Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,835 --> 00:00:04,203 BEN: Two powers compete to dominate the global market. 2 00:00:04,238 --> 00:00:06,705 We know foreign countries and companies 3 00:00:06,740 --> 00:00:08,574 swipe our corporate secrets! 4 00:00:08,609 --> 00:00:10,642 China breaks the rules in its quest to become 5 00:00:10,678 --> 00:00:12,878 the world's economic superpower. 6 00:00:12,913 --> 00:00:15,781 There's two types of companies left in the United States: 7 00:00:15,816 --> 00:00:17,883 companies that have been hacked by China, and companies 8 00:00:17,918 --> 00:00:20,252 that don't know they've been hacked by China yet. 9 00:00:20,287 --> 00:00:22,788 Chinese hackers breach American corporations 10 00:00:22,823 --> 00:00:24,990 under direct orders from Beijing. 11 00:00:25,025 --> 00:00:27,626 This is oftentimes a military operation, 12 00:00:27,661 --> 00:00:29,428 and you don't disobey orders in the military. 13 00:00:29,463 --> 00:00:31,396 Billions of dollars worth of US trade secrets 14 00:00:31,432 --> 00:00:33,398 are stolen every year. 15 00:00:33,434 --> 00:00:36,168 The people behind the keyboard think they're anonymous, 16 00:00:36,203 --> 00:00:38,170 and these charges show you are not. 17 00:00:38,205 --> 00:00:39,972 What will it take to stop the theft? 18 00:00:42,109 --> 00:00:52,117 ♪ 19 00:01:00,961 --> 00:01:02,427 In July 2015, 20 00:01:02,463 --> 00:01:04,763 the Washington-based US Office of Personnel Management 21 00:01:04,798 --> 00:01:06,965 announced that the private records it kept 22 00:01:07,001 --> 00:01:10,002 on more than 22 million American civil servants had been stolen. 23 00:01:11,805 --> 00:01:14,806 The US government never formally blamed China, but plenty of 24 00:01:14,842 --> 00:01:17,776 unnamed officials made the accusation in the press. 25 00:01:17,811 --> 00:01:19,378 Bill Evanina is in charge of 26 00:01:19,413 --> 00:01:21,780 combatting foreign intelligence threats for the US government. 27 00:01:22,883 --> 00:01:24,883 I think the intelligence community feels pretty confident 28 00:01:24,918 --> 00:01:27,786 - we feel - with who's involved, but I'm not quite sure 29 00:01:27,821 --> 00:01:29,554 the administration has yet come out and identified 30 00:01:29,590 --> 00:01:32,958 or attributed that data, but we're pretty confident 31 00:01:32,993 --> 00:01:35,060 we know who is responsible. 32 00:01:35,095 --> 00:01:36,628 What did they take? 33 00:01:36,664 --> 00:01:39,197 What they stole, the perpetrators, 34 00:01:39,233 --> 00:01:42,701 were the SF86s and SF85s, which are the standard forms 35 00:01:42,736 --> 00:01:45,804 in which employees fill out to obtain security clearances. 36 00:01:45,839 --> 00:01:48,206 On those forms had a lot of proprietary information 37 00:01:48,242 --> 00:01:51,476 about you, who you live with, your social security number, 38 00:01:51,512 --> 00:01:53,879 your date of birth, what schools you went to, 39 00:01:53,914 --> 00:01:55,314 your employment history. 40 00:01:55,349 --> 00:01:59,318 So a lot of significant personal identifiable information 41 00:01:59,353 --> 00:02:02,487 that we consider very sensitive. 42 00:02:02,523 --> 00:02:04,823 And how long will the intelligence community 43 00:02:04,858 --> 00:02:07,659 in the United States be feeling the ramifications of this? 44 00:02:07,695 --> 00:02:10,429 Ooh, I'm not sure we could put it in terms of years, 45 00:02:10,464 --> 00:02:12,064 but I would say maybe decades. 46 00:02:12,099 --> 00:02:13,999 I don't think this is anything that's going to be over 47 00:02:14,034 --> 00:02:15,267 in a year or two. 48 00:02:15,302 --> 00:02:16,668 I think the data that's on these forms 49 00:02:16,704 --> 00:02:19,004 can be used to target US government employees 50 00:02:19,039 --> 00:02:21,373 and contractors for many, many years. 51 00:02:21,408 --> 00:02:23,408 - Were you personally... - Absolutely. 52 00:02:23,444 --> 00:02:24,576 You were personally impacted by it? 53 00:02:24,611 --> 00:02:25,677 Absolutely. 54 00:02:25,713 --> 00:02:27,846 So I am one of the 22 million victims 55 00:02:27,881 --> 00:02:31,383 that have been identified in the OPM intrusion. 56 00:02:31,418 --> 00:02:33,852 So all my personal data, from when I filled out 57 00:02:33,887 --> 00:02:37,289 my original form and subsequent background of investigations 58 00:02:37,324 --> 00:02:40,692 that I've gone through, has been compromised. 59 00:02:40,728 --> 00:02:42,361 How does that make you feel? 60 00:02:42,396 --> 00:02:43,862 Like a victim. 