To Catch a Thief: China’s Rise to Cyber Supremacy
Episode 2: Then They Came for Us
Release Date: March 17, 2025
Host: Nicole Perlroth

Introduction to the Cyber Conflict Between Google and China

The episode opens with a compelling news report highlighting Google's decision to threaten pulling out of China due to cyberattacks targeting the email accounts of human rights activists. This move also entails Google ceasing to censor its search results in China, directly challenging the Chinese government’s stringent internet control measures.

• News Anchor [00:02]: "Google is threatening to pull out of China over computer attacks that pried into the email accounts of human rights activists. Google also says it will stop censoring its search results in China."

Nicole Perlroth underscores the significance of this decision, linking it directly to China's censorship regulations.

• Nicole Perlroth [00:44]: "Completely because of China's censorship rules."

The public's reaction is palpable, with supporters expressing their concern by leaving flowers and notes at Google's Beijing headquarters.

• News Anchor [00:44]: "The announcement triggered an outpouring of concern from Internet users in China."

Google's Breach and Its Aftermath

Nicole delves into the historical context of Google's cyber breach in January 2010, where Google publicly disclosed a sophisticated, state-sponsored attack originating from China.

• Nicole Perlroth [00:57]: "In It's January of 2010, Google has just come forward. They publish a blog post announcing they've 'detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China.'"

This revelation triggered an immediate uproar, but rather than leading to a transparent disclosure of cyber threats, it resulted in increased caution among Chinese hacking victims.

• Nicole Perlroth [02:27]: "Google pulled its search engine from China, handing billions in revenue to Google's main Chinese competitor Baidu. The result was a profound chilling effect."

Felicia Taylor provides additional context, explaining how Google's departure impacted the Chinese search market dominance.

• Felicia Taylor [02:27]: "Microsoft and Yahoo continue to chip away ever so slightly at Google's huge search market dominance."

Nicole reveals the depth of the breach, tracing it back to high-level Chinese government involvement, specifically a senior member of China’s Politburo.

• Nicole Perlroth [03:36]: "Google's hack had been orchestrated by a senior member of China's politburo—the equivalent of a US Cabinet member."

The RSA Breach and Escalation of Chinese Cyberattacks

The narrative progresses to the attack on RSA, a pivotal moment that demonstrated the escalation of Chinese cyber capabilities.

• News Anchor [07:10]: "One year after Google, the very same hackers came for the security world's keys to the kingdom. They hacked a company called RSA and stole the keys to their core security product."

Nicole elaborates on the implications of this breach, highlighting how it enabled further infiltration into high-value targets like Lockheed Martin.

• Nicole Perlroth [07:30]: "With RSA's keys in hand, China's hackers were able to leapfrog from RSA into its customer networks at high value targets like Lockheed Martin."

The conversation shifts to the ongoing threat posed by these sophisticated hackers, even extending to major corporations like Microsoft in 2023.

• Nicole Perlroth [07:17]: "That same group, they're still hacking today, by the way. In 2023, they came for Microsoft using a similar MO."

The New York Times Under Siege

A significant portion of the episode focuses on the personal accounts of David Barboza, a former New York Times correspondent, detailing how Chinese hackers infiltrated the Times’ systems while he was investigating corruption among Chinese leaders.

• Nicole Perlroth [10:42]: "As a reporter at the New York Times, trying to get these companies to go on the record was a fool's errand. Nobody would talk. That is, until they came for us."

David recounts his meticulous research into the secret wealth of Chinese officials, a story that made him a prime target for cyberattacks.

• David Barboza [11:15]: "I actually wanted to do this story looking into the secret wealth of Chinese leaders for four or five years."

The hackers, identified as PLA Unit 61398, systematically infiltrated the Times’ network, targeting Barboza’s investigative work.

• Nicole Perlroth [13:13]: "They were after our sources. And the sources for one reporter in particular, Right?"

Barboza describes the intense pressure and danger he faced, both personally and professionally, as the Chinese government ramped up its efforts to suppress his reporting.

• David Barboza [15:15]: "Any foreign correspondent, especially foreign American outfit, would know that when you're in China, you are followed."

