CyberWire Daily - 10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
Episode Date: May 18, 2024On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton, Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, and former US Attorney, ...on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event. On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries. The indictment alleges that the defendants conspired to hack into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity. US Attorney Dave Hickton represented the Western District of Pennsylvania and was the signatory on the indictment. His team worked with the FBI Cyber Team in Pittsburgh, PA to bring about this historic action. Resources: Press Release: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage Indictment Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code n2k. And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, Thank you. that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface,
making apps and IPs invisible, eliminating lateral movement,
connecting users only to specific apps, not the entire network,
continuously verifying every request based on identity and context, Thank you. organization with Zscaler, Zero Trust, and AI. Learn special edition N2K Cyber Wire podcast.
I'm your host, Dave Bittner.
It's been 10 years since a grand jury in the Western District of Pennsylvania
indicted five Chinese military hackers for computer hacking, economic espionage,
and other offenses directed at six American victims in the U.S. nuclear power, metals,
and solar products industries. This was the first major indictment of its kind. Our guest today,
Dave Hickton, is founding director at the Institute for Cyber Law, Policy and Security at the University of Pittsburgh.
Back then, he was the U.S. attorney responsible for bringing these charges.
And it was not a decision without controversy among his peers and the powers that be
within the U.S. justice and intelligence communities.
In the end, it's a story of one person sticking their neck out and doing what they believe is right. Stay with us.
So today we are taking a look back as we're just about at the 10-year anniversary of a
significant event in cybersecurity,
can you take us back and give us an idea of what things were like for you in the position you were in,
and then also your colleagues at the FBI?
Certainly. So I was sworn in in August 2010,
and I was very serious about discharging the primary responsibility in my hands, which was to
allocate the resources, which were the people and the dollars in my office, to deal with the
greatest threats to the district. So I did a survey directly with many of the stakeholders
in the district by going out and meeting with people
and asking them what concerned them. And one of the most pivotal moments in that survey was a
breakfast meeting with United Steelworkers President Leo Girard and then U.S. Steel
President John Surma, where they described to me the problem of hacking of intellectual property of our basic industries,
especially our steel industry in Pittsburgh, also our aluminum industry,
and they talked about the tire industry up in Ohio.
And they told me the consequences of this hacking.
And they asked me to make it a priority to investigate this hacking
and, if possible, bring cases charging those who were stealing the technology.
And what was your understanding of cybersecurity at the time and the various players? Was this
something that, in your your position you were already
familiar with? I was basically a little bit familiar with because I was not a career DOJ
civil servant. I had worked in private industry and I had represented a lot of clients on a
national basis. And it was becoming clear that the ubiquitous nature of the internet,
clear that the ubiquitous nature of the internet, we were now going away from our day calendars.
We were placing all of our records on the internet at that time. We're creating an exposure risk. I also am married to a woman who's been an executive in the metals and aerospace industry
herself. While we're so busy, we don't talk a lot about our work.
I was aware in passing that she had been also concerned about being hacked.
And I put those two things together and decided that was probably a good thing to work on.
Well, take us through the process here.
I mean, you decide this is something
you want to pursue. How does that translate into the actual physical actions that came to pass?
Well, the next thing that happened was that I went to Washington early in my tenure. I think
it was around Labor Day. And this all happened very fast for an orientation session with other new U.S. attorneys.
And it was kind of like a speed dating process. We met for 15 minutes to a half an hour with the
Attorney General and all of his deputies. And then we met with the leadership of the various federal
investigative components. And one of the most important meetings there was with FBI Director Bob Mueller, who had
been a hero of mine.
He had been a former U.S. attorney.
I had great respect for him.
But his wife also was from Pittsburgh.
And at that time, one of my children was working at the FBI.
