Ep 1: The Five Poisons

I think it's the greatest transfer of wealth in history. So they call it advanced persistent threat.
That time period was the most dangerous in America's history. Hear danger and the greatest wealth transfer in history.
And your mind goes to heist of the old school variety.

Masked thieves making off with diamonds or bags of cash.

But this, this was burglary on a global scale.

You know they're there.

You see these terrible little scraps of,

yeah, they looked at this one file,

but you know they looked at 10,000 files and the evidence has only given you the one

and you're like, oh my God, I'm getting less than 1% visibility into what they're doing here. And that's how that feels.
And it was very apparent that the business had just been stolen. The entire business was stolen.
There's nothing we were going to do on the incident response side. Like, it's over.
It's a wash. As long as they keep stealing, they can't innovate.
And I was like, what are you smoking? For two decades now, trillions of dollars worth of American R&D, trade secrets, intellectual property have crept out the back door. And when you peel the mask off the thieves, it's the same culprit every single time.
China's multi-pronged assault on our national and economic security make it the defining threat of our generation. Our adversarial focus has long been on our Russian comrades across the Atlantic.
But in the meantime, a more insidious rivalry has quietly taken shape on the far side of the Pacific. Russia is much like a hurricane.
They're aggressive and come at us hard and fast. But China is climate change.
They're long-term, large-scale, and ever-present. America has been losing its crown jewels, its intellectual property, to China.
Chinese hackers made off with the blueprints to our passenger planes, our prized fighter jets, our turbines, the secrets behind our genetically modified seeds, even the formula for the White House paint. They're long gone.
Americans have barely begun to reckon with all that was lost. But these days, China doesn't just want our trade secrets.
They want influence. And they're pursuing it in the most disturbing of ways, by hacking our critical infrastructure.
They said publicly that the reason for these hacks was in order to disable our critical infrastructure. They said these were essentially pre-operational activities.
You don't hack infrastructure for fun, right? It's reconnaissance. It's target reconnaissance for the event of a conflict between the United States and China.
So I take it your answer would be that the Chinese have become more aggressive and, in a sense, expansionist in their use of spying and hacking. Yes.
I'm Nicole Perleroth, and this is To Catch a Thief. I've spent the past 15 years swimming in cyber threats.
For a decade, I was the New York Times lead cybersecurity reporter. I wrote a book, This Is How They Tell Me the World Ends, investigating the ins and outs of the cyber arms market.
And now I travel the world educating people about the very real potential for a cataclysmic cyber attack. It's a threat that, for whatever reason, has never quite reached the American mainstream.
Despite my best efforts, most Chinese cyber attacks were still understood as one-offs, rather than the carefully laid pieces of a longer master plan. Google traced the sabotage back to China and says the break-ins were part of a pattern of cyber attacks on human rights activists who criticized China.
The New York Times reporting on a cyber attack on its own computers. Meantime, new concerns this morning about computer security after more than 70 corporations and government organizations worldwide were targeted this week by a cyber spy ring.
It wasn't until a decidedly analog espionage threat hit the nightly news that Americans started to pay attention. I'm sure a lot of you were following along with that now viral Chinese weather balloon that U.S.
officials shot down over the weekend. I mean, this balloon has been a talk of the country since then.
Welcome back. We're now the latest on the suspected Chinese spy balloon shot down by a U.S.
fighter jet off the Carolina coast. The Pentagon now confirming four previous Chinese balloon flights over the sensitive sites in the U.S.
This is all part of a global surveillance operation by Beijing. The giant Chinese balloon that had been floating across parts of the United States has been shot down by an American fighter jet off the coast of South Carolina.
The balloon, which the U.S. says was being used to spy on military sites, appeared to plummet into the sea.
Well, China continues to insist that it was in fact a stray civilian weather observation airship. But if there were spy balloons floating over every military installation, company, university, law firm, or research lab that has been breached by China, the sky would be a sea of white.
A note here before we go any further, you'll hear me and others refer to Chinese hackers or being hacked by the Chinese. Something crucial to understand is that what you're about to hear has nothing to do with

