David McCloskey

For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@the restisclassified.com.

Host/Interviewer

Like many.

David McCloskey

Other well known organizations, we face cyber.

Host/Interviewer

Attacks of varying degrees on a regular basis.

David McCloskey

In mid December, we detected a highly.

Host/Interviewer

Sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.

David McCloskey

However, it soon became clear that what at first appeared to be solely a.

Host/Interviewer

Security incident, albeit a significant one, was something quite different.

David McCloskey

We have taken the unusual step of sharing information about these attacks with a.

Host/Interviewer

Broad audience, not just because of the security and human rights implications of what we have unearthed, but also because this.

David McCloskey

Information goes to the heart of a much bigger global debate about freedom of speech.

Host/Interviewer

Well, welcome to the Rest is classified.

David McCloskey

I am David McCloskey.

Gordon Carrera

And I'm Gordon Carrera.

Host/Interviewer

And that was a statement not by a spy, Gordon, or an intelligence officer, but by Google's chief legal officer, issued on 12 January 2010. And that statement is about a. A hack, a cyber attack conducted by China against Google. It's come to be known as Aurora. It's a story about cyber espionage that sort of plays into a bigger battle about the world's biggest country and one.

David McCloskey

Of America's biggest corporations.

Gordon Carrera

Yeah, that's right. I mean, the idea of states like China, North Korea, Russia hacking companies isn't such a big surprise these days. But in many ways this is the origin story. This is where it all, all began, the idea of states versus companies. It's also the first big cybersecurity story about a hack that I remember making the evening news because it was a big deal, because it escalated into the world of politics. It was the first time, you know, a big company admitted it had been hacked. And not just any company, but one everyone's heard of, Google. And crucially, Google are going to point the finger at who they say was responsible for this hack. So it's going to be the canary in the coal mine really, for the world of Chinese cyber attacks and cyber espionage that we hear so much about today.

Host/Interviewer

Well, and it's also, I mean, because you have a corporation pointing a finger, as it were, at the state responsible for the attack. It also, I think, is a story that gets pretty political pretty quickly. I mean, this is a story that will feature characters like Secretary of State Hillary Clinton, politburo members in Beijing, and the founders of Google itself in kind of this swirl of politics and cyber attacks and espionage that all jam together. It's also really hard cordon for me to remember a time when it wasn't common to have state sponsored cyber attacks. And yet this is not actually that long ago. We're talking about a 15 year span. It's remarkable how far we've come since this kind of origin story of state sponsored cyber espionage.

Gordon Carrera

Yeah, I think that's absolutely right. In a way it's familiar, but also from a slightly different era. I think it's because it is the dawn of that era and it's about cyber espionage against companies, but also, as we'll see, against dissidents. So there is an element of this which really is about, if you like traditional spying, but it also gets into issues of freedom of speech. How far do companies have values about freedom of speech? How far are they going to fight for those? What are the kind of complex equations between money and freedom of speech which come up and yeah, it gets to the big geopolitical questions about technology in China and the west and who runs, who owns the technology, which we all depend on all big issues today.

Host/Interviewer

Maybe that's a good place to start, Gordon. Which is setting the scene with China and the Internet, because those are going to be two massive threads in this story. By 2010, the surveillance state that we now see in China was certainly on its way to being constructed, but was nowhere near sort of what it has become today.

Gordon Carrera

Yeah, I think that's another thing we have to get into our heads. A slightly different China in 2010 and different way people thought about China. It wasn't yet the China of Xi Jinping and the kind of confrontation of today. And so the relationship between China and the west and China and the Internet is a bit different. I mean, when it comes to the Internet. First email from China went over an academic network back in 1987. Across the great Wall we can reach every corner of the world. It announced sounds like something a spy.

Guest/Expert

Service would send, but I think it was meant as a kind of in.

Gordon Carrera

The days of the Internet being an.

Host/Interviewer

Academic thing, the Internet was less evil back in the 80s. Right. I mean, it was a more innocent time, definitely.

Gordon Carrera

But then. So that was 87, the first Chinese email. But two years later you get Tiananmen Square. And that is of course a moment when there are pro democracy students in the center of Beijing calling for greater freedom in China and they are going to get crushed, literally crushed by Chinese People's Liberation Army PLA tanks and killed by troops. And it is the pivotal moment in China in recent decades because the regime becomes obsessed with Threats to internal stability, and that dissenters, critics, could be trying to overthrow the regime. Regime. And so then you get this idea, the fear growing in China that the Internet is a Western Trojan horse. It's something that's going to be brought into their country, the Internet, and it's going to subvert the country by promoting free speech, political change, Western ideas. And so they're going to do their best to stop that happening.

Host/Interviewer

And that's probably true. Right. That seems like a reasonable fear, you know, for a. For a authoritarian political system, the Internet, open communication that will undermine your political power.

Guest/Expert

Yeah.

Gordon Carrera

And you can actually hear it from Western leaders at the time. If you go back to the kind of Bill Clinton, Al Gore days in the 1990s, they talked about how the Internet, as part of the forces of globalization, was going to bring reform and democratization to lots of countries.

Guest/Expert

Of course, if you're the communist regime.

Gordon Carrera

In Beijing, you're like, not sure how we feel about that.

Guest/Expert

So they're going to build what becomes.