61 00:02:43,897 --> 00:02:47,299 Even though OPM was bad, it was classic espionage. 62 00:02:47,334 --> 00:02:49,534 Most countries would do it given the chance. 63 00:02:49,570 --> 00:02:51,370 But hacking US corporations 64 00:02:51,405 --> 00:02:53,872 to make money off of their property is another story. 65 00:02:55,242 --> 00:02:58,210 We've agreed that neither the US or the Chinese government 66 00:02:58,245 --> 00:03:02,814 will conduct or knowingly support cyber-enabled theft 67 00:03:02,850 --> 00:03:04,883 of intellectual property, including trade secrets 68 00:03:04,918 --> 00:03:06,718 or other confidential business information, 69 00:03:06,754 --> 00:03:08,553 for commercial advantage. 70 00:03:08,589 --> 00:03:11,590 In addition, we'll work together and with other nations. 71 00:03:13,093 --> 00:03:15,260 President Obama has reason to be concerned. 72 00:03:15,295 --> 00:03:17,329 For years, Chinese hackers have been a problem for 73 00:03:17,364 --> 00:03:21,266 American business, but most companies kept quiet about it. 74 00:03:21,301 --> 00:03:22,768 And then Google broke the silence on their blog 75 00:03:22,803 --> 00:03:24,803 in January 2010. 76 00:03:24,838 --> 00:03:27,172 The American technology giant had been hacked, 77 00:03:27,207 --> 00:03:29,341 and China was to blame. 78 00:03:29,376 --> 00:03:31,810 But Google wasn't the only company targeted. 79 00:03:31,845 --> 00:03:34,112 It was just the first one to go public. 80 00:03:34,148 --> 00:03:36,882 A slew of other Fortune 500 corporations were also hacked 81 00:03:36,917 --> 00:03:39,918 in an attack now known as Operation Aurora. 82 00:03:43,457 --> 00:03:46,291 What was interesting about Operation Aurora 83 00:03:46,326 --> 00:03:49,161 wasn't that it was some kind of new attack. 84 00:03:49,196 --> 00:03:52,297 It was that it was the first time an American company 85 00:03:52,332 --> 00:03:55,767 had had the courage to stand up and point the finger at China 86 00:03:55,803 --> 00:03:57,969 and say, "We know you did this." 87 00:03:58,005 --> 00:04:00,338 Nicole Perlroth is a cyber security reporter 88 00:04:00,374 --> 00:04:02,774 for The New York Times, and she's written extensively 89 00:04:02,810 --> 00:04:04,476 on Chinese hackers. 90 00:04:04,511 --> 00:04:09,147 And Google, as open as they were about who had done it, 91 00:04:09,183 --> 00:04:11,783 they've been relatively close-lipped about 92 00:04:11,819 --> 00:04:13,952 what exactly was stolen. 93 00:04:13,987 --> 00:04:18,623 But the word on the street is that the Chinese were actually 94 00:04:18,659 --> 00:04:21,827 able to get a fair amount of Google's source code. 95 00:04:21,862 --> 00:04:24,229 That source code could help Chinese hackers break into 96 00:04:24,264 --> 00:04:26,631 Google's products, or to replicate them in the future. 97 00:04:28,502 --> 00:04:30,969 What do we know about Chinese espionage? 98 00:04:31,004 --> 00:04:35,207 We know that China has basically made it 99 00:04:35,242 --> 00:04:39,411 a core part of its economic mission to stop being 100 00:04:39,446 --> 00:04:42,981 the world's manufacturer and start innovating. 101 00:04:43,016 --> 00:04:44,983 Every five years, you see a new industry 102 00:04:45,018 --> 00:04:48,520 that China wants to excel at, and suddenly you just see 103 00:04:48,555 --> 00:04:51,823 a rush of cyber attacks towards whatever industry 104 00:04:51,859 --> 00:04:54,993 China has said that it wants to dominate in. 105 00:04:55,028 --> 00:04:57,329 It's paint formulas. 106 00:04:57,364 --> 00:05:00,165 It's Coca-Cola's negotiation strategies. 107 00:05:00,200 --> 00:05:02,100 It's think tanks. 108 00:05:02,135 --> 00:05:03,869 It's diplomats. 109 00:05:03,904 --> 00:05:06,605 It's university professors. 110 00:05:06,640 --> 00:05:08,440 It's law firms. 111 00:05:08,475 --> 00:05:09,908 People have started to realize 112 00:05:09,943 --> 00:05:12,577 that this actually has become a serious issue, or...? 113 00:05:12,613 --> 00:05:15,347 I think it made people realize 114 00:05:15,382 --> 00:05:18,517 that some of the most vibrant companies 115 00:05:18,552 --> 00:05:21,486 in the United States were major targets, but I think 116 00:05:21,522 --> 00:05:26,191 it took another 5 years for companies that thought, 117 00:05:26,226 --> 00:05:28,360 "Why would we ever be the target 118 00:05:28,395 --> 00:05:30,929 of a state-sponsored Chinese cyber attack?" 