“You have not heard me as the director say”: Maya Rhodan, “New NSA Chief: Snowden Didn’t Do That Much Damage,” Time, June 30, 2014, time.com/2940332/nsa-leaks-edward-snowden-michael-rogers/.
But Merkel was outraged: Alison Smale, “Germany, Too, Is Accused of Spying on Friends,” New York Times, May 6, 2015, www.nytimes.com/2015/05/06/world/europe/scandal-over-spying-shakes-german-government.html.
Unsatisfied, Merkel called Obama: David E. Sanger and Alison Smale, “U.S.-Germany Intelligence Partnership Falters Over Spying,” New York Times, December 17, 2013, www.nytimes.com/2013/12/17/world/europe/us-germany-intelligence-partnership-falters-over-spying.html?
Still, intelligence leaders were unapologetic: Mark Landler and Michael Schmidt, “Spying Known at Top Levels, Officials Say,” New York Times, October 30, 2013, www.nytimes.com/2013/10/30/world/officials-say-white-house-knew-of-spying.html.
“way beyond so-called domestic surveillance”: Eli Lake, “Spy Chief James Clapper: We Can’t Stop Another Snowden,” Daily Beast, February 23, 2014, www.thedailybeast.com/spy-chief-james-clapper-we-cant-stop-another-snowden.
CHAPTER IV: MAN IN THE MIDDLE
When the Washington Post first published the slide: Barton Gellman and Ashkan Soltani, “NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say,” Washington Post, October 30, 2013, www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?
“Fuck these guys”: Brandon Downey, “This Is the Big Story in Tech Today,” Google+ (blog), October 30, 2013, plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG.
Google soon added a new email-encryption feature: Ian Paul, “Google’s Chrome Gmail Encryption Extension Hides NSA-Jabbing Easter Egg,” PC World, June 5, 2014, www.pcworld.com/article/2360441/googles-chrome-email-encryption-extension-includes-jab-at-nsa.html.
the existence of the NSA program: Barton Gellman and Laura Poitras, “U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program,” Washington Post, June 7, 2016, www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.
Mark Zuckerberg posted a heated defense: Mark Zuckerberg, Facebook post, June 7, 2013, www.facebook.com/zuck/posts/10100828955847631.
a long history of cooperation: Julia Angwin, Charlie Savage, Jeff Larson, Henrik Moltke, Laura Poitras, James Risen, “AT&T Helped U.S. Spy on Internet on a Vast Scale,” New York Times, August 16, 2015, www.nytimes.com/2015/08/16/us/politics/att-helped-nsa-spy-on-an-array-of-internet-traffic.html.
Amazon’s $600 million deal: Aaron Gregg, “Amazon Launches New Cloud Storage Service for U.S. Spy Agencies,” Washington Post, November 20, 2017, www.washingtonpost.com/news/business/wp/2017/11/20/amazon-launches-new-cloud-storage-service-for-u-s-spy-agencies/?utm_term=.8dcf7ac21a9f.
Cook’s social and political intuition: Todd Frankel, “The Roots of Tim Cook’s Activism Lie in Rural Alabama,” Washington Post, March 7, 2016, www.washingtonpost.com/news/the-switch/wp/2016/03/07/in-rural-alabama-the-activist-roots-of-apples-tim-cook/?utm_term=.5f670fd2354d.
“more than 5½ years”: Computer-security experts question that figure, because Apple does not fully realize how quickly the NSA’s supercomputers can crack codes.
the agency developed the “Clipper chip”: Steven Levy, “Battle of the Clipper Chip,” New York Times, June 12, 1994, www.nytimes.com/1994/06/12/magazine/battle-of-the-clipper-chip.html.
the Clinton administration retreated: Susan Landau, Listening In: Cybersecurity in an Insecure Age (New Haven: Yale University Press, 2017), 84.
Morell and his colleagues sided with Big Tech: Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass Sunstein, Peter Swire, Report and Recommendations of the President’s Review Group on Intelligence and Communications Technologies, December 12, 2013, lawfare.s3-us-west-2.amazonaws.com/staging/s3fs-public/uploads/2013/12/Final-Report-RG.pdf.