the Chinese people. It has everything to do with the calculated efforts and strategic plans of China's leaders in the Chinese Communist Party, the CCP, efforts that have been playing out below our radar for a long, long time.
Looking back, I had no idea what I had gotten myself into. It was 2010.
The New York Times had hired me to cover cybersecurity. Not only did I not know anything about cybersecurity at the time, I had gone out of my way to not know anything about cybersecurity.
It was technical and a little terrifying. And as I dug in, it became clear that even the word cybersecurity was a misnomer.
There was no cybersecurity. Hackers were breaking into companies left and right, doing whatever they could to get the goods and whatever they could to stay there, undetected.
In talking to experts, government officials, security researchers, hackers themselves, one refrain kept coming up. The two companies refrain.
There are two kinds of big companies in the United States, those who've been hacked by the Chinese and those who don't yet know they've been hacked by the Chinese. You might recognize that voice.
That was former FBI Director James Comey. He's regurgitating a phrase I've heard so many times, it's easy to forget who first said it.
I want to get the words out of your mouth. There is a phrase in our industry that has been plagiarized to death.
And I believe I have traced the origin to you. There are only two types of companies, those that know that they've been hacked and those that don't yet know.
And this is a phrase that I actually got a lot of criticism for when I first announced it in 2011, because I was seeing all these hacks that were taking place, and people thought that was exaggerating, that this was overhyping a thing. That's Dimitri Alperovitch.
Back in 2011, Dimitri ran threat research at McAfee, the antivirus shop. The Chinese cyber attacks he witnessed there compelled him to leave and co-found CrowdStrike with George Kurtz.
He'd later write a book, World on the Brink, How America Can Beat China in the Race for the 21st Century. Suffice to say, you'll be hearing plenty from him.
As I started covering these hacks, it became abundantly clear that Dimitri's two companies refrain was not overhyping.

Not even a little bit.

Maybe if I can step back, the pivotal moment really was when I get a call from this little company called Google.

Heather Atkins still is their Google-running security team.

It's late 2009. Google is hurtling towards its prime.
For Heather Adkins, the director of Google's information security team, it started out as just another Monday. It was kind of the end of the day, the end of my working day, and I'd come back to my desk, and there were a bunch of engineers standing around a desk a desk and said, Haley, look what we found.
We did actually think what we were seeing, you know, was an intern just with bad business practice. You know, once we'd spent a few hours taking a look at it, it was pretty obvious that what we were looking at was very different.
Heather and her team realized that This was no intern. But whoever it was, they were taking over real employee accounts.
In that initial fog of war, Heather and her team couldn't rule out the possibility that whoever this was might be getting insider help. I would say we did every investigative method you could think of, from forensics to interviews.
If a person's machine or an account was used by the threat actor, we interviewed them. We did everything.
So yes, we would have talked to interns, Googlers of all kinds, all of the systems administrators whose accounts, the SREs we call them, whose accounts were taken over and abused by the threat actor, we talked to them. I think I even made two people change their username on the systems just so that we could delineate between good guy, bad guy kind of thing.
I would say we deployed all creative resources. After the first 12 to 24 hours, it was pretty clear that we were dealing with a scale that was going to quickly overwhelm our small team who knew how to do this work.
So very quickly we knew we needed to call in people who were doing this on a regular basis. Google called in cybersecurity's equivalent of The Wolf from Pulp Fiction, the Harvey Keitel character in the suit, the one who gets called in when things are spinning out of control and you need a real professional to mop up the mess.
Now, you've got a corpse in a car minus a head in a garage. Take me to it.
When it comes to digital messes, the wolf is Kevin Mandia, founder of Mandiant. Mandiant's the 1-800-OH-SHIT call, the guy in the suit you call when your breach gets out of hand.
And it wasn't just Google who was calling. Here's the wolf himself.
You know, I didn't intend to be the wolf when starting Mandiant or even prior in my career,

Nicole.

