Zero Day - China's Spies and Cyber Wars | T.L. Williams

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] welcome to the International Spy Museum my name is Vince Houghton I'm the historian and curator here at the Museum welcome all of you to one of our programs we do here for trying to provide a way to expand the subject matter of the museum to an audience in a way where we can have real concrete deep conversations about some of the key issues that are facing the country today if you want to take a look at if you haven't had a chance to at the back table or the programs that we have for the rest of the summer very soon our communicate for the Fall will be coming out and this summer is somewhat sparsely populated with programming the fall is chock-full of stuff so if you're going to be around in the fall take a look because we do stuff at least once a week going out through the fall it's rare we do a lot of historians we have a lot of people talking about the past and history every so often we get something that's not even the present it's almost talking about the future and cyber is something that you can't pick up a newspaper today without reading a story about it and unfortunately most people and not the people in this room but most people in the world don't really know what they're reading when they get it when they're reading stories about cyber whether referring to it as the cyber or I'll be honest my parents think when you turn on a computer it becomes cyber and unfortunately that's a lot of the population but the good news is there's accessible books there that aren't textbook E and they aren't trying to give you facts and shove them down and throw their fun novels with amazing narratives where you read them and you enjoy the story and then all of a sudden you realize you've learned a little bit and you want to kind of hunt down more information about some of the stuff that you've seen in there and that's what this book China cyber wars is we get a lot of I get a lot of books to galley prints and most of the time I throw novels into the trash just because we don't do a lot of novels here at the museum because we have so many great nonfiction books that we want to focus on but every so often a novel will come around that kind of takes you know the fiction to a next level in it yes this book is completely fiction these are not true stories but they're so deeply rooted in truth that you can you can start learning real things from them and that's why I didn't throw this one away I read it past the first page and we're I'm glad we did so let me introduce to you our speaker tonight teo williams some of you may know him as terry TL served as an Operations Officer at CIA for more than three decades until his retirement in 2009 he served in senior assignments abroad as well as senior positions here at Langley he had eight foreign field assignments everywhere from Asia to Europe Eastern Europe and the Americas and in three of the assignments he served as the the senior US intelligence person in the entire country sometimes they call this chief of station it depends on where you are at Langley he actually served as the deputy division chief for counterintelligence so very high position at headquarters as well not only does he speak Spanish which apparently he learned in the Peace Corps if not before that or growing up as an Air Force brat but fluent in Mandarin and Chinese so he doesn't just write about China he knows it very well his first two novels this is his third Cooper's revenge and unit 400 actually deal with the Middle East and paramilitary operations but this novel zero-day shifts the focus to East Asia to look at cyber espionage against the United States I won't go too far beyond that other than say it's a combination of two perfect things a Beach read as as Terry will tell you but also something where you're going to want to know more and you can't ask for anything better than that so without further ado let me introduce you tl Williams cheering how's it going we're good a little mic test here just to make sure that I'm on can you hear me am i projecting okay first of all thanks commence thanks Amanda and the International Spy Museum for putting this together for for me and thank all of you for coming out tonight I really appreciate it I thought what I would do initially is I'm going to take a little on a little detour before we get to the cyber piece because I want you to kind of understand where I'm coming from as a as a former CIA officer and as a as a writer who's been informed by that experience and some of the images and the people and just the whole agency experience that I had before I started writing in roughly in 2009 so we're going to do a little detour through that I'll share some of that imagery and some stories with you to set the scene and then we'll what we'll do is we'll talk about my first assignment in Beijing and how I began to develop a sense of China as a surveillance society and put that in a historical context in terms of why China hacks today and I think you'll find it interesting and we'll take questions afterwards and off we go so I you know my sense is over the last few years in particular it seems like we've been inundated with cyber new cyber bad news we had the DNC hack in 2016 and and that was in the papers that was all anybody was ever talking about and right now we're in the middle of a want to cry the hack it's a ransomware attack that's going on and it's affecting millions of people we had a major Chinese hack in 2015 of OPM where 20 25 million records were taken by the Chinese and it just seems like it's a constant onslaught I don't know I mean it's that the impression you get to that's what I certainly was feeling and even earlier in 2013 I the confluence of a lot of things that were happening in China and all this hacking got me to thinking about writing this book so let's give you a little bit of context and I'm going to read some snippets from from the field I call them notes from the field and we go back to one where it begins this way today we parachuted behind Japanese lines with a new OSS unit supporting partisans the commander in the theater was Lieutenant General Joseph Stillwell he wasn't that excited to see us he's more of a conventional military guy and we're more about guerrilla warfare and non-conventional warfare we're here to gather Intel and we're here to work behind Japanese lines against the Japanese hey I was Stanley Birdman OSS 1942 and then there was this one I'm rushing at breakneck speed to the international police force headquarters in Sarajevo I just received sensitive intelligence that there's an assassin on the loose who's making his way into Sarajevo to assassinate Pope John Paul the second I reach out to the head of the international police force at their headquarters we get the information into the hands of all the police on the street we put up a predator aircraft and on our way back to the base there's word that a massive bomb was discovered beneath a and embankment on the road leading from the airport into town it turns out that maybe all that extra police attention the scared the assassin away anyway that Pope had a good visit he left the next day without incident I was from Terry Williams in Bosnia and Herzegovina in April 1997 and then there was this one I sat down with some maps and walked the president through our initial strategy we're going to drop commandos CIA and Special Forces behind Taliban lines in Afghanistan we're going to become insurgents lashing up with tribal leaders and within 90 days subvert and overthrow the Taliban and we're going to take out a lot of al-qaeda and and in the process I was from Hank Crumpton CIA in 2001 and then finally there was a Smith of cyber makes it possible for our adversaries to sabotage our vital infrastructure without ever landing an agent on our shores how we rise to the challenge of fighting the cyber threat will determine the extent of our future the Directorate of digital innovation will accelerate the integration of our digital and cyber capabilities across all the disciplines that we have at CIA espionage all source analysis liaison engagement and counterintelligence I was from former CIA director John Brennan in July of last year so I wanted you to get a little taste of some of the experiences that CIA officers including myself have had at the agency dating back to the OSS days and in the 1940s so that you could get a glimpse of the history and kind