably 50 years of IT advancement in a five-year period, because developing all that on your own would never have happened. And, in my opinion, America's companies would have dominated China had they not been able to build their own Chinese companies with the IP they stole.

That was Dave DeWalt,

who had a front row seat to these developments

as CEO of McAfee and later FireEye.

Anyone tracking Chinese cyber theft over this period

could have told you that this was all entirely predictable.

But even as the hacking reached absurd levels,

America's leaders in business and government were still hesitant to sound the public alarm. Fears of upsetting the world's largest market still ruled the day.
That's where a certain government shorthand came in. By the end of the Bush administration, there was a recognition that Chinese cyber activities had reached

troubling levels. This is where the famous phrase APT came from.
The Bush administration didn't want to say China, so they called it advanced persistent threat. That's code for China.
I'm Nicole Perleroth, and this is To Catch a Thief. I learned the meaning of advanced persistent threat back when I was at the New York Times.
I was reporting out a wild story about how Chinese hackers had broken into one oil company. They tried to break in all the usual ways, mainly through phishing emails.
But when that didn't work, they searched for the company's employees on Facebook and discovered several of them had liked the same Chinese takeout restaurant. So what did they do? They hijacked the restaurant's PDF takeout menu.
When the oil company employees went to order some General Tso's chicken,

they got a helping of Chinese malware instead. Once they were in, getting these Chinese hackers

out of your systems, finding and closing every back door was a huge challenge.

In one case, the U.S. Chamber of Commerce, basically the country's biggest business lobby, discovered they'd been breached by Chinese hackers.
They brought in the FBI and private security firms and believed they'd cleaned house. But then months later, one of their printers inexplicably started printing out reams of documents in Mandarin.

Separately, some of their lobbyists started complaining that the thermostats in their

corporate apartments in D.C. were acting funny.
Upon closer inspection, both the printer and

these thermostats were still communicating with IP addresses in China months later.

This was the level of persistence we were dealing with. Back to Dave DeWalt.
This was stuff we hadn't seen before. The epiphanies of a major government stealing from American companies, directly government on business, and then government on security companies to business, something we had never seen.
And so that was a wake-up call for all of us to go, wow, okay, this is beyond government on government espionage and activities. But when you start seeing little companies, almost measured by a press release coming out as a Series A investment,

getting hacked by the Chinese, you knew you're in a whole new era. And that's the era I grew up in.
These days, DeWalt runs his own cybersecurity investment firm, Night Dragon. And yes, he named his firm after the Chinese hacking campaign.
Some of these thefts still haunt him. I spoke at an airline transportation summit, and I showed 150 breaches on how China built its next generation jet.
So they stole all the parts to the jet from the airframe to the avionics to essentially, and it was, I want to call it the C919, but I showed the entire airframe and avionics and every confirmed breach that showed how they had a strategy to build the entire aircraft from the breaches of american companies now it took them a while to get it off the ground because you know it's not easy just to steal it and build it there's a lot of engineering process that goes with it but they did. And now they have their own capabilities to build their own aircraft, commercial airliners that all came from breaches of the U.S.
The Comac C-19 came to market in 2008. It took another 10 years for the U.S.
Justice Department to detail in an indictment how Comac narrowed the technological gap between what it could build and what its Western competitors could do. Before 2008, Comac relied on companies like Erebus, GE, Honeywell, Belgium's Safran for major components.
But China was determined to help Comac, which is short for Commercial Aircraft Corporation of China, stand on its own two feet. Chinese spies bribed employees at these Western suppliers to hand over trade secrets, and some of them did.
A few are now in jail. But what China's spies couldn't get from human sources, they stole in a brazen series of cyber attacks against Honeywell, Capstone Turbine, GE, and Safran.
CrowdStrike and a report of its own concluded that those hacks helped Comac trim, quote, several years and potentially billions of dollars off its development time. And that was all for just one airplane.
When you look at solar industry, there were so many attacks on the solar where they'd flood solar panels back into the U.S. down to the exact bolt with the same serial number of the solar panels that were stolen.
I mean, we could match it to the Chinese maker with the exact same characteristics with the same serial number that was stolen from a U.S. and we have a lot of cases of this i'm not sure how many i'm able to share down to the company names but i mean we saw restaurants that were opening in china with the exact recipes of the food that was served like we saw good luxury goods makers who had their products stolen down to the handbag process of manufacturing.
Back when DeWalt was CEO of McAfee and then FireEye, he handed the Obama administration a list of American companies he believed were getting raided hand over fist. over the next few years as the the government debated what to do, how far they were willing to go to make China stop, whole companies, entire towns, were eviscerated by Chinese IP theft.
If you go back to 2008 window, there's a number of town stories like that whose entire businesses and towns were wiped out by Chinese product that flooded the market less than one year of the espionage attack. Some of the lives that were affected and the people that were affected are pretty dramatic because entire factories and towns were built around the manufacturing of American good that suddenly was sold for a fraction of the price below cost to defeat the American by its own product down to its serial number.
Today, Solar World here in Hillsborough has about 700 employees, but by 2015, they say they will have an additional 200. The company is adding a solar panel production line.
20 miles west of Portland sits Hillsborough, Oregon, a town locals refer to as Silicon Forest because a number of big tech companies have factories here. Intel, Salesforce, and until recently Solar World, a German solar company, housed the largest solar cell manufacturing facility in North America here.
At its peak, Solar World hired more than a thousand locals. The company was among the first in the world to manufacture a next-gen solar cell that was highly coveted for its efficiency and flexibility.
These solar cells allowed panels to work in lower light conditions and in extreme heat. I use solar world panels.
I use solar world panels because because we can trust them. By far the best module manufacturer that there is in the world.
German engineering, American made, that hits home for most people. The rate at which the innovation was taking place, the rate at which we were implementing and breaking new ground, was just breathtaking.

