
Loading summary
Narrator
This is truly an everything everywhere, all at once scenario. We see it in the transportation sector. We see it in the water sector. We see it in the communications sector.
Nicole Prolorath
We see it in the energy sector.
Narrator
And the worst day is an everything everywhere, all at once scenario. There's no reason for them to be in our water. There's no reason for them to be in our power. This is a decision by an actor to actually focus on civilian targets. That's not what we do. Russia is much like a hurricane. They're aggressive and come at us hard and fast. But China is climate change.
Nicole Prolorath
I'm Nicole Prolorath, and this is to Catch a Thief. Imagine you're the general manager for a local utility. Your company handles power and drinking water for a population of about 30, 15,000. It has for more than a century. Even at this relatively small scale, there are still miles of pipes and untold numbers of valves to maintain and keep an eye on, like utilities across the country, you've enlisted the help of technology, software to keep the power on and the water flowing smoothly and save for hurricanes and the occasional downed power line. It has. And then one Friday afternoon, you get a call. It's the FBI. They tell you you've been compromised. This is not a hypothetical meet. Nick Lawlor.
Nick Lawlor
Yeah, it was the Friday before Thanksgiving. I remember it being a beautiful day. It's funny how you can remember certain things from a certain day when something like that happens. Right. I was out doing yard work and the call actually came through to our assistant general manager at the time, and he sent the call to me. It was a call directly from FBI offices in Boston, Massachusetts.
Nicole Prolorath
Did you think that this was an actual FBI agent or did you think this was a spam call?
Nick Lawlor
No, he wanted me to give him my personal email address and he wanted to send me an email with a link to click to kind of figure out what was going on on our networks in Littleton. It reminded me a lot of the Microsoft spam calls that you get, that your operating system's out of date and, you know, please send us an email and we'll get up to date for you. That's what it seemed like. So I obviously didn't trust him. And he kept on saying he needed to get on our personal email so that way the threat actors couldn't detect his presence.
Nicole Prolorath
Yeah, right. He was going to hand over his personal email and click on a link from some dude claiming to be from the FBI.
Nick Lawlor
I really did not believe that it was real. Didn't believe him. I asked him to Repeat his name, then hung up the phone on him and then looked up our local FBI Boston office telephone number. I called that directly, asked for that gentleman and he was there. And he answered the phone and carried on the conversation like I didn't hang up the phone on him, which I still didn't give him my email address and still didn't think it was real, still thought it was some sort of scam. We said, if this is a real event and it's as serious as you say it is, then we'll see you in person on Monday morning. He was there at 10 o'clock sharp. Then I got the call from the office and two gentlemen are here to see you. One from Homeland Security and one from the FBI. And I'm like, oh my God, this is real. Okay.
Nicole Prolorath
From the X Files.
Nick Lawlor
Yeah, the X Files. The whole thing was like the movies and even at that point you still don't believe it. That's when they started talking about threat actors and really who they were. They slid a document in front of us, you know, and head right on there, you know, nation state actor, Volt Typhoon. And that's the first I ever heard of Volt Typhoon.
Nicole Prolorath
Volt Typhoon. Volt Typhoon is industry code for Chinese state sponsored hackers. But not just any hackers. These guys were elite specialists tasked with one insidious mission, embedding themselves in our critical infrastructure. The agents told him these specialists were inside his utility at that very moment and that it wasn't alone. Some 200 other critical entities across the nation were hit too.
Nick Lawlor
So they explained Volt Typhoon and I remember saying to him, so we're under attack from China. And he's like, who said China? And I'm looking at the pamphlet right on there, it says, you know, Volt Typhoon, the nation state threat actor from China. I'm like, well, I don't know. I mean, the paperwork says it, but they are very diplomatic and very careful what they said. They reiterated the 200 organizations that had been compromised. They kept saying that we're the top priority of the federal government, which blew me away, you know, because we're a small town. You never would think that we were the focal point of the Chinese government trying to, you know, wreak havoc on our critical infrastructure.
Nicole Prolorath
Did you do one of these where you're just kind of like, what are you saying? Like, what are you talking about? What do you mean the Chinese government is inside our utility?
Nick Lawlor
Yeah, I'm an extremely direct individual and I was very blunt with them in what I was saying even then. I still didn't believe it. It just seemed too fake to me. Seemed like movie. You start thinking of these guys, the threat actors. Anybody can go buy a suit and, you know, print out some piece of paper and show up at the utility. It come out saying, how can we be the top priority of federal government? And we have pretty good contacts with the Department of Energy through our trade association, American Public Power Association. So I called down to our contacts and just said, you know, I miss a lot. They can't tell me because I'm not. I don't have security clearances, and just said, hey, this just happened. Can you just tell me if Littleton is the top priority of the federal government? And they laughed at me a little bit. And then they said, what's going on? And I imagine Volt Typhoon. And then it was just silence, like, okay. Oh, my God.