So after the meeting proper, where everybody was involved, I pulled him aside and I said to
him, I really want to do something important in this cyber arena. And he said to me, well,
you have a lot of the assets in Pittsburgh. And he talked to me about Carnegie Mellon and the
computer emergency response team, which had been there since the late 90s. He told me about the National
Cyber Forensic Training Alliance, which he had opened in Pittsburgh, which was the first public-
private partnership co-locating FBI investigators with their counterparts in business so that they
could plot the grid of all the cyber threats together and work on attacks and remedies and patches.
And he told me about a book that he had given to a lot of the FBI agents called The Cuckoo's Egg,
which was a cyber attack on our national labs. And he told me that in addition to working on the
issue of terrorism, which was important then and how it was going to evolve and
morph, that creating a cyber group in my office would probably be a good idea. So I went back to
Pittsburgh and I announced in October, a month later, that I was going to create a dedicated
unit called Cyber and National Security. And then I took the risk of putting almost 20%
of my office directly or indirectly in that group. So I had only about 40 lawyers and there were
eight of them that were either directly working in that group or indirectly working in that group,
including my civil division, which was a key part of all this. And we met every
Monday morning at nine o'clock, like the entire world depended on us. And we took very seriously
all the intelligence that we could get from the FBI. We invited them to participate in our
meetings and we demonstrated that we were serious about it. We went about the business of doing big league investigations in this area. How long did it take for you and your colleagues
to realize that you were really onto something here? Well, two things happened almost simultaneously.
One is there was a big cyber extortion attempt at the University of Pittsburgh, ironically where I work now.
But it's our flagship university in the community. And what had happened was
an individual who we later identified as a Scottish separatist who was hiding in Dublin
had decided to use commercial remailers to anonymize his bomb threats against the University of Pittsburgh,
which occurred because he was unhappy that the university had issued a reward
for someone who had put a scroll bomb threat in handwriting on one of the bathroom stalls at the
Johnstown campus of the University of Pittsburgh. And this bomb threat that was written on the walls was as a result of the university policy
with respect to transgender access to bathrooms.
At that time, we really didn't have co-ed bathrooms.
And so for transgender students, there was a question of whether their biological gender
or their gender as
changed or in transition was the proper bathroom. And this was an issue back then in 2012.
And the university dealt with the problem, but then someone decided to put a bomb threat
in handwriting on the bathroom stall. And the university issued a reward for the perpetrator.
And we then began to receive, published through the local media,
hundreds and hundreds of bomb threats that paralyzed the university,
paralyzed the community, did great damage to the students,
and particularly some of the patients who
were in critical care units in our hospitals, which were on campus.
There were these horrible images of chemo patients walking down the street in the middle
of the night with their ports as they were evacuating university hospitals.
And I decided to go all in on this investigation. And I had a lot of resistance
on this because some people thought it was an overreaction. But I decided that if we were
not going to defend the University of Pittsburgh, what did we stand for? And I also felt
that if we could not solve this case, how were we going to get after the problem of hacking
our corporations? So the long story short is we started this case in April, right about this time
in 2012, and I announced the indictment on August 14th. I know that because that's my birthday.
that because that's my birthday. And we solved the case in record time. And no one could believe it,
including the FBI and my partners there who were skeptical when we started.
There was a funny story that sort of tells the picture, if you will, in a thousand words,
is I was so insistent that we do this that I was showing up at the FBI at night to prod them in their work because I was afraid that they weren't taking me seriously. And I pulled up to the FBI
security booth at 945 one night, and the security guard was unaware that I could hear what he was saying on the microphone
back to the office. And he said, that crazy U.S. attorney Hickton is here and he wants in the
building. And we all had a big laugh about it later. But, you know, there were people who said
this was like activating the Joint Terrorism Task Force for someone who pulled a lever on a fire alarm in a building.
And I said, no, this is a different age and we need to do this.
And trust me, the next thing I was told was, well, this is like trying to find a single grain of sand on the beaches of the east coast of the United States.
And I said, well, then we better get to work.
And we worked very hard.
And I said, well, then we better get to work.
And we worked very hard.
We established some critical partnerships, which paid dividends later with MI5 and MI6.
