Ep 5: A Cyber Detente - To Catch a Thief: China’s Rise to Cyber Supremacy

Summary5 min read

Summary of Podcast Episode: Ep 5 - A Cyber Detente To Catch a Thief: China’s Rise to Cyber Supremacy
Host: Nicole Perlroth
Release Date: April 7, 2025

1. Introduction to the Cyber Detente

In episode five, titled "A Cyber Detente," host Nicole Perlroth delves into a pivotal moment in the escalating cyber conflict between the United States and China. The episode explores the brief period of détente between the two superpowers, the factors that led to its inception, and the subsequent unraveling that reignited cyber tensions.

2. Historical Context of US-China Cyber Conflict

The episode begins by tracing the origins of Chinese cyber espionage against the U.S., highlighting early efforts by the U.S. government to curb China's intellectual property (IP) theft.

Matt Turpin explains:

"[In] 1991, George H.W. Bush brought a Section 301 investigation against the Chinese government for theft of intellectual property and violations of copyrights and other things..."
[02:48]

Despite these efforts, enforcement was lax, primarily due to economic interests and the hope that China's economic growth and integration into the global economy would naturally curb such activities.

3. Obama-Xi Jinping Cyber Detente

A significant turning point occurred on September 25, 2015, when President Barack Obama and President Xi Jinping announced a cyber detente from the Rose Garden at the White House.

Barack Obama stated:

"We have jointly affirmed the principle that governments don't engage in cyber espionage for commercial gain against companies. That all I consider to be progress."
[00:59]

Nicole Perlroth narrates the surprise and skepticism surrounding this agreement, noting that many industry experts and government officials doubted China's commitment to the moratorium.

4. Initial Success and Decrease in Cyberattacks

Following the détente, there was an observable decline in Chinese cyberattacks targeting U.S. businesses. This period saw a significant reduction in breaches, with attacks dropping from dozens per month to mere handfuls.

John Carlin, who led the Justice Department's indictments against the PLA hackers, remarked:

"I was surprised that we reached the norm. And I was even more surprised when we actually saw a decrease in hacks that looked like they were occurring in that space."
[32:08]

Kevin Mandia added:

"We could lock in on the Chinese threat pretty well... and it never comes back up really for a while."
[32:27]

5. Impact of Edward Snowden's Leaks

The détente faced a severe test when Edward Snowden leaked classified NSA documents shortly after the Obama-Xi summit. These revelations shifted global focus to U.S. surveillance practices, undermining the cyber detente by portraying the U.S. as both a victim and perpetrator of cyber espionage.

Nicole Perlroth explains:

"Snowden's timing could not have been more convenient for China. It was the ultimate get out of jail free card."
[17:31]

6. The OPM Cyberattack and Its Aftermath

In 2015, a monumental breach of the Office of Personnel Management (OPM) occurred, exposing sensitive data of approximately 25 million individuals. This attack not only compromised personal information but also severely impacted U.S. intelligence operations by exposing identities of federal employees and potential spies.

Jim Lewis highlighted the personal toll:

"There was a breach of OPM scale... A breach of that magnitude could not be allowed to stand."
[22:01]

Nicole Perlroth underscores the significance:

"Chinese hackers got the minute personal details, background checks and medical histories of every citizen who had ever applied for a security clearance."
[20:47]

7. Breakdown of the Cyber Detente

The OPM breach, coupled with ongoing surveillance scandals revealed by Snowden, eroded trust between the U.S. and China. The administration faced immense pressure to respond, leading to intensified cyber measures against China.

Barack Obama declared:

"We're going to have to be much more aggressive, much more attentive than we have been, and this problem is not going to go away. It is going to accelerate."
[23:58]

Despite attempts at diplomacy, including backchannel negotiations, China eventually resumed its cyber espionage activities with increased sophistication.

8. Resurgence of Chinese Cyberattacks

Post-détente, Chinese cyber operations evolved dramatically. Hackers became more advanced, employing machine learning and artificial intelligence to sift through vast datasets stolen over the years. These efforts aimed to enhance China’s intelligence capabilities, targeting personal data to undermine U.S. espionage efforts.

Matt Turpin summarizes:

"The Chinese were building a repository of Americans personal data... This wasn't a violation of the Obama Xi moratorium on IP theft. This was Spycraft 101."
[34:41]

Steve Stone warns:

"The Chinese regime is taking all that information about us... Suddenly they know more about us than we know about ourselves."
[42:05]

9. Conclusion and Future Implications

The episode concludes by reflecting on the fragile nature of cyber détente and the ongoing cyber arms race between the U.S. and China. Perlroth emphasizes the necessity of robust cyber policies and international cooperation to curb state-sponsored cyber threats.

Jim Lewis advises:

"We have to come up with an engagement plan that eventually leads to China being more responsible in international relations."
[28:07]

As the podcast hints at future developments, it underscores the continuing challenges in achieving a stable cyber relationship amidst technological advancements and geopolitical tensions.