Nicole Prolorath
By the time the two men from FBI and cisa, the Cyber Defense Agency, arrived at Nick's office that Monday in 2023, volt typhoon had been in Littleton's networks for 10 months. But beyond Littleton, they'd been burrowing into American infrastructure. Ports, airports, railways, water pipelines, the power grid for years. When you called up these other utilities and said, hey, this is what we've lived through. This is real, what was the response or range of responses?
Nick Lawlor
Yeah, there's a range. There's still some utilities that think they're too small and never happened to them. There's some utilities that think they're very good and it won't happen to them. But we need to be prepared, and we need to have processes in place to be able to handle it and mitigate it as quickly as we can.
Nicole Prolorath
For Nick, the implications of this kind of infiltration are clear chaos.
Nick Lawlor
I mean, Americans can't live without power for 24 hours before they start losing their mind. And we're very much involved in mutual aid. So we see firsthand after a hurricane hits how quickly you need to get the electricity restored to businesses and residents. From what we can tell, Volt Typhoon was gaining access to multiple networks to be able to create havoc in the United States at a point in time. And we could all guess what that point in time could be, and we'd probably all be wrong. But there was. You know, there's some thoughts that relate to Taiwan.
Nicole Prolorath
The first inkling that the PRC might be pivoting into US Infrastructure had surfaced well over a decade ago, buried in the noise of 2012. Late that year, a Canadian company you've never heard of in an industry that's as dry as they come. Discovered it had been hacked badly by China. This wasn't huge news at the Times. I was busy unspooling our own attack. And remember, this was a period when every company with any data of interest was getting hacked by the ccp. And at first glance, this case looked no different. The victim was the Canadian division of a company called Telvent.
Narrator
Telvent, a Madrid based company, they make IT systems that monitor everything from electric utilities to traffic flow. Telvent makes information technology systems, so called smart grids.
Nicole Prolorath
Televent's industrial automation software gives companies the ability to keep tabs on their oil and water pipelines and power lines from afar. Using Telvent software, engineers can detect a pipeline leak 100 miles offshore or a faulty circuit breaker in the grid. A water utility worker could use Telvent software to detect a burst pipe or potentially any unhealthy fluctuations in chemicals like fluoride. If you've ever heard techies talk about software eating the world, this is what they mean. We have been baking software into everything from our gas and water systems to your Domino's pizza order with Narya. Care for how all this digital convenience and connectivity might one day be used against us. I had never heard of Telvent until I got a call from a guy named Dale Peterson. Dale has been his early career doing cryptography at nsa. These days, he's one of the world's leading consultants in industrial control security, an especially terrifying subset of the cybersecurity industry that examines the myriad ways hackers can break into our pipelines, water systems, chemical plants and. Well, you get the picture. If there's an incident brewing at a utility or a pipeline, chances are Dale knows about it.
Dale Peterson
I think as soon as I heard about it, just because we hadn't seen them go after a target like this on a stealthy manner. And as you know, you don't get a lot of details from these companies when they're hacked. But the details they did provide indicated that there was more than just a casual intrusion, that they had been there in, in there in a while and they were getting deep into their system.
Nicole Prolorath
Dale has a cryptographer's calm, careful way about him. He's not easily spooked. But when he rang me in late 2012, he sounded noticeably shaken.
Dale Peterson
The thing that really got my attention was these remote connections to these other sites that I've been on the other end with customers. I know that from that location they used to connect in to support projects that were being deployed. So it was something that put a Lot of large, important companies at risk.
Nicole Prolorath
Key to what Dale just said are two remote connections. Telvent software didn't just monitor critical infrastructure. It had direct remote access. And now that access belonged to Beijing too. As Dale spoke, I Googled Telvent. And there in big bright letters on its website was the following stat. Telvent software connected into more than half of the pipelines in North America. Now it's critical to place ourselves here. This was 2012. Russia wouldn't hack Ukraine's grid for another three years. At that point, it was still hard to fathom why China's hackers would even want direct access to our water and gas pipelines. We had yet to see any serious cyber attack on critical infrastructure anywhere in the world, with one notable exception.
Narrator
The story of what we know about the Stuxnet virus begins in June of 2010. Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some US Involvement. It was discovered just a couple weeks ago, but has been worming its way undetected through hundreds of computers in Iran and elsewhere in the Middle east for at least two years.