I actually sent one of my assistants over to Dublin.
We had the precarious circumstance that the late, great Dan Rooney was ambassador to Ireland at that time, and he cared about what was going on in Pittsburgh. So I went myself to a Fourth of
July party at Phoenix Park, the ambassador's official residence there. There was a Steeler
touch football game and highlights of all the Steeler Super Bowl on big screens, and they dropped
the football with a paratrooper. But I was there to get the Garda to help us.
And so we learned that cyber was borderless
and we needed international partnerships
and we developed them with the Irish and the English.
And then there was this very, very moment
that still gives me goosebumps
where we were on a phone call,
a secure phone call with the MI5 and MI6 people.
And they said, we think we know who did this.
And they identified Adam Stewart Busby, who had been prosecuted for terror threats previously.
We were able to locate him.
We ultimately created some honeypot evidence, which was we created some lures for him to do some additional threatening, including the last threat was that he was going to kill me and blow up the federal building.
And we were able to trace back to his IP address that last threat, which sort of cinched the case.
threat, which sort of cinched the case. And so once we did that case, Keith Malarski, who was my ace FBI agent, and I were invited to go over to London in September. We announced the case in
August, and the Steelers were playing the Minnesota Vikings at Wembley Stadium. It was the early era of the periodic NFL games in London.
And boy, did we want to go.
Of course.
But we couldn't go because we were too busy.
So we agreed through the courtesy of one of the big law firms in the country,
Jones Day, to use their video facilities.
And we did a Zoom call and we participated in the conference
virtually. And after that session, Keith said, I want to talk to you a minute. And Keith pulled
me aside and he said, how serious are you about doing these cases? I said, very. He said, how many
of you can you do? I said, we can do all of them. I said, Keith,
I don't think anyone else in the Department of Justice really wants to invest in these cases.
And I'm committed to it. I believe it's important. I know it's going to be hard.
But if you're in, I'm in. And Keith had been in and around virtually every cyber case that had been done at that point.
And he basically said, okay, let's go. And at that time, we were starting to develop some
evidence on the case against China that we're here to talk about today. But really, we sort of just went, you know, warp factor six.
And I began to devote more resources to it.
The FBI ultimately had two squads and then three squads.
They had a China squad, a Russia squad.
And effectively, if you get to the end of the story, by the time I left, we had the ball, the primary responsibility for China and Russia. The big cases involving Iran were being done out of the Southern District of New York. The Sony case, which was the biggest
case. And there was another case involving North Korea, which was being done out of LA.
And those were our four principal adversaries. So we were really punching above our weight. And we were really working very hard. And to this day, I'm very proud that we took the risk. I know now, and I shudder sometimes, that it could have been a disaster, that we could have ended up with no cases and 20% of the office working on stuff
that for whatever reason,
we couldn't get to the finish line.
But there were a lot of events
that happened along the way
that nudged the case to the finish line
when the Las Vegas odds, if you will,
were that if you did these cases,
there were just too many opportunities
for them to fail.
You could fail to establish attribution,
which is, you know, pin the tail on the cyber donkey in the parlance of the little kid's
birthday party game. Or you could establish attribution and someone could say, well,
there's countervailing reasons why we don't want to bring that case. You know, that's a person that
we may be cooperating with, or there's reasons
with, you know, in the State Department or other components of the government.
Or you could get ready to bring it, and there could be an agreement reached that would avert
the announcement of the case. So that's one of the reasons that a lot of U.S. attorneys didn't
want to do this. But I thought it was hugely important to do.
I also felt that it could never be done from Washington, that even though U.S. attorneys come and go, there's just a basic trust deficit between the corporate community and main justice that can never be resolved fully.
So that the cases really have to be driven by local U.S. attorney's
office. So I was then, I became, and I remain a missionary for the position that everything is
local in this area. This is, when you're talking about nation-state hacking and intellectual
property theft, this is an assault on our sovereignty by a foreign power.