I just thought it was materially important to any security company that you need to have

a firsthand view of what attackers are doing.

You have an adversary that's trying to evade everything you do in the cyber domain.

The most important position to have is kind of own that moment, as you called it, the

oh shit moment. It was like November, December 2009.
A whole bunch of companies got compromised. And the one thing about Google is they had an army of people swarming to respond.
So I did go out to California. I remember being somewhere in Googleplex.
But more in reality, I noticed the cool bikes and the food. When they made the call,

the Googlers only had one rule. Don't wear suits.
Don't choke in suits, right? If you,

at the time, had shown up at Google in a suit, people would have thought like the FBI was here

and hanging out with the security team. That's probably not a good sign.
And sure enough,

they did come in suits and had to buy clothes for the rest of the engagement on site. But I

Thank you. security team, that's probably not a good sign.
And sure enough, they did come in suits and had to buy clothes for the rest of the engagement on site. But I think, you know, I have a really clear memory of that day when they came because we gathered, you know, a handful of us in a conference room and we briefed them on what we had seen.
And, you know, it was immediate. They were like, yes, we know exactly what this is.
I don't know that we've ever seen this particular threat actor before, but this looks just like Chinese APT. Advanced persistent threat.
That's government shorthand for state-sponsored hackers. In those early days, the vast majority of these groups originated from one country.
APT became a politically expedient way to say China. But back to Kevin.
You know, it was a lot of the companies that were dealing with similar intrusion sets. You know, when we were responding to Google, we had been responding to that exact group for seven years already.

It wasn't like we went, well, this is new to us.

It was new to Google, I think. I think that that moment, it was nice to have experienced adults in the room.
It felt like we had a really solid partner. So I've forgiven them for wearing suits.
at the same time google caught Chinese hackers in its systems, cybersecurity experts elsewhere were responding to breaches that were unprecedented in aggression. We saw a particular hospital just out of nowhere.
It's like somebody flicked a switch. We saw one hospital just get compromised by multiple Chinese groups, military, private hackers, and all skill levels.
Like it was all of a sudden, like if you watch the John Wick movies, like when they say, OK, this person is now on the list, it looked just like that.

Tasker crew. How many? How many do you have?

And all these groups showed up and it didn't make sense to us.

That's Steve Stone. Steve has tracked cyber threats in government and private industry for more than 15 years.
He's seen it all. But it was the offensive against this one hospital that stuck with him.
This wasn't just the A-team. It was an absolute ambush.
Every single Chinese APT he was tracking simultaneously went full force against this one hospital. And we thought, well, maybe there's some cutting edge research.
Maybe there's some, because healthcare is a huge issue for the Chinese government. It was like, hey, we're going to pay whoever gets it.
So just what was it that they were after? Why was nearly every single Chinese hacking group

coming for this one hospital? And what we ended up finding out was the Dalai Lama was being treated there. So we think it wasn't what we thought it was initially, like, yeah, they're trying to find the new cancer or whatever.
We think it was just, is the Dalai Lama sick? And if he's sick, we want to know. And everybody go figure it out.
The Chinese Communist Party, or CCP, was willing to deploy the full weight of its hacking apparatus just to spy on the Dalai Lama. Likewise, what Google was witnessing in late 2009 was just how far the CCP was willing to go to track the Chinese diaspora overseas.

By tracking hackers' movements, Googlers, in concert with Mandiant, were able to piece together their motives.

As we dug in, it became clear, actually actually that we think it was the whole attack was about

long-term access to Gmail accounts. The Chinese were after the email accounts of Chinese activists

and dissidents. They wanted to know who was talking to whom and what they were saying.

The Chinese leadership is really paranoid. You know, my old joke is

that we're actually target number two for the Chinese target number one as their own people. That's Jim Lewis.
Today, he's a senior vice president at the Center for Strategic and International Studies in Washington, where he specializes in China and tech policy. But his career has spanned back-channel negotiations between the U.S.
and China for years. Any discussions between the two on cyber espionage, chances are he's had a hand in them.
As for that paranoia Jim is talking about, China has long been consumed by its so-called five poisons. The whole concept of the Five Poisons grew out of ancient Chinese medicine.

