THE NEW YORK TIMES INTERNATIONAL EDITION THURSDAY, AUGUST 1, 2019 | 7
Business
As trade talks between the United
States and China resumed on Tuesday in
Shanghai, President Trump began play-
ing down the likelihood of a deal before
the 2020 election.
The president’s comments, which
came as top negotiators from the two
countries were sitting down to dinner at
the Fairmont Peace Hotel, underscored
the diminishing prospects for a transfor-
mative trade deal anytime soon and the
extent to which the bilateral relation-
ship has not unfolded in the way that Mr.
Trump expected.
“I think the biggest problem to a trade
deal is China would love to wait and just
hope,” the president said. “They hope —
it’s not going to happen, I hope, but they
would just love if I got defeated so they
could deal with somebody like Elizabeth
Warren or Sleepy Joe Biden or any of
these people, because then they’d be al-
lowed and able to continue to rip off our
country like they’ve been doing for the
last 30 years.”
Mr. Trump’s remarks were fueled, in
part, by the fact that China has not be-
gun buying large amounts of American
agricultural goods, which the president
promised farmers would happen after a
meeting with President Xi Jinping of
China in June.
Mr. Trump emerged from that meet-
ing in Osaka, Japan, saying he had
agreed to postpone tariffs on an addi-
tional $300 billion worth of Chinese
products and allow American firms to
get around a government blacklist and
continue selling technology to Huawei,
the Chinese telecom giant. In return, Mr.
Trump said that China would immedi-
ately start buying “a tremendous
amount of food and agricultural prod-
uct” and that American farmers “are go-
ing to be a tremendous beneficiary.”
But no such purchases have hap-
pened, and, in the weeks since, Chinese
officials have disputed that they had
agreed to buy more farm products as a
condition of the talks. On Sunday, Chi-
nese state media reported that “millions
of tons” of American soybeans had been
shipped to China. But Mr. Trump on
Tuesday said no such purchases had
materialized.
China “was supposed to start buying
our agricultural product now — no signs
that they are doing so,” Mr. Trump
tweeted. “That is the problem with
China, they just don’t come through.”
His comments on Tuesday seemed
aimed at giving American negotiators
more leverage and putting pressure on
China for concessions during this
week’s talks. Mr. Trump took credit for
China’s weakening economy, saying the
tariffs he has placed on $250 billion
worth of Chinese goods have put enor-
mous pressure on the country, costing it
jobs and prompting companies to leave.
But he seemed to veer between goad-
ing China to quickly accede to America’s
demands and suggesting that the coun-
try could get a better deal if it waited and
a Democrat won the 2020 presidential
election.
“China is dying to make a deal with
me. But whether or not I’ll do it — it’s up
to me, it’s not up to them,” Mr. Trump
said. “I think China is willing to give up a
lot, but that doesn’t mean I’m willing to
accept it.”
Stocks dipped on Tuesday as invest-
ors grew nervous about a prolonged
trade war between the world’s two larg-
est economies. The S&P 500 was down
0.3 percent for most of the trading day.
The president’s remarks have been
matched by strident rhetoric on the Chi-
nese side. At a news conference on Mon-
day, Hua Chunying, a spokeswoman for
the Ministry of Foreign Affairs, called
the United States “capricious, arrogant
and selfish” after the Trump administra-
tion challenged China’s claim to a spe-
cial status for developing countries at
the World Trade Organization.
“There is a catchphrase that got popu-
lar just recently in China: ‘Don’t dothings like the U.S. does.’ I hope some
people of the U.S. side can deeply reflect
on it,” she said.
The United States and China have
been locked in a protracted trade war for
more than a year, imposing tariffs on
each other’s products while carrying on
a series of on-again, off-again negotia-
tions. Mr. Trump has made getting
tough on China a central promise of his
administration, and his advisers have
pressed the Chinese to open their mar-
ket to American companies, purchase
more American products and strength-
en their protections for intellectual
property — with limited success.
Mr. Trump has been dismayed as each
of his advisers returned to Washington
with promises from the Chinese that he
believed weren’t tough enough. In May,
talks collapsed completely after Mr.
Trump accused Beijing of reneging on a
deal.