119 00:05:30,964 --> 00:05:35,033 to wake up and say, "Oh shit, we've been a victim too!" 120 00:05:37,137 --> 00:05:38,436 But how was everyone so sure 121 00:05:38,472 --> 00:05:40,939 China was behind Operation Aurora? 122 00:05:40,974 --> 00:05:43,875 I went to Washington to talk to Dmitri Alperovitch, 123 00:05:43,911 --> 00:05:46,711 one of the first people to analyze the attack. 124 00:05:46,747 --> 00:05:49,114 He worked with many of the companies who were affected. 125 00:05:50,751 --> 00:05:51,883 So how was it done? 126 00:05:51,919 --> 00:05:53,418 It was actually pretty ingenious. 127 00:05:53,453 --> 00:05:55,420 So they actually identified people inside the organization 128 00:05:55,455 --> 00:05:57,255 that they were able to approach, 129 00:05:57,291 --> 00:05:59,724 and social engineer them to click on a link. 130 00:05:59,760 --> 00:06:03,461 So you're talking about phishing emails with malware payloads. 131 00:06:03,497 --> 00:06:04,829 That's right. 132 00:06:04,865 --> 00:06:07,132 In some cases, it was actually an instant message, 133 00:06:07,167 --> 00:06:10,068 not even an email, that once you click on that link, 134 00:06:10,103 --> 00:06:12,971 your machine is compromised and the attackers take over. 135 00:06:13,006 --> 00:06:14,739 And how did you figure out it was China? 136 00:06:14,775 --> 00:06:17,442 Once we started tracking all the machines that were involved 137 00:06:17,477 --> 00:06:19,911 in the compromise, and there were these multiple of machines 138 00:06:19,947 --> 00:06:22,013 that were set up for command and control, 139 00:06:22,049 --> 00:06:24,916 and where the connections into those machines were coming from, 140 00:06:24,952 --> 00:06:27,352 we started to see signs that were pointing 141 00:06:27,387 --> 00:06:28,920 to Chinese activity. 142 00:06:28,956 --> 00:06:30,755 And later on, as we expanded the investigation, 143 00:06:30,791 --> 00:06:32,624 we started to uncover other activity 144 00:06:32,659 --> 00:06:34,593 that we were able to tie together to this group 145 00:06:34,628 --> 00:06:37,596 that we now call Aurora Panda, a Chinese nation state group 146 00:06:37,631 --> 00:06:41,366 that is really conducting, to this day, espionage activity 147 00:06:41,401 --> 00:06:44,636 into numerous organizations, government agencies, 148 00:06:44,671 --> 00:06:47,439 as well as private-sector organizations across the globe. 149 00:06:48,742 --> 00:06:51,109 Operation Aurora offers a glimpse into how Chinese hackers 150 00:06:51,144 --> 00:06:52,777 work within the country's government. 151 00:06:52,813 --> 00:06:54,446 (Soldiers chanting) 152 00:06:54,481 --> 00:06:56,648 And more specifically, its military branch: 153 00:06:56,683 --> 00:07:00,118 the People's Liberation Army, otherwise known as the PLA. 154 00:07:01,722 --> 00:07:03,888 With these type of actors, they get in and they wanna stay 155 00:07:03,924 --> 00:07:06,291 as long as possible, because they have a collection priority. 156 00:07:06,326 --> 00:07:08,627 And even if they get discovered and kicked out, 157 00:07:08,662 --> 00:07:11,863 oftentimes they're back in or trying to get back in 158 00:07:11,898 --> 00:07:14,466 the next day because they still have a mission to do, right? 159 00:07:14,501 --> 00:07:16,635 This is oftentimes a military operation. 160 00:07:16,670 --> 00:07:19,471 You have a PLA general that's coming to you as a soldier 161 00:07:19,506 --> 00:07:22,207 in the PLA saying, "I need you to get this information for me 162 00:07:22,242 --> 00:07:23,642 from this company." 163 00:07:23,677 --> 00:07:24,976 And you don't stop because it's hard, 164 00:07:25,012 --> 00:07:26,511 you don't stop because you've been discovered. 165 00:07:26,546 --> 00:07:28,913 You keep on going because you were given a mission by your 166 00:07:28,949 --> 00:07:32,083 boss to do so, and you don't disobey orders in the military. 167 00:07:32,119 --> 00:07:33,585 And you need to achieve that objective. 168 00:07:33,620 --> 00:07:34,819 Absolutely. 169 00:07:36,289 --> 00:07:37,822 The hackers deployed malware 170 00:07:37,858 --> 00:07:40,592 using an unfixed flaw in Internet Explorer. 171 00:07:40,627 --> 00:07:41,760 This is a real spear phish 172 00:07:41,795 --> 00:07:43,695 we detected in one of our customers. 173 00:07:43,730 --> 00:07:46,498 So let's go to our victim machine down here. 174 00:07:46,533 --> 00:07:48,700 I have an email that's arrived from a good friend of mine, 175 00:07:48,735 --> 00:07:50,368 and there's a Word document attachment 176 00:07:50,404 --> 00:07:51,670 that I want to take a look at. 177 00:07:51,705 --> 00:07:53,104 So who wouldn't click on this? 178 00:07:53,140 --> 00:07:54,706 I certainly would. 