David McCloskey

For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books.

Gordon Carrera

Join the declassified club@therealisclassified.com this podcast is.

Carvana Sponsor

Brought to you by Carvana. Carvana makes car selling fast and easy from start to finish. Enter your license plate or VIN and get a real offer in seconds, down to the penny. If you accept, Carvana will come pick up your car from your drive or you can drop it off at one of our car vending machines. Either way, you get paid instantly. It's fast, transparent and 100% online car selling that saves your time. That's Carvana.

Gordon Carrera

Carvana.

Carvana Sponsor

Pickup fees may apply. You're deep into your favorite true crime binge, the twist, the theories and suddenly hunger hits. Grab a Paleo Valley 100% grass fed beef stick. These aren't your average gas station snacks. They're made from real beef, sourced from regenerative small American family farms. No preservatives, no gluten, no grains, soy or sugar. Just naturally fermented protein that fuels your obsession. Whether you're road tripping, hiking or pulling an all nighter with your favorite case, choose from five bold original Jalapeno Summer Sausage, Garlic Summer sausage and Teriyaki. They're keto, Paleo and Carnivore Friendly, made to work with your lifestyle, not against it. With over 55 million sticks sold and a 60 day money back guarantee, you've got nothing to lose. Get 15% on your first order@paleovalley.com just use code Paleo at checkout.

David McCloskey

You know we have security investigations from time to time.

Gordon Carrera

It's not such an unusual thing, but we quickly discovered that this was a very sophisticated adversary.

David McCloskey

And furthermore, the more troubling thing to me is that we discovered the motivation, which we believed to be to gain access to Gmail accounts, in particular for.

Gordon Carrera

Chinese human rights activists.

David McCloskey

We have made a statement of intent that we intend to stop censoring and.

Gordon Carrera

If we can do that within the.

David McCloskey

Confines of Chinese law and policy, we'd love to continue Google CN and all of our operations there.

Gordon Carrera

And if we cannot, then we'll do.

David McCloskey

As much as we can.

Gordon Carrera

But we don't want to run a service that's politically censored.

David McCloskey

Well, welcome to the Rest is classified. I'm David McCloskey.

Gordon Carrera

And I'm Gordon Carrera.

David McCloskey

And that was Sergey Brin, one of.

Gordon Carrera

The founders of Google, and he's speaking.

David McCloskey

There just a few weeks after the.

Gordon Carrera

Discovery of a massive hack of Google and has been linked to China. And we are on the second part of, of our investigation into this cyber.

David McCloskey

Attack that has come to be known as Aurora.

Gordon Carrera

And that really marks, I think, Gordon, the beginning of a kind of new era of cyber attacks, state sponsored cyber.

David McCloskey

Attacks and cyber espionage. And we had just left in our.

Gordon Carrera

Last episode, the security team in the Googleplex in Mountain View, California, sitting out in this outbuilding investigating what they now know to be an absolutely massive breach of Google systems. And they've just discovered this. It is Christmas time of 2009.

David McCloskey

It's clear it's very high end cyber espionage.

Gordon Carrera

And the cliffhanger, Gordon, that we left them with last time was what in the world are they going to do about it?

And the first thing they're going to try and do about it is kick the hackers out of the system. And you, of course, you have to plan this carefully because these are very sophisticated hackers. We talked last time about how they have a different kind of resource sophistication and motivation from your typical criminal hackers. It is a different type of behavior where if you're dealing with a criminal, they basically are just looking around for any company where they can make money off and who they can get into. And if they can't get into one company, they'll go to another. But if they've gone for you as an espionage target, it's because they want something you've got. And then you've got a much bigger challenge to both find them and get rid of them and to do it without them realizing what you're planning. Because the crucial thing is you've got them in your system and you've got to try and eject them from the system and not leave them anywhere where they can hide. And that is going to be the challenge for Google, running this out of the war room. They're keeping that investigation very secret. They've got it locked down. They've got a list of who can come in and come out of the room with a security guard on the floor, kind of speakeasy style. You've got to kind of know the right password to get in through the security guard. The cleaners are not allowed into the war room. So the pizza boxes, the coffee cups are mounting up. It's getting smelly in there.