Negotiators from the two countries
will try to bridge their divisions as talks
began in earnest in Shanghai on
Wednesday. But the deep divisions be-
tween the countries suggest another
protracted round of talks may be needed
before any agreement can be reached.
The text that the two countries have
been negotiating is highly secret. But
American and Chinese negotiators ap-
pear to still have significant differences
of opinion over how China should en-
shrine changes, including new protec-
tions for American intellectual property
in its laws and regulations, how many
American products China would agree
to buy as a result of the deal, and how
many of Mr. Trump’s tariffs on $250 bil-
lion in Chinese goods would remain in
place after an agreement is struck.The president continues to insist that
he faces no immediate deadline to reach
an agreement. On Tuesday, he repeated
his claim that the United States econ-
omy is benefiting from the billions of dol-
lars his tariffs are generating and that
all the pain of the trade war was being
felt on the Chinese side. That view is not
supported by businesses and econo-
mists, who say Mr. Trump’s trade war is
starting to take a toll on the United
States economy.
Chinese leaders have also insisted
that the country can withstand the pres-
sure of the trade war as it waits for a bet-
ter deal from the Trump administration,
or another president.
In reality, both economies are
presenting more of a mixed picture, with
the effects of the trade war clearly being
felt, but not so intensely that their lead-
ers can’t ignore it.
The Chinese economy is decelerating
gradually, but further increases in the
country’s already giant infrastructure
spending have cushioned the shock.
Chinese exports to the United States
have fallen 8.5 percent in the first half of
this year compared with the same peri-
od last year, while exports to the rest of
the world have been up slightly.
Sales of cars and other big-ticket pur-
chases in China had tumbled sharply
last autumn when Mr. Trump broadened
his tariffs to $250 billion a year of goods
from $50 billion. But Chinese consumer
confidence now seems to have flattened
at a level best described as still very
glum, but not rapidly deteriorating fur-
ther.
In the United States, gross domestic
product, a broad measure of the
strength of the American economy,
came in at an annualized 2.1 percent in
the second quarter, a decent pace but
slower than the 3.1 percent rate posted
in the first three months of the year.
On Tuesday, Mr. Trump again blamed
the Federal Reserve for taking some
steam out of the economy, saying that
both the stock market and economic
growth would have been stronger if the
Fed had not raised interest rates last
year. Mr. Trump called on the Fed to en-
act a large rate cut, just a day before the
central bank is widely expected to lower
rates for the first time since 2008.Chinese officials have disputed President Trump’s contention that they had agreed to
buy more farm products as a condition of resuming trade talks.CHARLES MOSTOLLER/REUTERSPresident sees delay
in deal with China
WASHINGTONTrump suggests Beijing
is waiting for the election
and hoping for his defeatBY ANA SWANSON
AND JEANNA SMIALEKKeith Bradsher contributed reporting
from Shanghai.“China is dying to make a deal
with me. But whether or not
I’ll do it — it’s up to me, it’s not
up to them.”
Large financial companies have to
thwart hundreds of thousands of cyber-
attacks every single day. Data thieves
have to get lucky only once.
Big banks like Capital One, the victim
of a recent attack that captured the per-
sonal information of over 100 million
people, are a target for both digital trou-
blemakers such as individual hackers
trying to impress their peers and intelli-
gence operatives for foreign govern-
ments.
A single weak spot is all that savvy
hackers need. And they often find one.
Already this year there have been 3,
successful cyberattacks against finan-
cial institutions, according to reports
filed with the United States Treasury
Department’s Financial Crimes En-
forcement Network.
Federal law enforcement officials said
on Monday that Paige Thompson, a soft-
ware engineer in Seattle who used to
work for Amazon, got into Capital One’s
computer network through what the
bank described as a “configuration vul-
nerability” in its security software. It
was akin to leaving a window openovernight at the local bank. Once inside,
she was able to download an array of
personal material from customers, in-
cluding credit card applications and So-
cial Security numbers, according to
court documents.
Security experts are likely to home in
on the apparently simple mistake made
by software developers at Capital One,
said Jack Jones, the chairman of the
FAIR Institute, a cybersecurity trade
group. But simple mistakes are common
in online security.Every big organization faces so many
threats from so many sources that it can
be hard to decide what is important.