179 00:07:54,741 --> 00:07:57,075 So we just had the connection from the victim show up here. 180 00:07:57,110 --> 00:07:59,344 So this is our machine, our victim machine, 181 00:07:59,379 --> 00:08:02,347 that we are able to take over. 182 00:08:02,382 --> 00:08:05,016 I can go to this wonderful file manager, 183 00:08:05,052 --> 00:08:08,520 which looks like just any file manager you would normally have. 184 00:08:08,555 --> 00:08:11,723 So I literally can just highlight this and click 185 00:08:11,758 --> 00:08:14,559 "Receive", and it sends it over to my machine. 186 00:08:14,594 --> 00:08:16,428 That's as easy as it gets. 187 00:08:16,463 --> 00:08:18,930 Operation Aurora showed that China was hacking some of 188 00:08:18,965 --> 00:08:21,866 America's biggest companies, and many of the attacks 189 00:08:21,902 --> 00:08:24,002 were attributed to hackers linked with 190 00:08:24,037 --> 00:08:25,470 the People's Liberation Army. 191 00:08:29,810 --> 00:08:31,476 If the Google hack and others like it 192 00:08:31,511 --> 00:08:34,012 are state-sponsored, that means the Chinese government 193 00:08:34,047 --> 00:08:36,314 is brashly stealing American intellectual property 194 00:08:36,349 --> 00:08:40,151 with one hand while making new trade deals with the other. 195 00:08:40,187 --> 00:08:42,420 The New York Times and Nicole Perlroth 196 00:08:42,456 --> 00:08:45,757 paired with a cyber security firm, Mandiant, to track down 197 00:08:45,792 --> 00:08:48,526 the physical location of some of the hackers. 198 00:08:48,562 --> 00:08:51,129 And they found them in Shanghai 199 00:08:51,164 --> 00:08:54,299 at a PLA unit known only as 61398. 200 00:08:56,002 --> 00:09:00,171 We were able to trace thousands of attacks on US companies 201 00:09:00,207 --> 00:09:02,707 and companies in Europe and universities 202 00:09:02,743 --> 00:09:04,876 and research companies and think tanks 203 00:09:04,911 --> 00:09:08,980 back to this one building in Shanghai. 204 00:09:09,015 --> 00:09:11,883 And it was the first time a security firm had 205 00:09:11,918 --> 00:09:15,320 publicly pointed to... not just to China, 206 00:09:15,355 --> 00:09:19,390 but to a very specific unit of the PLA. 207 00:09:19,426 --> 00:09:22,293 There weren't a lot of windows, but it was clear they had some 208 00:09:22,329 --> 00:09:26,064 great satellite technology, and it was very well guarded. 209 00:09:26,099 --> 00:09:29,167 But other than that, it was completely nondescript. 210 00:09:29,202 --> 00:09:31,836 It was not as high-tech as Fort Mead, 211 00:09:31,872 --> 00:09:35,340 but it was very clear this was actually a military compound. 212 00:09:37,744 --> 00:09:40,478 To understand 61398, first you have to understand 213 00:09:40,514 --> 00:09:43,014 the relationship between business, government, 214 00:09:43,049 --> 00:09:44,582 and the military in China. 215 00:09:47,354 --> 00:09:48,653 Melissa Chan worked in Beijing 216 00:09:48,688 --> 00:09:51,890 as a correspondent for Al Jazeera for 5 years. 217 00:09:51,925 --> 00:09:54,526 Her reporting on politically sensitive issues 218 00:09:54,561 --> 00:09:56,594 got her kicked out of the country. 219 00:09:56,630 --> 00:09:58,429 Did they give you a rough time when you were there? 220 00:09:58,465 --> 00:10:00,698 They gave me and every foreign reporter a rough time. 221 00:10:00,734 --> 00:10:03,935 We all thought the reporting environment in 2012 222 00:10:03,970 --> 00:10:05,770 was pretty bad. 223 00:10:05,806 --> 00:10:07,705 That was around the time when I left, 224 00:10:07,741 --> 00:10:10,542 and it's just gotten worse according to foreign reporters 225 00:10:10,577 --> 00:10:12,110 still based there. 226 00:10:12,145 --> 00:10:15,914 What do you make of Obama making cybersecurity top of the list 227 00:10:15,949 --> 00:10:17,615 when it comes to dealing with China? 228 00:10:17,651 --> 00:10:19,617 I think it indicates how bad that situation is 229 00:10:19,653 --> 00:10:21,719 with cyber espionage. 230 00:10:21,755 --> 00:10:23,888 Every government has cyber espionage, right? 231 00:10:23,924 --> 00:10:25,590 Including the United States. 232 00:10:25,625 --> 00:10:30,795 You won't have an American intelligence officer meet with 233 00:10:30,831 --> 00:10:34,199 a Fortune 500 company CEO and just hand over data, 234 00:10:34,234 --> 00:10:36,367 and say, "Here, this is what we got from the Chinese." 