This is a terrible holiday season for the security team, isn't it? I mean, this is about as bad as it could possibly get.

It is bad, isn't it? And it is approaching holiday time when you are trying to work out what to do about it. Which does make you wonder whether the hackers had deliberately picked that moment. The defenders are looking at the systems. They want to keep the element of surprise as much as possible. So they're working off their own separate network which they've built in parallel to the Google corporate network with this plan to cut them off instantly at one moment. And the idea is that they are going to at one moment purge the attackers off the Google network by effectively switching every person who works for Google off the network and booting them out of the network and initiating a password reset for the whole company.

It's like Jurassic park when they have to reset, do a hard reset on all of the electrical fences. Right.

It is just like Jurassic Park.

It's just like Jurassic Park.

But the idea is if you throw everyone off the network, then you ensure that the attackers kind of haven't kept a toehold, which, as we saw last time, you just need one way in and then you can kind of re establish yourself. So January 4th, they're going to initiate a company wide password change. They haven't told anyone why. I mean, that is going to leave a lot of people grumpy, isn't it? I mean, if you basically come into work one day and you're locked out of your machine by the security team and they're still not at this point telling you why, I think you're going to be an unpopular person, aren't you? If you're the, if you're the security team, if you're the IT workers.

David McCloskey

Yeah. And you've already spent so much time.

Gordon Carrera

Memorizing that like 15 digit password that's got all the lowercase and uppercase and special, special symbols. And now you've got to come up with another one.

Yeah. What do you use as your password, David? What's your, what's your prefer.

That's only available for club members, Gordon?

That's right. Along with my home address.

Yeah, exactly, along with your home address.

If you're not a member of the club, you don't know what you're missing. It's really good stuff.

But this is the crazy part, Gordon.

David McCloskey

Is that essentially Google on 12 January.

Gordon Carrera

Goes public with this.

David McCloskey

Eventually, after all of this secrecy, the.

Gordon Carrera

Company decides to just say what happened and to kind of point a finger at who they think did it.

I mean, that's the remarkable thing about this, because the truth is, defense companies, others were getting hacked in this period, but no one talked about it. And I remember being a journalist around this time, you know, and people were saying this Cybersecurity stuff is really bad. You'd go, well, who's been hacked? Tell me. And of course the answer was, can't tell you. No company would ever admit it got hacked. No government would admit it got hacked. No one wanted to admit it. No one wanted to admit they'd had their intellectual property and business secrets stolen because it might crater their share price. There was no incentive to be honest about these things. There were no regulations requiring anyone to do so. So even though there'd been a fair bit of hacking in the previous years, particularly, as I said, defence companies and governments, no one admitted it, no one talked about it. And yet here, I think for the first time, a major company is going to decide it's going to go public and it's going to issue a statement saying it's got hacked. What's also amazing about it is they're not just going to say we got hacked, but they're going to say who they think did it. They're going to point the finger at China and they're going to say the primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. They're going to say they only believe they got into two accounts through the Google internal hack, although, as we know, they'd got into some other activists accounts through other methods. But, you know, this is also a big deal to actually point the finger at someone for having attacked you. That was unusual as well.

It also suggests that Google had technical evidence that the attack had come from China. Right. Because I think you're going to be really cautious about publicly pointing the finger at anybody solely based on circumstantial evidence around the Gmail accounts that they're looking at. Right. Because in theory, it could be anybody. They would have had to have some reason to say, no, it was China.