Mastercard, for example, combats some
460,000 intrusion attempts in a typical
day, up 70 percent from a year ago.
“They’re lost in noise,” Mr. Jones said.
“Nobody has this nailed down.”
The Capital One episode is a reminder
of the intricacy of the computer net-
works at large financial institutions, and
of their vulnerability. Over the last sev-eral years, companies including Equifax
and Morgan Stanley have been attacked
with various hacking methods.
In some cases, the hackers have taken
advantage of weak passwords or sent
fake emails loaded with malicious com-
puter code that helped them get inside
the network. In others, they have
scanned for software that hasn’t been
kept up to date with the latest security
fixes. Some hacks took hours. Others
took months. “The very best hackers in
the world are hacking these banks, and
it’s a full-fledged arms race,” said Tom
Kellermann, the chief cybersecurity of-
ficer at Carbon Black, a maker of securi-
ty software.
It is unclear whether any sort of insid-
er information helped Ms. Thompson
break into the Capital One network, as
prosecutors allege. Though her online
résumé indicated that she had a wide
range of programming skills, it did not
appear that the breach of the bank’s
computer systems had been particu-
larly sophisticated.
Three years ago, Ms. Thompson
worked for Amazon Web Services, the
cloud computing service that hosted
Capital One’s data. But she left the com-
pany long before the breach. Amazonmanages the guts of Capital One’s net-
work — the servers and networking
technology that hold it together. The
software that Ms. Thompson is alleged
to have targeted would have been man-
aged by the bank itself.
Ms. Thompson used a gap in Capital
One’s firewall software — a security sys-
tem that acts like a digital gate — to gain
security credentials, according to court
documents. Then she gained access to
customer records that Capital One had
stored on Amazon’s cloud service.
Representatives of Capital One re-
fused to answer questions about
whether Ms. Thompson had hacked into
its systems or simply climbed through a
window that had accidentally been left
open. “These things happen because of
human nature,” said Chris Vickery, a se-
curity researcher who specializes in
finding unguarded data caches. “These
systems are very complex and very
granular. People make mistakes.”
More than 11 billion records are
known to have been exposed in data
breaches since 2005, according to a
tracker maintained by the Privacy
Rights Clearinghouse. In recent years,
huge caches of sensitive data have beenThe Capital One hacker was able to download an array of personal data, including credit card applications and Social Security numbers, according to court documents.DREW ANGERER/GETTY IMAGESBanks besieged by hackers
BY STACY COWLEY
AND NICOLE PERLROTHHACKED,PAGEAll a hacker needs is a single
gap in an institution’s armor.Over months of discussions in online
forums earlier this year, Paige Thomp-
son acknowledged the personal chal-
lenges in her life: suicidal thoughts,
struggles to find employment and diffi-
culties she had faced since transitioning
to a woman years before.
But those who knew her were none-
theless stunned by what came next: the
arrest of Ms. Thompson on Monday on
charges that she had stolen the personal
data of over 100 million Capital One
customers.
Ms. Thompson, 33, had spent years
lurching between a promising career as
a software developer and a life of up-
heaval that alienated her from her
friends. While she at times found com-
munity among fellow computer engi-
neers, she on other occasions grew con-
frontational with them.
“It was just a lifelong thing for her,”
said Sarah Stensberg, a former friend.
“When she gets in these phases of inten-
sity, she does really stupid things. She’ll
push everyone away. She’ll write threat-
ening emails. She’ll post things online
about the things she’s doing.”
That is in part how United States in-
vestigators tracked Ms. Thompson, who
went by the online persona “erratic.”
Prosecutors described how she seemed
to boast about the data theft to those in
her online community.
“I’ve basically strapped myself with a
bomb vest,” she wrote in a Slack post, ac-
cording to prosecutors.
Ms. Thompson was arrested on Mon-
day on charges of computer fraud and
abuse. Capital One said the intrusion af-fected about 100 million people in the
United States and Canada. The break-in
compromised about 140,000 Social Se-
curity numbers and about 80,000 bank
account numbers, Capital One said,
along with about a million Social Insur-
ance numbers of Canadian customers.
A lawyer for Ms. Thompson did not re-
turn a call seeking comment.