Notable Quotes:

Barack Obama (00:59):
"We have jointly affirmed the principle that governments don't engage in cyber espionage for commercial gain against companies. That all I consider to be progress."
Matt Turpin (02:48):
"[In] 1991, George H.W. Bush brought a Section 301 investigation against the Chinese government for theft of intellectual property..."
John Carlin (32:08):
"I was surprised that we reached the norm. And I was even more surprised when we actually saw a decrease in hacks that looked like they were occurring in that space."
Jim Lewis (22:01):
"There was a breach of OPM scale... A breach of that magnitude could not be allowed to stand."
Steve Stone (42:05):
"The Chinese regime is taking all that information about us... Suddenly they know more about us than we know about ourselves."

This episode of To Catch a Thief provides an in-depth analysis of a critical juncture in U.S.-China cyber relations, offering listeners a comprehensive understanding of the complexities and stakes involved in international cyber diplomacy.

Loading summary

Transcript107 lines

[00:09]
Barack Obama
I raised once again our very serious concerns about growing cyber threats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain.
[00:26]
Nicole Perlroth
For years, Chinese IP theft was something most US Businesses just swallowed with a wink and a nod towards profit. As for the US Government, they took a gamble. They hoped that as China's economy grew and the Internet took off, China would have no choice but to adopt international norms, improve its track record on human rights, and eventually stop hoovering up all our ip. But hack after hack made clear just how wrong they were. And then this happened.
[00:59]
Barack Obama
We have jointly affirmed the principle that governments don't engage in cyber espionage for commercial gain against companies. That all I consider to be progress.
[01:13]
Nicole Perlroth
On September 25, 2015, Obama and Xi Jinping stood side by side in the Rose Garden and announced the cyber detente nobody saw coming.
[01:24]
Barack Obama
What I've said to President Xi and what I'd say to the American people is the question now is, are words followed by actions.
[01:34]
Nicole Perlroth
What you just heard was Obama announcing that Xi Jinping had agreed China would stop hacking for commercial gain. Well, technically, Xi and Obama agreed to stop hacking for commercial gain, but this was no doubt a better deal for Obama than it was for Xi. Nobody saw this one coming. Not me, not the white hats who were getting called into Chinese cyber attacks all over the country. Not even the government officials who pulled it off. So how'd we get here? Well, as Chinese cyber espionage ramped up, so too did the government's agonizing of what to do about it. I'm Nicole Prolorath, and this is To Catch a Thief. Now here I should step back and note there had been government efforts, serious efforts to rein in Chinese IP theft before, long before Aurora, even before the dawn of the commercial Internet. Really, the first Bush administration had put China on notice.
[02:49]
Matt Turpin
So I think folks seem to Forget that in 1991, George H.W. bush brought a Section 301 investigation against the Chinese government for theft of intellectual property and violations of copyrights and other things, and used that to force the Chinese government to the negotiating table so that they would actually start to abide by international rules around respecting copyrights and respecting intellectual property.
[03:17]
Nicole Perlroth
That was Matt Turpin, who served as China Director at the National Security Council on Trump's first administration and before that, as China Advisor to the Chairman of the Joint Chiefs of Staff under Obama. For those not well versed in the minutiae of trade law, the section 301 investigation is the first step in Imposing tariffs that would have penalized China for its blatant IP theft. And this was a big deal at the time, but when it came down to actually enforcing anything, that was another story.
[03:52]
Matt Turpin
The Bush administration got to a negotiated settlement in 1991 and then chose not to impose sort of retaliatory tariffs on what Beijing was doing. Beijing agreed to fix its things. And then essentially four years later, during the Clinton administration, the Clinton administration is back in 1995 renegotiating compliance on those agreements. Right. That Beijing is not compliant. And essentially that is the. The story that we've been dealing with from then on.
[04:23]
Nicole Perlroth
Every time the Bush and Clinton administrations debated actual penalties in the form of tariffs or sanctions, there were always people in the room who'd argue back. It'd be better to kick the can down the road. American businesses were making too much money in China to disrupt the status quo. And back then, policymakers still still held out hope for a new China. That once they acquired a certain level of wealth and economic maturity, once the Internet took hold, China would cut out the bad behavior, stop stealing, rip, lay off the Internet crackdowns, and inevitably democratize this late 90s, early 2000s optimism was perhaps best summed up by this guy.
[05:15]
Earl Warren
As Justice Earl Warren once said, liberty is the most contagious force in the world. In the new century, liberty will spread by cell phone and cable modem. In the past year, the number of Internet addresses in China has more than quadrupled from 2 million to 9 million. This year, the number is expected to grow to over 20 million. When China joins the WTO by 2005, it will eliminate tariffs on information technology products, making the tools of communication even cheaper, better, and more widely available. We know how much the Internet has changed America, and we are already an open society. Imagine how much it could change China now. There's no question China has been trying to crack down on the Internet. Good luck. That's sort of like trying to nail Jell O to the wall. But I would argue to you that their effort to do that just proves how real these changes are and how much they threaten the status quo. It's not an argument for slowing down the effort to bring China into the world. It's an argument for accelerating that effort in the knowledge economy. Economic innovation, and political empowerment, whether anyone likes it or not, will inevitably go.