They were snakes, centipedes, scorpions, frogs, and spiders.

In modern China, the Communist Party

has its own version of the Five Poisons.

It's the five groups the party perceives

as existential threats to its control.

Well, it's the Uyghurs, it's Tibetans, everyone knows that with the Dalai Lama. It's Falun Gong.
The Chinese had a dreadful shock with Falun Gong some years before all this where there were Falun Gong protests in Beijing, and the government didn't know they were going to happen. Sun Yiu had a lot of ladies doing Tai Chi in the middle of, in front of the Forbidden City.
Why that was frightening is another question. But the fact that Falun Gong was able to sneak up on them was one of the things that set off this massive investment in domestic surveillance.
The democracy movement, which is pretty squashed. She's done a good job of squashing it.

And then finally, Taiwanese independence.

So the things that the Chinese see as a threat, notice we're not on that list.

I mean, we'd probably, if you had six poisons, maybe we'd make it.

But it's the concern with the continuity of party leadership, of unchallenged party rule that drives a lot of Chinese activity. The Uyghurs, the Tibetans, the Falun Gong, the pro-democracy movement, and the Taiwanese.
But it's that first group, the Muslim minority known as Uyghurs, that's been subjected to surveillance so over the top, it's been likened to a virtual prison. So if you go to Xinjiang, there's these little kind of oasis cities all around the desert.
And so these cities almost feel timeless. They're these sort of old mud brick cities, usually.
What started to happen about seven or eight years ago is a huge amount of cameras started appearing on the walls there. And along with that came a lot of police checkpoints.
And so when we were out there reporting in, you know, 2018, 2019, you basically got the sense of kind of a society utterly suffocated by kind of overwhelming both technological and kind of, you know, good old-fashioned shoe leather surveillance. That was Paul Moser.
Paul spent more than a decade inside China covering their expanding surveillance state for The New York Times. In June of 2009, just a few months before Chinese hackers broke into Google, there was one episode that kicked the party's paranoia into high gear, the Shaoguan incident.
Basically, there's a small factory in southern China, and a rumor goes around the factory that the two Uyghur workers there raped a Han Chinese woman. And so the Han Chinese workers confront the Uyghur workers, a fight breaks out, and I believe two Uyghur workers end up getting killed, beaten to death in what is effectively a factory riot.