Gordon Carrera

Called the Great Firewall of China to deal with this threat from the Internet. Interestingly enough, some Western companies help give them the technology, but it's basically border control for the Internet. Rather than someone checking your passport, it's checking what Internet traffic is coming into the country. And means if you went into China in this period and searched for Tiananmen Square, you'd get nothing. If you looked for certain websites, they'd be blocked. I mean, I remember being in China, I mean, as late as 2013, and suddenly the TV news would just suddenly stop because it was something that was considered sensitive in China. So they're going to these efforts to block what they see as subversive material getting in. And they're very conscious that America and the west dominates the Internet. I mean, you know, another story that I remember people in China telling me was that there's this moment in 2004 where they got a frightened about their dependence on Western technology. And that was because Microsoft was trying to clamp down on pirated versions of the Windows operating system. And lots of people had pirated copies, sold them illegally, and were using them. So Microsoft came up with this idea, which was anyone who's operating an unlicensed version, their screen would kind of go black and a message would appear saying, you're running a pirated copy. The problem in China was that literally everyone, including every government department, was using.

Guest/Expert

A pirated copy of Windows. And so suddenly there is this moment where all the screens, you know, in.

Gordon Carrera

Government departments everywhere in China go black. With this message going, you're running a pirated copy of Windows. So you can see why if you're in China, you suddenly go, hang on a sec. A Western company just effectively showed that they have the ability to turn us off. You can see why that's pretty scary.

Host/Interviewer

This is going to be a story about cyber espionage, but it's really a story about how the Chinese can sort of use the Internet, use the tools of this digital domain to control their own population. Right. So even as that spread sort of beyond its borders, thinking about China's relationship with Microsoft or as we'll talk about with Google, it's really an inward looking set of interests, isn't it, that is driving a lot of these concerns and driving a lot of the external behavior. Is this kind of like, how does this affect us in China?

Gordon Carrera

I think that's absolutely right. If you look at China's intelligence posture and everything it does, its primary concern is about domestic stability. So, you know, they're going to start to kind of worry about Western technology. They're going to say to Microsoft, well, if you're going to operate in this country, then you have to share some of your source code, which Microsoft will do at special centers. Other countries that want to go into business and sell in China, like Apple, you know, have to comply with Chinese laws. So. But of course, Western companies at the same time are desperate to get into the Chinese market. I mean, it doesn't take a genius.

Guest/Expert

To work out why Western companies are so interested in getting into the Chinese market.

David McCloskey

It's big, it's a giant market.

Host/Interviewer

That's right. And most, most Western companies, I have the sense whether they did it quickly or whether they sort of hemmed and hawed, were ultimately willing to concede to the kind of concerns or stipulations that the Chinese government had about what they'd have to do to get access to the market. Right. I mean most, most US Companies, international companies, were more than willing to do that because they have an obligation to the shareholders to earn money and to make profits. And that's why they exist.

Gordon Carrera

Yeah. And certain companies are excluded. So social media companies are never kind of allowed in your Twitters, your exes, things like that, effectively. But Google is a really, really interesting case and it's at the heart of our story. So Google, founded in a garage famously in 1998 by Larry Page and Sergey Brin.

Host/Interviewer

It's just like our podcast founding story, right, Gordon?

Guest/Expert

Yeah.

Gordon Carrera

Found in a garage.

Guest/Expert

I don't think we've yet to become billionaires Though not yet, but we got.

Host/Interviewer

The garage bit down. Yep.

Guest/Expert

So it's founded as a search engine.

Gordon Carrera

In the late 90s. If it's been growing 2004, crucially, again, for this story, they're going to launch Gmail, the kind of mail service, and these are hard to remember, more optimistic days of the Internet. As you said earlier, Google's mission statement is to organize the world's information and make it universally accessible and useful. And the company also has a more informal motto, which is don't be evil, which I thought was the CIA's motto.

Guest/Expert

Actually, but Google maybe got it from there.

Host/Interviewer

That's the unofficial motto of the CIA as well. Yeah. And sometimes we struggle with it, Gordon. Sometimes we struggle.

Gordon Carrera

It goes back to the Snowden world, doesn't it? And it's that era of Internet idealism of which Snowden was a kind of extreme proponent. But it is that idea that the Internet is going to provide a free flow of information. It's going to liberate people, including those under more repressive regimes. It's going to be a force for good and for freedom. So Google starts looking at entering the Chinese market around 2005. And so you get a very complicated debate in the company itself about how far it should or shouldn't operate in China, because China, as we heard with the great firewall, censors information. And so there are tensions. Now, Sergey Brin, one of the founders, is an interesting figure here because he had actually been born in the Soviet Union. His father had been an academic, had tried to emigrate at one point, had been denied a visa. They'd had the police come to their house, they'd had surveillance on them, the kgb, all those things. He's grown up with this kind of awareness of what a repressive society looks like. Eventually the family emigrate, I think when Sergey Brin is 6, and he ends up eventually in California and starting Google. But it does leave him with that legacy of kind of a different perception of it. So when you get that debate within the company, I think he is on the more cautious end about going into China. But others are saying, well, hang on a sec. This is our mission, is to make information accessible, including to people in China, even if you have to make compromises.

Host/Interviewer

And I guess it does seem particularly hard for, like, a search company as opposed to, I mean, if you're providing widgets into the Chinese market or if you're Apple and you're, you know, you want to sell phones, like, I guess in theory it's easier to make some compromises in China to get access to the market than if literally your company's sort of whole purpose is to provide open information. Right? I mean, social media sites, search companies like Google, it seems like that tension would be far greater.