That competitive edge put SolarWorld and Chinese hackers' crosshairs. The CCP first highlighted solar energy on its five-year plan in 1981, and solar has made every five-year plan ever since.
In 2012, SolarWorld discovered Chinese hackers had broken into its network and passed its crown jewels over to Chinese state-owned enterprises. Soon, those companies, aided by Chinese subsidies, were dumping cheaper copies of SolarWorld's panels into U.S.
markets. SolarWorld fought back, both in court and in the corridors of Washington, where they lobbied for tariffs on Chinese panels.
But it wasn't enough. By 2017, Solar World laid off more than 800 of its Hillsborough factory workers.
The factory shuffled hands through a series of takeovers and ultimately closed up shop in 2021. Emotions are mixed here at financially troubled Solar World.
We're in the process of laying off people. Spokesman Ben Santaris tells me the layoffs at solar world have been happening for the last couple of months.
U.S. solar manufacturers are finding it next to impossible to compete with much cheaper imports flooding the market, mainly from Asia.
People are being affected. They will be affected all the way up and down the value chain in the U.S.
We're sad to have to say farewell to our peers, but it's a necessary move that we need to make in order to survive. When you start to look at it through the lives of people like that who lost their jobs, had to go on Social security, or had to migrate out of the cities because of the Chinese espionage, it's a real factor.
These shutterings were happening to hundreds of companies and towns across America. Some, like SolarWorld, tried to fight back.
Here's Steve Stone. He worked with a turbine maker that discovered its Chinese competitor had copied its hardware and software, down to mistakes in the original source code.
There was only a handful of companies that really built that technology, both the software and the hardware. And one of those U.S.
companies went out of business. And then they sued the Chinese government in U.S.
court because they said they literally stole our design. And then they just sold turbines at a much discounted rate and they displaced our business.
And the court case came down to an actual source code review. And it had the U.S.
company's name in the Chinese source code. The U.S.
company went and bought one of these Chinese turbines and then just mapped everything out. So they were able to say this isn't just a manifestation of our source code, it's our actual source code.
We're going to point out spelling errors. Our actual company name is in this.
And that company no longer exists. It was taken to create a viable Chinese business, which now is one of the top turbine producers.
This is a very much a long game for the Chinese side of the house. It's worth noting that four of the world's top five turbine makers are now Chinese companies.
Meanwhile, Western competitors like Capstone Turbine filed for bankruptcy in 2023, citing decreased demand. Factories closing, towns hollowed out, and yet so many Chinese cyber attacks flew under the radar, mainly because victims were so reticent to step forward, scared what the disclosures would mean for their reputation, for their stock price, for class action lawsuits.
That's why our own disclosure of the Chinese breach of the New York Times was such a game changer. We've been reporting on the warnings and seeing the examples over and over.
State-sponsored computer hacking of American companies by China. Well, tonight, it's the news media itself under siege, including some very big names.
The New York Times has been hacked. The New York Times says hackers have been attacking its computer system for the past four months, even managing to get passwords for individual reporters.
Just before I hit publish on that story, I'd done what any serious journalist does. I'd called the Chinese consulate, walked them through everything I had, and gave them the chance to comment or refute the story.