And this is the early days of YouTube and viral social media. None of it was blocked in China.
And so it goes viral in China and it spreads all over Xinjiang. And in Xinjiang, you know, what is effectively a kind of, you know, ethnic tinderbox because there are all these tensions, it triggers this massive ethnic riot in which thousands of Uyghurs take to the streets in numerous cities.
Some are armed with knives, some are armed with poles, and they murder at least 200 Han Chinese. The party mobilized the military to Xinjiang.
They cut off internet access, and they blocked phone calls to the outside. But that was just the beginning.
Over the next decade, the CCP turned Xinjiang into a dystopian surveillance lab. And so if you walk down a street, you know, say one block, you'd probably pass 20, 30 cameras.
And, you know, some of these are sort of your old fashioned dumb cameras, but some are new cameras with NVIDIA chips in them, these kind of huge VCR television sized kind of contraptions. And they're hanging from poles.
They're hanging from trees. They're on traffic lights.
And oftentimes they're aimed right at your face. And, you know, what's happening on the backside is that they're running facial recognition algorithms to try to kind of identify who you are and sort of track where you're going.
But that's just one layer. So then the second layer is the human checkpoint.
So maybe every couple hundred yards, you would run into a human checkpoint, usually staffed by police. And what the police would do is they would scan local people's identification cards.
And so even if the face scanning doesn't work, the identification card will allow the police to mark this person with this identification number past this checkpoint at this time. And so what you start to imagine is kind of a map of the comings and goings of every single person in this city at all times.
And what they do with this is they use it to kind of start building invisible interior barriers within the city. So, you know, if you are somebody that they don't necessarily trust, maybe you're not allowed to leave your neighborhood.
So when you get out of, say, a square kilometer of your house, you might hit a police checkpoint. And there, you know, when they scan your ID, an alarm might go off and it might say, actually, this person is at their barrier.
They can't go any further. So a virtual cage.
A virtual cage. What was really sad to see was that, you know, it was utterly targeted on the Uyghur ethnic minority.
So you would see Han Chinese get out of their cars and just walk right past these checkpoints and nobody would stop them. But then for the ethnic minority for whom this is their homeland, it applies.
And so they have to stop every single time. That level of surveillance didn't stop in Xinjiang.
Over the next several years, it began to creep into larger China and beyond. By 2017, they were appearing absolutely everywhere.
They almost looked like Baroque sculptures mocking surveillance in some ways. You'd have like three cameras hanging from a pole with another pole sticking off and two more cameras and then a camera next to that.
I mean, it was just totally remarkable. And so I endeavored, you know, just to kind of get a sense of how absurd this was to track how many cameras I passed on my commute to work, which is about, I think, two subway stops in Shanghai.
It took about 15 minutes. And during that time, I counted 250 cameras.
I tried to do it the first time without a counter and I'd lost track. So I actually had to download a little app that was a counter just to, you know, do it as I go.
And I mean, there are big cameras on the escalators. There's tiny little hidden lenses inside each subway car, you know, just everywhere you can think of are cameras.
And you just, all of that data is being collected and being processed. And so it was a really remarkable thing.
But for a lot of people, you know, it sort of didn't register. You know, they just kind of ignored it and kept going.
But it was, you know, the one thing that, you know, the physical infrastructure of China, you know, fundamentally changed. If it works at home, why not do it overseas? It's a little harder because, you know, in China, they own the networks.
They can put cameras up. They have everybody's birth certificate.
But they're doing their best to wire the world for Chinese surveillance. That was Jim Lewis again.
What Google was now witnessing, hackers inside its systems, that was the first glimpse that China was exporting its surveillance overseas. Governments are going and trying to hijack your accounts.
They have very front door kinds of ways that they can ask for that information. But here was a government clearly not going through the front door, clearly trying to find a workaround using hacking techniques.
And that really did change everything for us. That front door Heather's talking about, well, governments, including our own, routinely go to email providers and phone companies with secret court orders demanding access to customers they suspect of engaging in crime or terror threats.
Years later, we'd find out Chinese hackers snuck in that front door too. But we'll come back to that.
One thing to know is that two years before Google set up shop in China, China's CCP minders had gone to its competitor, Yahoo, and demanded Yahoo hand over access to a Chinese journalist's email account. Yahoo had complied, and the journalist paid dearly for it.
That journalist was now serving out a 10-year prison sentence. Google went into China with that journalist's experience firmly in mind.
The company intentionally withheld Gmail from Chinese users for fear the party would demand access to its users' private conversations. But now, what Heather's team was witnessing at Google was just that.
The Chinese government was clearly willing to go to great lengths to track its own

people, no matter where they lived. China was rewriting the rules.

Governments would still come knocking on the front door with national security letters and