Nicole Prolorath
To this day, Stuxnet remains the most sophisticated cyber attack on record. For the uninitiated, Stuxnet was a joint US Israeli effort to sabotage Iran's nuclear program with code. And it worked spectacularly. For a time, it was a computer worm that someone, we still don't know who exactly, injected into the computers at Iran's Natanz nuclear plant with a thumb drive. And what that thumb drive unleashed was a string of 0 days that enabled the worm to jump the air gap from engineers, computers on the IT side, into the actual operations network where the worm buried itself inside Natan's nuclear enrichment operations. And specifically the computers that control Iran's uranium centrifuges. Those centrifuges, they form the beating heart of Iran's nuclear aspirations. Because to get weapons grade uranium, you need to enrich uranium to a very high concentration of the isotope, and that that requires spinning thousands of centrifuges at unthinkable speeds. We're talking more than 100,000 revolutions a minute. But the rotors that spin these centrifuges, they're incredibly fragile and can be quite fickle. They break all the time, and they're controlled by these specialized computers that monitor and dictate their speed. And in 2009, those very computers were now controlled by code. Working at the command of two of the world's most advanced intelligence agencies, Stuxnet got to work spinning centrifuge rotors up. Then it would sit back for a few weeks and do nothing. Then it would slow the rotors way down. Sleep, speed up, sleep, slow down, sleep, repeat. And all the while, there was this ocean's 11 quality to the whole operation. If any of Natan's engineers happened to be watching their computer screens, Everything appeared to be spinning just fine, when right under their noses, Stuxnet was actively destroying a fifth of Iran's uranium supply and pushing Tehran's nuclear ambitions back years. All carefully choreographed to look like a natural accident. Inside, Natanz, technicians couldn't make sense of it. The centrifuges were breaking down. But careful inspection turned up nothing unusual. Suspecting some centrifuge, Natan's officials started turning on each other. Several of the technicians were fired, and those remaining were told to physically guard the centrifuges with their lives. And all the while, their computers told them everything was just fine. The first inkling nuclear inspectors had that something was off Here came in January 2010. Security camera footage outside Natan's centrifuge rooms showed frantic technicians in white lab coats and blue plastic shoe coverings carting out centrifuge after centrifuge. By public accounts, 2,000 of their 8,700 centrifuges were taken out. It was in many ways the Digital Manhattan Project, only in reverse. Because this, this was a counternuclear proliferation effort. And it was a masterpiece until the day it got out. How it got out, we still don't know exactly. But sometime in 2010, Stuxnet fled the coop, escaped Natanz, zoomed around the world and infected hundreds of thousands of machines, including right here in the US at companies like Chevron.
Narrator
Chevron says its systems were at one point infected with Stuxnet. Nobody admits to it, but it's widely assumed the United States or Israel's defense forces created that virus. Now there's Flame, another virus apparently targeted at Iran. It dwarfs stuxnet.
Nick Lawlor
Flame is 20 times the size of Stuxnet.
Narrator
It spread all over the world. Most of the infections that we saw were in Iran, but ultimately it escaped Iran and began to spread, spread anywhere and everywhere. If you had a Windows machine connected to the Internet, you could get infected by Stuxnet. And it's still out there today, spreading.
Nicole Prolorath
Now. It didn't do these systems any harm. Our saving grace was that Stuxnet's code was clearly designed. With lawyers standing over developers shoulders. The worm had been carefully calibrated to exact destruction only on the centrifuges at Natanz. And Nowhere else. But once it was discovered, dissected, reverse engineered, Stuxnet showed the world, perhaps no one more so than our adversaries, the endless opportunities to use code for mayhem and destruction. And it set new rules for the game. You could now jump into another nation's most critical infrastructure. They're nuclear labs. And so long as you did it with code, you'd probably get away with it. Here's Ralph langner speaking at TED in 2011. Ralph was among the first to dissect Stuxnet and to publicly point the finger at its makers, the US And Israel. And he was the first to warn the world that this weapon we had just unleashed could come boomeranging back on us.
Narrator
This attack is generic. It doesn't have anything to do in specifics with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It's a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States, in Europe, and in Japan.
Nicole Prolorath
As Ralph spoke those words, Iran was already preparing its retribution. One year later, Tehran's hackers came for Saudi Aramco, a key source of US oil. And though they tried, they never did make the jump from Aramco's IT network into its pipelines. Tehran's hackers were still light years behind those of the US and Israel, but they still managed to decimate 30,000 Aramco computers on their way out. Just in case their motive wasn't clear here, they made a point to replace all that data with one unmistakable image. A burning American flag.
Narrator
The attack, using a virus called Shamoon, did not disrupt oil production. Calling it, quote, probably the most destructive cyber assault the private sector has ever seen. Another volley in an increasingly high stakes war going on in cyberspace.