What I got was a full-throated denial. To accuse the Chinese military of launching cyber attacks without solid proof is unprofessional and baseless.
I included that denial word for word in the story. China's denial, especially the part about no solid proof, didn't sit well with Kevin Mandia.
For years, he tracked the group behind our hack, a group Mandiant called APT1. Officially, the group was a Shanghai-based unit of the People's Liberation Army, Unit 61398.
Mandiant knew the group better than most. It traced their movements to more than 100 breaches in the U.S.
They had their online handles. They had their physical address.
141 times we did investigations, and it went back to this bucket of evidence or fingerprints to APT1, they're unbelievably persistent. Like, you get these guys out of your network, they're just back the next day.
There was no doubt they were badging into a building, and this was their job. When Mandia read China's denial in my story, he decided, screw it.
Let's show them the proof. He handed me and my Times colleague David Sanger a 74-page report detailing the group's official military designation, their tactics, techniques, victimology, its members who had names like Ugly Gorilla, and critically, its whereabouts.
We sent our Shanghai Bureau Chief David Barbosa to investigate. And sure enough, next to restaurants, massage parlors, and a wine importer, he found a 12-story nondescript white building surrounded by Chinese soldiers.
We were trying to figure out like, okay, this is coming from a location in Shanghai, right? They had the address, right? But they wanted me to go by the building and see what this was. about a 30-minute cab ride from my home to think that, wow, they were actually not that far.
And so I went out there and saw this white tower and clearly saw that it was manned by military personnel at the front. I think I saw the big dishes on the top of it that the windows were covered or not clear.
It seemed like a military installation, but one with a lot of antenna power and other things. So we were like, okay, this is a high-powered building with military personnel and special stuff.
I don't know if it's really the hack is coming from here, but this seems to fit every expectation that we have from what I've been told by you and Mandiant. Once we were sure we could corroborate Mandiant's report, we published everything we had.
I turned on CNN. This building is the focus of a report from U.S.
cybersecurity firm Mandiant. They say a hacking collective with direct ties to the Chinese military has stolen data from 141 organizations from around the world since 2006.
A CNN crew tried to roll their cameras through that neighborhood. And this is what they discovered.
This is our crew being chased by Chinese security officers. Chase after us just yet.
Keep driving. Drive away.
Drive away. Drive away.
Drive away. Drive away.
CNN's David McKenzie is live for us in Shanghai with more. But the bigger picture here, Soledad, really, is what is happening here.
The Mandiant group says that this group is working in conjunction with the Chinese military and the Chinese government. The Chinese government, not surprisingly, Soledad, says that they have nothing to do with this.
They call these claims, quote, irresponsible. What you're saying is that what many people saw as a shadowy Chinese group is actually part of the People's Liberation Army.
Well, I would think it is, and it's taking direction from the PLA. And that's why we've released this report, is there's all this public disclosure now that it's China behind lots of these intrusions.
Even Kevin Mandia was shocked to see its impact. I just went into the office by myself and right around 7.30 in the morning, my wife at the time called and literally, this is how I knew we were on the news.
I didn't know CNN was filming outside the building, Nicole. The exact words from my wife at the time was, what in the F did you do? And I