Comey predicted there would be a moment: David E. Sanger and Brian Chen, “Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.,” New York Times, September 27, 2014, www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html.
twenty-two were injured: Adam Nagourney, Ian Lovett, and Richard Perez-Pena, “San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead,” New York Times, December 3, 2015, www.nytimes.com/2015/12/03/us/san-bernardino-shooting.html.
three children with his wife: “San Bernardino Shooting Victims: Who They Were,” Los Angeles Times, December 17, 2015, www.latimes.com/local/lanow/la-me-ln-san-bernardino-shooting-victims-htmlstory.html.
subsequent report by the FBI inspector general: Office of the Inspector General, US Department of Justice, A Special Inquiry Regarding the Accuracy of FBI Statements Concerning its Capabilities to Exploit an iPhone Seized During the San Bernardino Terror Attack Investigation, March 2018, oig.justice.gov/reports/2018/o1803.pdf.
He wrote a 1,100-word letter to his customers: Eric Lichtblau and Katie Benner, “Apple Fights Order to Unlock San Bernardino Gunman’s iPhone,” New York Times, February 18, 2016, www.nytimes.com/2016/02/18/technology/apple-timothy-cook-fbi-san-bernardino.html.
“The United States government”: A copy of this letter is viewable at www.apple.com/customer-letter/.
FBI paid at least $1.3 million to a firm: Eric Lichtblau and Katie Benner, “F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million,” New York Times, April 22, 2016, www.nytimes.com/2016/04/22/us/politics/fbi-director-suggests-bill-for-iphone-hacking-was-1-3-million.html.
“If, technologically, it is possible”: Michael D. Shear, “Obama, at South by Southwest, Calls for Law Enforcement Access in Encryption Fight,” New York Times, March 12, 2016, www.nytimes.com/2016/03/12/us/politics/obama-heads-to-south-by-southwest-festival-to-talk-about-technology.html.
CHAPTER V: THE CHINA RULES
“there are two kinds of big companies”: Scott Pelley, “FBI Director on Threat of ISIS, Cybercrime,” CBS News, October 5, 2014, www.cbsnews.com/news/fbi-director-james-comey-on-threat-of-isis-cybercrime/.
a base for the People’s Liberation Army: I am indebted to two Times colleagues, David Barboza and Nicole Perlroth, with whom I worked on the Times investigation into Unit 61398. Some of the material from that original story is reproduced here, supplemented by subsequent reporting and the details in the US indictment of the Unit 61398 officers. David E. Sanger, David Barboza, and Nicole Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.,” New York Times, February 19, 2013, www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html.
from the designs of the F-35 aircraft: David E. Sanger, “Chinese Curb Cyberattacks on U.S. Interests, Report Finds,” New York Times, June 21, 2016, www.nytimes.com/2016/06/21/us/politics/china-us-cyber-spying.html.
attacks on 141 companies across nearly two dozen industries: “APT1: Exposing One of China’s Cyber Espionage Units,” February 18, 2013, www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf.
“We know hackers steal people’s identities”: “Remarks by the President in the State of the Union Address,” White House Office of the Press Secretary, February 12, 2013, obamawhitehouse.archives.gov/the-press-office/2013/02/12/remarks-president-state-union-address.
“Over the past four days, I have seen freedom”: Bill Clinton, “President Clinton’s Beijing University Speech, 1998,” US-China Institute, June 29, 1998, china.usc.edu/president-clintons-beijing-university-speech-1998.
“God’s gift to China”: Liu Xiaobo, “God’s Gift to China,” Index on Censorship 35, no. 4 (2006): 179–81.
Bloomberg among others, folded: Edward Wong, “Bloomberg Code Keeps Articles from Chinese Eyes,” New York Times, November 28, 2013, sinosphere.blogs.nytimes.com/2013/11/28/bloomberg-code-keeps-articles-from-chinese-eyes/.
A secret State Department cable: Described in the New York Times “State’s Secrets” series in 2010. James Glanz and John Markoff, “Vast Hacking by a China Fearful of the Web,” New York Times, December 5, 2010, www.nytimes.com/2010/12/05/world/asia/05wikileaks-china.html?pagewanted=print.
“images of China’s military”: Ibid.
in December 2009, Google’s top executives discovered: David E. Sanger and John Markoff, “After Google’s Stand on China, U.S. Treads Lightly,” New York Times, January 15, 2010, www.nytimes.com/2010/01/15/world/asia/15diplo.html.