Gordon Carrera

I think that's right. It is a different China. It's a China before Xi Jinping. It's a China where you can believe it is opening up. And we're looking at it now in.

Host/Interviewer

Hindsight, where we know it's become a more responsible stakeholder. Wasn't that the term used in sort of the late 90s, early 2000s, that we will sort of ensnare the Chinese in a thicket of commercial relationships and international organizations and political ties, and eventually the nature of the regime will change a bit.

Guest/Expert

Oops. How did that work out anyway, at the time? Let's go back to kind of the mid-2000s.

Gordon Carrera

There's a compromise. So Google gets a license to create Google cn. So that's the Chinese version, but it's going to abide by the requirement to censor certain search results. It says it will do that according to Chinese law, but it will put up a disclosure notice saying when it's done that, and it's going to host an uncensored US hosted site.

Guest/Expert

Seems like the Chinese government would not.

Host/Interviewer

Appreciate that very much, to have the disclaimer and then literally the link to go to the other site.

Gordon Carrera

And so this tension from 2007, you start to get the censorship requests coming in. Now, some are the kind of stuff you see everywhere, including, you know, in the UK and elsewhere. Pornography, illegal activities. But there's also kind of requests for political information to be removed. Things like Tibet, things like Tiananmen Square. In all, about 1% of search results are blocked. 2008, though, Olympics in Beijing, and things get more tense because the Chinese government is pushing for more censorship because they're worried about protests. US executives are unhappy about this in Google, but they think maybe it's temporary for the Olympics. But it doesn't end after the Games. And more and more search terms, more and more content requests, often embarrassing stories about officials, are the things that are.

Guest/Expert

Getting asked to take, to get taken down.

Gordon Carrera

It's like a big row in 2009, apparently, after one Politburo standing committee member in charge of propaganda discovered that if he entered his own name into Google, a raft of critical results turned up. And he was like, something must be done about this.

Guest/Expert

He should get used to it. Anyone these days who Googles themselves, you're just asking for trouble.

Host/Interviewer

You Are you are.

David McCloskey

But this is, again, this is early.

Host/Interviewer

Days, you know, and this is probably, I would imagine, most Chinese officials were not used to putting their names into open sort of databases and getting back a whole bunch of nasty, nasty reviews of their, of their political activities. I mean, I guess you see kind of a push and pull and maybe more and more tension building then in the relationship between China and Google. So I guess this brings us, Gordon, to mid December of 2009. And it brings us to the Googleplex, as it were. Google's headquarters in Mountain view, California. It's December 14, 2009. Young McCloskey Gordon is feverishly working inside the bowels of Langley somewhere. Just for context, Gordon Carrera. What's young Gordon carrera doing in mid-2009?

Guest/Expert

Very young Gordon Carrera. He's working in the BBC then at that time, I think probably in, in West London, but not in an office like the Googleplex.

Host/Interviewer

I'll read this lovely and colorful description of the Googleplex and you can tell me how similar it was to BBC headquarters.

David McCloskey

So the Google X was known for its playful and unconventional design elements, including a T. Rex skeleton named Stan, a.

Host/Interviewer

Giant rubber duck, and a variety of colorful, quirky decorations.

David McCloskey

Employees enjoyed a range of amenities such as free laundry facilities, two swimming pools.

Host/Interviewer

Volleyball courts, and numerous cafeterias offering a variety of food options.

David McCloskey

Maybe you only had one swimming pool.

Host/Interviewer

At the BBC Gorda.

Guest/Expert

It was volleyball, then a swim, then some free food in the cafeteria, and.

Gordon Carrera

Then to my desk for a little bit of light work.

Guest/Expert

Little bit of light work.

Host/Interviewer

Sitting on, sitting, sitting on like a, one of those giant, like, balls. Yeah. So you got the core workout while.

Guest/Expert

You were, while you were working while wearing sandals. That was, that was, that was the.

Host/Interviewer

Gordon career of 2000. Yeah.

Guest/Expert

But that is, I think, a fair reflection of life in the Googleplex. I'm sure Langley was like that as well.

Host/Interviewer

Yeah.

Guest/Expert

So December 14, 2009.

Gordon Carrera

Among the Googlers, because that's what they're.

Guest/Expert

Called, is a woman called Heather Adkins.

Gordon Carrera

Who'S part of our story. So she's managing a security team. She's been at Google already for seven years, since 2002. So very early on in the company and one of those people who got into cyber security because she's kind of innately curious about how hackers work. I've met her. As well as being a cyber ninja, the key thing you need to know about Heather is she's a serious medieval historian who knows a lot about English churches. And I once tried to kind of ask her about churches in part of England. And I realized she knew, like, infinitely more than I did from my tiny.

Guest/Expert

Bit of undergraduate medieval history. And I was like, oh, okay. But actually, what's interesting is she will say there is a link between medieval. Medieval history and science.

Host/Interviewer

I'm excited to hear it.

Guest/Expert

Which is. And it's a good. I think I buy this, which is.

