By 2010, it was clear that a persistent threat had infiltrated American public and private sector networks and was stealing sensitive data. In January of that year, Google stopped offering its search engine in China, citing theft of proprietary code and onerous Chinese censorship. Google also stated that it, along with more than 20 other companies, had been a victim of an attack (“Operation Aurora”), whose goal was to gain access to and modify source code repositories at technology, security and defense companies.1 Technical evidence indicated that the attacks originated in Beijing, China.2
At the same . . .