Yeah. And I think there was technical evidence. As you remember last time, Dmitria Perovich from McAfee, some other cybersecurity researchers have all been kind of poring over the code. They've been tracing it back. I mean, they can see it coming from two colleges in China, which is interesting. And it's not entirely clear whether those colleges servers were being used by someone else or whether, which is possible, the hackers were based out of those colleges. Now, not that they were students, but that the colleges were a place where you've got technical expertise and where there were a team of hackers there. And I think there are other signs that not only was this Chinese intelligence, but it could have been hackers who Chinese intelligence had kind of coerced or persuaded or brought in to do it. And that was something Russia and China, I think, particularly in the 2000s used to do. A lot they, they used to go to universities or to criminal groups and say, you're a really good hacker. Now you're going to work for us, for the state and for the intelligence agency, whether it's the Chinese or whether it's the Russian fsb. Recruit, coerce, persuade, pay some of those young hackers to do it. And that seems to have been one possibility. Those responsible, the group called Elderwood, Sneaky Panda, that's my favorite title for them.

I hate how these names get attributed in, in these cyber stories because essentially, I guess what happens is it's done by cybersecurity researchers who are looking at essentially the, the mechanics of the attack, the code used, things like that to kind of understand that, okay, this is a particular group that's doing this based on kind of the weaponry that they're deploying, essentially. Right. It's a cybersecurity researcher who's coming up with the name Sneaky Panda. Or in Russia, what was Fancy Bear? Fancy Bear, you know, we covered, yeah, we covered in the North Korean billion dollar heist of the Central bank of Bangladesh. I think one of the North Korean groups was like the Beagle Boys or something ridiculous like that. So these names, they, they make all this sound ridiculous. And, and I honestly think the way this seeps into the popular consciousness is.

David McCloskey

You actually think there's a group in.

Gordon Carrera

China who name themselves Sneaky Panda and then start attacking, start attacking Google.

Elder Wood is better or apt 17, I don't know, I agree, I couldn'. But whatever the case, Google are going public. And it's so interesting because this is a direct challenge to Beijing. This is a company accusing a government. And Google is going to, you know, in the same statement say it's not just being hacked, it's not just pointing the finger at China, but it's going to do something about it. And it's no longer going to censor its search results in China. So this is a kind of big moment because as we looked at last time, there has been this battle within Google about do you go into China, do you not, what accommodations do you make with the Chinese? And now in the wake of being hacked, Google is saying, we are going to take it to you and there's going to be consequences for this hack.

So there, Gordon, with the fallout from this attack getting intensely political, let's take a break. And when we Come back. We will see how this turns into a massive confrontation between Google and the Chinese state. We'll see you after the break. Hi, David.

David McCloskey

Here from the Rest is Classified with a very exciting announcement for our US Listeners.

Gordon Carrera

My new novel, the Persian, is available now.

David McCloskey

Now, this book takes readers deep into the heart of the shadow war between Iran and Israel. The protagonist of this book, Kamran Isfahani, is a dentist living out a dreary existence in Stockholm, and he agrees to spy for Israel's foreign intelligence service, the Mossad. He proves to be a very skillful asset, helping Mossad smuggle weapons, run surveillance, conduct kidnappings. But when Cam tries to recruit an Iranian widow seeking to avenge the death of her husband, the operation goes terribly wrong and lands him in prison under the watchful eyes of a sadistic officer.

Gordon Carrera

Whom he knows only as the General.

David McCloskey

Now, after enduring three years of torture.

Gordon Carrera

And captivity, Kamran Isfahani sits in an.

David McCloskey

Interrogation room across from the General, preparing.

Gordon Carrera

To write his final confession.

David McCloskey

Now, Cam knows it is way too late to save himself, but he has managed to keep one secret, and if.

Gordon Carrera

He can hold onto it, he might.

David McCloskey

At long last find redemption. The book is available now and can be found wherever books are sold. Do be sure to stick around to.

Gordon Carrera

The end of this episode because I'll.

David McCloskey

Be reading an excerpt from the Persian.

