To Catch a Thief: China’s Rise to Cyber Supremacy
Episode 1: The Five Poisons
Release Date: March 17, 2025

Introduction

In the premiere episode of To Catch a Thief: China’s Rise to Cyber Supremacy, host Nicole Perlroth delves into the alarming evolution of Chinese cyberattacks against American entities. Produced by Rubrik in partnership with Pod People, the episode offers an in-depth documentary-style exploration of how China transformed its state-sponsored hackers from minor nuisances to formidable threats targeting the United States’ critical infrastructure. Drawing from firsthand accounts and expert interviews, Nicole unpacks the motives, methods, and far-reaching consequences of these cyber intrusions.

The Scale and Evolution of Chinese Cyberattacks

Nicole Perlroth sets the stage by highlighting the unprecedented scale of China's cyber espionage activities. For over two decades, Chinese hackers have systematically stolen trillions of dollars' worth of American research and development (R&D) trade secrets and intellectual property (IP), often leaving victims with less than 1% visibility into the breaches.

Kevin Mandia (Mandiant): “I think it's the greatest transfer of wealth in history.” [00:02]

Jim Lewis: “They call it advanced persistent threat.” [00:04]

This massive and continuous theft has evolved from targeting specific trade secrets to conducting blanket surveillance and pre-positioning within America’s critical infrastructure. As Dmitri Alperovich from CrowdStrike succinctly puts it:

Dmitri Alperovich: “They keep stealing, they can't innovate.” [00:59]

Operation Aurora and the Google Breach

A pivotal moment in understanding China’s cyber ambitions was the Operation Aurora breach in late 2009, where Google became the primary target. Nicole recounts the chaos within Google's security team as they grappled with an unprecedented breach.

Heather Adkins (Google Security Team): “We did every investigative method you could think of... after the first 12 to 24 hours, it was pretty clear that we were dealing with a scale that was going to quickly overwhelm our small team.” [09:20]

To manage the crisis, Google enlisted Mandiant, led by Kevin Mandia, renowned as the cybersecurity equivalent of “the Wolf from Pulp Fiction.”

Kevin Mandia: “In the cyber domain, the most important position to have is kind of own that moment, as you called it, the oh, shit moment.” [11:03]

The collaboration unearthed a sophisticated and widespread cyberattack, later named Operation Aurora by Dmitri Alperovich, drawing parallels to the historic Russian battleship that ignited the October Revolution.

Dmitri Alperovich: “Aurora is the name of the Russian battleship that fired the first shot... I knew that this event that I was investigating was also a huge deal.” [31:35]

The Motivation: Five Poisons and Internal Control

Central to China’s cyber strategy is the concept of the "Five Poisons," modern equivalents of ancient threats that the Chinese Communist Party (CCP) perceives as existential threats to its control. Jim Lewis of the Center for Strategic and International Studies elaborates on these groups:

Jim Lewis: “The Uyghurs, the Tibetans, the Falun Gong, the pro-democracy movement, and the Taiwanese. It's the concern with the continuity of party leadership.” [17:24]

Targeting these groups, especially the Uyghurs, has driven the CCP to invest heavily in domestic surveillance, turning regions like Xinjiang into dystopian surveillance hubs. Heather Adkins describes the pervasive surveillance infrastructure:

Heather Adkins: “By 2017, they were appearing absolutely everywhere... I counted 250 cameras during a 15-minute subway ride.” [17:24 - 22:25]

This domestic focus on control and suppression has seamlessly extended to global cyber operations, enabling China to export its surveillance tactics overseas.

The Global Expansion of Chinese Surveillance

As China's internal surveillance mechanisms grew more sophisticated, so did its international cyber espionage efforts. The breach of Google was just the tip of the iceberg, linking to over 100 other companies across various sectors, including Silicon Valley giants like Adobe and defense contractors like Northrop Grumman.

Jim Lewis: “We had discovered Oz at McAfee, all high tech.” [33:03]

Long dwell times, sometimes exceeding 400 days, allowed Chinese hackers to deeply infiltrate systems, stealing not just emails but also source code and vulnerability research, creating persistent backdoors for future access.

Impacts and Reactions

The revelation of Operation Aurora forced Google to make a historic decision to go public with the breach, marking the first instance of a major private company disclosing a state-sponsored cyberattack. This bold move was influenced by Sergey Brin, co-founder of Google, who prioritized ethics over business interests in the face of blatant espionage.

Paul Moser (New York Times): “Users deserve to know... the suspension of norms.” [36:17]

The disclosure had a ripple effect across the industry, awakening companies to the reality of persistent nation-state threats and challenging previously held assumptions about internet norms.

Conclusion

To Catch a Thief: China’s Rise to Cyber Supremacy Episode 1, "The Five Poisons," provides a comprehensive and gripping account of China’s strategic ascent in cyberspace. Through expert testimonies and detailed analysis, Nicole Perlroth illustrates the profound implications of China’s cyber operations on global security, economic stability, and technological advancement. The episode underscores the urgent need for heightened cyber defenses and international cooperation to counteract the sophisticated and relentless nature of Chinese cyber threats.

Notable Quotes with Timestamps:

• Kevin Mandia: “I think it's the greatest transfer of wealth in history.” [00:02]
• Jim Lewis: “They call it advanced persistent threat.” [00:04]
• Dmitri Alperovich: “They keep stealing, they can't innovate.” [00:59]
• Heather Adkins: “By 2017, they were appearing absolutely everywhere... I counted 250 cameras during a 15-minute subway ride.” [17:24 - 22:25]
• Dmitri Alperovich: “Aurora is the name of the Russian battleship that fired the first shot... I knew that this event that I was investigating was also a huge deal.” [31:35]
• Jim Lewis: “We had discovered Oz at McAfee, all high tech.” [33:03]
• Paul Moser: “Users deserve to know... the suspension of norms.” [36:17]

Key Takeaways:

• China's cyber espionage has evolved into a sophisticated and persistent threat targeting a wide range of American entities.
• Operation Aurora marked a significant turning point, revealing the depth and breadth of China's cyber infiltration strategies.
• The CCP's internal focus on suppressing perceived threats domestically has seamlessly translated into global cyber surveillance and espionage.
• The episode highlights the urgent need for robust cyber defenses and international collaboration to combat state-sponsored cyber threats.

To Catch a Thief: China’s Rise to Cyber Supremacy offers a crucial examination of the shadows within cyberspace, revealing the intricate web of cyber espionage that threatens global stability and security.