Nicole Prolorath
But the Aramco attack still felt a world away when one month later, Chinese hackers hit Telvent. This wasn't Tehran. This was Beijing. And initially at least, there was no reason to think its hackers were doing anything beyond the usual IP theft. Automation had been listed high up on the CCP's latest five year plan, and that would have put Telvent's industrial automation software firmly in CCP crosshairs. But Dale suspected there was more to the story.
Dale Peterson
The hack got into their network in such a way that it could do a couple things. One, it could change some of the source code, deliver bad code with a backdoor or something of that nature. And they also had intellivance, not unique. They had connections to a lot of their customers. So potentially it was the first example of an attack that could be highly leveraged, where you say, if I can compromise this one system, I then can compromise all these other systems.
Nicole Prolorath
That last bit bears repeating. If I can compromise this one system, I can compromise all these others. Telvent wasn't the end goal. It was the gateway. If someone wanted to map out America's pipeline network, shut us down, or God forbid, trigger simultaneous explosions across America, Tailvent was precisely the company to hack. When I wrote up my televant investigation for the times in early 2013, I laid this all out, but I left the motive as a question mark. Was this more Chinese industrial espionage, or was this the first sign of the unimaginable? Twitter didn't like that very much. Many accused me of fear mongering. The idea China would want to hack our pipelines for anything other than IP theft was simply beyond our imagination. The US and China were so economically entangled, the idea that PRC would do anything to paralyze us was inconceivable. They'd only be shooting themselves in the foot. Or so the thinking went at the time. Now, with hindsight being 20 20, I would have worded that article more strongly. And if I hadn't been getting dunked in breaches every day, I might have been able to pull my face out of the water, taken a deep breath, heard the warnings, and seen the Telvint attack for what it really was.
Narrator
Countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
Nicole Prolorath
That was Obama sounding the Alarm in his 2013 State of the Union. And here's former Defense Secretary Leon Panetta sounding an even more dire warning right around the time till Event was in spooling its attack.
Narrator
The collective result of these kinds of attacks could be a cyber Pearl harbor, an attack that would cause physical destruction and the loss of life. An attack that would paralyze and shock the nation and create a new profound sense of vulnerability.
Nicole Prolorath
Panetta's cyber Pearl harbor speech was also derided as hyperbolic at the time. But in retrospect, that stark vision he described of hackers seizing our critical switches, contaminating our water supply, it was clairvoyant. It would take another nine years for U.S. intelligence officials to declassify their findings that yes, the Telvan attack, along with a dozen other Chinese incursions into America's pipelines over that same window, attacks that never even crossed my radar, were the beginnings of a strategic Chinese pivot.
Narrator
The administration revealed that the China had been involved in hacking of US pipelines from 2011 to 2013. Chinese backed hackers targeted and in many cases breached nearly two dozen companies that own such pipelines. The FBI and DHS unveiled over the.
Nicole Prolorath
Next decade, Chinese hackers started coming for American targets with little to no intelligence value at all, but their value for sabotage enormous.
Narrator
And now, with a program called Volt Typhoon is putting cyber time bombs on our critical infrastructure like our water, our grid and our ports. It's been pouring into the networks of aviation, rail, mass transit, highway, maritime. The program injected malware into US sectors like energy, communications and water treatment. And the bulletin reads, volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations, primarily in communications, energy, transportation systems. Critical infrastructure things like the cellular phone.
Nick Lawlor
Carriers are the target.
Nicole Prolorath
It wasn't just oil and gas pipelines. Over the next decade, they started breaking into major, major logistics hubs like Houston Seaport, the critical artery for American oil, gas and petrochemicals. They broke into US airports and railway systems. They broke into the Texas power grid. And we don't even have to imagine what a shutdown of that looks like.
Narrator
Water pipes are bursting in the frigid conditions, leaving behind a path of destruction. Outages have now hit water treatment plants, triggering dozens of boil water advisories. And with some grocery stores running out of essentials, people are lining up for help as Texans struggle. Republican Senator Ted Cruz was photographed heading to Mexico for a vacation. Even though days before he pleaded with.
Nicole Prolorath
Texans to hunker down, they started showing up in utilities that oversee power and water across the nation. Some of these were obvious targets, others not. Like that one in Littleton, Massachusetts, and hundreds just like it. Now, it's worth pausing here. It's important to take a macro view of what China was doing over the very same time period its hackers were popping up in our infrastructure.
Narrator
China this month celebrates the 10th anniversary of the Belt and Road Initiative, which ranks as the world's biggest development program ever undertaken by a single country. Over the last 10 years, the BRI, as it's generally called, has seen Chinese financial institutions lending close to US$1 trillion to finance infrastructure projects all over the developing world.
Nicole Prolorath
The Belt and road initiative. In 2013, China announced Belt and Road, a trillion dollar plus investment in building out major infrastructure projects. All around the globe with a focus on the developing world. We're talking billions of dollars of Chinese investment into foreign railways.
