
Hosted by Rubrik | Nicole Perlroth | Pod People · EN

It’s been nearly 12 years since North Korea launched its crippling attack on Sony Pictures Entertainment over a Seth Rogen film. Most Americans remember the celebrity leaks, the embarrassing emails, the Hollywood spectacle of it all. What they missed was the playbook: Why simply hack an organization when you can bleed reputations dry? Turn stolen data into psychological warfare. It was a model that would soon echo everywhere from Russian intelligence operations to modern ransomware gangs. But Sony was only the beginning. Host and former The New York Times cybersecurity reporter Nicole Perlroth traces how North Korea evolved from an isolated adversary into one of the most innovative and dangerous cybercriminal enterprises on earth. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, T. J. Raphael, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma.

All North Korean IT worker schemes hinge on one thing: a willing participant in America. We found one, and knocked on her door. Experts have dubbed some of these Americans “laptop farmers.” The North Koreans call them “facilitators” – people willing to host multiple laptops in their home and happy to not ask too many questions. But identifying these people can be hard: unless you have access to a private Discord channel where North Korean IT workers talk freely among themselves. In Episode 3, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth, goes to Ohio to try to understand how and why anyone would help a hostile, authoritarian regime, launder their true whereabouts, and fuel their nuclear weapons program. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, T. J. Raphael, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Krissy Clark, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma.

Infiltrating the infiltrators. For the first time ever, host and former lead cybersecurity and digital espionage reporter for The New York Times Nicole Perlroth partners with a team of private investigators as they infiltrate a North Korean worker cell. She uncovers what happens after a security firm hires a man calling himself “Joseph.” By turning the tables on one of the world’s most elusive regimes, investigators gain rare, unprecedented access to their hidden Discord ecosystem: leaderboards tracking job applications, interview evasion tactics, and the disturbing levels of access North Korean workers are getting once inside – including, in one case, at an American nuclear utility. They also get a bizarre window into the human culture inside these cells – from their obsession with Minions to their pool parties and steak dinners outside North Korea. What emerges is not just a portrait of a sanctions-evasion operation, but a rare glimpse into how North Korea’s remote worker armies think, collaborate, and survive from behind the screen. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, T. J. Raphael, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Krissy Clark, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma.

A new breed of worker is quietly clocking in across the United States. They’re writing code. Managing your passwords. Training the next generation of AI models. They’re gaining trust. And access. On paper, they’re the dream hire. Skilled. Low maintenance. Always remote and often affordable. And by most accounts, they’re doing the work. But strange things are happening. In a new season of To Catch a Thief, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth, investigates how North Korean agents are infiltrating the global workforce. How did a nuclear-armed regime worm its way onto the payroll of international companies – and why is it so difficult to get them off? To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, TJ Raphaël, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Krissy Clark, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma.

To Catch a Thief: North Korea On Our Payroll is a gripping investigative podcast exposing how thousands of North Korean operatives are quietly getting hired inside American companies, funneling millions back to the regime and its nuclear weapons program. Hosted by bestselling author and former New York Times cybersecurity reporter Nicole Perlroth, the series features rare access to insiders and the Americans unknowingly helping power this global operation. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, Rebecca Chaisson, TJ Raphaël, Krissy Clark and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Eunice Park, Cai Lee, and Aimee Machado. Editing and Sound Design by Erica Huang. Graphics and design by the John & Jane Agency.

Nicole Perlroth sits down with Nicholas Carlini for an Out of Band conversation on the imminent zero-day surge. Carlini explains what Mythos can already do: find and exploit flaws in some of the world’s most hardened, widely deployed software—with minimal human input. He details what Mythos has already hacked, which now includes most of the operating systems in use. Together, they unpack what happens when these elite capabilities are no longer confined to intelligence agencies and freelance hackers—when AI collapses the barrier to entry and begins to overwhelm bug bounty programs. Perlroth presses Carlini on Anthropic’s decision to hold Mythos back, and reports that unauthorized users may have already accessed it. She also asks the uncomfortable question: will researchers like him, that get advance access to these models, become prime targets for nation-state hackers? Finally, they confront the bigger question: whether defenders have any credible path to regain the advantage in a world where, with enough compute, almost anything can be hacked.

Colonial Pipeline was a warning shot. Now, Chinese hackers are inside the digital guts of hundreds of Colonial equivalents across the U.S.—power, water, transportation, and more. The question isn’t if they’re in. It’s why. And what happens next. Is this digital coercion? A warning to stay out of Taiwan? Is an invasion imminent—and are we ready for the cyber fallout that could come with it? In the final episode of this series, host and former New York Times cybersecurity reporter, Nicole Perlroth, investigates the nightmare scenarios U.S. officials are gaming out behind closed doors. The battlefield is already shifting—tilting toward Beijing. And while China prepares, America’s attack surface only grows. This isn’t just a problem for Washington. The new front line runs through all of us.

Cyber experts start getting called into electric, water, pipeline, railway, and transportation hubs around the country. Hackers have found a clever way to embed in these systems, using a small, unsuspecting device in everyday Americans’ homes. And once these hackers get in, they’re not dropping the usual malware, or sucking much of any data out. Unlike their predecessors, these hackers are very careful to cover their tracks. It appears they’re just lying in wait. Sleeper cells waiting for marching orders. So what’s the trigger? And what happens if they pull it?

The General Manager of an electric and water utility in Littleton, Mass. gets a surprise call from the FBI. At first he suspects the caller is a spammer, but soon he learns the agent is very real. Chinese hackers are lurking deep in his utility’s systems. And his is not the only one. Hundreds of other power, water and pipeline operations across the United States are getting hit. These targets have little to no intelligence value at all. But their potential for sabotage? Enormous. In Episode 7, host and former New York Times cybersecurity reporter, Nicole Perlroth, revisits a hack, more than a decade ago, where the motive was not entirely clear at the time. In hindsight, it was the opening salvo.

During China’s pseudo-cyber-hiatus, the PRC’s hacking operations get a major overhaul. CCP leadership moves responsibility away from the sloppy, brazen hackers at the People’s Liberation Army to the far more stealthy, and strategic, Ministry of State Security. Gone are the “most polite” hackers in the digital world. Here to stay are the gunslingers – the elite of the elite in their field. In Episode 6, host and former New York Times cybersecurity reporter, Nicole Perlroth lays out what it looked like as China’s hackers went underground… and what we missed in Eastern Europe as they did.