235 00:10:36,403 --> 00:10:40,305 But we do know that the Chinese do not see that differentiation. 236 00:10:40,340 --> 00:10:41,806 I mean, the thing you have to understand about Chinese 237 00:10:41,842 --> 00:10:44,809 companies, even publically traded companies that are owned 238 00:10:44,845 --> 00:10:48,613 by private Chinese... you know, that were started by private 239 00:10:48,648 --> 00:10:51,649 Chinese citizens, is that there's a corner office 240 00:10:51,685 --> 00:10:54,152 somewhere where there's a Communist Party representative. 241 00:10:54,187 --> 00:10:55,320 So the Communist Party's 242 00:10:55,355 --> 00:10:57,722 never far away from any Chinese company. 243 00:10:57,757 --> 00:11:00,291 There's always a connection to the government. 244 00:11:00,327 --> 00:11:03,294 I spent months trying to speak with Chinese hackers. 245 00:11:03,330 --> 00:11:06,464 When I finally came close, I was shut down at the last minute. 246 00:11:12,205 --> 00:11:15,807 But I did get a glimpse through cybersecurity expert Ian Amit. 247 00:11:15,842 --> 00:11:19,010 Amit met with Chinese hackers at a tech conference in China. 248 00:11:21,448 --> 00:11:25,149 IAN: We went to what was called Excalibur Con. 249 00:11:25,185 --> 00:11:29,153 A bunch of us - "us" is Western security professionals, 250 00:11:29,189 --> 00:11:34,359 speakers, hackers, whatever it is - were invited to speak. 251 00:11:35,562 --> 00:11:37,762 Were you ever offered to work for the Chinese government? 252 00:11:37,797 --> 00:11:39,030 Yeah, yeah. 253 00:11:39,065 --> 00:11:40,365 They just came out and asked you? 254 00:11:40,400 --> 00:11:42,333 Pretty much, yeah. 255 00:11:42,369 --> 00:11:43,968 What was your response? 256 00:11:44,004 --> 00:11:45,370 No. (Laughing) 257 00:11:45,405 --> 00:11:47,772 A very nice "no", but... 258 00:11:47,807 --> 00:11:50,808 Yeah, they had us, you know... they even took us to a tour 259 00:11:50,844 --> 00:11:56,281 in a business office building that was empty. 260 00:11:56,316 --> 00:12:00,485 And you know, walked us around, showed us, you know, 261 00:12:00,520 --> 00:12:02,020 "This can be your office. 262 00:12:02,055 --> 00:12:03,321 Do you want the corner office? 263 00:12:03,356 --> 00:12:05,657 How many people do you need working for you?" 264 00:12:05,692 --> 00:12:07,659 And they're not talking about like five or six, 265 00:12:07,694 --> 00:12:09,794 like, "Do you need 50, 60, 100?" 266 00:12:09,829 --> 00:12:11,329 BEN: So this is the office you'd be given. 267 00:12:11,364 --> 00:12:14,299 IAN: Yeah, and again, they built this in a year. 268 00:12:14,334 --> 00:12:16,701 One year, everything. 269 00:12:16,736 --> 00:12:19,003 Roads, residential... 270 00:12:19,039 --> 00:12:21,572 Again, resources is not a problem. 271 00:12:21,608 --> 00:12:24,809 You just have a lot of people build shit. 272 00:12:24,844 --> 00:12:28,579 How do you gauge Chinese hackers compared to, 273 00:12:28,615 --> 00:12:29,981 you know, let's say the NSA? 274 00:12:30,016 --> 00:12:32,250 I would say the same rate, the same level. 275 00:12:32,285 --> 00:12:33,584 Really? 276 00:12:33,620 --> 00:12:37,722 If you assume any less of that, you're a fool. 277 00:12:37,757 --> 00:12:40,358 Then why are they trying to poach American and Israeli... 278 00:12:40,393 --> 00:12:41,659 More, more. 279 00:12:41,695 --> 00:12:45,897 Having a diversity is key in cybersecurity. 280 00:12:45,932 --> 00:12:48,833 A lot of times when you bring in people that are not necessarily 281 00:12:48,868 --> 00:12:52,203 from your field of expertise, can... 282 00:12:52,238 --> 00:12:54,906 can be a huge leverage in terms of your capabilities. 283 00:12:54,941 --> 00:12:56,774 I would do the same. 284 00:12:56,810 --> 00:13:00,445 I would try to recruit, I would try to tap into 285 00:13:00,480 --> 00:13:04,682 whatever resources there are that I'm not aware of 286 00:13:04,718 --> 00:13:07,719 that can enhance and enrich my capabilities. 287 00:13:07,754 --> 00:13:13,024 If they're grooming their local cyber expertise in-house, 288 00:13:13,059 --> 00:13:16,527 if I were on their end, I would try to do the same. 289 00:13:16,563 --> 00:13:19,964 I would try to bring in a lot of outside perspective, 290 00:13:20,000 --> 00:13:22,934 a lot of different thinking, different approach, 291 00:13:22,969 --> 00:13:24,369 because that's the key, 292 00:13:24,404 --> 00:13:25,970 especially in a game like cybersecurity. 293 00:13:26,006 --> 00:13:28,039 You have to be adaptive, you have to be creative. 