[06:42]
Nicole Perlroth
Hand in hand these days. That sounds pretty naive, but back then, to be fair, all signs were pointing that way.
[06:52]
Matt Turpin
I think we should place ourselves back into sort of the position that our own leaders in the United States were in, as well as leaders from numerous other countries around the world were in the early 1990s. They're looking at the world coming out of the Cold War. We've watched the collapse of communism across Eastern Europe and the Soviet Union. We've watched the Soviet Union implode. We've seen the Chinese Communist Party come under significant pressure from its own citizens in June of 1989, culminating in a massacre of students in Tiananmen. And so you're looking at that landscape and you're saying to yourself, you know, this process, this Leninist sort of political system is truly on its deathbed. China is a nation at war with itself. Tension had been building all day Saturday after some early skirmishes between students and soldiers.
[07:45]
Nicole Perlroth
The man was alone. The tank was not. There was not one voice on the streets which did not express despair and rage. Tell the world, they said to us. Here's Jim Lewis, who was involved in some of these internal deliberations at the time.
[08:02]
Jim Lewis
Well, remember the end of the Clinton administration. We thought the Chinese were going to be friends. It was probably a little naive, but what the heck, America and China would have a global partnership where they would set the rules and work together, and we were all going to be friends. And it was the end of history. And we could say Kumbaya. And the Chinese kind of believed it too, at least some of them. And at the same time, you had this background of intense espionage. There was a debate in China that wasn't resolved until a few years ago. Do we become more international, more like what the Americans want us to be, where we play by the rules that the rest of the world plays by? Or do we become more nationalistic and put China's interests first? Unfortunately for us, it was the nationalists who won.
[08:52]
Matt Turpin
And so for the United States, I think in the policymaking community, by the end of 2015, it had really sort of sunk in that our hopes were sort of dashed, that Xi Jinping was not going to be the reformer that we had hoped he would be, that by continuing to sort of blindly help the Chinese economy developed, become more wealthy, more technologically advanced. Underneath the leadership that was manifesting in Beijing, we were essentially making our lives much, much more difficult and much more dangerous.
[09:23]
Nicole Perlroth
The intelligence community watched as US businesses hemorrhaged IP fighter jets, passenger planes, solar panels, DuPont's genetically modified seeds, turbines, oil and gas tech and exploration strategies, electric vehicles. Coca Cola, which paid $4 billion for vitamin water in 2007, watched its Chinese market share plummet overnight. Ousted by Nong Fu's victory vitamin water. Entire US product lines were vanishing. And by 2013, there was this growing sense of urgency that government could no longer let the private sector fend for itself, itself. It simply wasn't a fair fight.
[10:13]
John Carlin
You go to people in the private sector and say to your point, what was so, you know, evidently clear, which is that when you're up against the second largest military in the world, it's not a fault of the New York Times, you know, however big 10 person IT team that they can't keep them out of a system that's, that's a fight that traditionally has been nation to nation. We don't leave every company up against major nation state rivals. It was such a unique space that we were allowing that to happen in cyber.
[10:45]
Nicole Perlroth
That was John Carlin who led the Justice Department's 2014 indictments of the PLA members who'd hacked us at the New York Times. And here's Jim Lewis again.
[10:55]
Jim Lewis
There was always this sense of, look, it's a trade. We know they steal from us, but we get a lot of money out of China. So right now the trade was works in our favor.
[11:06]
Nicole Perlroth
Until it didn't. As Obama's first term came to a close, things started to look bleak. Whatever profits American businesses were making in China short term were getting far eclipsed by the long term hits they were taking from Chinese IP theft. By 2012, Obama decides he's had enough.
[11:29]
Barack Obama
Tonight, I'm announcing the creation of a trade enforcement unit that will be charged with investigating unfair trading practices in countries like China. There will be more inspections to prevent counterfeit or unsafe goods from crossing our borders. Our workers are the most productive on earth. And if the playing field is level, I promise you, America will always win.
[12:00]
Nicole Perlroth