Gordon Carrera

Welcome back. Google is about to take off the gloves, as it were, against the Chinese government. And, Gordon, I think it's fair to say that many inside Google would be, in particular, in the wake of this attack, be sort of deeply uncomfortable with the accommodation that the company had reached about doing business in China just a few years before.

Yeah, that's right. Last time we looked at how in 2006, Google had started operating its website in China, but agreed to be censored and agreed to these censorship requests. There'd been tension over it. Now, some of the staff inside the company had been unhappy about that even at the time, and about the willingness to not just have pornography getting censored, but also politics, stuff about Tiananmen Square, what happened in 1989. So there'd already been this kind of internal debate in the company. And now the company as a whole, after the statement, are learning that they've been hacked. There are people going around saying, we did a deal with them, China, and they still hacked us. That's how one person at the company puts it at the time. Sergey Brin, one of the founders of Google, we talked about last time, born in the Soviet Union, so, you know, he'd seen surveillance is particularly upset. He'd never been very comfortable with the deal. Now he's really angry at China having tried to access human rights accounts through Gmail as well as the kind of problems over censorship, he reminds other executives the motto don't be evil. Also, as we said, the CIA's motto is unofficial motto. So Brin is going to describe Aurora as the straw that broke the camel's back. And he's going to say China has made great strides against poverty and whatnot. But nevertheless, in some aspects of their policy, particularly with respect to censorship, with respect to surveillance of dissidents, I see the same earmarks of totalitarianism and I find that personally quite troubling. So I think that's an interesting statement because I think where he's talking about the earmarks of totalitarianism and personally finding it quite troubling, it's just this fact that you've got someone at the top of Google who's got personal experience of totalitarianism and is bothered by it. And there are differences in Google because Eric Schmidt, who has been brought in by the two founders as a kind of CEO business figure to help them grow and build a company, he is more of the view which was a common view in the us which is you have to comply with local law wherever you do business. That's the view as well from Bill Gates at Microsoft and others at the time, which is, you know, if you want to do business in China, you have to obey Chinese law. But squaring that with the kind of values of the company has clearly become an issue at this moment for the first time. And eventually the other kind of co founder Larry Page is going to agree with Sergey Brin and they're going to shut down and announce they're going to stop censoring the Google CN site and then eventually that's going to lead to the offices in Beijing closing. And I love this. So a New Yorker reporter goes to the Google HQ in Beijing. So they used to have a Beijing office on the day it's going to be shut down and well wishers show up to lay flowers and candles in mock morning and then they discover that the flowers were promptly removed. A security guard from the neighborhood informed them that they would need to apply for permits at the relevant department, otherwise they were conducting an illegal flower tribute.

I can't believe why Google's business didn't work in China, Gordon. In a place where you need permits for flower tributes, this is the point where it gets really injected into the bigger geopolitics. Between the US and China. I mean, it's a spad between Google and China first and foremost, but it's almost impossible for it to not end up laddering into the kind of the broader relationship between Washington and Beijing.

Yeah, and Hillary Clinton, who's then US Secretary of State, gives a big speech on 21 January 2010. So that's only a week or so after the announcement and a speech about Internet freedom that's going to be seen as part of Washington's response. So in Beijing, of course, they see this all as part of a plot. They see Google and Hillary Clinton, the State Department, the US Government, all working together in their minds to drive a certain vision of Internet freedom into China which they don't want. And you know, they view the Hillary Clinton speech as proof, if you like, that the two sides are working together. And it's interesting, some of the leaked cables from this period give a feel for what was going on in the U.S. embassy. And you know, even though some of those in China who are Chinese and if you like supportive of Google and that view, are worried that the speech is going to kind of play into the debate in Beijing which sees the Internet as a tool of the US and Internet freedom and Google as a tool of the US and turning it into a us versus them debate makes it harder for if you like Chinese voices to be heard because anyone who calls for Internet freedom is going to be seen as a US stooge effectively, and it's becoming very political. Interestingly enough, there's another leaked cable in which a well placed contact of the embassy in Beijing, the US Embassy, tells American diplomats that the Aurora hack was directed from the very top. And they say that the Politburo Standing Committee was behind the hack and that one top official was also working not just with the Politburo, but also with potential competitors to Google. So already you can sense that there's a kind of politics of technology is growing and the battle lines are being drawn which are going to kind of play out in the subsequent years. I mean, I went to Beijing 2013, so kind of couple of years after this and going to the Foreign Ministry, it's kind of really interesting place to go. Doing an interview with the cyber negotiator for the Chinese government and you go to the Foreign Ministry, it's a really grand building where the guards click their heels and stand to attention as you approach as a visitor, which I kind of like. Like that's.