said, what are you talking about? She's like, turn on the TV. Your name is on every station.

And I'd never told her we were writing the report. I never really thought to, you know,

or anyone for that matter. We didn't even tell the Mandian board about it till maybe one day prior.

Hey, we're going live tomorrow with a report that pins China's PLA unit 61398 to 141 intrusions, primarily to U.S. companies.
I just didn't think it was going to be news. That story wasn't just news.
It empowered the U.S. government to go after the PLA unit.
Meet John Carlin, who worked at the Justice Department under the Obama administration. I was the Assistant Attorney General for National Security.
Prior to that, and during his first term, I was the Chief of Staff to the Director of the FBI. And then in between, I was the Principal Deputy Assistant Attorney General for National Security.
While I was busy writing about Chinese cyber attacks, it was Carlin's job to figure out what to do about it. Part of the challenge was that until we outed our own hack and the PLA unit responsible, most everything the U.S.
government had on Chinese hackers was classified. I went to a facility, an unnamed facility out in Virginia, and there was a giant jumbotron screen, like a movie theater, and I could watch in real time as nation-state actors, China in particular, hopped into places like universities, used the fact that they penetrated the university to hop into

places like private corporations, and then to steal economic information off and intellectual

property, commit economic espionage.

And it was amazing to see that being tracked in real time.

And it felt like an incredible intelligence success, but it did not feel like actual success

to watch that much information, things of value to the American public, flow from the United States to China. But John's team can just call out the Chinese Communist Party by name.
It was literally classified. We weren't allowed to publicly say as a government official for years what everybody knew, which was that China was hacking these private companies.
One year after we outed the PLA unit 61398, John's team was cleared to prosecute. A grand jury in Pennsylvania indicted five of the unit's members and named their victims.
Among them, Solar World, U.S. Steel, which struggled in recent years to compete against low-price subsidized steel from China, Westinghouse Electrico, the world's biggest supplier of nuclear reactors, Allegheny Technologies, Alcoa, and the United Steelworkers Union.
Unit 61398 was tasked with hitting these private sector targets in a way that others may not be. They were sloppy in their tradecraft.
They were noisy. They hadnames like ugly gorilla that could be used so really was a rich trove of evidence but also the fact that private sector groups like kevin mandia's group mandian had the information and were making it publicly available meant to those who were worried about sources, methods, etc.,

this wasn't information that was uniquely the province of the government,

so we really weren't giving anything up by being allowed to use it in a criminal case.

Our reporting from the Times combined with Mandiant's APT1 report

meant Harlan's hands were untied. In his mind, the prosecution hadn't come a moment too soon.
It was about more than justice for the victimized American companies. This was about establishing global norms of acceptable behavior.
The activity would spike at around nine in the morning Beijing time.

It would then stay high. And then apparently they took a lunch break because it would decrease slightly in the middle of the day.
Then they get back to work. You'd see it spike again, decrease overnight, decrease on weekends and Chinese holidays.
So as the prosecutor in me, circumstantial evidence that this group is coming from China. but also it shows that the second largest military

in the world was putting on their uniform,

getting up every morning and then hacking you,

you know, hacking us, hacking private companies,

and that that simply couldn't be allowed to stand.