of a feel for what it was that inspired me as I ended the career at CIA and began to think about writing about some of those experiences in a fictional context I knew Stanley Bergman Stanley Bergman had parachuted behind the Japanese lines into Burma he was sitting in East Asia division when I walked in the door the first day that I was in the division and greeted me and we and we talked Chyna's stuff and we we just had an amazing relationship over the ten years that that he lived after that I knew Hank Crompton I was a field commander and in the field and Hank ran a division at headquarters in he supported us and so I got to know Hank Crompton pretty well and I know John Brennan John Brennan and I were classmates that came into the agency in 1980 together he went a little bit further than I did he became the director of the CIA but the point that I want to make is that there's a history there and someone like Stanley Bergman who was parachuting behind japanese line 75 years ago could have imagined that you would need something like a directorate of digital innovation today and where you have a threat that's not at some front that you can't see or somewhere that you don't recognize but they're in the very space that you occupy so i got to figure out this flying thing here if you'll just bear with me for a second let's try this okay one more all right i'm going to need some technical assistance okay there we go sorry so i was as i said earlier i was inspired to write this story beginning in 2014 because of some things that i saw happening with china in the world and the number of cyber breaches that we were beginning to hear about that were becoming more and more frequent and one of the things that interested me and i came up with this idea of having having the story be about china doing a zero-day attack zero-day attack being an attack against a sort of an unknown weakness in a system against our monetary system was that I saw China doing a lot of things that hadn't done in the past to shore up its its its place in the world its place in the financial world it was doing things like in in trade where there were dollar denominated accounts to the you know to the billions of dollars they were taking the dollar out of play and replacing it with the renminbi and other convertible currencies so with some of their key strategic trading partners the US was being marginalized now the CIA analysts and others probably had a little bit different view than Wall Street on that I'm not really sure how who is more bullish but the point was that this was a move that they were taking to try to marginalize the US dollar they were becoming much more aggressive about joining international for monetary for you know and and basically their their role in the international economic sort of community seem to be rising at our expense in some ways you know for a former CIA operations officer writing spy fiction as a double edged sword excuse me in my case I had 30 years of operational experience conducting operations as a Deuter operations office officer and eventually ending up as a as a chief of station in several countries and what that does for you is it gives you a degree of authenticity and your writing you know you've been out there you've walked the walk you've talked to talking and so that you have a certain amount of creds credibility when you when you write on the other hand there's an ethos amongst intelligence officers about you know what you do with those experiences that you had as somebody inside the building we believe in things like need-to-know and protecting sources and methods and those are germane they're really key to what intelligence officers do and sign on to when they become employees at CIA and so and with this book in particular and with any aspiring author one of the things that the agency has done to safeguard that that process is they've set up something called a publications review board which is designed to make sure that no classified material creeps into your manuscript excuse me for a second we did an hour podcast before beforehand I'm a little dry and so normally the agreement that the agency has with employees is that this process will not take any more than 30 days and with my two previous novels that was the case 30 days for both Cooper's revenge and you know 400 the assassins this novel took two years two years um you know when you've been an employee in a place like that um I mean for me in particular I didn't want to get into a confrontational relationship with the agency because I love the agency I love my experience here so we tried to work through it and it took two years to work through the process and I never really at the end of the day got a really good explanation for what their concern was but I think and I used to think about this as I was going through the process I thought well let's see in 2015 when this book would have been coming out President Xi Jingping from China and President Obama then we're signing out a no hack pact in which both sides agreed not to hack against economic targets and in fact China did subsequent to that much although many people divided the fact that that they had signed us did seem to divert attacking away from US economic targets and maybe maybe two other targets we're not really sure so I thought well maybe it would be inconvenient for a book critical of China coming out at that time you know talking about Chinese hacking would be coming out and so that was the concern but that didn't seem to be the case I thought well maybe you know I talked about a covert action which we'll get into a little bit later method in the book and I thought well maybe I stumbled into something that they're actually doing and something other all these questions ultimately I I believe an article that appeared in The Washington Post about two months ago may really be hitting closer to home and and this is an article that talks about a really serious counterintelligence blow to CIA CIA's China program I don't think the agencies commented on it and they wouldn't appropriately but if that's true then that would make sense to me a book that talks about you know people say I kind of write close to the line in terms of revealing tradecraft and things like that but it's possible that that may have been the concern so it's hard to know but anyway we were really happy that they said you can go ahead and publish it and and that happened this February so with that as a but as a backdrop I'd like to spend a few minutes talking about CIA the place give you some images of CIA has anybody here visited CIA headquarters or ever been there ok so we have some people that have been to CIA headquarters a lot of you haven't I'm going to show you a few images of CIA that kind of are things that really stuck with me as an employee and later on as a person things that influence who I became as a writer and let me let me see if I can advance this all right when you walk through the front door of CIA headquarters the first thing you see is this emblem this is an amazing thing to you know walk into every morning and that emblem symbolizes what we're all about it says the Central Intelligence Agency United States of America and it has three symbols on there the eagle at the top represents strength the shield represents the defense of the nation and a 16 point kaapa star that you see there represents intelligence emanating from around the world and so you know you that's our mission and and and you you know you're seeing that every day when you walk in and then to really make you understand the gravitas of that mission and the commitment that people make by agreeing to work at CIA we have a memorial wall on the right hand side over there you can you can see it and on that wall it's made of white Alabama marble today there are 125 stars on that wall representing 125 CIA officers that have given their lives you know in pursuit of their mission for CIA those stars are flanked by two flags you have the US flag on one side the Central Intelligence Agency flag on the other and you have a book of honor just below the stars and in that book each star is marked with the date that person gave their life and in some cases the names appear but in other cases the names will forever not be there because for whatever reason there they're a secret so those are those are images in the building I'm going to show you a few images from outside the building that also really impact historically who we were in