David McCloskey

It's just like the BBC, right?

Gordon Carrera

Yeah, it's the kind of Respect I'm due when I approach. But anyway, I remember speaking to one of their top cyber officials. His argument was that all countries should be able to establish order over the flow of information and they needed to balance the free flow of information with public security. And that was simply what China wanted, which is basically a different vision of the Internet from the Google vision. And that vision espoused by Hillary Clinton, which is the Internet should be free and it's going to set people free. And so I think you can start to see at this moment in 2010 the battle lines drawn over this really big fight about what the Internet and what technology is going to do.

We've been talking in this series about this distinction of Google's a private company and sort of Google versus China.

David McCloskey

In a way it's interesting.

Gordon Carrera

I mean, the Chinese obviously have a sophisticated understanding of the American system and of the relationships between Washington and large corporations. But if I put on my Chinese official hat, I do wonder if there's much of a distinction drawn between the American state and Google or if it's that clear cut. Because if you look at even some of the information that they were after, were these essentially Google being told by the American government to provide information on particular suspects, you know, counterintelligence cases, things like that? If I'm the Chinese watching this, I could sort of say, look, well Google's, Google's effectively an arm of the American government in a way, right. And so what's the difference between US hacking defense companies or US going after American intelligence agencies or the State Department and Google? Is there a distinction on the Chinese side? It seems like it could be kind of muddled.

And David, I guess this gets us back to our favourite subject, Edward Snowden. One of the things that young Eddie revealed was that the US and the UK was able to kind of to some extent spy on the world and carry out surveillance through the fact people were using American corporations, companies to communicate and America was able to access some of that communication. So to some extent there is a point there which is that the relationship of American technology to espionage and the state is complicated. And part of what China is bothered about and worried about is Western control of the Internet and that that creates a vulnerability for Beijing. I mean, they are not entirely wrong about that, are they?

It's not like the US government or the intelligence community has some kind of direct operational control over much of what Google does. And it's certainly not the same level of control that the Chinese state exercises over large Chinese corporations or state owned enterprises in China. But it is true that the sort of presence of US tech companies at the heights of the Internet create a potential vulnerability or just a real vulnerability for the Chinese relative to Washington. That is absolutely true. But the view from Beijing would be totally different. Right. It's just a reality of the power politics of the Internet that we're seeing develop in this period.

And I mean, I guess what's interesting is that at this point in 2010 when this story has taken place, it's clear that the west dominates technology and dominates the Internet and American companies particularly. But we're going to see the start of that changing because one of the things China is able to do is it's got its own companies, which because it's excluded American social media companies. And now after Google is going to pull out American search engines, it's going to have Baidu, which is a kind of Chinese search engine. It's going to have, you know, kind of WeChat's going to have all these Chinese companies are going to kind of grow behind the great firewall. But also as well as growing domestically, some Chinese companies are going to kind of start to move out globally. So you're going to get Huawei and Telecoms, which is going to kind of be the first Chinese tech company, I mean the telecoms company to go global. And then you know, years later you're going to have TikTok as a kind of Chinese. Originally the ownership is complicated, acknowledging that moving out across the rest of the world. So suddenly you then have have the picture reversed because you suddenly have America and allies worried about being dependent on Chinese technology. Is Huawei going to be used to switch us off or to spy on us? Which of course the company denies. Is TikTok going to be used to influence us and as a kind of vector for certain ideas to be pushed towards us? You know, company denies it, but it's the kind of mirror image of what the Chinese were worried about in this period. Undermining social stability through social media companies. I mean, well, we worry about it with American companies over here as well as with Chinese companies. And that's the reality of it, isn't it?