294 00:13:28,074 --> 00:13:29,974 - For innovation. - Exactly, yeah. 295 00:13:30,010 --> 00:13:32,143 Where the loss of American intellectual property 296 00:13:32,178 --> 00:13:34,779 was once kept secret, by 2014 297 00:13:34,814 --> 00:13:37,482 the Obama Administration was no longer silent. 298 00:13:37,517 --> 00:13:40,151 For the first time, the Department of Justice charged 299 00:13:40,186 --> 00:13:43,087 Chinese military hackers for breaking into US corporations. 300 00:13:44,324 --> 00:13:47,125 Today, we are announcing an indictment against five officers 301 00:13:47,160 --> 00:13:50,428 of the Chinese People's Liberation Army for serious 302 00:13:50,463 --> 00:13:55,600 cybersecurity breaches against six American victim companies. 303 00:13:55,635 --> 00:13:58,069 These represent the first ever charges 304 00:13:58,104 --> 00:14:00,238 against known state actors for infiltrating 305 00:14:00,273 --> 00:14:02,340 United States commercial targets. 306 00:14:02,375 --> 00:14:06,310 The DOJ put five Chinese hackers on the FBI's Most Wanted list, 307 00:14:06,346 --> 00:14:09,614 all of them officers in the PLA's 61398. 308 00:14:10,617 --> 00:14:14,318 John Carlin tracks nation states infiltrating US corporations. 309 00:14:14,354 --> 00:14:17,955 You'll see the activity from the location of this unit 310 00:14:17,991 --> 00:14:21,025 of the PLA, 61398. 311 00:14:21,061 --> 00:14:24,362 It starts around 9:00am, and you see the spike in activity. 312 00:14:24,397 --> 00:14:26,664 You go to around lunch. 313 00:14:26,699 --> 00:14:29,000 They get a little lunch break, and the activity goes down. 314 00:14:29,035 --> 00:14:32,203 Then it resumes again until the end of the day. 315 00:14:32,238 --> 00:14:35,173 And there seems to be roughly a 9-to-5... 316 00:14:35,208 --> 00:14:37,041 - Government job. - A government job. 317 00:14:37,077 --> 00:14:39,010 So we just can't... 318 00:14:39,045 --> 00:14:42,613 it's not fair to American companies. 319 00:14:42,649 --> 00:14:45,049 And what evidence did you have against them? 320 00:14:45,085 --> 00:14:48,419 We showed specific actions on specific times on specific 321 00:14:48,455 --> 00:14:53,624 dates, and photographs of the individuals as they went into 322 00:14:53,660 --> 00:14:58,663 company systems from these dedicated hacker thieves 323 00:14:58,698 --> 00:15:01,165 who are going in day in and day out to steal information. 324 00:15:01,201 --> 00:15:05,136 But they are wearing PLA member uniforms. 325 00:15:05,171 --> 00:15:06,971 If this is a nation state attack, 326 00:15:07,006 --> 00:15:09,006 why single out individuals? 327 00:15:09,042 --> 00:15:14,846 We're not charging a country for generically doing something bad. 328 00:15:14,881 --> 00:15:19,183 We're proving up specific facts against particular people 329 00:15:19,219 --> 00:15:22,687 by name, by date, here is what they did. 330 00:15:22,722 --> 00:15:27,091 So in this case, we were able to figure out the name and the face 331 00:15:27,127 --> 00:15:28,826 behind the keyboard. 332 00:15:28,862 --> 00:15:31,562 And the reason why our companies are getting hammered day in 333 00:15:31,598 --> 00:15:34,365 and day out by this type of theft is because 334 00:15:34,400 --> 00:15:36,734 the people behind the keyboard think they're anonymous, 335 00:15:36,769 --> 00:15:39,237 and these charges show you are not. 336 00:15:39,272 --> 00:15:43,107 And the fact is just because you're wearing a uniform 337 00:15:43,143 --> 00:15:45,209 shouldn't give you a free pass 338 00:15:45,245 --> 00:15:47,078 when you commit that same type of theft. 339 00:15:47,113 --> 00:15:50,114 China was stealing some of America's most precious intel, 340 00:15:50,150 --> 00:15:53,084 the kind of trade secrets that keep economies growing. 341 00:15:53,119 --> 00:15:55,586 For some companies, the results were devastating. 342 00:15:59,692 --> 00:16:01,359 BEN: China has been targeting all sorts of American companies 343 00:16:01,394 --> 00:16:03,528 for trade secrets. 344 00:16:03,563 --> 00:16:06,831 Daniel McGahn is president of American Superconductor, 345 00:16:06,866 --> 00:16:08,799 or AMSC. 346 00:16:10,637 --> 00:16:12,937 The company specializes in power technologies 347 00:16:12,972 --> 00:16:15,940 such as wind turbines and superconducting wire. 348 00:16:15,975 --> 00:16:17,842 In an effort to protect against hacking, 349 00:16:17,877 --> 00:16:20,845 they kept their valuable source code on an offline server. 