“Operation Aurora”: Kim Zetter, “Google Hack Attack Was Ultra Sophisticated, New Details Show,” Wired, January 14, 2010, www.wired.com/2010/01/operation-aurora/.
Google took the bold step of announcing: David Drummond, “A New Approach to China,” Official Google Blog, January 12, 2010, googleblog.blogspot.com/2010/01/new-approach-to-china.html.
“A well-placed contact claims”: Ellen Nakashima, “Chinese Leaders Ordered Google Hack, U.S. Cable Quotes Source as Saying,” Washington Post, December 4, 2010, www.washingtonpost.com/wp-dyn/content/article/2010/12/04/AR2010120403323.html.
“this may well mean having to shut down Google.cn”: Drummond, “A New Approach to China.”
“Knowing that you were subjects of an investigation”: Ellen Nakashima, “Chinese Hackers Who Breached Google Gained Access to Sensitive Data, U.S. Officials Say,” Washington Post, May 20, 2013, www.washingtonpost.com/world/national-security/chinese-hackers-who-breached-google-gained-access-to-sensitive-data-us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_story.html?.
Among the most colorful was a hacker: Sanger, Barboza, and Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.”
The target was a subsidiary of Telvent: Ibid.
Five million Americans: Brian Fung, “5.1 Million Americans Have Security Clearances. That’s More than the Entire Population of Norway,” Washington Post, March 24, 2014, www.washingtonpost.com/news/the-switch/wp/2014/03/24/5-1-million-americans-have-security-clearances-thats-more-than-the-entire-population-of-norway/?utm_term=.88e88f78d45e.
documented in a series of reports: US House of Representatives, “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation,” Committee on Oversight and Government Reform, September 7, 2016, oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf.
problems were so acute: U.S. Office of Personnel Management Office of the Inspector General Office of Audits, “Federal Information Security Management Act Audit FY 2014,” November 12, 2014, www.opm.gov/our-inspector-general/reports/2014/federal-information-security-management-act-audit-fy-2014-4a-ci-00-14-016.pdf.
shutting down the system was not an option: “Statement of the Honorable Katherine Archuleta,” Hearing before the Senate Committee on Homeland Security and Governmental Affairs, June 25, 2015.
Archuleta and her staff were clueless: US House of Representatives, “The OPM Data Breach.”
The Chinese got caught once and expelled: Ibid.
At some point during the summer of 2014: Ibid.
a private computer-security contractor working for OPM flagged an error: Brendan I. Koerner, “Inside the Cyberattack That Shocked the US Government,” Wired, October 23, 2016, www.wired.com/2016/10/inside-cyberattack-shocked-us-government/.
“They are fucked btw”: US House of Representatives, “The OPM Data Breach.”
At a talk one evening in Aspen: For a full transcript of the panel, see “Beyond the Build: Leveraging the Cyber Mission Force,” Aspen Security Forum, July 23, 2015, aspensecurityforum.org/wp-content/uploads/2015/07/Beyond-the-Build-Leveraging-the-Cyber-Mission-Force.pdf.
“Protecting our federal employee data”: “OPM to Notify Employees of Cybersecurity Incident,” US Office of Personnel Management, June 4, 2015, www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/.
“You have to kind of salute the Chinese for what they did”: Damian Paletta, “U.S. Intelligence Chief James Clapper Suggests China Behind OPM Breach,” Wall Street Journal, June 25, 2015, www.wsj.com/articles/SB10007111583511843695404581069863170899504?
“people who live in glass houses shouldn’t throw rocks”: “Cybersecurity Policy and Threats,” Hearing Before the Senate Armed Services Committe, September 29, 2015, www.armed-services.senate.gov/imo/media/doc/15-75%20-%209-29-15.pdf.
some of its proprietary data had been stolen: The deal was ill fated. In 2017 Westinghouse filed for bankruptcy, following billion-dollar cost overruns and massive delays on multiple nuclear reactor project sites ranging from China to the American South. To be clear, China didn’t make Westinghouse fail. But the fall of Westinghouse due to flawed logistics and design glitches illustrates just how difficult it is to research and develop new products, particularly those on a massive scale. That is one step that China was eager to avoid by stealing the designs.