and and it's just imagery you see all the time you know I've been to lots of industrial campuses business campuses university campuses military complexes or whatever and everybody has their history and they have their they had their things out there but these are really really special this is three partitions from the Berlin wall and they were taken from the checkpoint charlie portion of that wall and I think it illustrates the depth of commitment CIA and many other American organizations were making in pursuit of the fall of communism in Europe you walk down a wooded path from the parking lot and buy this on your way into the front entrance so it's kind of an amazing thing to see every day and there's this gentleman who's right outside the building this is Nathan Hale Nathan Hale who famously said I regret that I have but one life to lose for my country Nathan Hale was a captain and George Washington's Continental Army and lost his life he was the first u.s. intelligence officer to lose his life hang by the British for committing espionage it just kind of grabs you when you walk by him and it's in there and this is the last image I'll show of this is in a parking lot in the north parking lot of CIA headquarters and this is the kind of show the the depth of on Genoa dodging annuity that we have at CIA with the lash up between the agency and the private sector I think this is with Lockheed this is an AR 12 oxcart reconnaissance aircraft capable of flying at Mach 3.2 that's a little over 2200 miles an hour at 9,000 feet and so these are the images that I I was surrounded by you know as I was working there and they're the things that I take away from me from from from my experience so how did I fit into the CIA I I retired as a senior operations officer in 2009 and no ops officers kind of view themselves as the fighter Jack's of the agency I'm not sure all the other directorates really believe that but we kind of thought everybody else there was there to support us that would be the director of the Science and Technology the Directorate of intelligence and the Directorate of logistics or support and so we thought those guys were there to support us we were the Directorate of operations and we were out there recruiting spies and doing God's work so what actually is the mission I'm going to give you a quick slide on the mission you can read that that's the mission CIA's mission statement today preamp threats of further US national security objectives by collecting intelligence that matters producing objective all source analysis conducting effective covert action is directed by the president and safeguarding the secrets that keep our nation safe I think most of that is probably a pretty clear a lot of people aren't clear on covert action and I'm just going to speak about that for a second because I I do have a covert action piece in my book and you know all countries have various means that they use to pursue their relationships with adversaries and with allies you know first off we have diplomacy oh and that's where we like to keep it we like to we like it when the diplomats are able to get it done and and everything is working sometimes it breaks down and then we end up doing things like sanctions and when it really gets bad we go to war well there are times when going to war isn't really what you want to do and so that's where covert action comes into play and covert action is a special authority that the president typically has given to the Central Intelligence Agency to conduct with the coordination of the National Security Council and normally I mean the thing with covert action is you want to downplay or completely mitigate any chance that the u.s. hand will will show you you don't want anybody understand that the US was involved in this there could be an element of lethality that means people can get killed and it has to represent an action against something that represents an imminent threat to US national security so that's the covert action piece and that's that's a big part of what CIA does so following I spent about three years before I went out into the field and we'll get into China in a second but a couple of years doing Chinese language and some paramilitary training and then CIA has a special course in operational tradecraft for its officers and like any Enterprise spy craft is something special there's been a lot written about spy craft you've read john locke air carry novels and other novels that talk about surveillance detection runs and things like that but it's basically the tools that you need as a covert operator to operate effectively in a foreign field and keep your sources safe and secure and to be able to deliver intelligence to your customers so with that you know all that training we're ready to go off on our first assignment and the first assignment was going to be in Beijing China the country we as a family ended up in Beijing probably in late 1983 84 my wife is selling 84 she's better at this stuff than I am that's because I was in training for so long I forgot what what year it was 1984 and I began to develop a sense after after being there just a short while of of China is what I call a surveillance society and this is something that ended up informing kind of the research I did for this particular book but but my view of certainly that experience that it was really you know surveillance 24/7 and the thing I would say too is that and this was kind of surprised to me the Chinese knew who I was before even set foot in China how did that happen I was betrayed by an insider and you know it was I mean it was just a really strange thing there was a double aging case that was being handled handled out on the west coast and involved a Chinese asset named parlormaid this is all out in the presence and the officer that was handling this asset conveniently left my file with her for an afternoon in and so she reported it back to Chinese intelligence and so Chinese intelligence already had booked on me before I even set foot in China tell me was that going to make my job difficult here's what it was like being in China our family being in China at that time and how I began to develop this sense of China as a surveillance society we lived in an apartment building and there was 24-hour coverage in that apartment building audio coverage so you would see the listeners coming in in the morning with their headphones falling out of their Beijing bags and they would they would come in and they were either monitoring live or monitoring tapes up in a facility that they had and so it affected our behavior how you know what you're having a fight with your wife or you're having a discussion about finances or what if somebody has a drinking problem whatever it is you can't talk about that in a normal way in that environment because you're afraid that you're going to give something to the Chinese and they may be able to use it against you it isn't just the Chinese it could be in any any any place when you're working where you might be under surveillance in our case we were in China and so so we knew that we were under surveillance pretty much 24 hours a day and so we if we were having a fight we would take it outside the parking lot and they would see us or our back and forth in the parking lot but rarely would we have that kind of a discussion in apartment as soon as we walk down the stairs and out the front door of our apartment the people's aren't police standing there would pick up a phone and qualify call a mobile surveillance team to tell them that we were on the move it didn't matter if we were just going a few blocks down to the Embassy or if we were going out to the Great Wall for a weekend and a picnic and just kind of a little jaunt along the wall they would be there with us that surveillance team would have mobile surveillance in there there would be foot surveillance there would be motorcycles there they were all over us they would just follow us around and around town there would be static surveillance at police kiosks in those days I don't know if it's like that now I haven't been back to China in a wild day at police chaos there would be surveillance standing there calling you through every intersection that you went through to the next intersection in case the guys that were mobile behind you had somehow missed you around the city there were block committee block I don't even what you would call and block committee heads who were responsible for what was going on in there