Obama makes moves, real moves, to level the playing field. One, the White House sets up an interagency task force whose sole mission is to start bringing IP theft cases to the wto, the World Trade Organization, a necessary first step in banning Chinese products that relied on stolen American ip. And two, the White House starts building out its case to the American people. They couldn't just start banning cheap Chinese goods, not if they expected to win the next election. The White House knew it would have to run the numbers. And this was critical because without a visceral understanding of just how swindled we were getting, Americans would never stomach the price hikes that would follow from banning cheap Chinese toys, vacuum cleaners, solar panels and seeds. And doing this math was no easy feat. Because as we've now established, the IP theft victims were doing their damnedest to keep their hacks and losses under wraps. Plus, to really get an accurate tally, you couldn't just add up losses last quarter. You'd have to include losses from future American product lines that were now vanishing in the face of Chinese subsidized copycats flooding the markets. So Obama sets up a bipartisan commission. He taps Admiral Dennis Blair, his former national intelligence director, and Utah's former Republican governor, an outgoing ambassador to China, Jon Huntsman. And he asks them to figure out just how much the US is hemorrhaging and stolen IP. Their answer wasn't pretty.
[13:54]
Matt Turpin
Spring of 2013, the Obama administration had commissioned the Blair Huntsman Intellectual Property Commission Report, which finds that the Chinese are stealing $300 billion a year worth of intellectual property. $300 billion a year.
[14:14]
Nicole Perlroth
Let's pause here. That figure, $300 billion annually, was roughly equal to America's $318 billion trade deficit with China that very same year. Now, economists will quibble with this, but the simpleton's take here is, look, if this competition were fair, if China wasn't stealing American ip, but paying American businesses fair market rates to license it, there might be no trade deficit. $300 billion annually was a staggering figure. The commission recommended the White House move urgently to establish a quick response capability that could basically ban and sequester any Chinese import that relied on stolen ip. Obama was ready to move, but first he decided he'd raise the issue forcefully with China's newly promoted President, Xi Jinping. Here's Evan Medeiros, the China Director at the National Security Council under Obama.
[15:28]
Evan Medeiros
So what we realized was we really were going to have to go to modern top. We were going to have to signal to the top. One of the most difficult diplomatic tasks that we had was trying to sensitize China to this distinction between regular intelligence and, let's call it, economic espionage. I can remember one conversation in particular in June of 2013 at Sunnylands.
[15:53]
John Carlin
President Obama and his Chinese counterpart, Zhao Jinping, have ended their two summit in Southern California. During a walk around the Sunnylands estate.
[16:02]
Nicole Perlroth
In Palm Springs, Mr. Obama told reporters.
[16:04]
John Carlin
That his meeting with the President, with President Xin Zhai, has been terrific.
[16:09]
Barack Obama
It gives me great pleasure to welcome President Xi back to the United States.
[16:15]
Evan Medeiros
Remember, Obama did something he very, very rarely did. He raised it with Xi Jinping, and you got this sort of standard oblique leak, Chinese talking points back. Obama raised it a second time with Xi Jinping, sort of what we used to call the double tap, and said, no, this is really serious. And I'm telling you, as the president, our government actors don't conduct economic espionage and we don't give it to American companies. And Xi Jinping acknowledged it. And then Obama did a triple tap and he said, look, if we don't solve this issue, it's going to become a very serious problem for our governments and our businesses. And Xi Jinping just sort of stopped, put down in his pen, looked up and said, I got it. Let's move on.
[17:04]
Nicole Perlroth
All the dominoes were in place. Obama's triple tap at Sunnylands, the commission, the interagency task force. Finally the US was in position to punish China, to actually ban Chinese imports. Built off our own stolen ip. And it might have set the world on a new course had it not been for a certain someone.
[17:30]
Matt Turpin
My name's ed Snowden.
[17:31]
Nate Fick
I'm 29 years old.
[17:33]
Matt Turpin
I work for Booz Allen Hamilton as an infrastructure analyst for NSA in Hawaii.
[17:39]
Nicole Perlroth
Edward Snowden is now an international outlaw. In hindsight, the timing here was stunning. Within 24 hours of Obama and Xi's face off at Sunnylands, Edward Snowden started leaking out classified NSA documents revealing the extent of America's surveillance programs. Snowden's timing could not have been more convenient for China. It was the ultimate get out of jail free card. The leaks gave the PRC the perfect whataboutism to push back and say, see, we're not the problem. The United States is the problem. And in the blink of an eye, the US Went from hacking victim to hacking assailant. And the White House would spend the next two years fending off a relentless drip, drip, drip of damning accusations that it was embedded in everything from America's biggest technology companies to Angela Merkel's cell phone. In Angela Merkel's summer press conference, the last one before elections, more than half the questions were about the NSA spy scandal. Europe's anger over surveillance activity by the United States is just the latest foreign policy disruption created by leaked information from the National Security Archives. The NSA analyst can target your email, can target your browsing history, your online chats without a warrant. Chinese hacking just seemed to drift from public view. Occasionally, the government would do something to pull it back on the front page, like in 2014 when John Carlin's team at the justice department indicted the PLA's hackers, ones with memorable online aliases like Ugly Gorilla, the ones who'd come for us at the New York Times. But for the most part, it was Snowden and really the nsa that continued to occupy global attention. Chinese hackers had become a footnote but then in 2015, the CCP overstepped.
[19:45]
Earl Warren
We've got breaking news coming in right now on the hack of the government's Office of Personnel Management. In the last hour and a half.
[19:51]
Nicole Perlroth