If you let someone walk across your lawn long enough

in common law, and international law is a law of common law, they earn the legal right to walk across your lawn. It's called an easement.
And that's why people put up no trespass signs. As long as we were allowing them to hack this noisily, we were creating the international law, the new norms, the new rules for this cyber age that said that this was okay.
And so we felt very strongly that we need to show, no, this is a crime like any other type of theft. And if we don't at least treat it that way under our system, even if we can't hold these individuals accountable, we're never going to create the rules for the world that we want our children to live in.
When I first had started covering Chinese cyber attacks, I'd always ask the experts, well, who did it? What they said in those early days, though, surprised me. They'd say, Nicole, attribution doesn't matter.
I always read that as, we don't want to piss off China for business reasons. That was partly true, but the other truth was that we were getting hit so hard and so often that the first priority wasn't the who, but the how to make it stop.
Somebody jumps out of an alleyway and starts hitting me in the face to rob me. I don't block punches going, who are you? I just defend myself, you know? But in the wake of our revelations at the Times, Mandy and CPT1 report, John Carlin's indictments, that began to shift.
However, I came to understand over time, attribution absolutely matters to hold nations accountable. We need to have rules of engagement in cyberspace.
But Unit 61398 was just one group. Inside the NSA, analysts were tracking an entire Chinese hacking apparatus.
Here's Steve Stone again. I don't think people understand just how big this machine is.
They tend to think about a group or an intrusion. The intelligence community was tracking some 20 discrete Chinese hacking units.
Roughly half were PLA military or Navy units dedicated either to specific industries like microchips, semiconductors, satellite technology, or specific geographies that were just assigned to hack targets in Australia, for instance. These were military personnel clocking in for their daily hacking to-do list.
By the time we showed up, it was valid credentials, a user ID and passphrase, log in, and you could tell their operators were used to just sitting at a desk for eight hours a day, and they were probably getting paid by the pound. Just take everything you can, because I used to call it the tank through the cornfield.
Everything started with what we now know as the PLA or even the PLA Air Force or PLA Navy. So what we learned was these were very consistent groups.
They were big. They were good at what they did.
But they were predictable. And they didn't evolve much.
So we really thought we had our arms around these groups in particular. But then there was the other half of the groups the NSA was watching.
These were looser satellite networks of contractors. They worked at the behest of China's spy agency, the Ministry of State Security, but not necessarily in the building.
These were moonlighters tasked with episodic state missions, privately employed engineers who got paid by the state to hack on the side. And unlike the PLA's hackers, who could be quite sloppy, these soldiers of fortune were good.
They had legitimate skills. They were known for their stealth.
Here's Paul Moser, who covered China's expanding surveillance state for The New York Times. Hacking and the burden of hacking shifted under Xi Jinping from the People's Liberation Army, the Chinese military, to its intelligence operations, Ministry of State Security, or MSS.
And what MSS does, it takes a very different approach. It basically says that anybody who wants to start a franchise who's good at this kind of stuff can have a try.
And so what we see is a sort of network of different hackers for hire emerging across China. And many of them have really deep technological experience, and they want to turn it to these sorts of aims.
And so effectively, it's a group of soldiers of fortune, you know, hackers for hire, who are turning at the government's behalf onto the United States and trying to break into any and everything. And any kind of new hack they get goes up the chain, and they're rewarded.
Steve Stone watched in real time as China's hacking unit started handing off missions to the experts. Here's Steve.
As you mentioned, there's this really emerging moment where we just recognized things were different. And at first we thought maybe they're just, these are other military units we hadn't run across yet.
And what we really started to get an appreciation for was there was really different skill levels and there was groups that were really proficient in other things and you could almost begin tracking how they would work together we would see apt1 struggle with an intrusion and they just could not figure it out and then all of a sudden apt would show through the doors, get the intrusion going, and then leave and hand it back off to APT1. And so we were really trying to understand how all these groups were going together.
And what we ended up finding out and why we kind of called those three groups the gunslingers was those people, the actual people behind them, started as young people. They knew each other and they formed hacking groups.
They went to university and they studied together and then they ended up forming actual companies. And then they also did this hacking on behalf of the Chinese government for profit.
They were so much more capable because they just stayed on keyboard. They didn't age out and then teaching, literally teaching, like actually teaching in classrooms and also these hacking groups, the next generation.
And we would actually start to see the ecosystem and the groups evolve. And that's how we really got to understand where we're at today, which is, you know, this ecosystem of private contractors and private groups.
If you were in a military unit, you got promoted to a point and now you're off and now the next person comes in and it's a machine.