committee and rather in their in their block and it wasn't just directed at foreigners it could be directed at other citizens that lived there if they were doing something they felt was untoward or unpatriotic or whatever it got reported up I can't tell you how many times I'd be walking around and I'd get a thump on this chest you know what are you doing asking for my passport and I would say go away you don't have any authority and but you knew it got reported up at that time this was in the early 80s there were so many closed cities all over China you couldn't travel anywhere without getting approval from the Foreign Affairs Bureau and then you would be accompanied when you when you went to those places by representatives from foreign affairs so there was a lock on you 24/7 as a and I wouldn't say all diplomats got it a lot of you know active actual State Department officers would get surveillance like that too if they were out about talking to people and the Chinese were nervous about that so understanding how the surveillance acts and and and and and kind of how they treat you really helped me as I was sitting down to write this book and and I was deploying a young CIA officer into China to do to do covert operations to be able to depict that in a way that was realistic but having them walk the line that I wasn't giving away tradecraft that I promised I wouldn't reveal and so just a second about how I do that while I'm sitting down looking at and I'm researching you know I've got a separate computer going on as I'm writing and I'm researching a piece out I'll say okay I'm going to write about surveillance detection well that's kind of sensitive stuff and I know Google's surveillance detection run and maybe I'll get twenty five thirty thousand hits right away and it I mean it talks in great detail about surveillance detection so I figured uncomfortable talking about that that's out there something else that might show up maybe it's just mentioned incidentally I'm looking for another piece and it was revealed in a in an open hearing or it was leaked by somebody I wouldn't feel comfortable using that in my book until I would stay away from something like that so I you know you're constantly going through an evaluative process can I can I use this should I use this am I being true to myself into the agency and then that kind of dialogue inner dialogue okay so I'm going to move into a little bit of talking about China as a surveillance society from the historical context and you know I came to this view and I started thinking about we we got to China it's just a few years really less than a decade after Mao's the dole had passed from the scene you know and a lot of people have today I'm American have certainly heard about Mao Zedong they don't know a lot about I mean the whole historical context the role that he played in China well you go to Tiananmen Square and you still had that big picture of Mao Zedong sitting there so it says something they think something big about methadone mal was a revered and a hated figure in Chinese society I'm being revered because he you know basically he fought with the Nationalists for a long time against the Japanese they kind of formed this uneasy alliance for a while and he was out there as a guerrilla fighter and eventually you know the Communist Party was building up its strength and mal rested the power away from the Nationalists Chiang kai-shek went off to Taiwan and and and and mal was there you know as the leader of China communist China now a lot of totalitarian societies and I and I would say this is pretty much a totalitarian society employee things like surveillance and use ratting out your neighbor techniques to kind of keep people on edge but now was I think in some ways he was very uncomfortable with his hold on power and so there were a series of campaigns that he did over the course of his leadership in China you know the hundred Flowers movement for example that began in 1954 where he encouraged people to openly express their views about the Chinese Communist Party what did you really think about the Chinese Communist Party and at some point he was basically turned out against them and so people who had voiced negative views about the party or opposition to the party found themselves in real real hot water later on there was a move in fifty-eight called the Great Leap Forward this was a disaster for mal I I mean you know it was it was meant to be kind of a social and political development thing that went on for four years millions of people ended up starving and and Families falling apart it was just a horrible time for Chinese and then little bit later you had the Cultural Revolution which was a ten year just disaster where you know you had red guards taking on class warfare people were fighting against each other and the society was just at odds I would say I mean if I were to throw out some adjectives about what was going on during Mao's tenure then there was it was very insular not only just in floor sort of China insular within itself but it was very little foreign contact really there was class warfare you know you were pitting intellectuals against workers farmers the military kind of managed to stay out of that part of it but once these other groups they were really clear line so there was a lot of distrust amongst those groups Chinese society was not a cohesive coherent Society it was deeply agrarian there was stark privation I mean it was a very poor country there was a lot of corruption you can imagine in that kind of a situation where it's hard to get anything done people began to have guanxi networks quantum eating relationships and this is even true today Chinese really depend upon Wan Chi to make things happen they use they like to go through what we call the whole one which is a back door Chinese would rather go through the back door than the front door to get things done and so this is a probably 50% of Chinese society today maybe slightly less 48 percent grew up in this mal influenced era they were either born in that era they lived in that era that was their worldview and and so a lot of that kind of surveillance stuff that I'm talking about against each other I think really took hold you know the other thing is I Chinese worldview if you talk to Chinese Chinese are very proud of their country and they're very proud of their thousands of years of history oh they'll tell you you know we've got three thousand years of history here rue were awesome yet that doesn't really stand up or at least in the timeframe that I'm talking about it didn't stand up to where they were in the world then so in ninth in the late 1970s you know China in China was it wasn't doing that great well they were about to have a big surprise somebody else came on the scene this was done shouting it was a couple years later and and so what's going to happen in China I think at that time it's very different from what was happening during the MAL era and roughly fifty percent of the population in China today was influenced by the policies in either were born or grew up sort of doing this this period came of age during this period probably one of the big things that dong did was he established the one-child policy China was at a point in its history where was they were struggling they didn't have had enough really food to feed their own population and so they had to do something joconi and that one-child policy was instituted well what happened with the one-child policy it created a class of people that you know in the upper reaches they called the princelings you had young people growing up in families where all the love and attention and care and resources were lad stealing one child so they felt really special there was a mandatory education for the first time it was only up until the sixth grade but it made people think and Chinese the Chinese people love education they love they love schooling or I should get through some slides here hold on second I'm going to show you now we've already gotten pest now we're going to we're going to get onto dung here sorry about that so there were some technically sort of competent people beginning to rise at that time because they had the opportunities that weren't there before and I was fortunate in the sense that it was happening around the time that computers were beginning to come into play and and I get it that in a second in terms of how that that plays with this prior period some other things that we're having