Narrator
The China Europe Railway Express officially launched its unified brand with eight cities including Chongqing, Chengdu, Zhengzhou, Xi'an and Wuhan as the starting station ports. The China Ocean Shipping Company, or cosco, has expanded this once sleepy wharf into a container city. China started investing $2.5 billion in the Piraeus Container Terminal seven years ago. This has since become a key part of the One Belt One Road Initiative.
Nicole Prolorath
Highways and bridges.
Narrator
Montenegro decided to build a motorway to open up the country. A Chinese bank provided a $1 billion loan in 2015. Forty bridges and 90 tunnels are expected to be built and financed by the Chinese. China is expanding the world's highest international paved road, the Karakoram Highway. This is part of a $43 billion project called the China Pakistan Economic Corridor.
Nicole Prolorath
Major oil and gas pipelines.
Narrator
Prior to his visit to China, the Saudi Crown Prince was in Pakistan where a $10 billion oil refinery investment deal was made. The refinery is in Pakistan's Gwadar Port. The Deepwater port is one of the projects that China and Pakistan have worked on under the Belt and Road framework. The leaders of China and Pakistan have agreed to build a new route to strengthen ties between their economies. They've signed a deal worth $28 billion on energy and infrastructure projects. Cambodia is now one of the fastest growing economies in the world. A major factor in such remarkable growth is this hydropower plant which meets around 20% of the country's electricity needs. The dam is part of the Belt and Road Initiative, China's trillion dollar investment in infrastructure across Asia, Africa and Europe. The Guinean government is promising to help farmers adapt and find new sources of income.
Nicole Prolorath
Power plants.
Narrator
China is building over 200 coal fired power plants through Belt and Road. So we need to look at providing renewable energy to these countries. Argentina is set to boost its energy production after announcing a major contract with China to build a new nuclear power plant in the Buenos Aires province.
Nicole Prolorath
But a couple of years into Belt and Road, China quietly announced a new initiative under the same umbrella, the Digital Silk Road.
Narrator
And a big piece of the One.
Nicole Prolorath
Belt One Road is this Digital Silk Road that ties together China to all of these countries in Africa, in the Middle east, and they're exporting these telecommunications cables.
Narrator
But going forward, China is wanting to establish what it calls more of a Digital Silk Road, that is things like telecoms and 5G investment in infrastructure.
Nicole Prolorath
Officially, Digital Silk Road was to help usher developing nations into the Internet. Age. But by providing them with cheap fiber optics, cables, networks, routers and switches, it also guaranteed the PRC permanent footing in the world's digital backbone. Chinese companies like Huawei and ZTE sold these companies on the promise of total digital optimization cuts. We sweet subsidized bargain basement prices, as Jim Lewis puts it.
Narrator
You know, the old joke is that the Americans show up with lectures. The Chinese show up with money.
Nicole Prolorath
They frequently quote 20, 30, even 40% cheaper pricing than Western competitors like Cisco and Ericsson. This all but guaranteed Glass global adoption.
Narrator
And in terms of the number of people reliant on Huawei telecom infrastructure, probably it's more of the world's population than on anyone else. Has Huawei stolen trade secrets from Cisco? Well, first of all, I mean, they are our biggest competitor on a global basis. Huawei didn't become the biggest telecom equipment manufacturer in its segment by itself. It did it because it stole Cisco technology and the technology of other companies. And Beijing really pushed it around the world. So this is really.
Nicole Prolorath
They're still stealing, right? I mean, to the tune of $600.
Nick Lawlor
Billion a year, Gordon?
Narrator
Well, it's hundreds of billions of dollars a year.
Nicole Prolorath
And that pricing made it mighty easy to ignore Washington's admonitions about potential security risks.
Narrator
Robert O'Brien, President Trump's national security adviser, is warning the Canadian government not to allow Huawei to participate participate in our 5G network, saying it was frightening and terrifying, a trojan horse that would allow the Chinese government to gather information and micro target Canadians. US Secretary of Defense Mark Esper said Huawei was the poster child for China's nefarious strategy, quote, to infiltrate and dominate crucial Western infrastructure. The Trump administration is still urging US allies to shun Huawei, claiming the Chinese telecom giant gives confidential information to China's government. The Justice Department indicted Huawei last month on 23 criminal charges, including wire fraud, money laundering and stealing trade secrets.