OPM announced that as many as 25 million people may be affected by the breach. That there were loud calls for the firing of the top administrator at the Office of Personnel Management after it was revealed the hack of government computers is five times worse than previously reported. In a brazen attack, Chinese hackers came for the mother load. Opm, the US Office of Personnel Management. You can think of OPM as the Fed's HR department. Think of all the personal forms you've had to fill out anytime you've gotten or even applied for a new job. Now level that up. A few security clearances, that's the treasure trove Chinese hackers got a hold of at opm. Here's Jim Lewis.
[20:37]
Jim Lewis
When you join the government, you have to fill out a form that have you ever been arrested? Did you smoke dope? Blah, blah, blah. You know, the correct answer is no, by the way. And they got all those forms.
[20:48]
Nicole Perlroth
Chinese hackers got the minute personal details, background checks and medical histories of every citizen who had ever applied for a security clearance. All told, some 22 million US federal workers and contractors saw their most personal details hacked by the Chinese government. The scale of the attack set a new record.
[21:12]
Matt Turpin
That information probably wasn't just taken to be taken, it was probably taken to be put to work.
[21:18]
Nicole Perlroth
That was Steve Stone. He's tracked Chinese threat groups for more than a decade inside government and industry. Among those stolen bits of information were millions of fingerprints, which when you stop and think about it, is pretty much the worst case scenario for any American spy. You can change aliases all you want, but as far as I know, fingerprints can't be burned off or changed. That means our spies could be compromised with just a touch. And then there was the not insignificant fact that it wasn't just federal applicants who were impacted, but anyone who lived with them. Here's John Carlin again.
[22:01]
John Carlin
My daughter's first real piece of mail addressed to her. She was literally a baby. Was old enough though to see and be excited. Her name was on the envelope was saying that her identity had been stolen in that hack along with the rest of our family. That I think was of such a scope and scale that that long. And came shortly on the heels of the PLA indictment where we were talking about it publicly and where they were noisily denying that they ever did such things that I Think that helped as well to bring China to the table, but also to convince our own folks in government that something had to be done.
[22:48]
Jim Lewis
And at that moment, Obama said, I've had it.
[22:53]
Nicole Perlroth
A breach of OPM scale. Its severity could not be allowed to stand. But here's the catch. As the unwritten rules of espionage go, the OPM breach was actually fair game. Technically, the hack was government on government, the CCP seeking intel about an adversary, about American government workers and potentially US spies. It's the kind of thing spy agencies target all the time. The Obama administration couldn't set the red line at the OPM breach, not without hamstringing its own intelligence operations. But it also couldn't turn a blind eye, not with the whole country and the entire US government apparatus watching. Continuing with our breaking news is that we are learning more now about the breach at the Office of Personnel Management.
[23:43]
Matt Turpin
The massive computer hack that the Obama administration says may have compromised the personal information of more than 21 million people. @ first, the federal government said only federal employees were targeted, but the administration then said the number was much bigger.
[23:59]
Barack Obama
We're going to have to be much more aggressive, much more attentive than we have been, and this problem is not going to go away. It is going to accelerate.
[24:07]
Nicole Perlroth
The OPM breach, its scope and the publicity around it gave the administration the opening they needed to come down hard on all the hacks that weren't fair game. The economic espionage, IP theft. In just a few months, Xi Jinping was scheduled to come to the White House for his first official state visit as president. That gave the White House some leverage. Obama's team was prepared to cancel Xi's visit entirely or welcome him with sanctions. For a man and a party obsessed with image control, this would have been unacceptable. Here's Dmitri Alperovich, who was liaising with Obama officials at the time.
[24:53]
Dmitri Alperovich
They didn't want any hitches, they didn't want any embarrassments.
[24:57]
Nicole Perlroth
The month before Xi was slated to visit, the Washington Post reported that the White House was preparing to greet President Xi with a package of unprecedented sanctions against the Chinese companies and individuals who'd profited off Chinese hacking.
[25:13]
Dmitri Alperovich
And the Chinese absolutely panicked over that. And literally within 48 hours, a huge delegation of Chinese officials, senior officials, flies in to negotiate with the US and really ask, please, please don't do anything while Xi is here. We can't embarrass him. What can we promise you to avoid that?
[25:33]
Jim Lewis
They sat down with their Chinese counterparts and had very long negotiations. Some of them ran from dinner time to the next morning on what would the Chinese be willing to give up? It's not like the Chinese said, okay, we give up. You caught us. They, of course, fought every inch of any concession, right? And it took the powerful threat of Obama canceling Xi's visit, of Obama telling the world he's canceling Xi's visit because of this espionage. The Chinese couldn't accept that.
[26:10]
Nicole Perlroth
And here's Dmitry again.
[26:12]
Dmitri Alperovich