in their dung time and in a leadership role was China began to open up to the west and I did that in a lot of ways they opened up something like 13 coastal cities to you know as sort of free trade zones foreign direct investment in China was allowed the first time and I mean probably since back when they had concessions the who let's see what else China they did a new constitution and China was pursuing a membership in organizations like the WTO and international organizations so China was starting to feel good about itself now they had 18 percent population during a lot of this period but another characteristic that remained the same was there was still a lot of corruption and that's not that's something that hasn't gone away even to till today so the point I guess I want to make at this point is how how is it that these two different sort of radical experiences that Chinese were having under mal and dong how do they kind of come together in a way that has China occupying the cyber space that it occupies today so in in the 1980s early 1980s roughly then computers were coming into existence I remember we were we were in Beijing and I had a I had a tvy to Hong Kong and went down to Hong Kong and I bought it I bought an Apple computer for the family bought it back I couldn't figure out had a booth and sign up and and my young son who's no strapping young man sitting over here was about five at the time said oh I know how to do that dad I said why yeah he said no I didn't he came over cut a couple of the keys and boom we were up and running so that was a lesson learned but you know computers like that weren't available to Chinese families the way it was to us but computers were making an appearance in Chinese institutions and universities and think tanks and places like that the military certainly had computers and so they were beginning to to show up and in the 1990s the world when the wide world web basically came online and so you have a technically savvy group of people with access to computers and the world wide web coming online and a thirst to kind of reach their destiny in a way that they haven't been able to in the past over layered by the surveillance mentality and I want to tell you that some guys said you know Tiger Hadley that's what we've got to do and so why does China hack now it's interesting I I put its number one reason why China hacks economic game and I had lunch with a friend of mine who's another State Department colleague in Beijing at the same time I was there who sort of semi poo-pooed this today when I ran it by him yeah he said you know the Chinese are doing a lot of their own research and development so they don't really need to steal technology from the US but I'm here to tell you that they're still doing it I'm they may be dual tracking it they may be developing their own technology but one of the reasons that China hacks is because it's easy for them you know what they do you'll you'll find at any given time and I'll talk about some of the players in a minute but at any given time there are literally thousands of hacks going on against US companies think-tanks unclassified networks government networks I remember taking the u.s. cyber czar to a conference it was it to a deputy ministers conference in a country that will remain unnamed and she got up and said we are bleeding we are bleeding across our networks all of our networks to an extent which you know I can even go into and they sat up and took notice so it makes it easy and we can talk a little bit about the reasons why US cyber policy is kind of leftist in the situation we're in right now but there's no downside for China China hasn't suffered any repercussions really big repercussions for its hacking they're able let's just take an example and one of the big things is going after intellectual property so they'll come into an organization they'll hack into it let's say it's Cisco Systems and they make routers they go in there and they basically steal the technology for making making the newest and greatest Cisco router they don't have to cover the R&D that went into that and they don't have to worry about a lot of the licensing and things that maybe the US manufacturer has to think about and so they're able to skip all that go right the market and undercut the u.s. cost for that product internationally and this happens over and over and over again one economist that I ran ran across while I was researching this made the comment that stuck with me and I repeat this all the time basically said the net result of China's cyber hacking has been the largest transfer of wealth in history and I mean we're talking about hundreds of billions of dollars and it's getting worse and I guess the last point I would make on this is that there's no real downside in terms of sanctions or response from from the US I in 2015 five People's Liberation Army officers who were identified as having hacked into some US illegally hacking into some enterprises in the u.s. were issued indictments by the US Justice Department those guys are never going to jail in the US are never going to be tried in u.s. they're not coming to the US and so the net result is it's kind of a paper paper line the Chinese will sometimes I think in negotiations come back to us and say you know why don't why don't you remove those indictments it's kind of embarrassing there's no proof of this but the indictments are still out there but I don't think it has any real teeth now one of the other reasons China hacks is I think it's sort of military probing in a sense this is a quote from a famous Chinese general from the sixth century BC sunzha who is famous for having written a poem called the art of war and one of the things that Soto said that's really interesting is in war the way is to avoid that which is strong and strike that which is weak so you make sense to me the point is even though China has a larger military than we do I mean they're probably at 2.3 million including reserves we're at 1.3 we spend roughly 3.3 GDP on military China spends about 1.3 our capabilities our military capabilities warfighting capabilities are our Air Force or Navy is much stronger than theirs trip China is not going to go toe-to-toe with us in a conventional war because we're strong and they're weak in a sense but they have found our Achilles heel and the cyber world and even though we haven't really seen any major Chinese hack against you know you know like a satellite system or something like that what we have seen a lot of our probes China will probe our infrastructure which could have play a military role you know you wonder sometimes about when the lights went on in New York or or when that oil pipeline delivery system went down or something happening with the water supply someplace we don't really know you know there's this very strong sense in the evidence points to China being in there doing that but we don't know what they were doing in there were they planting a little bomb late so that you know if the time comes when they really need to act and feel that they're threatened that they can do that are they just testing a capability what's going here do this and and and see if it's something that we could do if we decide we have to at some point so there's a lot that's not known about China's use of cyber warfare to conduct actual warfare but I think this is a philosophy and and that's where they're coming from the net on that piece and then I would say the other one that's pretty big as internal controls you know China is not a free society we're open to you we're used to having kind of free flow of information here getting what we need you know click on your computer get your New York Times your wall street journal whatever is you're reading and it's there there there's a lot of censorship in China even today and although some in China are allowed access to virtually anything they want to see it usually people in leadership positions are people who are in a position to influence industries where that information would be needed the average citizen doesn't have that and China does exercises they have something called the Great Firewall of China named after the Great Wall and it acts much in the same way it keeps the bad guys out and the Chinese in and and never the twain shall meet even something like the New York Times they tried to circumvent this once a few years ago they did a a mirror copy of the New York Times in Chinese on a US web hosting site called github