Gordon Carrera

Studying medieval history is about taking fragments of information because only fragments have survived the past. And then you have to kind of extrapolate out from those tiny details to build a picture of what was happening. It's a kind of detective work, which is similar in a way to cybersecurity. So I think there is a link there. But anyway, 2009, most of the work for the security team is dealing with criminals stealing credit cards and just kind of nuisance hackers who want to show they can take Google offline. 4:00 clock on this day, December 14, 2009, she comes out of our last meeting, goes back to her desk. There's lots of people from the security team huddled around a screen talking. It's a hive of energy. Hey, what's up? She says, you'll never believe what we found. And they found something on the Google network. So inside the systems now, who do they think it is?

Guest/Expert

At first they say, we've caught the interns doing naughty stuff. That's the first reaction, which is everyone's first reaction.

Host/Interviewer

That's like, that's 99% of the problems.

Guest/Expert

Weren't you an intern at CIA once? I mean, like, I'm guessing I was, Yes, I was.

Host/Interviewer

I mean, just a few years before this, I had been an intern at CIA.

Gordon Carrera

Did you hack the CIA system?

Host/Interviewer

No, no, that was frowned upon. And yeah, I was, I was excited about the prospects of full time employment. And I felt like in addition to not having the capabilities that if I had attempted to hack anything at the Agency, I might not have gotten a job. So I was kind of. I was, I was very well behaved.

Guest/Expert

That's their first response, is like, it's.

Gordon Carrera

Interns showing what they can do. Because I guess that's the hacker culture. Hackers, famously, people who want to just show that they can mess with things and what they can do, but they pretty quickly realize as they pull at some of the threads that it's much more serious.

Guest/Expert

It's not the interns, it's not the interns. Someone is inside their system doing things they certainly shouldn't be. I mean, initially, someone from the security team, Tim Nguyen, thinks only one machine's Compromising. It gets worse.

Gordon Carrera

The bad guys have got everywhere. It's a massive breach of the corporate system. Basically, the hackers are in, they're moving fast, they're changing tactics. They basically have never seen anything like this in Google and they've got no playbook for how to deal with it.

Host/Interviewer

All right, so there with the interns off the hook, let's take a break and when we come back, we will see how they point the finger at China. See you after the break.

David McCloskey

Hi, David, here from the Rest is classified. The very exciting announcement for our US Listeners. My new novel, the Persian is available now, and this book takes readers deep.

Host/Interviewer

Into the heart of the shadow war.

David McCloskey

Between Iran and Israel. The protagonist of this book, Kamran Isfahani, is a dentist living out a dreary existence in Stockholm, and he agrees to spy for Israel's foreign intelligence service, the Mossad. He proves to be a very skillful asset, helping Moad smuggle weapons, run surveillance, conduct kidnappings. But when Cam tries to recruit an.

Host/Interviewer

Iranian widow seeking to avenge the death.

David McCloskey

Of her husband, the operation goes to terribly wrong and lands him in prison under the watchful eyes of a sadistic officer whom he knows only as the General. Now, after enduring three years of torture.

Host/Interviewer

And captivity, Kamaran Isfahani sits in an.

David McCloskey

Interrogation room across from the General, preparing.

Host/Interviewer

To write his final confession.

David McCloskey

Now, Cam knows it is way too late to save himself, but he has managed to keep one secret.

Host/Interviewer

And if he can hold onto it.

David McCloskey

He might at long last find redemption. The book is available now and can be found wherever book are sold. Do be sure to stick around to.

Host/Interviewer

The end of this episode because I'll.

David McCloskey

Be reading an excerpt from the Persian.

Host/Interviewer

Well, welcome back. The team at Google hq, the Googleplex in Mountain View, California, has just realized they have a serious breach on their hands. They now need to dig into this Gordon and find out who actually is responsible and maybe even most importantly, just how sort of deep this breach is into their systems.

Gordon Carrera

Yeah, because they're realizing it's bad. So Heather Adkins, who's running the security team, hands a list of machines that they think might have been compromised to other members of the team. And they have to go physically pull the hard drives from across the Google campus. And this is in the middle of the night in the dark in a rental car. And they're running around with flashlights, grabbing machines which they can then pull to do for forensics. At first they try to unscrew the hard drives and then they realize that's going to take too long. So they just pull out the whole machine and just put it in the trunk of the car and drive off.

Guest/Expert

I mean, it sounds more like a heist than a security investigation. I guess that's what you got to do.

Host/Interviewer

One thing we didn't actually talk about, how did they actually spot this? I mean, what were they seeing that led the security team to believe that.

David McCloskey

There had been the serious breach?

Gordon Carrera

Well, they are a bit cagey about that because I've spoken to a lot of the teams and I think one of the things, I think it's fair to say is that they had very good monitoring on their own system systems to look for anomalous behavior and to see something unusual and that's more normal nowadays. But I think in those days that was fairly unusual. And Google, being a tech firm, had the ability to just spot something, but we don't know the exact trigger for it. But they are going to be able to do the forensics to find out where it came from. And that's partly going to come from this investigation that they're kind of moving very quickly on. So they're taking the hard drives, they're leaving post its saying security was here.

Guest/Expert

We'Ve taken your machine, please call this number, which again sounds like something you'd do if you were stealing them.

Gordon Carrera

And if some poor Googler called up, said why's my machine being taken? They're not going to be told why, they're just told security has taken your machine.

Guest/Expert

And then the security team create a.