This is what U.S. intelligence came to understand.
There were two pools of Chinese hackers, the day jobbers, military enlisted personnel, and the gunslingers. Imagine if Stanford's top computer science professors and Silicon Valley engineers, even executives, hacked for the NSA on their off hours as a side hustle or because they had no choice.
This allowed China to tap its best and brightest for its sensitive missions, and it also gave the CCP plausible deniability. Should they get caught, the CCP could always say, it's not us.
It's these hackers. We can't even control ourselves.
In the U.S. intelligence community, you have to be an employee of the government to be authorized to do these operations to effectively break the law, right? Because we have effectively the CFAA, Computer Fraud and Abuse Act that prohibits everyone from hacking, with the exceptions of law enforcement intelligence community.
But to use those exceptions, you have to be a member. On the Chinese side, they were just saying, hey, we have these requirements, company X, Y, and Z, go get them for us.
And then what was happening that was really interesting is that a lot of these companies decided to start moonlighting. If the Chinese Communist Party comes to you and tells you to do something, even if it's not in your business interest to do it, you have to do it because then they have numerous levers of coercion that they can use to effectively put you out of business.
I'd later learn from the Snowden leaks that China actually ran some of its cyber attacks through popular Chinese tech companies like 163.com, China's version of Yahoo, and Sina, the company that runs China's Twitter equivalent, Sina Weibo. At one point, the GCHQ, which is essentially the UK's NSA equivalent, discovered that 163.com's mail servers were secretly operated by a Chinese government domain, and that that same Chinese government domain served as a backup server for Sina Weibo.
In practical terms, that means that the Chinese government had direct access to any and all traffic, including private messages run through Sina or 163.com. This would be like discovering that Facebook or Twitter's backend infrastructure was actually run by the NSA.
When you hear that, you start to understand why there might be some national security concerns about TikTok. Increasingly, private security firms and U.S.
intelligence agencies would catch China's best state hackers using their golden access to line their own wallets. Here's Dimitri Elperovic again.
As long as we're hacking companies, well, why don't we do it for our benefit too? And we started to see actors that would hack into gaming companies and steal virtual currency and just monetize. And at the same time, they were hacking into national security targets of US government or private sector companies and stealing IP theft clearly for the strategic interests of the state.
And it was really interesting how you have on one hand an actor that was engaged in personal cybercrime and on the other hand is executing mission requirements for the state. If you did that in the US, you would get arrested.
And the thing is, these guys, on the one hand, they're sort of hacking these big national targets, but they're also then doing other things to extract money and make money while they're doing it. You can make a lot of money if you can hack without any kind of consequences whatsoever.
You have the state's backing and you can also just kind of, you know, say, hold data for ransom or, you know, take certain bank accounts or crypto or whatever. And so these guys become this almost mercenary army, the sort of hackers fire soldiers of fortune.
And it's fascinating because it's a complete change from the way, the top-down way things were before. And it's revolutionized both the way China hacks and also the effectiveness because they're just much better.
It's much better when you have a startup kind of mindset towards hacking anywhere. And China has certainly a very capable set of people to do it.
So give them the freedom, give them the resources. And lo and behold, seven or eight years on, you have a really deadly powerful attack hacking force in China.
That was Paul Moser. One thing to know about China's hacking pipeline is that it's robust.
And it starts early. The best analogy is probably American football.
Talents identified young, recruited to the best college programs, and eventually drafted to the NFL. They actually recruit in very interesting ways.
They'll have hacking competitions among students. Oftentimes they're embedded in the university.
So a professor of cybersecurity at a university might hold hacking competitions. And then the best student will be recruited into these new MSS efforts.
It may be that people who are really capable programmers at a big tech company, like a sort of large Chinese internet giant, might be pulled out and told, actually, hey, you have a future at this. How much of this is forced labor? I'm not sure we totally know.
I think it's a bit a mix of both. I do think they tend to look for people who are patriotic, who are at certain universities that are linked more closely to the, you know, the government and its efforts.
But for the most part, usually I think there has to be some level of interest. I don't think they're kind of holding great tech minds and saying, you have to do this.
Oftentimes, I think there's an approach and people are kind of interested because there's a financial reward. And there's a, you know, again, a power reward.
Like if you're working at that level with the government, you get privileges. You know, hacking is not a bad thing in China.
It's companies have official hacking teams. Every university does.
And they look at us kind of as fools that we don't. Like, why wouldn't you do this? You're the silly ones for not.
You're identified early and you perform and you get into these tracks. And those tracks matter for military service.
They matter for private business. They matter for hacking.
They're really smart people that hack. And then they're really smart people that run tech companies or do tech projects.
They're probably the same people because they're on the same tracks, and they're being largely influenced by the same government apparatus in all of these aspects. We don't really have parallels for that.
Imagine if you were writing a story where you found out that the head of this unicorn in San Francisco was actually also a hacker for the NSA. Like, that would be front page on every paper in the world.
That's kind of what happens over in China with these private groups. As the U.S.
started naming and shaming China's hackers, they went underground. After our APT1 revelations, the PLA unit unplugged their entire hacking apparatus and fell off the map.
Other Chinese APTs started moving their operations from Chinese servers to servers here, in the US. The welding shops, saddleries, even home routers, precisely where the NSA couldn't look.
But of course, even then, the hacking didn't stop. Not by a long shot.
The target list only expanded. There were loud calls for the firing of the top administrator at the Office of Personnel Management.
After it was revealed, the hack of government computers is five times worse than previously reported. We've got breaking news coming in right now on the hack of the government's Office of Personnel Management.
In the last hour and a half, OPM announced that as many as 25 million people may be affected by the breach. Americans' personal data was now in the crosshairs.
So that old calculus... There was always this sense of, look, it's a trade.

We know they steal from us, but we get a lot of money out of China.

So right now the trade works in our favor.

It no longer applied.

I raised once again our very serious concerns about growing cyber threats

to American companies and American citizens.

I indicated that it has to stop. That's next on To Catch a Thief.
Follow To Catch a Thief to make sure you don't miss the next episode. And if you like what you hear, rate and review the show.
To Catch a Thief is produced by Rubrik in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me,

Nicole Perleroth, and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Gebauer,

and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.