American companies, whole towns, have been eviscerated by Chinese cyberattacks. But their stories remain untold, even as the stakes get higher and the targets more reckless. To Catch a Thief is a first-of-its-kind, documentary look at China’s rise to cyber supremacy. This podcast charts the evolution of China’s state-sponsored hackers, from their beginnings as “the most polite, mediocre hackers in cyberspace” to the “apex predator” that now haunts America’s critical infrastructure.  Host Nicole Perlroth, bestselling author and former lead cybersecurity and digital espionage reporter for The New York Times, interviews those who were victimized, and instrumental in tracking, Chinese cyberattacks as the threat morphed from trade secret theft, to blanket surveillance, to pre-positioning in America’s critical infrastructure. For what purpose? To Catch a Thief interrogates the motives behind it all.

Google discloses its hack and points the finger squarely at Beijing, which spells the end for Google’s business ambitions in China. Other victims stay silent, too fearful to offend the gatekeepers to the world’s largest market. Nobody will talk. Until they came for The New York Times. In Episode 2, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth outlines what happened when she learns hackers are inside the Times. Mandiant is called. The malware traces back to a Chinese military unit based in Shanghai. Hackers’ digital crumbs make clear they are after one reporter: David Barboza. Just as he is putting the finishing touches on a massive, years-long investigation on the secret wealth of Chinese leaders and their families. Nicole recounts the behind-the-scenes build-up to the hack that started edging victims into the light.

Former NSA Director Keith Alexander called it “the greatest transfer of wealth in history.” Hillary Clinton, FBI Director James Comey and President Barack Obama also sounded the alarm on the biggest heist in human history. In Episode 1, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth, pulls back the curtain on China’s sprawling hacking operations. To combat the “Five Poisons”, or the five groups the Chinese Communist Party deems existential threats, China builds an expansive domestic surveillance apparatus. As these dissidents fled China, China’s state-sponsored hackers followed closely behind, wiring the world for Chinese surveillance and paving the way for Operation Aurora.

Every U.S. administration, dating back to President H.W. Bush has struggled to address the threat of Chinese trade theft. But a growing sense of urgency kicks in as American businesses start hemorrhaging trade secrets and entire product lines start vanishing to Chinese copycats. Just as the Obama Administration is set to do something about it, Edward Snowden shifts the narrative back onto the United States.  For years, the U.S. fends off its own accusations of hacking. But then China goes for the mother lode. And creates an opening for Obama to strike a deal with his Chinese counterpart, Xi Jinping. In Episode 5, host and former New York Times cybersecurity reporter, Nicole Perlroth reveals the ins and outs and backroom dealings of the cyber detente nobody saw coming.

As Chinese hackers continue their raid of American companies, the threat reaches new levels of urgency, not so much for the sophistication of these hackers, but because of the sheer volume of attacks. And yet, victims continue to keep their breaches under wraps, and the government is hamstrung in what they can say because most everything they know about Chinese cyberespionage is classified. Then, the Times’ outing of its own breach, and its Shanghai assailants, gives the White House an opening. The Obama Administration decides to indict the Chinese military hackers responsible for thousands of hacks on American businesses. But the naming-and-shaming only sends China’s hackers further underground. In Episode 4, host and former New York Times cybersecurity reporter, Nicole Perlroth explores China’s hacking talent pipeline and how the PRC shifted tasking for its most sensitive operations from slipshod PLA hackers to high-precision, digital ninjas.

For this special live recording of To Catch a Thief at The New York Stock Exchange, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth sits down with those who have been directly targeted by, traced, or directly engaged China’s state-sponsored hackers, diplomatically, or in the cyber domain: Pulitzer Prize winning journalist David Barboza, the National Security Agency’s former Cybersecurity Director Rob Joyce, former Cybersecurity and Infrastructure Security Agency Director Jen Easterly, Jim Lewis, of the Center for Strategic and International Studies and Rubrik CEO Bipul Sinha. They discuss how the Chinese hacking threat has morphed from corporate espionage to insidious attacks on infrastructure, the strategic leverage China hopes to gain with these hacks, how Xi Jinping views Trump 2.0, and what levers the United States can still pull to salvage what’s left of its cyber defense.

In Episode 3, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth visits a welding shop in rural Wisconsin where Chinese hackers have set up shop in a dusty, back-office server. Hackers are using the welding shop as staging grounds to attack a staggering range of American businesses, including a major American airline, fast-growing Silicon Valley start-ups, law firms and research labs, in search of capitalism’s crown jewels: Intellectual property. Nicole revisits a period that cybersecurity experts now call “the most dangerous time in American history”-- a period in which the blueprints to airplanes, stealth fighter jets, turbines, genetically-modified seeds, oil exploration strategies, even the formula for white paint, were smuggled back to China.

During China’s pseudo-cyber-hiatus, the PRC’s hacking operations get a major overhaul. CCP leadership moves responsibility away from the sloppy, brazen hackers at the People’s Liberation Army to the far more stealthy, and strategic, Ministry of State Security. Gone are the “most polite” hackers in the digital world. Here to stay are the gunslingers – the elite of the elite in their field. In Episode 6, host and former New York Times cybersecurity reporter, Nicole Perlroth lays out what it looked like as China’s hackers went underground… and what we missed in Eastern Europe as they did.