There were other victims: “Indictment Criminal No. 14-118,” US District Court Western District of Pennsylvania, May 1, 2014, www.justice.gov/iso/opa/resources/5122014519132358461949.pdf.
the approval came: “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” US Department of Justice, May 19, 2014, www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor.
The Chinese were blindsided: “China Reacts Strongly to US Announcement of Indictment Against Chinese Personnel,” Ministry of Foreign Affairs of the People’s Republic of China, May 20, 2014, www.fmprc.gov.cn/mfa_eng/xwfw_665399/s2510_665401/2535_665405/t1157520.shtml.
Obama’s team…promptly threatened to impose sanctions: Julie Hirschfeld Davis, “Obama Hints at Sanctions Against China over Cyberattacks,” New York Times, September 17, 2015, www.nytimes.com/2015/09/17/us/politics/obama-hints-at-sanctions-against-china-over-cyberattacks.html.
Susan Rice, Obama’s national security adviser, was dispatched to Beijing: David E. Sanger, “U.S. and China Seek Arms Deal for Cyberspace,” New York Times, September 20, 2015, www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html.
Obama told American business leaders: Ibid.
Obama had invited all the Silicon Valley royalty: Gardiner Harris, “State Dinner for Xi Jinping Has High-Tech Flavor,” New York Times, September 26, 2015, www.nytimes.com/2015/09/26/world/asia/state-dinner-for-xi-jinping-has-high-tech-flavor.html.
It seemed to work right away: Most government officials believe there has been a significant drop-off in state-sponsored theft of intellectual property. But at a briefing for reporters in late 2017, CIA analysts declined to say whether they saw any improvement. By 2018, a number of experts believed that Chinese hacking was virtually undeterred. Others held that the Chinese simply changed tactics, investing in American technologies, as described in chapter 11. See David E. Sanger, “Chinese Curb Cyberattacks on U.S. Interests, Report Finds,” New York Times, June 21, 2016, www.nytimes.com/2016/06/21/us/politics/china-us-cyber-spying.html.
CHAPTER VI: THE KIMS STRIKE BACK
had already written a searing letter of protest: “North Korea Complains to UN about Film Starring Rogen, Franco,” Reuters, July 9, 2014, uk.reuters.com/article/uk-northkorea-un-film/north-korea-complains-to-un-about-film-starring-rogen-franco-idUKKBN0FE21B20140709.
North Korea began issuing threats against the United States: BBC News, “The Interview: A Guide to the Cyber Attack on
Hollywood,” BBC News, December 29, 2014, www.bbc.com/news/entertainment-arts-30512032.
Kim Heung-kwang, a North Korean defector: David E. Sanger and Martin Fackler, “N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say,” New York Times, January 19, 2015, www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html.
Jang Sae-yul, a former North Korean army programmer: Ibid.
“If warfare was about bullets and oil until now”: David E. Sanger, David Kirkpatrick, and Nicole Perlroth, “The World Once Laughed at North Korean Cyberpower. No More,” New York Times, October 16, 2017, www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html.
“There was an enormous growth in capability”: Ibid.
“they have one of the most successful cyber programs”: Ibid.
the project was canceled: Ibid.
began peppering Clapper with questions: Siobhan Gorman and Adam Entous wrote the first full account of the visit: “U.S. Spy Chief Gives Inside Look at North Korea Prisoner Deal,” Wall Street Journal, November 14, 2014, www.wsj.com/articles/u-s-spy-chief-gives-inside-look-at-north-korea-prisoner-deal-1416008783.
“spent most of the meal berating me”: “Remarks as Delivered by the Honorable James R. Clapper Director of National Intelligence,” Office of the Director of National Intelligence, January 7, 2015, www.dni.gov/index.php/newsroom/speeches-interviews/speeches-interviews-2015/item/1156-remarks-as-delivered-by-dni-james-r-clapper-on-national-intelligence-north-korea-and-the-national-cyber-discussion-at-the-international-conference-on-cyber-security.
likely knew a lot about the Sony hack: American intelligence officials wouldn’t conclude this until after the attack had happened.
justified the United States’ failure: Rick Gladstone and David E. Sanger, “Security Council Tightens Economic Vise on North Korea, Blocking Fuel, Ships and Workers,” New York Times, December 23, 2017, www.nytimes.com/2017/12/22/world/asia/north-korea-security-council-nuclear-missile-sanctions.html.
The Perfect Weapon Page 37