I recognize that, but the threat comes through the private portal
of companies who must be convinced that they will not be re-victimized
if we bring the case.
And that was a huge piece of my work.
of work. Do you know the status of your compliance controls right now? Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on
point-in-time checks. But get this, more than 8,000 companies like Atlassian
and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way
to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached. Protect
your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
10 years ago, when the indictments came down on these Chinese PLA actors,
among your peers, among the folks in D.C., how bold a move was this considered at the time?
Well, I don't want to exaggerate. To some people, it was extraordinarily bold and unbelievable because it just wasn't really on their radar screen as a threat. And the idea that we would indict the People's Liberation Army in Pittsburgh just seems far-fetched. But there were a lot of people who were, you know, in some of the
bigger districts that were dealing with national security concerns that were not only aware of it,
but they coveted the case. And, you know, I spent, as part of the great humorous tradition
of the DOJ, that you spend more time doing intramural competing
sometimes than you do competing with the adversary. And, you know, districts like
Eastern District of Virginia, which sits where the FISA court is, they wanted the case. They
made a play for the case. The Southern District of New York, which is, you know, a story district in DOJ, you know, five,
six times bigger than my office. You know, they made a play for the case. They tried to get the
case and there were others. So it was kind of different depending on where you sat at the DOJ.
But the thing was, is that we kept it really quiet. Even within my office, it was kept
very quiet. There were very few people who knew we were working on this case, and we kept the
victims separate until three days before the case. We worked very hard because I knew that
if the case was talked about before it was ready to go,
it was just too irresistible if it was in the chatterbox lane, and I just wouldn't let that
happen. So I think there were five people in my office who knew about it. We talked on secure
phones whenever we were talking business about it, went in the skiff to do a lot of our work.
And then, you know, three days before we announced, we announced on a Monday, that Friday, we had a meeting at the FBI and we introduced the victims in the case to each other, which was a fairly pivotal moment.
You know, that could have gone either way or sideways, but it ended up being a galvanizing
force because I was afraid that one or the others of them would back out.
I mean, it was very courageous for these companies to do this.
It wasn't up to them, really, but we went to great lengths, and I was primarily
responsible for this, to build credibility with them and make them understand how important this
was. And we understood that they were potentially financially at risk, their commercial interests
were at risk, their people were at risk. And we went to great lengths to tell them what steps we were going to take to ameliorate that risk.
And it would not be an exaggeration that I spent a thousand hours meeting with CEOs and boards and chief information officers and general counsels and business people at the various victims separately.
And at that time, that meant all my meetings were 6X.
And you can assume that there were others that were possible participants in the case,
so more than 6X.
Because I took the extra step of having the same conversation multiple times separately to pay respect to the
fact that each victim in the case deserved to be heard, deserved to feel that I was their advocate,
that I was their protector, and that, you know, we were not going to let them be hung out here.
When you look back on it, what are your thoughts now?
You're 10 years removed from it,
and you see the effect that it's had going forward.
What are your feelings there?
Well, I'm very proud of it,
and I think no matter what I do the rest of my life,
if I somehow accidentally stumble
to win the British Open Golf Tournament, that will be the second thing that they say about me.
The first thing will always be, you know, there was only one signature on this indictment and it was mine.
And I feel it is the most important thing we did.
We did a lot of important things.
a lot of important things. I know that I have had to defend and I still hear and I respect the point of view, the people who say, well, when are you going to bring the guys to Pittsburgh and have
the trial? But something far more important happened that I didn't even imagine could happen.
And that was President Xi came to the Rose Garden in September of 2015, you know, 11 months later, or I guess how many months later, 16 months later.
And they, with specific reference to our case in Pittsburgh, announced an agreement to deal with the intellectual property theft problem.
And as we had when we announced the case, they made a distinction between regular spying,
which always goes on. It's gone on pre-digitally. And we should probably embrace
the idea that we have an intelligence network because it's a stabilizing force in the world.
If we don't have surprise, the world is a lot of say, you know, a safer place.