and with the hope that Chinese be able to access it and be able to get that content and they're mostly concerned I think about dissidents and people who are detractors China took that down they took that web hosting site down right away they were attuned to it that's Chinese surveillance out there looking at internal controls making sure that the content that they want out there the message they want the Chinese to receive is is their message not some something that's coming from the West so who are the perpetrators who's doing all this stuff all right this is a big one this is the People's Liberation Army General Staff Department and it's to PLA you know there's been a really interesting piece that was done on these guys by a gentleman named Mark Stokes so if you're interested in it's like I commend this to you it was he he runs something called the 2049 Institute and in 2015 Department he did an overview of this organization very detailed down down into the weeds to explain where they are and what they do excuse me for a second and I'm going to I'm going to put the salt just for a second not that I'm going to go through it or that I want you to really focus on it but I want to show you how how complex this organization is so each one of these boxes on this wiring diagram represents an office that's led by a battalion level commander so you know battalion is like a thousand two thousand guys or whatever so they're mainly based in Shanghai but they are also around the nation and there is a cyber security firm called mandiant they're here in the Washington area and I think is well on the west coast and they have characterized hacking organizations in China the most critical ones I think 20 of them with the nomenclature advanced persistent threat X and this organization is apt one advanced persistent threat one this organization has shown the will and the capability to hack I mean have a one hundred and twenty two hundred twenty five major cyber operations going on against up to twenty two industries in the u.s. at any given time and what's interesting it's getting a little bit better but going back just a few years ago it was typical for them to be lets say they invaded a major enterprise they could be in there for up to a year and they wouldn't even know they were being had and they're in there just copying everything doing whatever really does they want to do with that organizations network and so they are they're the big players next I would say these guys Ministry of State Security and Ministry of Public Security they come at it from a little bit different perspective but in terms of government organizations they are they're out there they're very persistent and prevalent the Ministry of State Security it might help you to think about them a little bit along the lines of oh they're a little bit like a same mission that the CIA has its foreign intelligence they're overseas they're collecting and they tend to have a little bit more they're a little more suave than the public security people they have access to more foreign currency there there's access to foreigners who can fill facilitate what they want to do on the hacking front and a lot of their efforts are directed against us and against other non China parties the Ministry of Public Security on the other hand and that's that's who I chose to be sort of the bad guys in zero day China cyber wars are there all pervasive in China Chinese society they have technical surveillance bureaus all over the country they have they have a presence all over the country and although they're not known to really do cyber attacks against foreigners it's more of a domestic I think control type of thing I chose to use them because it was fiction and I could and I don't want to be too predictable I had them working with a rogue governor from Sichuan province and a rogue Minister of Public Security in Beijing who had aspirations to be in the Politburo and they somehow conspired to come up with this attack against the US but they certainly would be able to mount that because of the expertise that lies within that organization a number of people that they could bring to the to the problem independent hackers now this one sort of surprised me I you know you think about Russian hackers for example independent hackers are maybe Russian mob that kind of thing these are guys who go to the office in a suit and tie they are it started off probably in the 90s once the sort of the world wide web came online as they call them the Red Army in the green army and they were patriotic hackers but of late they're they're more in it for the money and so you know they they get technical degrees they tailor to become hackers the white hat hackers black hat hackers they get picked up by some of the organizations that I mentioned before or actually Chinese companies will pick them up and it's not all hacking against the USA might be hacking against other Chinese companies and so they are they are big players in the hacking world there and there's an army of them there there are lots of people trying to do hacking and quite capable they have the skills and then academia I was kind of surprised as I looked into this how kind of complicit academia is in this whole matrix and part of it is Ministry of Education and universities they sponsor hacking contests and so you know they'll be prizes there may be a recommendation to you know to the to PLA for a job something like that and so there's a lot of enthusiasm generated through these contests a lot of people end up taking taking these programs and and and trying to pursue that I was reading a report from a journalist who attended a software conference in China year two ago and he was having a conversation with a young hacker who confided to him that he was making a hundred grand a year hacking now you know Chinese don't make those kinds of salaries the entrepreneurs are making big bucks but the average person in China is not making hundred grand a year so I I was stunned at the the amount of money that that this young person was making and there's almost a there's no negativity associated with hacking in China software developers develop hacking tools which they proudly present at these conferences and and say you know the pitch is you're going to be able to get into your competitors system using the software it's great so that's kind of that's what I wanted to talk about in terms of my view on Chinese hacking today and you know where we go from here as a nation that's a big question I've had a lot of a lot of questions from people about what we need to do as a nation because people have said that the next big war is you know it's not going to be World War three it's going to be World War C world war cyber war and I think one of the problems we have in this country is there is a inherent almost distrust between the citizenry and the government on cyber matters I think a lot of this goes back to post 9/11 when law enforcement and intelligence agencies were given special authorities to collect more for security purposes and there was a lot of incidental collection and and people felt that their privacy was being invaded so as a tough tough tightrope to walk how do you you know how do you not impede law enforcement from doing its job or intelligence agencies from being able to pursue that intelligence while at the same time assuring the citizens that their rights are not being trampled on and so I think there needs to be a discussion between citizens and government state government and federal government on this I think we need to start including cyber education and element three schools I think people need to be need to buy into a cyber security awareness program and we need to practice good cybersecurity at home and in the workplace if you don't need to have sensitive information on your computers don't have it on there put it on Santa loan systems or put it on a separate Drive type of thing and and you know update your passwords and do all the things that the cyber security people will tell you to do so that's about all I have I will be happy to take your questions now remember I'm not a cyber expert so if you throw it is not only any curveballs I'm not going to be able to answer them but if you happy to take questions if anyone has any questions for me yes sorry thank you thank you thank you my name's Dee and you served many years of the CIA is being just to know how you got got into that job there might be some young people here who