Now the attack also led to massive changes just inside Google itself. They basically have to re engineer and re architect their entire network which is a years long effort to create a better defense against these kind of state sponsored attacks.

Yeah, because Heather Adkins who we mentioned had been there since 2002, she's still there now as kind of vice president of security engineering, is one of those leading the Kind of efforts to just change the way you do security in a company. A kind of zero trust model where you assume adversaries will be able to get into your network and could be there. So you have to kind of segment it and protect it in a different way and think how you trust. Rather comically, though, they're also going to learn that the US Government can occasionally hack their network because again, one of the things Snowden exposes is that potentially not in the US but at an overseas site that the US Government has hacked into some of the data cables that Google use to carry their traffic at points where it's unencrypted. That's an interesting moment. So we keep going back to Snowden because then suddenly that changes the narrative end, doesn't it? Because it's kind of like, well, who's the threat to Internet freedom? The Snowden argument and the libertarian argument suddenly starts to be, well, it's NSA and GCHQ and spy agencies, and it takes years for people to go. Actually, maybe it's China and Chinese companies which pose a challenge as well.

And yet Western companies and many tech companies are, I mean, even, even in the aftermath of this, continuing to go to China and to try to expand their business in China. I mean, there's, there's the infamous visit by Zuck, Mark Zuckerberg, right, where he. Doesn't he go jogging in Tiananmen Square or something like that? It was about 10 years ago. I mean, there's a, obviously a wariness on the part of these, many of these tech companies or just, I mean, I think broader Western enterprises in general to do business in China. And yet going back to this point around, you know, the market is just so massive and potentially so lucrative. They just, even with the threat of this kind of cyber espionage, it doesn't seem to have sort of slowed the appetite for access to the market.

That's right. I mean, I think Zuckerberg tries to learn Mandarin and he goes jogging and he makes all these statements and goes to speak at Chinese colleges and things like that, you know, as part of the effort to get Facebook into this massive market. And it's interesting, even Google, even Google is tempted to go back. So in the mid 2010s, news comes out about something called Dragonfly, which is a project looking again at having a censored version of search of Google search for the Chinese market. And it's interesting because there's anger within the company when this emerges. Don't be evil. And the plan is terminated. But it's so interesting, isn't it, this tension between, you know, your values and the way you're projecting yourself. And we really care about privacy. And then there's like the Chinese market and you know, you can see it with Apple as well because Apple basically agree to localize data storage. Apple make a big deal about privacy, you know, and privacy with the FBI and privacy and battling the FBI over access to data. But in China, they agreed to localize their data in data storage centers in China, which certainly at least makes it more possible for China to get access to that data. So the relationship between companies and China is definitely complicated. But the hacking continues. You start to see more of these nation state hacks against companies. We mentioned Dmitri ALPEROVICH Being at McAfee at the time, investigated Aurora, came up with a name. He, I was talking to him, he realizes this isn't a one off Aurora at that point. So he goes on to form the company CrowdStrike and in turn they're called in by famously the Democratic national committee in 2016 to discover that Russian intelligence has hacked their systems, you know, famously, and leaked the data. And you know, he told me that Aurora changed his kind of professional life, the canary in the coal mine, that there was a new cold war and the Chinese were not a friendly actor. And he was saying that just recently he was on this kind of cyber a safety review board to look into the hack of Microsoft Exchange in 2023 which was used to get into emails of top officials at the State Department, Commerce Department. And he finds it's the same group who did Aurora 13 years on. They're still there, they're still doing it. They're still going to hack American companies to get the email. So you know they're hacking telecoms companies. This is Salt Typhoon, which is a big hacking campaign against telcos, again to do espionage against, against the United States by getting into companies. So it's in that sense that's why I think Aurora is also really interesting because it's the start of a story which is just going to get bigger and which is still going on today.