But doing intelligence for intelligence purposes is different than doing cyber infiltration for commercial purposes.
And that was the key point we made in this case.
I also feel the case was important because President Obama's order in 2011, where he
staked out the protection of our intellectual property as a national asset to be protected,
that this case vindicated that direction of the president.
So to that extent, I felt like I was a one-star general on the battlefield who had achieved the
goal that the five-star had announced. And I felt that it was extremely important
that we tell the story with the indictment.
That's why the indictment was 50 pages long.
It reads like a novel.
And it had exhibits at the back of it, including pictures of the perpetrators and a schedule to reflect that they did their work as a business.
It was really an identified unit of the PLA that set it in an identified address in Shanghai.
They had business cards, and their work followed the normal workday, 9 to 12 with a recess at lunch, and then 1.30 to 5, just like anyone else doing another job.
And we therefore identified the China signature, which was a volume Security would have biannual meetings, one in Washington, one in Beijing with their counterparts.
And in Maine, most commentators believe that for a period of time, this basically held.
And Unit 61398, who we indicted, was Advanced Persistent Threat Group 1, the top cyber adversary of the United States.
So, of course, I feel it's very important.
And then I think it's really important to understand it wasn't the only case against China we did while I was U.S. attorney. We did Advanced Persistent Threat Group number three, which was
Booyasek, which was the commercial company, which was the forward-facing anonymizer for the Chinese
Ministry of State Security. And when you do APT1 and APT3, you know, that's important. And we did that on the trust and verify
moniker because it looked like while the Chinese army, the PLA, had stopped hacking for intellectual
property theft, we found that Boyasek was hacking two pretty important American companies, and maybe more, for global positioning
satellite technology. And it wasn't just regular spying. It was kind of important commercially.
The supposition was that they were trying to get it for precision agriculture. But if you think about global
positioning satellite technology for everything from our communications, our map quest that gets
us around in our cars, our cell phones. But there's military applications that are obvious.
There's highly sensitive intelligence applications that are obvious. And so I led the investigation.
It was actually announced a little bit after I left, but we did the Boyacek case. And then
we did two other cases to purposefully illustrate the China threat. And they were done in May of 2015. One was called
United States of America versus Rukavina. Thomas Rukavina was an engineer at PPG Industries who
had responsibility for highly sensitive windscreens for commercial and military jets. And for reasons
I still don't fully understand, he had a bad end to his career at PPG
and he was approached by an on-the-ground spy in the United States in California and for money
offered to sell some of his proprietary information. And we caught him and charged
him and very sadly, he committed suicide after the first hearing in court. That case remained
important because that's a threat. That's a risk. That's something that everybody needs to know
about. And putting a spotlight on that was important. And then just a week or two later,
we did a fairly significant case involving the Chinese hack of our educational testing service,
the SAT exam, the GRE exam, the MedCat exam. We uncovered an architecture of spies in the
United States who were called hitmen who would take the test here as if they were the person applying from China. So they were imposters
at the test center. And we indicted 15 of them. They all pled guilty and they were deported.
But we learned that there was a wide network of this going on. It led to the suspension
of the educational testing service for a period of time. And we
uncovered five other schemes, including a scheme to give people answers to tests, a scheme to change
test answers. No one is a bigger champion than I am of a cosmopolitan educational opportunity,
an international educational opportunity. I benefited from that. Our children have benefited from that.
But you cannot cheat on the test.
You have to take the test yourself.
And so the entire approach of this effort,
of which the PLA case was sort of the crown jewel,
was applying law to digital space.
And so it was important for that reason.
It was also to apply law evenly so that if you or I did what these people were doing,
the unit 61398 or these test taker imposters, we would be in prison.
And so why would it be that we would let that go on and not charge it, even if it's difficult
and it's going to be complicated. And we go forward now today, and there's been tremendous progress built off that case.
And the current administration is doing an outstanding job.