data requests. But now, Google had to expect they would come break down the back door too.
Suddenly, private businesses were active targets for advanced nation state hackers. What we had thought were norms on the internet weren't actually norms.
Googlers took this personally. Their whole motto was, don't be evil.
Google's mission was to make the world's information accessible to everyone. Standing by as an authoritarian government, surveilled activists, and stifled dissent, ran counter to everything they stood for.
Three years earlier, Google had entered the Chinese market on one condition from the CCP, that it sanitized search results for the Dalai Lama, the Falun Gong, Tiananmen Square. Google rationalized this to employees by arguing it was better to give the Chinese censored search results than leave a billion plus people in the dark.
But in the intervening years, the party's list of quote unquote offensive content expanded to an absurd degree. The party demanded Google censor any talk of time travel or reincarnation.
Even Winnie the Pooh would eventually make their blacklist. And when Google didn't move fast enough to block content, Chinese officials took to calling Google an illegal site.
Three years in, the censorship was getting hard to stomach. And now it had gone way beyond that.
Google's engineers felt powerless as they watched an authoritarian government hack into their systems in a brazen campaign to surveil its own people. Google in 2009 was still a relatively small company.
And the people who worked there had worked there for quite some time and built Google. And also, we're of this generation of people who helped build the internet.
And there's a certain philosophy of openness, connectedness, personal responsibility in how the internet was created, its culture. And that permeated through the culture at Google.
And also people worked for Google in 2009 because they really believed the mission, organize all the world's information, make it universally accessible. They could see the information revolution online, how it connected people.
And the idea that someone would want to violate that, I think, really spoke very strongly to Googlers. Like, this is a boundary.
Why did you cross this boundary? Googlers really saw this as a shocking moment. Like, I can't believe somebody went there and did that.
I can't believe a government went there and did that. And people really took that to heart.
This realization that Google could be used as a means for China to monitor its critics radically altered the way the company approaches cyber defense and how it informs those of us who may be targets for nation-state spies. Today, Google delivers a big red warning banner across your Gmail account if it detects a nation-state hacker attempting to access it.
I've seen a few myself. But for Heather, it caused more personal shifts as well.
I will say that it switched on a kind of strange paranoia.

I remember, and this could have just been the sleep deprivation,

but I remember driving into work one morning.

It was very early, and I saw a telco truck,

you know, telecoms truck in the middle of the road.

It coned everything off, and they'd had the manhole cover open,

and it was right next to campus, and I thought, what if they're tapping the fiber, right? There's this weird paranoia that kicks in that I think that kind of thinking did come, you know, not rational, but I think you do start to question everything you see and all the decisions you're making. The thing is, Heather's paranoia wasn't entirely off base.
Google wasn't alone, not by a long shot. This wasn't a single hack, but an opening salvo.
Here's Dimitri Alperovic again. I was looking at the malware with my team.
There was a name that stood out. Usually when you're looking at the piece of malware, it's all kind of machine code, kind of binary zero and ones.
But occasionally you see a phrase in there that sticks out. And in this case, the word that stood out was Aurora.
It must have been a code name for the project that the attackers used when they were building this piece of code. And I instantaneously knew that I had to call this whole operation, not just the malware, but the whole operation Aurora.
Any other threat researcher might have passed that phrase right on by. But that word Aurora stopped Dimitri in his tracks.
Dimmitry grew up in Russia in the 1980s, and Aurora jolted him right back to his Soviet schooling. The reason why I knew immediately we had to call it Aurora, not just because of that one phrase, because there are certainly other phrases in the malware as well, but here my cultural background comes in, but Aurora is the name of the Russian battleship that fired the first shot.
There was a signal to Lenin in 1917 to start the October Revolution that changed the course of history, obviously turned Russia into communist Russia and, of course, triggered the Cold War later on as well. I knew that instantaneously that this event that I was investigating was also a huge deal because here you got for the first time a nation state that was publicly identified as breaking into a private company and a set of private companies.
And that was going to be a big deal and a watershed moment. And that's why I called the whole thing Operation Aurora.
In rewinding the tapes, Google, Mandian, and now McAfee all found trails from Google's hack back to dozens of other companies. So we set up these honeypots in the hopes that we would learn which other corporate laptops we're going to connect in.
And while there, we were able to see the other victims and triangulate who they were. The victim list included companies just up the road in Silicon Valley, like Adobe.
But the targets also included banks like Morgan Stanley, defense contractors like Northrop Grumman, even cybersecurity firms like Symantec were caught in the fray. And many more that to this day have never acknowledged they were breached.
Heather's team made it their mission to warn their counterparts at these other companies. They'd call and say, look, you have a problem.
Check out this IP address and you'll see something scary. On the other end of the line, someone's face would go white.
And then radio silence. I would say there were one or two companies where we called them up and said, you know, hey, you've got this thing.
And they said, yeah, we've been having trouble with that for a while. Back at McAfee, Dimitri's team found inroads back to more than 100 companies.
153, to be exact, that we had discovered as at McAfee, all high tech. That's Steve DeWalt, Dimitri's boss and McAfee's CEO at the time.
What struck Dave wasn't just the number of companies that were hit, but how long Chinese hackers had been there. Some of the dwell times were measured in hundreds of days at this point, and some of them were over 400 days.
So in the life of a cyber attacker, when you have 400 days to observe, not only could you compile in code, you could steal code. And in many cases, that's exactly what they did.
They didn't just go for the emails. They went for the source code.
And with that, they could alter the systems themselves. They could plant back doors that allowed them to come back anytime they so pleased.
One major APT campaign that was stealing source code and stealing vulnerability research that could be exploited for decades to come. So that combination created apertures for the Chinese to use to this day.
And we're still trying to figure out what all they've been able to discover from that one Aurora campaign that occurred way back when. At Google, Heather and her bosses had an important decision to make.
Getting these hackers out of their systems would be hard. Keeping them out would require a monumental overhaul of cyber defense.
But the alternative, just rolling over and becoming an unwilling accomplice to Chinese surveillance, that was unthinkable. For Sergey Brin, Google's co-founder, a Soviet émigré himself, it was a bridge too far.
I remember we had a sit-down with Sergei, and he said, I'd like to make a blog post. Of course, the cyber people in the room are like, you're crazy.
Nobody talks about this stuff. You can't make a blog post.
You can't tell anybody. It just wasn't the way things were done then.
And as we kind of listened to the reasoning a little bit, it made a lot of sense. Users deserve to know.
We wanted to get out there. We wanted to make it better for everyone else.
And so, you know, sort of the shy cyber people, we quickly got over that. So for the first time ever, a company went public.
Google disclosed its hack in a blog post and pointed the finger squarely at Beijing.