Gordon Carrera

War room which is first just one room, but then it's going to go to two rooms, three rooms, then a whole building for the investigation. And they're going to actually have to build their own network, their own separate network in that building, stringing cables between the rooms, like being a start up all over again. One of them describes it in order to be able to communicate without using the system which they know the hackers are in and which has been compromised. And what's interesting as well is that the founders of Google are going to get involved and take a close interest. Sergey Brin, as we mentioned, one of the founders worried about surveillance, gets a desk to sit with those working on the investigation. So they're building up a picture of what's happened to find the single point of entry used to get into the network to get the foothold and eventually they find it and they see the attackers had looked for someone in Google's China team who had good access to the systems, but crucially was using the Microsoft Internet Explorer web browser. Don't know if you remember that one. Might be before your time.

Host/Interviewer

No, I do remember that one. I do remember that one. Which I guess seems strange given that I think Google had Chrome by this time.

David McCloskey

Right.

Gordon Carrera

So they're using Chrome mainly internally. Now Chrome's about to be rolled out to the outside world, but internally they're already using Chrome and everyone is supposed to be using it. So whoever the attacker was had to find someone who was using Internet Explorer and then they have to work out who that person knew in the company and who they communicated with. They then hijack the personal account of a colleague of their target and then uses that personal account to send an instant chat message to the target, the one who's using Internet Explorer. And the crucial thing, I guess, is that it's not an out of the blue email or instant message, like a scam one, but it's someone who you're regularly chatting with. So you're exploiting that trust. And of course what's in the message is a link.

Host/Interviewer

I feel like about 95% of personal cybersecurity advice boils down to don't click on links, essentially. But the Chinese essentially, though, have found a vulnerability in Microsoft Explorer, I guess.

David McCloskey

In Internet Explorer, right?

Guest/Expert

Yeah.

Gordon Carrera

What's called a zero day. And the jargon of zero day means it's zero days since it's been discovered. So normally if something gets discovered, you then say how many days since it's been discovered and then therefore patched. Patched means the vulnerability is dealt with, is closed up. So if you update your system, it won't be exploited. And a zero day means there's zero days since it's been found. It's a kind of weird bit of jargon, but it basically means it's an undiscovered weakness in your system that the attackers can go in and then they're going to use that to infect that computer. They can install a Trojan, which is a machine which kind of secretly can take control of your computer, and you can then operate the computer remotely and it's stealthy so that the attackers attack traffic back to their command and control systems, look like ordinary web traffic. And then they're going to use that foothold from that one computer to kind of explore the Google corporate network and to kind of move around it and be able to do what they want to do.

Host/Interviewer

And I guess it's immediately clear then to the security team at Google that this is pretty high level kind of cyber tradecraft, I guess you could say, because I would imagine at this point in time that most of the attacks they're dealing with are from individuals or groups who are kind of using known, I guess, exploits or weapons. And in this case they're being attacked with something they didn't even know existed, which would suggest it's very sophisticated and frankly probably that you would need money to buy it or to invest to discover it. Right. So it's, this is a pretty well organized group.

Gordon Carrera

Yeah. Because zero days aren't cheap. So either you're going to buy it and they are not cheap or you've got a team of developers who are kind of able to look for them. So, so yeah, immediately you know that it's big. The war room's going to grow. So over about six weeks it's going to grow to about 250 to 300 people involved. Google are calling in all their own internal experts. Some are in holiday in New Zealand and they kind of told to come back, back home to help with it. They try to hire some people outside experts and they bring in experts from cybersecurity companies. Particularly there's someone from McAfee, which is a kind of well known company called Dmitri Alperovich, who is then a youngish cyber expert, but goes on to be one of the leading figures in cybersecurity. And I was talking to him just a couple of days ago, just remembering this hack because it's a pivotal moment in cybersecurity history and actually in his kind of history. And he remembers analyzing some of the malicious code inside the systems and he sees a word in the malicious code and that word is Aurora. And Aurora also happens to be the name of the battleship which helped start the Russian Revolution in 1917, the shot heard around the world. So he decides, Dmitry decides this is going to be the name for this attack and that's going to stick. So it's going to become known as Aurora. And Google are kind of reaching out to all the experts it can, who are experts on cyber espionage, trying to do it quietly. Sergey Brin calls one of the leading experts, a guy called Ron Dybut who runs Citizen Lab in Canada. It's a group which helps protects activists from being spied on by states. It's got a good book out called Chasing Shadows where he remembers being called by Sergey Brin himself, you know, one of the Google founders and told to keep it confidential, being told Google's been hacked, can you help? And it's kind of interesting. Ron in his book kind of reflects well. His job is to protect activists, not companies. And yes, it looks like as we'll come to maybe activists with a target, but whose job is it to protect Google? Because Google at one point are also going to go to the FBI and going to be put in touch with the nsa. But it becomes an interesting question at this time which is, is it the government's job? Is it Google's job? And I think that especially when you're being hacked by a very sophisticated adversary which might be a nation state, this is going to be a kind of recurring question over this period, which is whose job is it to defend against foreign states if you're a big tech.

Host/Interviewer

Part of the structural problem though is that in the cyberspace you can't be perfect, right? You cannot be perfect on your defense. And when you have a really well capitalized, organized adversary, if they really want to find a way in, like they're probably going to. It's a hard question because, you know, I would say it's sort of Google's responsibility to defend themselves. But then after, after you've been sort of attacked or breached, then it becomes the responsibility of, you know, the NSA or the FBI to help determine who's responsible and to see if anything can be done about it. But it's, it's messy, right? It seems like an area where the law and the bureaucracy hasn't caught up with the realities of the technology. Even now.