Nicole Prolorath
The American envoy warned Brazil against ignoring U.S. advice on Huawei. U.S. officials have been especially quick to note that Huawei's founder, Ren Zeng Fei, started his career as an engineer in the Chinese military. The plaque Ren's PLA background consumed Huawei's entire culture. Even its vernacular. Sales guys were known as guerrillas. Ren called his engineers soldiers, their managers generals. Altogether, Huawei's employees were Ren's iron army. Even their salaries, rations. And in Huawei's earliest days, Wren had a saying. A country without its own program controlled switches is like one without an army, as Ren himself alluded. But companies like Huawei, and it wasn't Just Huawei but ZTE and others, what they were doing building out the world's digital backbone. It gave China the keys to global data flows. And those keys didn't just give China the ability to intercept data. It theoretically gave them the ability to hit a kill switch at any time.
Narrator
Huawei reportedly has even more access to information, possibly about you than previously thought. Intel sources say that they've known for years that Huawei builds covert access for the Chinese government into mobile its mobile hardware, software and systems, known in the cyber world as backdoors.
Nicole Prolorath
Now, we should note that US officials have never offered any proof that the PRC has used Huawei or ZTE systems for espionage or sabotage. And Huawei has emphatically denied it has ever or would ever give the Chinese government any information or freely hand its equipment over for all out cyber war.
Narrator
Huawei founder and CEO Ren Zeng Fei spoke with Bianna Golodrig at the company's headquarters in Shenzhen, China.
Nicole Prolorath
Have you ever given any information to the Chinese government in any way, shape.
Narrator
Or form for the past 30 years? We have never done that. And the next 30 years to come, we will never do that. Could Huawei possibly have a backdoor without your knowledge? It is not possible because across our entire organization, we've stressed once and again that we will never do that.
Nicole Prolorath
But it's very much worth noting that in 2017, China passed a suite of intelligence laws requiring any organization or or citizen shall support, assist and cooperate with state intelligence work. In effect, Chinese companies are required by law to give the PRC access to these systems or turn over data at any time. No warrant, no oversight, no due process. But with Snowden as a backdrop, over the same time period, the US didn't exactly have moral standing to be warning other countries about foreign surveillance and backdoors. In fact, in 2014, my former Times colleague David Sanger and I reported that at one point the NSA had actually broken into Huawei and used it as a conduit for its own spy ops. All of which made Washington's warnings even easier to ignore. And just. Just as the US has failed to convince the 170 million Americans to stop using TikTok, their admonitions on Huawei have been to meager effect.
Narrator
As a matter of Chinese law, the Chinese government can rightfully demand access to data flowing through Huawei and ZTE systems. Why would anyone grant such power to a regime that has already grossly violated cyberspace?
Nicole Prolorath
Today we're talking about Huawei.
Narrator
This company has also been accused, ready for this? Of working with The Chinese government to spy on its users. That has led the United States to ban American firms from doing business with Huawei. Google has warned that if Washington moves ahead with its sweeping ban on Huawei technologies, it risks compromising national security by 2020.
Nicole Prolorath
Huawei wasn't just stating selling phones and routers anymore. They were selling the entire stack. 5G networks, data centers, satellite systems.
Narrator
The future of the Internet is being built by Huawei, the tech giant spending.
Nicole Prolorath
Billions to gain the edge in 5G, the next generation wireless network.
Narrator
An edge the US government is trying hard to stop.
Nicole Prolorath
They were building out smart cities. A nervous system with connected neurons makes a human body an integrated being.
Narrator
Full of wisdom. At Huawei, we are now using our 30 years of experience to create nervous systems for cities. We call them smart city ICT networks.
Nicole Prolorath
They analyze transportation data.
Narrator
They are helping to improve urban medical services.
Nicole Prolorath
They help to improve tourism management and services.
Narrator
Huawei is now building the central nervous system for urban brains.
Nicole Prolorath
And then safe cities, complete with AI enabled surveillance cameras, facial recognition technology, crowd monitoring, behavioral analytics.
Narrator
Huawei, for example, is taking smart cities, what they call safe city solutions, into around the world. And that plays a crime prevention and emergency response role. But they're also playing public security security roles. Closed circuit cameras feed into a database with advanced artificial intelligence and facial recognition can identify everyone, cross reference license plates, and analyze unlimited information.
Nicole Prolorath
And all of it came with Chinese hardware, firmware and software that could be remotely accessed or frequently maintained with updates from China. Software was eating the world. China was baking its digital sensors and software into cities, bridges, traffic systems, waste collection, water treatment, hospitals, homes, cars. And nobody paused to think about how all this digitization might come back to eat us. Now, here is where I should tell you that I am among those who thought US warnings about Huawei were totally over the top. If there were actual instances of Chinese spies intercepting data through Huawei or ZTE, my personal feeling here is that the US intelligence community should present them. Same goes for TikTok. Listen, I'm sensitive to the need to protect sources and methods here. But if the Chinese government is using tactics TikTok to spy on Americans or somehow tweaking the algorithms to spoon feed CCP propaganda to Gen Z, the US government should declassify that because we know their finger wagging doesn't work. And the reason we know it doesn't work is because all you have to do is travel to any major European city these days and you will see Huawei all over the place. In downtown Kyiv, in downtown Copenhagen, they are running hundreds of Smart city pilots around the globe. Huawei's equipment is baked into 5G networks in Germany and even cell towers in rural America, many of them uncomfortably close to our most sensitive missile sites in places like Wyoming, Nebraska and Montana.