And that, that changed everything.

It was groundbreaking news.

Nothing changed the industry because it was the first time that people woke up to the threat of nation states hacking private companies.

Google threatens to quit China, saying it could no longer tolerate what it calls strict censorship there. Is this a case of a company putting ethics above business in a huge market? And what are the potential costs of such a move? At first, it seemed to be a cyber attack aimed at those who organized protests against China's control of Tibet.
A student at Stanford was surprised when Google told her someone in China was reading her email. But Google discovered this was much more than an attack on the email of a single Chinese human rights activist.
Not only was Google itself targeted by the cyber spies, but so were at least 20 other major corporations. Now, there's nothing official, but clearly Google is upset with what they deem to be spying within Google China.
And, you know, the rumor is that they're getting closer to pulling the plug. Google's headquarters in central Beijing.
The Chinese flag is flying high outside. But the search giant's relations with the government have never been straightforward.
And after four years and a lot of controversy, it's closed its mainland search service rather than self-censor any longer. The most recent situation involving Google has attracted a great deal of interest.
And we look to the Chinese authorities to conduct a thorough review of the cyber intrusions that led Google to make its announcement. And we also look for that investigation and its results to be

transparent. The internet has already been a source of tremendous progress in China, but countries that restrict free access to information or violate the basic rights of internet users risk walling themselves off from the progress of the next century.
This was it. The opening for other victims to speak up.
We braced ourselves for the outpouring of disclosures. But they never came.
Breached companies were more afraid than ever to come forward. Rather than step into the light, they just hunkered deeper into the shadows.
Working as a cyber reporter at The Times during this period felt like beating my head against a wall. No one would talk.
That is, until the company in China's crosshairs was us. That's next on To Catch a Thief.
And I remember calling one of our lawyers, telling him about this story, and he said to me, your life is in danger before you publish. Follow To Catch a Thief to make sure you don't miss the next episode.
And if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubrik in partnership with

Pod People with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth,

and Rebecca Chasson. Additional thanks to Hannah Petterson, Sam Gebauer, and Amy Machado.
Editing

and sound design by Morgan Foose and Carter Wogan.