Gordon Carrera

Yeah, even now. Let alone in 2010. I mean, previously the only people who've really been hacked in this way by foreign states would have been defense companies who work very closely with the government and the intelligence agencies anyway. So they're going to kind of be communicating, communicating and talking about it. But this is suddenly different when you've got a kind of consumer facing company, effectively Google, getting hacked by a state. I think that's one of the reasons why this is kind of such a big moment. So the investigation is drawing all of these people in, but it's also got to be really secret. And of course the reason is the adversaries, the hackers are in the system. And so, you know, it's so interesting, isn't it? They are living inside Google's network. So if you send messages around Google's network saying these machines are infected or here's what we're going to do about it, they can see it.

Host/Interviewer

It's like a mole hunt.

Gordon Carrera

It's a mole hunt, yeah. Knowing you're penetrated by your adversary and therefore you, you know, like we've seen in some of the other episodes, we've done like the Kind of Gordievsky story. You have to create a team which is cordoned off from the rest of the organization who can do it without communicating more widely in case the molds, in this case, they're online, can see what you're doing. So it's kind of a super secret investigation but, but crucially they can see because they're now up on the attackers, they can see what the hackers, the adversaries are doing inside Google systems and they can see what they're looking for. I mean they can see them using Google's internal search engine and what they're typing in it, what they're googling within Google and that's going to make clear it's certainly espionage.

Host/Interviewer

And in this case it's, I guess to go back to the original kind of geopolitical point we raised on China, which is their intense interest in sort of internal security. I mean they're going after particular Gmail accounts and trying to obtain long term access to them through sort of the underlying source code that govern the system and access to it and all of that.

Gordon Carrera

Yeah, that's what's so interesting about it is it's definitely not criminal they can see from this point. Nor is it the type of hacking we sometimes associate with China where it's simply intellectual property theft, where they're trying to steal the corporate secrets like the negotiating position or how you build your widgets so that you can copy it. In China this is much more targeted and it is, yeah, it's about Gmail accounts, but also I think this is so interesting. They are looking for the source code that Google uses to run its systems so that they can get long term access to Gmails of their targets. So some of the reports, and Google never comments on all the details was that they were targeting the password system that controls access to devices known as Gaia. You can see why that would be valuable. They're looking for the signing certificates. That's what verifies software as legitimate and has been provided by Google. When it gets downloaded on someone's machine, if you can steal signage certificates or fake them, then you can download onto people's machine in the long term. This is all the kind of stuff which gives you long term stealthy access to systems and your targets. Now Google think they got them early enough before they could establish that long term access. But they could also see when they start looking at it, they can see that the hackers have used other means. So rather than not getting through Google's internal systems, but to get to some of their targets who have Gmail accounts, traditional phishing emails, malware on their computers, they can see that they found other ways of hijacking the targets of their computers. And they'd got into kind of dozens of us, China and Europe based Gmail users. And basically a common thread with all of these is that they are advocates of human rights in China. According to the FT at the time, two accounts used by the dissident artist AI Weiwei had been attacked, their contents read and copied. Another person was a student at Stanford and I spoke to that student years after the attack. And they were a Tibetan activist at Stanford who'd been organizing protests in the US related to the, the 2008 Olympics in Beijing. And they and their fellow activists have been getting these emails from each other which they know they hadn't sent. And obviously this is all part of that campaign to go for people who China sees as a threat to their stability at home, partly because they're advocating from abroad for human rights.

Host/Interviewer

Does Google know at this point what entity in China might be responsible? And I guess maybe said a little bit differently. Are they backing into the fact that it's the Chinese based on the targets.

David McCloskey

At this point, or is there something.

Host/Interviewer

Else that's suggesting that this is coming from China? Because I guess in theory could be anybody, but once, once you take a look at who they're looking at, you can kind of assume, yeah, yeah, I.

Gordon Carrera

Mean, there's going to be some other technical indicators which point to China, I think particularly to two colleges in China which are relevant. And it is interesting, isn't it? Because it's a cyber espionage campaign, but it's not targeting CIA officers or government officials or your classic espionage targets, but dissidents. And I mean, I think that just goes back to the kind of Chinese mindset and some of their first ever cyber attacks, first cyber attack to breach the UK Foreign Office, I think it's 2002 or so, is linked to Tibetan activists and they're kind of going through the Foreign Office and going through links to do with the Tibetan conference. So you can see right from the start that is the prime focus, particularly in this period of a lot of espionage which is coming out of China. And that is so clear from the targets of this Google attack.

Host/Interviewer

But there are some signs that they're looking a little bit more broadly too, because they're interested in, for example, the legal discovery portals where Google gets requests for surveillance data from kind of law enforcement and government. So whatever group is doing this, the taskings that they're getting the direction they're getting is a little bit beyond just the activists as well. Right. There's a broader interest in sort of mining what Google has, which makes sense. As long as they've got access to the systems, why not take what they can?

Gordon Carrera

I mean, that one about the legal discovery stuff is I think, really interesting because this is the portal where inside Google, if the FBI or the FISA court, which authorises kind of warrants for surveillance of spies and terrorists and others, if the court says, effectively, we want to wiretap someone and we want access to their Gmail, then that gets sent to Google and then Google have to provide access. And they can see these are the reports which come out afterwards, which Google have never themselves kind of commented on, but that certain names have been queried by the hackers to see whether they are in that portal. In other words, whether there are surveillance requests on them. Now, those wouldn't be dissidents?