The General Manager of an electric and water utility in Littleton, Mass. gets a surprise call from the FBI. At first he suspects the caller is a spammer, but soon he learns the agent is very real. Chinese hackers are lurking deep in his utility’s systems. And his is not the only one. Hundreds of other power, water and pipeline operations across the United States are getting hit. These targets have little to no intelligence value at all. But their potential for sabotage? Enormous.  In Episode 7, host and former New York Times cybersecurity reporter, Nicole Perlroth, revisits a hack, more than a decade ago, where the motive was not entirely clear at the time. In hindsight, it was the opening salvo.

Cyber experts start getting called into electric, water, pipeline, railway, and transportation hubs around the country. Hackers have found a clever way to embed in these systems, using a small, unsuspecting device in everyday Americans’ homes. And once these hackers get in, they’re not dropping the usual malware, or sucking much of any data out. Unlike their predecessors, these hackers are very careful to cover their tracks. It appears they’re just lying in wait. Sleeper cells waiting for marching orders. So what’s the trigger? And what happens if they pull it?

Colonial Pipeline was a warning shot. Now, Chinese hackers are inside the digital guts of hundreds of Colonial equivalents across the U.S.—power, water, transportation, and more. The question isn’t if they’re in. It’s why. And what happens next. Is this digital coercion? A warning to stay out of Taiwan? Is an invasion imminent—and are we ready for the cyber fallout that could come with it? In the final episode of this series, host and former New York Times cybersecurity reporter, Nicole Perlroth, investigates the nightmare scenarios U.S. officials are gaming out behind closed doors. The battlefield is already shifting—tilting toward Beijing. And while China prepares, America’s attack surface only grows. This isn’t just a problem for Washington. The new front line runs through all of us.

Nicole Perlroth sits down with Nicholas Carlini for an Out of Band conversation on the imminent zero-day surge. Carlini explains what Mythos can already do: find and exploit flaws in some of the world’s most hardened, widely deployed software—with minimal human input. He details what Mythos has already hacked, which now includes most of the operating systems in use. Together, they unpack what happens when these elite capabilities are no longer confined to intelligence agencies and freelance hackers—when AI collapses the barrier to entry and begins to overwhelm bug bounty programs. Perlroth presses Carlini on Anthropic’s decision to hold Mythos back, and reports that unauthorized users may have already accessed it. She also asks the uncomfortable question: will researchers like him, that get advance access to these models, become prime targets for nation-state hackers? Finally, they confront the bigger question: whether defenders have any credible path to regain the advantage in a world where, with enough compute, almost anything can be hacked.

A new breed of worker is quietly clocking in across the United States. They’re writing code. Managing your passwords. Training the next generation of AI models. They’re gaining trust. And access.  On paper, they’re the dream hire. Skilled. Low maintenance. Always remote and often affordable. And by most accounts, they’re doing the work. But strange things are happening. In a new season of To Catch a Thief, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth, investigates how North Korean agents are infiltrating the global workforce. How did a nuclear-armed regime worm its way onto the payroll of international companies – and why is it so difficult to get them off?  To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, TJ Raphaël, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Krissy Clark, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma. 

To Catch a Thief: North Korea On Our Payroll is a gripping investigative podcast exposing how thousands of North Korean operatives are quietly getting hired inside American companies, funneling millions back to the regime and its nuclear weapons program. Hosted by bestselling author and former New York Times cybersecurity reporter Nicole Perlroth, the series features rare access to insiders and the Americans unknowingly helping power this global operation. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People.

Infiltrating the infiltrators. For the first time ever, host and former lead cybersecurity and digital espionage reporter for The New York Times Nicole Perlroth partners with a team of private investigators as they infiltrate a North Korean worker cell. She uncovers what happens after a security firm hires a man calling himself “Joseph.” By turning the tables on one of the world’s most elusive regimes, investigators gain rare, unprecedented access to their hidden Discord ecosystem: leaderboards tracking job applications, interview evasion tactics, and the disturbing levels of access North Korean workers are getting once inside – including, in one case, at an American nuclear utility. They also get a bizarre window into the human culture inside these cells – from their obsession with Minions to their pool parties and steak dinners outside North Korea. What emerges is not just a portrait of a sanctions-evasion operation, but a rare glimpse into how North Korea’s remote worker armies think, collaborate, and survive from behind the screen. To Catch a Thief is co-produced by Nicole Perlroth and Rubrik in partnership with Pod People. To Catch a Thief was written and produced by Nicole Perlroth, along with Khrista Rypl, T. J. Raphael, Rebecca Chaisson and Sam Gebauer. Additional thanks to Allie Pinel, Fendall Fulton, Krissy Clark, Cai Lee, Eunice Park and Aimee Machado. Editing and Sound Design by Erica Huang. Art direction and design by Ben Long, Gareth Strange and Sarah Burley at the John & Jane Agency, and support from John Leestma.