It's funny as we're talking about this because so much of it in 2009, 2010 would have seemed very new and yet it is just fundamentally true that a state with a spy service is going to go after secrets held by other states. And if those secrets happen to exist inside companies, there's a bit of me that's thinking as you're just kind of reflecting on these last couple episodes of like this is this is really nothing new. I mean, it's just you're after strategic information that your, your adversary or your competitor possesses and it just might exist in Google and not at the National Security Agency. But what's really the difference? You're after secrets. In some ways it's just kind of old hat espionage, but it just happens to use new and shiny tools.

Yeah, I think that's true. But I guess what's different is the extent to which so much interesting information to spy agencies is now held by private companies.

That's true.

I guess in the past the interesting information would have been maybe in defence companies. I think that is definitely true. If you go back to kind of Cold War days, you know, defense companies were always a target for human espionage and signals intelligence and, and maybe some technical companies as well. But I think the extent to which private companies are now the battlefield cyber espionage, cyber attacks, because that's where the valuable data is. That's again, I guess where this is an origin story about private companies being on the front line and the question being who defends them? What do they do about it? If they get hacked, who do they turn to? How do they respond? Not all companies are going to be like Google with the resources to be able to deal with it. But if you've got the valuable data, especially if it's something like dissidents, which the Chinese state we know is after, you're going to be a target. And that's going to happen, I think, isn't it?

I think it also says something about this period in time, 2010ish, being a major turning point because I guess we're just a couple years before Snowden at this point and it's kind of this short period where looking back on it, it's a tipping point where before that the Internet was going to bring change and transparency on kind of a global scale. Right. And that it would affect countries like China, it would affect countries like Russia and it sort of tips. And we're now in a much more competitive, darker version of cyberspace where we're essentially seeing the same geopolitical kind of rifts just playing out in a different domain. And this moment with Aurora was really one of the points where it just tip over the cliff into the much kind of more frightening version of cyberspace that we live in today.

Yeah, I think that's right. I think that's why it is actually the hack that changed the world in that sense. I think it was one of the most significant that we've seen and one of the most consequential in terms of what it revealed and what it signaled and where we are now with a very different world in terms of technology and China. So yeah, I think it's a kind of important story as well as a kind of fascinating one about spies and tech companies.

Gordon. I think that's a great place to end our investigation here into Google versus China and this hack that changed the world. But before we let everyone go, we'd be remiss if we didn't say go.

David McCloskey

Sign up for the Declassified Club, wouldn't you say?

Gordon Carrera

Gordon? It is our members only club where you can get early access to series interviews, including a number we've done with former CIA directors, former directors of MI5. Lots of goodies there, access to a newsletter, Gordon's home address, a whole bunch of personal information. And unlike Gordon, the Chinese intelligence services we will not steal your personal information. So we can promise you that. Hope you enjoyed. We'll see you next time.

That's a promise. See you next time.