Host/Interviewer

No. It would be like Chinese intelligence officers under commercial cover or assets of Chinese intelligence in the US who might be under suspicion. So that seems like a spot where maybe multiple Chinese services had peeked into this and sort of tasked the team that actually had access to pull different sorts of things based on what they wanted. Because that seems like something the Ministry of State Security, which is the more externally focused Chinese intelligence agency, would have great interest in if they knew that a cyber unit in the pla, in the military, had this kind of access to Google.

Gordon Carrera

Yeah, if you've got some agents in the us, you can suddenly see whether they are under surveillance by the FBI because you can see where the FBI has asked for a warrant on them. So it's a kind of smart counterintelligence game. And actually one of the things that they discovered during this investigation is it's not just Google that's been hacked, but other companies as well. And it looks like Microsoft was hacked as well, also looking for this kind of information. But also lots of other companies. Adobe gets hacked and it looks like again there they're looking for source code which might have allowed them, if they'd got that, to then find vulnerabilities in Adobe software, which is downloaded by lots of people, again, kind of a way of getting long term access to machines. So in all, I mean, at least 20 companies have been hacked. It's discovered as part of Aurora, and it looks like Google are like at the tail end of this hacking operation. And it's just they're the ones who kind of spotted it and discovered it. And there's all These other companies which as they pull the thread they suddenly go, oh, they've been hacked too. Some of the defense companies, software companies, hardware companies, seems to be a lot in that world, but they've all been hacked. And they realize this is a big operation which has been going on for years, led it looks like, by China.

Host/Interviewer

And I guess the question then is what in the world is Google going to do about this? Now that they've got this team, hundreds of them, sitting in this sort of outbuilding on their own network watching, watching the Chinese state muck around in Google systems, what in the world do you do about it? And maybe there, Gordon, it's a good spot to end. And when we come back we will answer that question and see exactly how Google takes it to the Chinese state.

Gordon Carrera

One more thing though, David, as a special bonus for members of the declassified club, we have a Googler who's going to come on, not just any Googler, but the president of global affairs for Alphabet, which is Google's renamed parent company, Kent Walker, who was part of Google at this time of Aurora and looks after their kind of external affairs for the company. And he's going to be on to talk about Aurora, hackers, foreign states, China, all those exciting things. So that's one for members of the club. You can join@thereistisclassified.com. see you next time.

Host/Interviewer

We'll see you next time.

Narrator

You are not luminous, Watson, but you are a conductor of light.

Host/Interviewer

Here they are.

Dr. John Watson

Dr. Mortimer, I presume?

Guest/Expert

Yes. Hi, John.

Dr. John Watson

Dr. John Watson.

Narrator

Who is your client?

Gordon Carrera

He was my client, sir.

Guest/Expert

Charles Baskerville.

Host/Interviewer

Keep reading.

Dr. John Watson

A local shepherd. Noted. I saw first that of the maid, Hugo Baskerville, past me, thence on his black mare, and there behind him, running mute upon his track, such a hound of hell that God forbid should ever be at my heels.

Narrator

I wish I felt better in my mind about it. It's an ugly business, boss. An ugly, dangerous business. And the more I see of it, the less I like it. I shall be very glad to have you back safe and sound in Baker Street Pass Mall.

Dr. John Watson

Hello.

Narrator/Announcer

Ghoul Hanger presents.

Guest/Expert

You're not Sherlock Holmes. I'm Henry Baskerville from one of the.

Narrator/Announcer

Biggest audio dramas of all time.

Dr. John Watson

Does it bother you?

Host/Interviewer

Like in a creepy kind of way.

Dr. John Watson

Like in there's an evil giant hound that likes the taste of Baskervilles kind of way.

Narrator/Announcer

The seminal gothic novel by Arthur Conan Doyle.

Gordon Carrera

They're watching. Who? Who? Who are watching?

Guest/Expert

It's not safe.

Narrator

I could just make out its pitch black form. Welcome to deepest everything, a hellish void.

Host/Interviewer

Darkest who are you?

Narrator

This piercing yellow glow of eyes.

Host/Interviewer

Dartmoor.

Narrator

What do you want of giant fangs?

Host/Interviewer

No Sherlock and co.

Narrator/Announcer

The Hound of the Baskerville. Listen now. Five stars, says the I Paper. Hugely popular, says the Guardian. A successful reinvention of Holmes for a younger generation, says the Times. Search Sherlock & Co. Wherever you get your podcasts.

David McCloskey

Hey, this is David from the Rest is Classified. Again, here's that short excerpt from my upcoming novel the Persian, which is available now wherever books are sold. And even though I'm the one reading right now, the audiobook is wonderfully narrated by Fajr Al Qaisi.

Host/Interviewer

I hope you enjoy Where Am I?