Narrator
In the last couple of years, Huawei has managed to install and maintain a handful of networks in US Rural markets, including a vast quadrant of southwestern Kansas. The FBI knew that these small rural telecommunications companies out in the Midwest were.
Nicole Prolorath
Using Chinese made Huawei equipment on top of their cell towers in places like Colorado and Nebraska that were close to.
Narrator
Sensitive military installations, including US Nuclear missile silos.
Nicole Prolorath
Now, last year Germany said it would start excluding Huawei and ZTE from its 5G networks. But ripping these systems out isn't easy. Under Biden, Congress allocated billions of dollars to rip and replace these Huawei systems from rural America. And that wasn't nearly enough.
Narrator
These small rural telecom companies have been mandated by the FCC to rip and replace the equipment. But the amount of money Congress has appropriated to reimburse them is about $3 billion short of what it's going to cost all these companies to get the job done.
Nicole Prolorath
And again, I maintain what I still believe is a healthy skepticism about US concerns on Huawei and other Chinese suppliers throughout the 2010s. But all of that went out the window when in 2020, Chinese hackers started coming for US infrastructure with unnerving frequency. What started with these Chinese hacks of US Pipeline operations and their software suppliers became an all out assault on US critical infrastructure. By 2020, Volt Typhoon was turning up across the country. And the fact that anyone picked these up at all was a tiny miracle. These weren't smash and grab hacks, far from it. They weren't even hacking in anymore. They were logging in in low and slow attacks, blending in like any other employee. They didn't use malware, they didn't siphon much out, they were careful to delete their tracks. Their primary goal appears to have been to get in, stay in, and ensure they had the ability to come back any time. Experts have a name for this style of attack. They call it living off the land.
Narrator
All of a sudden we see Chinese threat groups since about late 2020, at least from my observables, hack in. And we don't know why, because they're not the tank through the cornfield. They're hacking in and just that's it, there's no other activity. And then you're like, why are they there?
Nicole Prolorath
They're here, lying quiet. The only question now is, what's the trigger? And what happens when they pull it.
Narrator
My usual line is you don't hack infrastructure for fun, right? It's reconnaissance. It's target reconnaissance for the event event of a conflict between the United States and China.
Nicole Prolorath
That's next on To Catch a Thief. Follow To Catch a Thief to make sure you don't miss the next episode and if you like what you hear, rate and review the show. To Catch a Thief is produced by Rubric in partnership with Pod People, with special thanks to Julia Lee. It was written and produced by me, Nicole Prolorath and Rebecca Chasson. Additional thanks to Hannah Pedersen, Sam Debauer and Amy Machado. Editing and sound design by Morgan Foose and Carter Wogan.
Podcast Summary: "To Catch a Thief: China’s Rise to Cyber Supremacy"
Episode 7: "Everything Everywhere All At Once"
Release Date: April 28, 2025
Introduction
In Episode 7 of "To Catch a Thief: China’s Rise to Cyber Supremacy," host Nicole Perlroth delves into the intricate and pervasive nature of Chinese cyberattacks on American critical infrastructure. Titled "Everything Everywhere All At Once," this episode explores the evolution of Chinese state-sponsored hackers, their strategic infiltration of various sectors, and the broader implications for national security.
The Compromise of Littleton
The episode opens with a gripping account of Nick Lawlor, the general manager of a local utility in Littleton, Massachusetts. On a seemingly ordinary Friday, Lawlor receives a suspicious call purportedly from the FBI, alerting him that his company's network has been compromised by Volt Typhoon—a code name for Chinese state-sponsored hackers.
Nick Lawlor [02:05]: "I really did not believe that it was real. Didn't believe him... It was the first time I ever heard of Volt Typhoon."
Despite initial skepticism, Lawlor verifies the authenticity of the call, leading to a confrontation with FBI and Homeland Security agents. They reveal that Volt Typhoon had infiltrated not only Littleton's utility but also around 200 other critical entities nationwide over the past ten months.
The Rise of Volt Typhoon
Volt Typhoon represents a significant escalation in Chinese cyber capabilities. Unlike earlier, less sophisticated attacks, Volt Typhoon's approach is methodical and strategic, embedding itself deeply within critical infrastructure sectors such as energy, water, transportation, and communications.
Narrator [00:17]: "China is climate change."