David McCloskey

Hey, this is David from the Rest Is Classified. Again, here's that short excerpt from my upcoming novel the Persian, which is available now wherever books are sold. And even though I'm the one reading right now, the audiobook is wonderfully narrated by Fajr Al Qaeda. I hope you enjoy Where Am I? General Kamran Isfahani loads his questions with a tone of slavish deference, because though the man resembles a kindly Persian grandfather, he is, in the main, a psychopath. The General is looking hard at Cam. He plucks a sugar cube from the bowl on the table, tucks it between his teeth, and sips his tea. Cam, typically, would not ask such questions, but during the three years spent in his care, hustled constantly between makeshift prisons, he has never once sat across from the general, clothed properly, with a steaming cup of tea at his fingertips, a spoon on the table, and a window at his back. Something flashes through the general's eyes, and it tells Cam that he will deeply regret asking the question again. It has been over a year since the general last beat him or strung him up in what his captors call the chicken kebab, but the memories are fresh. Each morning, Cam can still see the glint of the pipe brought down on his leg, can still remember how the pain bent time into an arc that stretched into eternity, and how that glimpse into the void filled him with a despair so powerful that it surely has no name, at least not in Persian, Swedish, or English, the three languages he speaks. And he's got more than the memories of course he's got blurry vision in his left eye and a permanent hitch in his stride. What is the spoon doing here? A spoon. 2,721 consecutive meals have been served without utensils on rubber discs, so Cam can't help but blink suspiciously at the spoon. A mirage? An eyeball scooper? A test, perhaps the General plans to skin the fingers that pick it up. The General calms his fears with a nod, a genuine one, which Cam knows looks quite different from the version he uses for trickery, for lulling him into thinking there will be no physical harm. Cam puts a lump of sugar into his tea and slowly picks up the spoon. He stirs, savoring the cold metal on his fingertips. He sets it down on the table and waits, listening to the soft metallic wobble as the bowl of the spoon comes to rest. You will write it down again, the General says. He is rubbing the gray bristle on his neck, and Cam follows his eye contact as it settles on the portraits of the two ayatollahs looking down from the wall above. When Cam was a child, the sight of the ayatollahs frightened him. It still does. He looks away. You will write it again and you will leave nothing out. It will be comprehensive and final. Final. Cam considers another question. The General's silent gaze screams, do not. The first drafts, right after his capture three years ago, were utter shit. Like all first drafts. To call them stories would be like calling the raw ingredients spread across your counter a meal. No, they were just a bunch of facts, information wrung from his tortured lips and committed to bloodstained sheets of A4 paper. But Cam knows he's being too hard on himself. As a dentist, his writing had been limited to office memorandums and patient notes. As a spy, his cables adopted similarly clinical tones. Just the facts. Glitzmann, his handler, the man who'd recruited him to work for Mossad, liked to say, leave the story to someone else. Mossad had preferred he write in English, not Swedish. The General, of course, demands that he write in Persian, and it is in Persian that Kam has found his voice. Now the cell becomes Kam's scriptorium. In his dragging, tedious Persian script, he writes the Quranic inscription in the name of God, Honesty will save you. Across the top of the COVID page. Kam knows the General appreciates this self talk reminder right up front. Beneath it, Kam titles this is the first part of his sworn confession, and then signs his name. Someone will fill in the date later, because though he does not know the date today, he also knows not to ask. The General's men will fill in the location for their own files. He writes the number one in the top left corner. But which story should he tell? The General said it was to be his masterpiece. Perhaps the best of each, he thinks. He would also like to write something the General will let him finish. He would like to reach the end across hundreds of drafts. No matter the type of story, Cam has only managed to write one version of the end. It is the part he fears the most. Someday, he has told himself, someday he will write a new beginning to the bleakness of the end. Will he find it here? On this last attempt, A prisoner can dream, he thinks. As always, Cam completes a final ritual before he starts this draft. He imagines writing down his last remaining secret in crayon on one of these A4 sheets right in front of him. One secret. Three years in captivity, Cam has held on to only one. Then he pictures a wooden cigar box. He slides the paper with the secret inside. In the early days of his captivity, he locked the real secret, written on imaginary paper in the imaginary cigar box, into an imaginary safe. But the General's men broke into every physical safe in his apartment, and Cam thought he should also improve his mental defenses. He now pictures the cigar box with his secret incinerated on a monstrous pyre, the light and heat so fierce that every dark corner of his brain burns bright as day. This way, Cam's not lying when the General asks him if he's been truthful. If the story is complete, he's written it all down, has he not? The prisoner cannot be held responsible for how management handles the papers. Cam presses the crayon to the paper and begins.