I work for the CIA how did you get into working for the CIA okay well you know I wasn't one of these people that grew up and said I always want to work for the CIA actually I used to always want to work for the FBI because Eliot Ness was so cool we had my wife and I met in the Peace Corps in Colombia and even before that I had I'd spent some time overseas my dad was in the Air Force and so I I spent four years living in Spain as a child so I was predisposed to wanting to have an international kind of life work life so we after the Peace Corps we we did some teaching we taught in a number of places Iran Guatemala Japan but I wasn't getting the satisfaction out of teaching that I had expected and so I began to look for something else to do and frankly CIA didn't come I mean it just didn't come to the floor for me right away I was we were living outside of Boston and I saw an ad in The Boston Globe advertising for applicants for the CIA and I thought wow that's so cool and so I pursued that it took a year of the whole process took a year of just applying and the security background checks and all of that and 30 years later Here I am so yeah that was that was pretty much my process some people have cool stories like you know an uncle that used to work for the CIA comes out of the room and says I want you to meet somebody no that didn't we were teaching English as a Second Language we did a master's degree in that after after the Peace Corps and talk we were teaching and actually a lot of the sort of background for the first book that I wrote cooper's revenge comes out of our experience in Iran we were teaching for Bell Helicopter to a subsidiary and we were teaching helicopter pilots and mechanics so it was kind of interesting experiences but it wasn't enough to keep me in the field I wanted something different that answer your question yeah okay anybody else don't be shy really yes when you were living in China you described the surveillance that your family experienced did you always have the sense that it was out in the open or did you ever get the picture that there was more going on than you could see it sounds remarkably upfront yeah I mean this is a big question part of part of the job is to probe and find out what they're doing and so you know you you could go out you never just really went out to stai have a good time you went out and there was always some mission going on in your head and it was okay if I go east on Saturday to this Park what happens and for me most of the time it was it was not very subtle I I got the impression that they didn't care if I if I detected him but I was concerned that they would think that I was looking and so I can remember one time this is a state of this whole sort of Illustrated length to which you will go to keep your surveillance happy much to the discomfort of your children we had gone to this Park and I was never really sure if they put anyone in that Park with us it was called chou-heung Park it was an eastern you know eastern Beijing and we would go there all the time and I just I never saw him in there we'd go ahead and play around the kids and nothing so we're coming out and we'd park in a park outside of the park and my three-year-old daughters said daddy I have to go to the bathroom and the bathrooms were going back in and I didn't want to go back in there because it would have looked as if I was using some flimsy excuse to go in and see if they were coming out after me so it's like ah catch a wig no I gotta go you know the legs are crossed and you know tears are starting to come in so okay we went back in and sure enough on the way back in I see my surveillance coming out from an unexpected place coming out they screech to a halt they could have had a little much better they could have driven right past me you know what do they do they screech to a halt put it in reverse go back into the park and I'm and then I got double double surveillance for the next week or so because they thought I was messing with them sometimes the kid has to go to the bathroom yeah but I never felt I never really felt that they were subtle there used to be this one move that they would do which was just so I mean it was so amateur we'd be driving along and the main lead vehicle would hang way back I mean sometimes you couldn't even see him back there and you wondered how they could see you and what they would do is they would send scouts out and the scouts would be on motorbikes and a motor bikes would they knew where the blind spot was in your car so they would sit on your right flank right right out of sight and I mean you could almost look like that and see him and so I said what are these guys doing well they're protecting them the car that's way back there that has the foot surveillance so they're going to get out with me at the next stop by semi showing themselves and what they would do is you would go through an intersection we just call this the crossing the team move you would go through an intersection this guy would peel off as if he was just making a right-hand turn he'd go down about 50 yards and he would do a you come in right back and fall right back in the same place and I would say well yeah I think I'm invisible or something yeah I can't see this anyway that's the kind of you know stuff they would pull yes thank you do you think that the US would be prepared for World War C do we have a cyber army anything no we're putting things in place Cyber Command was stood up some time ago to handle all the Defense Department networks and across the whole Defense Department Homeland Security has beefed up its cyber capabilities to handle dealing with the private sector and other government agencies but frankly we're not where we need to be I mean I was talking to some guys at a cyber conference I attended in Tampa at MacDill Air Force Base at the end of 2016 these guys were I mean they were scary smart about all the cyber stuff and and and there were PhD you know types in there and people working kind of across the board at federal state and private sector level on cyber and they intimated that at least even in staffing cyber positions across the country we are woefully short so if anybody out here is looking for a job and you're wondering here to go cyber as a growth industry for the cyber security and analysis and that sort of thing and and you know last year was last year last year or maybe the end of 2015 was the first time the u.s. passed a national cyber security act this got through Congress it really doesn't have any teeth to it it pretty much in it's set up this mechanism within Homeland Security for the private sector to share a breach information with the government so they in turn could share it across the community that way but I think self-admitted amongst all those professionals is we're you know we got a lot of work to do yeah everybody else you guys are easy oh please so I first write about Bitcoin in a Tom Clancy novel whole 2012 threat vector right and I guess my question is what do you what is the impact of crypto currencies on cyber hacking and cyber crimes and is it going to become more legitimate or do you see that as something that's just for ackers or cyber criminals no it seems to me from things I've read I mean they're already moving beyond Bitcoin they're like there's some new iterations of that coming coming out I don't know to answer your question no I'm not going to be as you I really haven't thought about that too much but it's troublesome it's a way to certainly conceal what's going on not just in cyber hacking but in a lot of other unlawful activities that take place in the dark web bitcoin is a currency that's traded so yeah it's here to stay Jeff Jeff was Jeff boo Zaki let me just mentioned Jeff Lee has a microphone now and I were office mates in Beijing Jeff was a true state department officer and he shared very nicely shared his office with me when I was out there doing state department work and it was a pleasure you're doing but we've seen a lot in the news lately about Russian hackers either private patriotic or government planting fake news in the United States and the media and social networks is there any indication the Chinese are doing the same thing I haven't read any accounts of Chinese trading in fake or news or disinformation in the same way that that others have been accused of I think it's a really worrisome development particularly because I detect oftentimes a non discerning public you know in the information