This metaphor underscores the gradual yet pervasive infiltration by Chinese hackers, contrasting with the more aggressive and overt tactics historically associated with Russian cyberattacks.
Stuxnet and Its Legacy
Perlroth recounts the landmark Stuxnet attack, a joint US-Israeli cyber operation aimed at sabotaging Iran's nuclear program. Discovered in 2010, Stuxnet was unprecedented in its sophistication and specificity, targeting Iran's uranium centrifuges without causing immediate physical destruction.
Narrator [12:19]: "Stuxnet remains the most sophisticated cyber attack on record."
The episode highlights how Stuxnet set a new precedent for cyber warfare, demonstrating the potential for code to cause physical damage and disrupt national capabilities. Stuxnet's success also revealed the vulnerabilities inherent in interconnected systems, paving the way for future state-sponsored cyberattacks.
Chinese Cyber Strategy and Industrial Espionage
Following Stuxnet, Chinese cyber activities expanded beyond intellectual property theft to include sabotage and infrastructure disruption. The Telvent hack in 2012 serves as a pivotal example, where Chinese hackers infiltrated a Canadian IT company specializing in industrial automation. This breach granted them access to critical systems managing pipelines, water treatment, and power grids across North America.
Dale Peterson [10:17]: "It could do a couple things... it could change some of the source code, deliver bad code with a backdoor or something of that nature."
The Telvent incident exposed the strategic intent behind Chinese cyber operations: leveraging compromised systems as gateways to broader infrastructure networks, thereby increasing the potential for large-scale disruption.
Digital Silk Road and Huawei's Role
Simultaneously, China was advancing its global influence through the Belt and Road Initiative (BRI), which later expanded to include the Digital Silk Road. This initiative aimed to integrate developing nations into China's digital infrastructure, primarily through Chinese technology companies like Huawei and ZTE.
Nicole Perlroth [31:05]: "The Digital Silk Road was to help usher developing nations into the Internet Age... it also guaranteed the PRC a permanent footing in the world's digital backbone."
Huawei emerged as a central player, offering cost-effective telecommunications equipment and 5G infrastructure. However, concerns arose regarding Huawei's potential to embed backdoors into global networks, allowing for covert data access and control.
Nicole Perlroth [35:38]: "In 2017, China passed a suite of intelligence laws requiring any organization... to support, assist and cooperate with state intelligence work."
Despite official denials from Huawei, US officials and intelligence sources expressed skepticism about the company's commitment to security, highlighting the inherent risks of integrating Chinese technology into critical infrastructure.
Current Threats and Future Implications
By 2020, the infiltration by Volt Typhoon had intensified, with Chinese hackers securing access to a wide array of American infrastructure sectors. These attacks were characterized by their stealthy nature—eschewing malware for persistent, low-and-slow techniques that allowed continuous access without detection.
Narrator [44:19]: "All of a sudden we see Chinese threat groups since about late 2020... What are they there for?"
The episode underscores the looming threat of a potential "cyber Pearl Harbor," where synchronized cyberattacks could cause widespread physical destruction and societal chaos. Former Defense Secretary Leon Panetta's 2013 warnings are revisited, emphasizing the accuracy of his predictions about the vulnerabilities of US infrastructure.
Conclusion
"Everything Everywhere All At Once" paints a comprehensive and alarming picture of China's systemic approach to achieving cyber supremacy. Through strategic infiltration, industrial espionage, and the leveraging of global initiatives like the Digital Silk Road, Chinese state-sponsored hackers pose a multifaceted threat to American national security. The episode serves as a stark reminder of the critical need for enhanced cybersecurity measures and proactive defense strategies to safeguard vital infrastructure against evolving cyber threats.
Nicole Perlroth [45:00]: "They're here, lying quiet. The only question now is, what's the trigger? And what happens when they pull it."
Notable Quotes
Nick Lawlor [02:10]: "He kept on saying he needed to get on our personal email so that way the threat actors couldn't detect his presence."
Nicole Perlroth [00:45]: "Imagine you're the general manager for a local utility... and then one Friday afternoon, you get a call. It's the FBI."
Dale Peterson [21:10]: "The hack got into their network in such a way that it could do a couple things... it could change some of the source code, deliver bad code with a backdoor or something of that nature."
Narrator [24:14]: "The collective result of these kinds of attacks could be a cyber Pearl harbor, an attack that would cause physical destruction and the loss of life."
Final Thoughts
Episode 7 of "To Catch a Thief" meticulously unravels the complexities of Chinese cyber operations, emphasizing their deep-rooted presence across multiple facets of American infrastructure. Through firsthand accounts and expert analyses, the episode illustrates the urgent need for robust cybersecurity frameworks to counteract and mitigate the pervasive threats posed by state-sponsored cyber adversaries.