"The second-largest military in the world was putting on their uniform, getting up every morning and then hacking you, hacking us, hacking private companies, and that simply couldn't be allowed to stand ... As long as we were allowing them to hack this noisily, we were creating the international law, the new norms, the new rules for this cyber age that said that this was okay.” –John Carlin, U.S. Department of Justice
Under Deng Xiaoping, China had made a real great leap forward economically, by welcoming Western businesses into their market and then plundering their intellectual property. By the late ‘00s, Chinese hackers began to take those IP heists global, with numerous U.S. companies falling victim—often with catastrophic results for their businesses.
But this hacking war was taking place largely out of sight. And when it did come to light, it was in the midst of a sea change in the Chinese hacking ecosystem.
Check out the fourth episode of To Catch a Thief: China’s Rise to Cyber Supremacy and find out the real-world effects of Chinese spying on the U.S.—and how the government started fighting back.
The secret war
China’s widespread hacking aimed at Western private companies left victims in its wake. For instance, numerous aviation companies found their IP lifted to help China build its first domestic passenger airliner, the C919. One maker of engine turbines found that their Chinese competitors were using their unaltered source code, right down to the spelling errors. That company no longer exists, and the Chinese company that stole its IP is one of the top turbine producers in the world.
There are many stories like this, and they left a trail of real-world economic destruction. A solar factory in Washington opened with great fanfare, only to soon close as Chinese companies built copycat panels using stolen IP and sold them at a discount thanks to government subsidies. Hundreds lost their jobs.
But all of this was happening under the radar. Companies knew what was happening, but were nervous to say anything publicly: they feared the liability that would come from admitting their systems had been hacked, and those that still hoped to profit from the Chinese market didn’t want to anger Chinese authorities. The U.S. government, meanwhile, couldn’t reveal much of what it knew because it was all classified.
That all changed when the New York Times went public about their own hack, and then not long afterwards when the Times’ security partner Mandiant issued a detailed report on Unit 61398, a prolific hacking team that was part of the Chinese military. With this information out in the open, the U.S. Department of Justice could begin filing prosecutions.
But the situation was still evolving rapidly. Unit 61398 had done a lot of damage, but it was a group of hackers with more persistence than skill. In the wake of its unmasking, China began to rely more heavily not on its military teams, but on a loose network of hacking experts with ties to the country’s university and tech scenes that the government could disavow if necessary. These hackers were more subtle, more talented–and sometimes would enrich themselves personally while striking blows for their country.
To Catch A Thief
Over the next month, Nicole Perlroth, bestselling author of This Is How They Tell Me the World Ends and former lead cybersecurity and digital espionage reporter for The New York Times, will take us on a tour of China’s sprawling hacking operations. This first of its kind, deeply reported audio documentary will unfold weekly through dozens of chilling conversations with industry and government cyber espionage experts.
To Catch a Thief charts the rise of China’s state-sponsored hackers, from their beginnings as “the most polite, mediocre hackers in cyberspace” to the “apex predator” that now haunts America’s most critical infrastructure.
The series features the experience and expertise of some of cybersecurity’s heaviest hitters: Jim Lewis, Mandiant’s Kevin Mandia, Crowdstrike founder Dmitri Alperovitch, Google’s Heather Adkins, and many more.
Check out this nine-episode series (produced by Rubrik) on your favorite podcast platform.