that's getting we really need to pay attention folks there there there there is a lot of fake news out there and a lot of it's being put out there by people that don't have our best interests at heart so yeah I haven't seen it with China but it's certainly happening with the Russians sorry thank you I was wondering this day and age I think any of the great powers is are taking part in all of this kind of cyber warfare hacking whatever what concerns me though about China is that for probably the last twenty years anyway I've been thinking that and had this thought confirmed by a friend of ours who's no longer with us but four-star and he said yeah China is going to be the big problem down the pike and between their development in the South China Seas I mean all they need to do is get control of that waterway their involvement in our infrastructure in Africa just a week or two ago it was Argentina that they were making a deal with and their infrastructure they've got a ball in every court and what is your feeling about China's rise in the [Music] global redistribution of power you know I think China is probably on track to do what it's been setting out to do for some time China China's self you as I was talking about earlier is you know the word China jungle means Middle Kingdom that's how they see themselves the middle of the world China's rise does it have to be at our expense and there are a lot of flash points in the relationship between the US and China that go back decades you know you've probably heard about one that came up just the other day and President Xi raising concerns about again another arm sail to Taiwan we pledged when we dissolve that official relationship with Taiwan and took it up with China to still defend Taiwan or China to you know in an unprovoked way attack them and we've done that through the sale of armaments military materiel for decades so anytime that we that those sales come up and that kind of thing comes up there there's a thirst tension in the relationship China now seems to be you know the other thing is in sort of expanding its zone of influence and expanding it's its territory by laying claim to some areas in the South China Sea that are disputed other nations lay claim to them does the Seychelles and Spratly Islands and you know and you can argue who actually you know historically who they belong to but China feels that they belong to them they've laid claim to them and they're taking very active measures to to do that they're you know the places that are nothing more than a coral reef and they're putting landing strips on there and planting the flag and and and so we are we are we are countering that by maintaining of naval rites of passage in those seas China doesn't like it that that we do that there's tension there so you know that's a tough thing to manage you you're not going to just cave in that tension is going to exist but you don't you don't want to reach a flashpoint where where it goes beyond you know where where you actually get into an armed conflict or something like that I mean China has in terms of exerting its influence in international trade of my son could talk about that he's doing some amazing stuff in energy right now and he's got some Chinese guys that he's talking to but the Chinese are a many area in many ways they they lack natural resources and materials that they need to fuel the machine and so they work up these great agreements with the piece of African and Latin American countries trade deals that feed the feed the furnace there and it you know sometimes it seems to be working against our interest that you have to take that in the context of our becoming somewhat insular now we're drawing away from some of that international global kind of trade that that we participate in in the recent past so I mean it's really complex it's it's a whole bunch of economic things that are way beyond my area of expertise but it is worrisome on the other hand we have a we know I mean we do a tremendous amount of trade with China we agree I mean we have a great trade relationship with China it's one-sided in many ways but you know you and want that to just die so I guess there's no easy answer there hasn't been in the 40 some years or how many has it been since we normalized 17 what was it 17 675 79 that's probably not a satisfactory answer anybody else you concluded with a slide on academia and you said in your comments that Chinese universities are complicit in this I'm wondering to what extent China is using academic exchanges with the United States for nefarious purposes I'm thinking of the quote about hitting people when they're where they're weak US higher education right now is somewhat weak in terms of looking for money from international students because of the the competition for giving financial aid to domestic students a lot of universities are looking for international countries to pay full price for tuition and one country that's doing that a lot is China thus a lot of international programs at universities have become flooded with Chinese students and they're not they're not coming to universities to for humanities programs they're primarily there for computer science programs and I'm wondering is this a vulnerable kind of point or Achilles heel in the United States which would allow for people to come in to work on cyber hacking you know that's a scenario I sort of play out in my book the one of the poll antagonists in there is a u.s. University schooled computer specialist who takes all that knowledge home and and and uses it against us but look this is one of the downsides I guess you could call it of having an open society this is something that has existed for years we have had Chinese students and other students students from all over the world stay in the US for you know hundreds of years a decades anyway it's it's the price you pay I guess you pay for being an open society I mean what's the answer you know the you closed that down can you say well you're Chinese you can't study in this program because you're going to take that back to China I don't think we can do that yeah I mean if it's really sensitive I'll tell you what got me a little nervous a few years ago was spending some time in an actual lab I was doing a course out there and I was stunned at the number of foreign scientists working in our National Labs and that was not something I expected and so that's an area where the problem is a lot of US scientists expect to have academic freedom and expect to be able to engage with their colleagues and stuff just kind of leaks out over a beer or whatever and you get enough of that going on and suddenly you've lost a lot of potentially a lot of valuable information that way but now I wouldn't I wouldn't close the gates to Chinese students who might get into a cyber program because it might learn something that might be used against us I mean I just think if you start down that path I don't know where you stop yeah and we have time for more questions how we doing timelines we're well okay well sorry I know I know we're at 8 o'clock so good thank you how are we okay sorry thank you the problem when I hear talks of this nature is it's usually however subtle the speaker is it's these nasty foreigners who are planning to do things to us but if no one ever speaks I'm sure we have comparable programs in the United States that try to hack into real or potential adversaries and of course we cannot talk about what it is that we do so how can you enlighten us without disclosing anything of course that about American hacking efforts well I think they're having that talk over at the Chinese embassy tonight I'm not here to talk about American hacking I'm here to talk about Chinese cyber hacking what everybody understands that nation-states sovereign states criminals of you know lone wolf have access to these tools and and and use them I'm not here to talk about the u.s. cyber hacking I I'm sure we're all adults and we assume that it takes place but that's not the nature of my talk tonight so thanks for your question anybody else Thank You teri so much I do okay thank you very much [Music] [Laughter] [Music] you [Music] you [Music]

Info

Channel: IntlSpyMuseum

Views: 14,174

Rating: 4.4250002 out of 5

Keywords: China, Espionage, Cyber, CIA, TL Williams, technology, human intelligence, Asia, Europe, cyber war, spies, spying

Id: n0Lt8hEpiVg

Channel Id: undefined

Length: 88min 56sec (5336 seconds)

Published: Tue Jul 18 2017