350 00:16:23,082 --> 00:16:25,216 But in 2011, one of McGahn's employees 351 00:16:25,251 --> 00:16:28,286 took a $2 million bribe to hand over AMSC software code 352 00:16:28,321 --> 00:16:30,955 to a state-owned company in China. 353 00:16:30,990 --> 00:16:33,357 Welcome to the future! 354 00:16:33,393 --> 00:16:36,694 The story really kind of falls out of a... 355 00:16:36,729 --> 00:16:42,166 you know, a 1960s, 1970s vintage spy movie. 356 00:16:42,202 --> 00:16:45,336 The individual was approached, the individual was turned, 357 00:16:45,371 --> 00:16:48,339 there was offered money, home, women. 358 00:16:48,374 --> 00:16:54,011 The way he was motivated was in the techniques of spy craft. 359 00:16:54,047 --> 00:16:56,147 He had a penchant for writing everything down. 360 00:16:56,182 --> 00:16:58,749 If you know Skype, he tended to use Skype to be able to 361 00:16:58,785 --> 00:17:00,484 communicate and transfer files. 362 00:17:00,520 --> 00:17:03,154 So we were able to basically obtain everything, 363 00:17:03,189 --> 00:17:05,723 from motive to when the transfers happened, 364 00:17:05,758 --> 00:17:08,593 who received them, and kind of the end part. 365 00:17:08,628 --> 00:17:09,827 You know, ha ha ha, they won't need 366 00:17:09,862 --> 00:17:11,762 American Superconductor anymore. 367 00:17:11,798 --> 00:17:13,898 And what was the fallout? 368 00:17:13,933 --> 00:17:17,368 The fallout was we had a stock that was at about $25, 369 00:17:17,403 --> 00:17:19,437 and it went to $12.5 in a day. 370 00:17:19,472 --> 00:17:23,441 So we went from about $1.5, $1.6 billion 371 00:17:23,476 --> 00:17:26,777 to $800 million in evaluation in a day. 372 00:17:26,813 --> 00:17:29,046 So the stock completely collapsed. 373 00:17:29,082 --> 00:17:32,049 We know we're on a targeted list of a lot of companies 374 00:17:32,085 --> 00:17:35,620 in North America, that the Chinese are looking to 375 00:17:35,655 --> 00:17:39,123 obtain any valuable technology that they can. 376 00:17:39,158 --> 00:17:42,760 So we've had to try to develop a capability 377 00:17:42,795 --> 00:17:45,529 to protect such attacks. 378 00:17:45,565 --> 00:17:47,798 So you're saying the People's Liberation Army 379 00:17:47,834 --> 00:17:50,468 has targeted your company in hacking operations 380 00:17:50,503 --> 00:17:52,970 to steal corporate secrets? 381 00:17:53,006 --> 00:17:55,473 They've been happening since this event, and they've been 382 00:17:55,508 --> 00:17:58,809 happening subsequently on a very regular basis. 383 00:17:58,845 --> 00:18:02,079 What we've seen is when we've gone back and we've used 384 00:18:02,115 --> 00:18:04,615 third parties to try to validate, you know, 385 00:18:04,651 --> 00:18:06,884 where did these attacks come from, 386 00:18:06,919 --> 00:18:09,587 and the entities that... at least that they're telling us 387 00:18:09,622 --> 00:18:12,156 are directly linked to the PLA and China, 388 00:18:12,191 --> 00:18:15,826 the People's Liberation Army, there is a move within China 389 00:18:15,862 --> 00:18:19,163 to do this as part of kind of normal operation of business. 390 00:18:19,198 --> 00:18:21,232 And do you think this is sort of a precursor to China 391 00:18:21,267 --> 00:18:24,302 trying to overtake America economically? 392 00:18:24,337 --> 00:18:26,570 I don't see it as a precursor; it's happening. 393 00:18:26,606 --> 00:18:29,473 The desire is for China to be #1. 394 00:18:29,509 --> 00:18:31,175 They have the largest population in the world. 395 00:18:31,210 --> 00:18:33,077 Why shouldn't their economy be the largest? 396 00:18:33,112 --> 00:18:36,947 Even after all this, would you still do business in China? 397 00:18:36,983 --> 00:18:38,316 We still do. 398 00:18:38,351 --> 00:18:41,018 We still see China as an opportunity, 399 00:18:41,054 --> 00:18:43,521 but those products have to be paid for. 400 00:18:43,556 --> 00:18:45,523 Customers pay. 401 00:18:46,793 --> 00:18:49,860 To add insult to injury, a wind turbine that was built by China 402 00:18:49,896 --> 00:18:51,696 and sold back to the US 403 00:18:51,731 --> 00:18:54,098 was running on the stolen source code. 404 00:18:54,133 --> 00:18:56,801 AMSC eventually replaced the turbine's controller 405 00:18:56,836 --> 00:18:59,136 and software with their own tech. 406 00:18:59,172 --> 00:19:00,805 Hoo! 407 00:19:00,840 --> 00:19:04,375 So this is actually one of the controllers that was stolen? 408 00:19:04,410 --> 00:19:05,843 Yes, yes. 409 00:19:05,878 --> 00:19:07,878 So the software stolen, 410 00:19:07,914 --> 00:19:10,614 and the actual programming of the turbine. 