They proposed this idea of, how about we do a moratorium sort of deal where we both decide not to engage in economic espionage. Of course, that was an easy gift for the US because the US Had a standing policy to not do it to begin with. But the Chinese obviously wanted it to kind of save face and claim that both countries are disarming themselves in a way. And I was told by participants in the room that were negotiating this in a Marriott hotel in Washington, D.C. because they couldn't actually get into the White House, it was so late that their negotiations were going for so long, and they were in shock. They, like, went out of the room and they're like, did we just hear them say that?
[26:52]
Nicole Perlroth
In sweeping tales of espionage and intrigue, backchannel diplomatic negotiations at a Marriott don't typically get their moment in the sun. And in cyber circles, there's a healthy dose of skepticism for the role diplomacy can realistically play in securing digital borders. For one, governments frequently rely on proxies to do their dirty work. So they can always say, it wasn't us, it was these hackers. We can't control ourselves. For another, hackers are tucked so deeply into the shadows that establishing what they can and cannot do there can be a fool's errand. But diplomats say it shouldn't be underestimated. Meet Ambassador Nate Fick, who until very recently served as the United States first ever cyber ambassador.
[27:43]
Nate Fick
Like it or not, in the digital domain, we're kind of stuck with each other. One of the things that diplomacy can do is to make clear that we know what you're doing, we know what your intent is behind it. Here's the evidence, and here's why we believe it's outside the bounds of responsible state behavior.
[28:04]
Nicole Perlroth
Here's Jim Lewis again, talking to some.
[28:07]
Jim Lewis
Of the current leaders on the Hill who are very concerned with China as they should be. And I said to them, what's your engagement strategy with China? And their response was, oh, we don't have an engagement strategy with China because they don't agree with us. Can you imagine Brzezinski or Kissinger saying, we're not going to Talk to them because they don't agree with us. That's kind of the whole point. It will be difficult, but we are going to need to sit down with the Chinese, with our allies, and say, you're not going away. How do you fit into the world? What is the end game here? How do we integrate China as a responsible participant? The US is still kind of. We're in that early 1950s hysteria over China. Chinese are bad, no doubt about it, and hacking is part of that. But we have to come up with an engagement plan that eventually leads to China being more responsible in international relations. We don't have that now.
[29:08]
Nate Fick
So diplomacy, of course, also requires that people pick up the phone. It takes two. And I think one of the challenges with the PRC with China in the last couple of years has been it hasn't always felt like we had a willing interlocutor.
[29:25]
Nicole Perlroth
By the way, that phone that Nate's talking about, it's not just metaphorical. In an operations center at the State Department sits a relic from the Cold War, a red phone. It's connected to Moscow.
[29:38]
Nate Fick
If you remember, last year, there was a missile that detonated in Poland and it killed a Polish farmer. And shortly after that happened, there was speculation in real time that it was a Russian missile. Well, the phone rang at the State Department and it was the Russians. And the basic message was, we don't know what that was, but it wasn't us, which was a really important piece of information at NATO. For NATO at that moment.
[30:07]
Nicole Perlroth
The darkest days are when that red phone comes in handy. But the US has no red phone with China or really any historical pattern of managing through conflict, which is what made the PRC's willingness to concede on cyber theft so stunning. Back in 2015, the Chinese were so.
[30:27]
Dmitri Alperovich
Concerned that she was going to end up with egg on his face that they put this forward of, how about we do a moratorium? And, you know, the people that were in the room were just like, trying to hide their excitement that they could not believe that they could get something like this done. There was obviously a lot of skepticism about whether they would honor, but just the idea that they would commit to something like that publicly was a really big deal.
[30:53]
Nicole Perlroth
The explicit language that Obama and Xi were able to agree upon was unprecedented. The fact that they stood side by side to announce that agreement publicly, that was revolutionary.
[31:06]
Barack Obama
We've agreed that neither the US or the Chinese government will conduct or knowingly so support cyber enabled theft of intellectual property, including trade secrets or other confidential business information, for commercial advantage. So this is progress.
[31:22]
Nicole Perlroth
There were plenty who thought that Xi's public acknowledgment of corporate cyber espionage was the victory in itself. No one thought China would actually abide by the terms of the deal. Back at the times, I was beyond skeptical. The PRC had been cheating the system for so long and it had been so vital for China's so called economic miracle. This notion that China would suddenly follow the rules, turn off its golden spigot struck me as implausible to say the least. But then that's exactly what happened. Almost overnight, the pace and frequency of these breaches plummeted. Here's John Carlin again.
[32:09]
John Carlin
I was surprised that we reached the norm. And I was even more surprised when we actually saw a decrease in hacks that looked like they were occurring in that space.
[32:20]
Nicole Perlroth
And here's Kevin Mandia, who was tracking Chinese apts as closely as anyone over that 2015 time period.
[32:27]
John Carlin
We could lock in on the Chinese threat pretty well.
[32:30]
Nicole Perlroth
And again, between seven 80 companies a.
[32:32]
John Carlin
Month, sometimes only 30 companies were compromised.
[32:34]
Nicole Perlroth
In a month and it went down to four or five in August of 2015.
[32:38]
John Carlin
And it never comes back up really for a while.
[32:41]