Revelation and Industry-Wide Implications

The turning point comes when Barboza publishes his groundbreaking story, revealing the extent of the Chinese cyberattacks not only on the New York Times but also on other major media outlets.

• David Barboza [26:44]: "I think they're on our trail. I don't know for sure, but they're asking questions. I think I should come back and finish the article. In New York."

After the publication on October 25, 2012, the Chinese Communist Party (CCP) reacted swiftly by blocking access to the Times’ website in China and denouncing the report as a smear.

• News Anchor [30:19]: "The New York Times reporting on a cyber attack on its own computers."

This disclosure prompted other major media organizations, including the Washington Post and Wall Street Journal, to acknowledge their own breaches, shattering the long-held silence on such cyber infiltrations.

• Felicia Taylor [31:38]: "The New York Times going live really made the difference. Washington Post followed suit. Wall Street Journal, everybody, you know, kind of came out after that."

Nicole highlights how this collective acknowledgment transformed the narrative, making Chinese cyber espionage a central issue in the media landscape.

• Nicole Perlroth [31:43]: "Once the New York Times came out, floodgates opened."

Transition to Intellectual Property Theft for Economic Supremacy

The episode shifts focus to the broader motivations behind China’s cyber activities, moving beyond targeting dissidents to engaging in large-scale intellectual property (IP) theft aimed at achieving economic dominance.

• Kenneth Mandia [32:32]: "There were breaches against, I think, thousands of companies who had this... valuable intellectual property that essentially went out the back door."

Nicole emphasizes that these actions are not mere corporate espionage but are strategic moves by a nation-state to propel China from a manufacturing hub to a global innovator.

• Nicole Perlroth [33:21]: "Property theft, stealing research, trade secrets. Sit with that for a second. These aren't market competitors we're talking about. This is a world power, a nation state coming for private American companies."

Felicia Taylor provides a vivid analogy to describe the systematic and indiscriminate nature of these cyberattacks.

• Felicia Taylor [33:58]: "They were gaining access to machines and just going through the directory that started with A, then the directory that started with B. It was just mowing down files and taking as much as they could follow."

Conclusion and Forward Look

Nicole Perlroth concludes the episode by setting the stage for future discussions, emphasizing the multifaceted nature of Chinese cyber threats—from political suppression to economic conquest through IP theft.

• Nicole Perlroth [34:26]: "To Catch a Thief is a first-of-its-kind, documentary look at China’s rise to cyber supremacy."

Listeners are encouraged to stay tuned for subsequent episodes that will delve deeper into the strategies and impacts of China’s cyber operations.

Notable Quotes

• Nicole Perlroth [02:27]: "Google pulled its search engine from China, handing billions in revenue to Google's main Chinese competitor Baidu. The result was a profound chilling effect."

• David Barboza [19:38]: "So imagine like we're getting a set of documents in, it's coming from the Chinese government... Is this a trick? Do they know that we're looking at this?"

• Felicia Taylor [33:58]: "They were gaining access to machines and just going through the directory that started with A, then the directory that started with B."

Key Takeaways

1. Evolution of Chinese Cyber Threats: From targeting dissidents and human rights activists to large-scale intellectual property theft aimed at economic supremacy.

2. Impact on Major Corporations and Media: High-profile breaches of Google, RSA, Microsoft, the New York Times, Washington Post, and Wall Street Journal underscore the pervasive nature of the threat.

3. State-Sponsored Operations: The involvement of senior Chinese government officials and military units highlights the strategic and state-directed nature of these cyberattacks.

4. Industry-Wide Silence and Transformation: Initially, companies remained silent about breaches, but collective acknowledgment by major media outlets marked a shift in transparency and awareness.

5. Personal Risks for Journalists: Investigative reporting into Chinese corruption carries significant personal and professional risks, as exemplified by David Barboza’s experiences.

To Catch a Thief offers a gripping exploration of China’s strategic ascent in the cyber realm, detailing the sophisticated and state-sponsored nature of its cyber operations. Through personal narratives, expert insights, and detailed accounts of major cyber incidents, the podcast paints a comprehensive picture of the modern cyber battleground.

If you found this summary insightful, please make sure to listen to the full episode for an in-depth understanding. Don’t forget to rate and review the show to support future episodes.