411 00:19:10,650 --> 00:19:14,051 This turbine's close, but it's definitely different. 412 00:19:19,559 --> 00:19:21,225 Oh my god! 413 00:19:24,030 --> 00:19:25,062 Ho! 414 00:19:27,967 --> 00:19:30,534 We are definitely 72 meters in the sky. 415 00:19:35,742 --> 00:19:37,341 BEN: But it's not as if the US isn't spying 416 00:19:37,377 --> 00:19:39,477 on Chinese corporations. 417 00:19:39,512 --> 00:19:41,645 In 2014, Edward Snowden leaked a trove of 418 00:19:41,681 --> 00:19:45,015 National Security Agency documents that revealed Huawei, 419 00:19:45,051 --> 00:19:47,651 a Chinese telecom giant, was a US target. 420 00:19:49,389 --> 00:19:51,622 And according to the German magazine Der Spiegel, 421 00:19:51,657 --> 00:19:54,725 the NSA managed to access the source code of Huawei products 422 00:19:54,761 --> 00:19:57,695 in order to tap communications of targets who use them. 423 00:19:59,332 --> 00:20:00,898 But the US government says there's a difference 424 00:20:00,933 --> 00:20:02,700 between traditional espionage 425 00:20:02,735 --> 00:20:05,169 and stealing trade secrets for profit. 426 00:20:05,204 --> 00:20:07,204 So the administration is still holding out 427 00:20:07,240 --> 00:20:08,906 the threat of sanctions. 428 00:20:08,941 --> 00:20:11,175 Do you think sanctions and diplomatic ploys, 429 00:20:11,210 --> 00:20:12,676 do you think that'll really work? 430 00:20:12,712 --> 00:20:15,713 It will work because look at what they're stealing here. 431 00:20:15,748 --> 00:20:20,084 In one case that we charged, they were stealing the formula 432 00:20:20,119 --> 00:20:22,386 for the colour white. 433 00:20:22,422 --> 00:20:24,722 That is not a national security secret. 434 00:20:24,757 --> 00:20:27,892 They are stealing that so that they can compete and make paint, 435 00:20:27,927 --> 00:20:30,394 white paint that people think is popular. 436 00:20:30,430 --> 00:20:32,730 That's all driven by profit. 437 00:20:32,765 --> 00:20:34,498 This is a cost-benefit game. 438 00:20:34,534 --> 00:20:37,334 As long as they think it's cost-free to steal 439 00:20:37,370 --> 00:20:39,770 this information, they're going to continue to do it. 440 00:20:39,806 --> 00:20:42,173 And we need to keep raising the costs 441 00:20:42,208 --> 00:20:44,074 until the behaviour changes. 442 00:20:44,110 --> 00:20:46,577 With the help of stolen American-made IP, 443 00:20:46,612 --> 00:20:48,779 China has set it's sights on overtaking the US 444 00:20:48,815 --> 00:20:51,449 as the #1 economic superpower in the world. 445 00:20:53,052 --> 00:20:55,119 If we could put a dollar value on all this hacking 446 00:20:55,154 --> 00:20:57,521 against corporate America, what would it be? 447 00:20:57,557 --> 00:20:59,023 It's impossible at this point. 448 00:20:59,058 --> 00:21:00,591 People have tried. 449 00:21:00,626 --> 00:21:04,094 The former commander of Cyber Command 450 00:21:04,130 --> 00:21:06,330 has put it in the trillions. 451 00:21:06,365 --> 00:21:11,101 There's just... How do you put a price on intellectual property? 452 00:21:11,137 --> 00:21:13,070 And is this just the beginning? 453 00:21:13,105 --> 00:21:17,441 Or what's the future hold for corporate America? 454 00:21:17,477 --> 00:21:21,479 I think it's a question of is it too late? 455 00:21:21,514 --> 00:21:24,014 Has the IP already left the building? 456 00:21:24,050 --> 00:21:29,386 And if it has, are we going to suddenly see carbon copies 457 00:21:29,422 --> 00:21:33,958 of Benjamin Moore and Coca-Cola and Lockheed Martin 458 00:21:33,993 --> 00:21:37,061 pop up in China over the next 10 years? 459 00:21:37,096 --> 00:21:41,265 And the next chapter is: when are we going to see China 460 00:21:41,300 --> 00:21:43,734 really using our own intellectual property 461 00:21:43,769 --> 00:21:45,736 to their economic advantage? 462 00:21:45,771 --> 00:21:48,339 And I don't even think we've seen the beginning of that yet. 463 00:21:50,676 --> 00:21:52,443 It's tough to know what's next 464 00:21:52,478 --> 00:21:55,079 when China keeps such tight control on their hackers, 465 00:21:55,114 --> 00:21:57,147 and almost no information leaks out of the country. 466 00:21:58,851 --> 00:22:00,451 But it's also hard to believe 467 00:22:00,486 --> 00:22:03,487 that the sophisticated cyber force of a rising superpower 468 00:22:03,523 --> 00:22:07,157 will suddenly just change its MO because America said so. 469 00:22:07,193 --> 00:22:17,201 ♪ 43958