Nicole Perlroth
And people will say, well, it didn't come back up because China evaded your detection. No, not really. Their behavior changed. You know, it's, they're not going to change. We've observed them for so long, we.
[32:54]
Dmitri Alperovich
You know, they changed their behavior when they have to. They were told to change their behavior.
[32:59]
Nicole Perlroth
The thing is, they weren't told to change all their behavior. The frequency of attacks dropped dramatically. But back at the times, I started getting tips about breaches at health insurers and travel and hospitality companies. Anthem, Primera Marriott, the Fed's preferred hotel chain were all getting hit. A number of backend airline reservation systems had also been popped around the same time. The digital crumbs all led back to Chinese apts. I called higher ups in the Obama administration and asked if this meant their moratorium was off. These were private American businesses getting hacked by the Chinese. On its face, it was a blatant violation of the Obama Xi agreement. But the officials had an awkward response. Actually, no. They told me the attacks on Anthem, on Marriott were fair game. Chinese hackers weren't there for intellectual property. This, like the OPM breach was standard counterintelligence. Here's John Holtquist, Mandiant's chief analyst.
[34:14]
John Carlin
Took us a while to realize what was going on. I realized that the connecting tissue here was the activity seemed to be all really things that you would need to track people right or surveil people, even though at first it didn't really make a lot of sense. If you watch it for long enough, all those clues start adding up. In that group in particular, we just slowly started to see this interest in that sort of data.
[34:41]
Nicole Perlroth
The Chinese were building a repository of Americans personal data. The PRC could take the information they already had on US Government workers from the OPM breach and layer on the data they stole from backend airline and hotel reservation systems. Using that, Chinese analysts could cross check a government employee's flight itineraries and hotel stays with those of Chinese citizens to see who is flying to which cities or staying at the same hotels at the same time. Bingo. You've got yourself a short list of suspected American spies and Chinese double agents. This wasn't a violation of the Obama xi moratorium on IP theft. This was Spycraft 101. And if the PRC could mine that data effectively, it would make it much, much harder, if not virtually impossible, for American operatives to build effective covers and recruit Chinese intelligence assets. This, by the way, coincided with a broader and brutal campaign by the CCP to dismantle American intelligence gathering in China. Here's my friend and former Times colleague Mark Mazzetti talking to npr.
[35:58]
Mark Mazzetti
People were captured. They're killed. More than a dozen of the CIA informants were killed and executed. One was even were told shot in a sort of courtyard of a government building in front of his colleagues as a sort of message to for those who might be thinking about spying for the CIA. They didn't ultimately determine what had happened, how this breach had occurred. There were some who thought that there was a mole in the CIA giving the Chinese the sources. Or some thought that there was a technical problem, that the Chinese had hacked into the encrypted system that the CIA uses to talk to its informants. There's no question that this was a huge setback for the CIA in terms of understanding what is going on in China.
[36:38]
Nicole Perlroth
What China was advancing with attacks of opm, Marriott Anthem would set the CIA back even further. Essentially, they were building out a tracking program that could catch American spies even before they went operational.
[36:55]
Dmitri Alperovich
Yeah, there was a clear strategy by China to collect as much data as possible on every living American from birth, to try to get their health records, to try to get their travel data. It wasn't just the hospital, the hotel companies are getting hacked, the travel agencies and airlines, so you could map out where everyone was going and when and why. And that would be very helpful for them to identify the assets that they're recruiting. Because the hotel registration data would tell them when a Chinese national was in the same hotel as one of the people that they suspect might be an FBI agent or CIA agent. Right. Huge for trying to identify our assets in country, even when they're traveling outside of the country. And then the idea that this really breaks down, particularly when you add biometric data to this as well. The idea of a cover. Right. In the intelligence world, that if all of this data is collected on you since birth and at some point in your career, in your life, once you graduate from college, you decide to join the intelligence community, well, it doesn't matter if you get a fake name and a fake passport. So much of your data has already been collected that there's no way that you can operate under a cover.
[38:11]
John Carlin
We started seeing them target the bulk collection of personally identifiable data or sensitive data, health data, travel data. And to your point, that could be used quite potently for counterintelligence purposes, both for seeing what someone else's spy services are trying to do, tracking military movements, but also targeting particular individuals for recruitment, for blackmail, if you steal their emails or other content.
[38:40]
Nicole Perlroth
That was John Carlin. Now, here I should pause and note that China is not the only nation state engaged in bulk data collection. Edward Snowden clarified what most in the intelligence world already knew. The US Is definitely engaged in this kind of surveillance, too. It's, as Jeremy Bash, the former chief of staff at the CIA, put it.
[39:03]
Evan Medeiros
If you're looking for a needle in a haystack, you need a haystack.