But I still believe everyone recognizes that this is not only the foundation of that work, but the keystone in that foundation.
You know, as you've acknowledged, there were a lot of folks involved in this, and you worked
with some really top-notch folks along the way.
Personally, I've had the pleasure of meeting and interviewing Keith Malarski, an outstanding
person who was with the FBI.
Keith Malarski, an outstanding person who was with the FBI. Your story really, in my mind,
reinforces this notion that one person can make a difference. Your ability to take this risk,
your perseverance really blazed a trail that folks are continuing down today.
Well, that's very kind. I certainly didn't do it myself. I had three really key people around me at the U.S. Attorney's Office. There's nobody better than Keith and Chris Geary was involved
and Mike Chrisman. There were three key people at the FBI. Mike Rodriguez was the SAC at the time.
And we had great support from those that followed him.
Doug Perdue and the late Scott Smith came into town just in time to announce it.
He had come from the Human Resource Department.
And then he left Pittsburgh to go head
FBI Cyber. I'm very proud of the fact that several of my former assistants received
the Attorney General's Award for their work in cyber. That was a group that didn't even exist
when I got there. And, you know, I think that one of the key ingredients of leadership is,
you know, the campfire is just a little bit better
when you left than it was when you arrived.
And, you know, we had some great partners at the Department of Justice who helped us.
They were critical in terms of working with the other components of the government.
And I think the real star of that group was Lisa Monaco, who's now the deputy attorney
general in the middle of the case.
She went over to the White House and became the deputy national security advisor.
And that was a key moment.
And she was a great partner. And I really credit her with being my key Washington partner on this.
But, you know, it was lonely at times.
And, you know, I find it funny now that I asked others to sign with me at the Department of Justice when it was time to sign.
Nobody wanted to sign.
At the Department of Justice, when it was time to sign, nobody wanted to sign.
So I signed it really large, like John Hancock signed the Declaration of Independence, just in case.
I worried that meant that if it didn't go bad, we had no idea what the reaction was going to be.
We had no idea. There was no precedent for what the reaction would be.
China could have called our death. china could have seized our companies they could have imprisoned americans and they could have declared a trade war or worse we did not know what their reaction was going to be we now know
that president xi came to the rose garden and said he wouldn't do it anymore. I mean, I never imagined that that
would happen. And that is a far better result than if we had gotten guilty police from the
five defendants and we put them in prison and gave them housing and three square meals a day.
So I didn't know that. But I will tell you that, you know, if you really want to get the essence of it from my standpoint, my ride to Washington, D.C. on Sunday, May 18th, 2014, before I was to announce it with Attorney General Eric Holder on Monday, I could hear my heart beating.
on Monday, I could hear my heart beating. And it was a ride I know so well that at the Starbucks in Breezewood, they gave me my order without me ordering it. I used to do that all the time,
which I think is part of the story here. I think the fact was I was outside the beltway.
I was close enough, but far enough away, if you know what I mean.
Sure.
And, you know, Pittsburgh to Washington is somewhere between three hours, 45 and five hours,
depending on how fast you drive and how bad the traffic is.
And the Starbucks at Breezewood is halfway there.
And I go there all the time.
bucks at Breezewood is halfway there. And I go there all the time. And so when I was driving down there, I was just like, oh my God, what have I done? But it turned out well. And I still
remember I got some pretty high level phone calls from people I don't even want to identify today.
You know, by the time they were done, you know, they were in tears.
I was in tears.
You know, this was something that a lot of people have been working towards for a long time.
And I do recognize that I was either determined enough or hard-headed enough
that I felt that it was important that we do it.
And there were not a lot of people
who agreed with me when we started.
And that is our special edition N2K Cyber Wire program.
Thank you all for joining us.
And thanks to our special guest, Dave Hickton,
former U.S. attorney and founding director
at the Institute for Cyber Law Policy and Security at the University of Pittsburgh. Thank you. Learn how at n2k.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben and Brandon Karpf.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next time. Thank you. through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.