David McCloskey

General Kamran Isfahani loads his questions with a tone of slavish deference, because though the man resembles a kindly Persian grandfather, he is, in the main, a psychopath. The General is looking hard at Kam. He plucks a sugar cube from the bowl on the table, tucks it between his teeth, and sips his tea. Kam, typically, would not ask such questions, but during the three years spent in his care, hustled constantly between makeshift prisons, he has never once sat across from the General, clothed properly, with a steaming cup of tea at his fingertips, a spoon on the table, and a window at his back. Something flashes through the General's eyes, and it tells Cam that he will deeply regret asking the question again. It has been over a year since the General last beat him or strung him up in what his captors call the chicken kebab, but the memories are fresh. Each morning, Cam can still see the glint of the pipe brought down on his leg, can still remember how the pain bent time into an arc that stretched into eternity, and how that glimpse into the void filled him with a despair so powerful that it surely has no name, at least not in Persian, Swedish, or English, the three languages he speaks. And he's got more than the memories, of course. He's got blurry vision in his left eye and a permanent hitch in his stride. What is the spoon doing here? A spoon. 2,721 consecutive meals have been served without utensils on rubber discs, so Cam can't help but blink suspiciously at the spoon. A mirage. An eyeball scooper? A test. Perhaps the General plans to skin the fingers that pick it up. The General calms his fears with a nod, a genuine one, which Cam knows looks quite different from the version he uses for trickery, for lulling him into thinking there will be no physical harm. Cam puts a lump of sugar into his tea and slowly picks up the spoon. He stirs, savoring the cold metal on his fingertips. He sets it down on the table and waits, listening to the soft metallic wobble as the bowl of the spoon comes to rest. You will write it down again, the General says. He is rubbing the gray bristle on his neck, and Cam follows his eye contact as it settles on the portraits of the two ayatollahs looking down from the wall above. When Cam was a child, the sight of the ayatollahs frightened him. It still does. He looks away. You will write it again and you will leave nothing out. It will be comprehensive and final. Final. Cam considers another question. The General's silent gaze screams, do not. The first drafts, right after his capture three years ago, were utter shit. Like all first drafts, to call them stories would be like calling the raw ingredients spread across your counter a meal. No, they were just a bunch of facts, information wrung from his tortured lips and committed to bloodstained sheets of A4 paper. But Cam knows he's being too hard on himself. As a dentist, his writing had been limited to office memorandums and patient notes. As a spy, his cables adopted similarly clinical tones. Just the facts. Glitzmann, his handler, the man who'd recruited him to work for Mossad, liked to say. Leave the story to someone else. Mossad had preferred he write in English, not Swedish. The General, of course, demands that he write in Persian, and it is in Persian that Kam has found his voice. Now the cell becomes Kam's scriptorium. In his dragging, tedious Persian script, he writes the Quranic inscription In the name of God, honesty will save you. Across the top of the COVID page, Cam knows that the General appreciates this self talk reminder right up front. Beneath it, Cam titles this as the first part of his sworn confession and then signs his name. Someone will fill in the date later because though he does not know the date today, he also knows not to ask. The General's men will fill in the location for their own files. He writes the number one in the top left corner. But which story should he tell? The General said it was to be his masterpiece, perhaps the best of each, he thinks. He would also like to write something the General will let him finish. He would like to reach the end. Across hundreds of drafts. No matter the type of story, Cam has only managed to write one version of the end. It is the part he fears the most. Someday, he has told himself, someday he will write a new beginning to the bleakness of the end. Will he find it here on this last attempt. A prisoner can dream, he thinks. As always, Cam completes a final ritual before he starts this draft. He imagines writing down his last remaining secret in crayon on one of these A4 sheets right in front of him. One secret. Three years in captivity, Cam has held on to only one. Then he pictures a wooden cigar box. He slides the paper with the secret inside. In the early days of his captivity, he locked the real secret, written on imaginary paper in the imaginary cigar box, into an imaginary safe. But the General's men broke into every physical safe in his apartment, and Cam thought he should also improve his mental defenses. He now pictures the cigar box with his secret incinerated on a monstrous pyre, the light and heat so fierce that every dark corner of his brain burns bright as day. This way, Cam's not lying when the General asks him if he's been truthful, if the story is complete. He's written it all down, has he not? The prisoner cannot be held responsible for how management handles the papers. Cam presses the crayon to the paper and begins.

Anthony Scaramucci

Hey, it's Anthony Scaramucci, and I want to tell you about my podcast, Open Book, which just joined the Goal Hanger network, which we're all very proud of. In my latest episode, I interviewed Goal Hanger's very own James Holland. We spoke about World War II and what World War II teaches us about today. Here's a clip. Prime Minister Winston Churchill.

James Holland

Well, I think he was a great man. I think he was a man of vision. He was a man of enormous geopolitical understanding, and he was a man who offered possibilities. When you're in a life and death struggle, you need people that can persuade you. You need people that can bind you. You need men of vision, of charisma. That's the problem at the moment, is we haven't got those guys. I mean, he's flawed, of course. All the great men are. But thank goodness for the developed world and the democratic world that he was political leader of Great Britain in 1940 and throughout the whole of World War II.

Anthony Scaramucci

He literally, in so many different ways, man of century, I think, because Roosevelt was a charmer. Roosevelt was a great strategist. He pulled the Americans through the Depression and helped to manage the war. But without Churchill holding ground in May and June of 1940, it would have been a much darker, much worse world.

David McCloskey

It would have been not a lot.

Anthony Scaramucci

That the Americans could have done without Churchill's steadfastness and his inspiration to his fellow citizens.

Host/Interviewer

If you want to hear the full.

Anthony Scaramucci

Episode just search open book, wherever you get your podcast.