[39:08]
Nicole Perlroth
But the sheer volume of data the PRC was collecting baffled its US Counterparts. Analysts assumed the haystack would so overwhelm Chinese hackers, they'd drown in it. Enter machine learning and artificial intelligence.
[39:25]
John Carlin
I think we assessed at the time they were collecting data of such scale that they really couldn't analyze it. But at the same time, they were investing in machine learning and the move towards artificial intelligence, which, in part, you need data to train on, but that if they could collect this data, financial, travel, health, et cetera, and then apply machine learning, they could generate insights. And they didn't even know what they could generate yet that would be used by the state, not by private companies for private commercial gain. They stole more than they had the capability to analyze at first, with the idea that they were going to develop that capability over time and help train it on some of the data sets that they were stealing.
[40:07]
Nicole Perlroth
So today, all that data stolen in the 2000 and tens could be used for prompts like, give me a list of likely Chinese informants and American spies based on OPM files, facial recognition data and overlapping travel itineraries. Essentially, it's taking that pilot surveillance program the CCP built for its Uyghur minorities in Xinjiang and apply, applying it broadly in an effort to catch US spies and their Chinese informants. And when you step back, just knowing about the sheer existence of China's AI enabled dragnet is a powerful deterrent in and of itself. Because who in their right mind would risk it all to be a CIA informant in China, knowing you're being so closely monitored and that your American handler's cover was likely blown long ago? Here's Steve Stone.
[41:08]
Matt Turpin
I would be very cautious if I really thought that the government of the country I was working in had visibility into my medical records and my flight records. All of that is at their fingertips based on what they've stolen. And I think that's from my opinion, the most impactful piece. It's all people. Every business is people business. And the Chinese hacking entities really love to steal data on people year after year.
[41:36]
Nicole Perlroth
The number of American adults who had their personal data scraped over this time period will make your head spin. Here's Bill Evanina, who served as America's top counterpart intelligence official through 2021. 80% of American adults have had all their personally identifiable information stolen by the.
[41:57]
Earl Warren
Communist Party of China.
[41:59]
Matt Turpin
The concern is that the Chinese regime is taking all that information about us, what we eat, how we live, when.
[42:05]
Evan Medeiros
We exercise and sleep, and then combining it with our DNA data with information about heredity and environment.
[42:13]
Matt Turpin
Suddenly they know more about us than.
[42:15]
Evan Medeiros
We know about ourselves. U.S. intelligence officials tell CBS News that.
[42:19]
Nicole Perlroth
China is trying to collect Americans DNA.
[42:22]
Matt Turpin
In hopes of controlling the future of health care.
[42:25]
Mark Mazzetti
A Chinese gene company that sells prenatal.
[42:28]
Nicole Perlroth
Tests around the world has been harvesting genetic data from millions of women.
[42:34]
Mark Mazzetti
The company BGI Group worked with the Chinese military to develop the tests.
[42:40]
Nicole Perlroth
All the scraping and cross matching of American's personal data was happening quietly in the background even as the IP theft dropped to near zero over those 18 months. Mandiant, CrowdStrike, Microsoft all watched with utter amazement as Chinese cyber enabled industrial espionage just seemed to magically melt away. But in the backdrop, something big was brewing.
[43:10]
Dmitri Alperovich
A lot of activity diminished and stayed there for about a year, year and a half. And I think part of it was due to a deal, part of it was actually due to the fact that the pla, the Chinese military was getting reformed massively. And of course the other thing that happened is that Donald Trump got elected and he launched the trade war.
[43:30]
Earl Warren
Other countries cheated and broke the rules. They went after our companies and they.
[43:37]
Nicole Perlroth
Stole our intellectual property like it never.
[43:42]
Earl Warren
Even belonged to us, like it wasn't our idea in the first place.
[43:47]
Matt Turpin
Today, news that even more businesses could pay the price, with China warning of another $60 billion in tariffs targeting more than 5,000 US products, everything from coffee to furniture to auto parts.
[44:00]
Dmitri Alperovich
I think the combination of all of these things ultimately made China say, screw this, we're going back at it.
[44:09]
Nicole Perlroth
Less than two years in, the Obama Xi agreement fell apart. Now skeptics argue Xi never planned to stick to the deal in the first place, that it was always a ruse, a way to get the White House off its back while the PRC reset and reintroduce entrenched. Others maintain the moratorium would have stuck had Trump not kicked the tables over what we do know is that when Chinese IP theft resumed, it looked nothing like it did before China used the lull of the agreement to radically overhaul its hacking operations. Gone were the most polite hackers in cyberspace. Gone were the Clemson calling cards. They'd still leave them, but only when they wanted to. This next iteration of hackers had skills the likes of which we'd never seen, and once the deal was off, the CCP put them to use with a vengeance. That's next on To Catch a Thief. Follow To Catch a Thief to make sure you don't miss the next episode and if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubric in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Perleroth and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Gabauer, and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.