Ms. Stensberg said her husband and
Ms. Thompson knew each other as teen-
agers as part of a computer program-
ming group in the Seattle area. Ms.
Thompson had grown up in a troubled
home, at one point moving out to live
with another software developer, Ms.
Stensberg said.
Not even 20 years old in 2005, Ms.
Thompson had left Bellevue Communi-
ty College in Washington State to begin
working a series of software develop-
ment jobs, according to her résumé. But
Ms. Stensberg, who said she met Ms.
Thompson around 2010, recalled her
disruptive behavior as immediately ap-
parent.
At one point, Ms. Stensberg said, she
and her husband took Ms. Thompson to
the hospital to get her into an inpatient
treatment center. Later, after having
continued issues, Ms. Stensberg said
she and her husband attempted to cut
ties with Ms. Thompson.
“He always said she had a lot of poten-
tial to be very focused and do a lot in this
world,” Ms. Stensberg said.
Despite the troubles, Ms. Thompson’s
technical expertise helped her land a job
at Amazon Web Services in 2015, ac-
cording to her résumé. She stayed there
for a little more than a year.
Amazon Web Services hosts the Capi-
tal One database that was breached,
part of the company’s broader line of
business that involves remote data serv-
ers that companies use to store informa-
tion. Large enterprises like Capital One
typically build their own web applica-
tions on top of Amazon’s cloud architec-
ture.
F.B.I. officials said in court documentsthat Ms. Thompson had managed to
gain access to the Capital One data
through a “misconfiguration” of a fire-
wall on a web application, allowing her
to communicate with the server where
the information was stored.
In search warrant records, federal in-
vestigators in Ms. Thompson’s case re-
ported that they had seized numerous
devices from her and found items refer-
ring to both Capital One and Amazon,
along with “other entities that may have
been the targets of attempted or actual
network intrusions.”
After Ms. Thompson left Amazon, Ms.
Stensberg said, she and her husband
continued to face problems with her.
That ultimately led the couple to file for
a protective order, with Ms. Stensberg
and her husband both describing Ms.
Thompson as engaging in stalking and
harassment, including messages that
included their home address.
Aife Dunne, an online friend, began
getting to know Ms. Thompson around
the same time and remembered Ms.
Thompson discussing in their initial
conversation whether to take her life.
Ms. Thompson, a collector of vintage
electronics, talked about how she hadn’t
been employed in many months.
Her résumé, which she would share in
online forums to seek improvements,was extensive. She listed extensive
skills in programming languages,
scripts, networking and Amazon Web
Services. Ms. Dunne said she was com-
petent or even advanced in her develop-
er skills. Ms. Thompson ran a group on
Meetup called Seattle Warez Kiddies, a
small collective of programmers and
hackers.
But Ms. Dunne recalled Ms. Thomp-
son talking about the struggles of her
transition and how, from Ms. Thomp-
son’s perspective, it made it difficult for
her to associate with people profession-
ally. Years earlier, on a personal blog,
Ms. Thompson had discussed her strug-
gles with exploring reassignment
surgery. “I think really what I want and
need is friends,” she wrote at the time. “I
think my problems with acceptance
come from the fact that I have so few
friends to accept me when I could.”
Ms. Dunne said there were still times
in recent months when Ms. Thompson
would sink into dark phases and have lit-
tle support outside of her online commu-
nities. “You wish there was someone in
her life that she had someone to talk to,”
Ms. Dunne said.
Capital One has said it believes the in-
trusion occurred in March of this year,
and federal prosecutors say a GitHub
user alerted Capital One to the possible
intrusion on July 17.
In recent days, Ms. Thompson wrote
on her Twitter page about having a ther-
apist appointment and about her dying
cat. And she made reference to some-
thing momentous that was going to re-
sult in her losing her freedom.
“After this is over I’m going to go
check into the mental hospital for an in-
definite amount of time,” she wrote on
Twitter. “I have a whole list of things that
will ensure my involuntary confinement
from the world. The kind that they can’t
ignore or brush off onto the crisis clinic.
I’m never coming back.”Software developer’s online handle was ‘erratic’
SEATTLEA look at the woman
who was arrested in
the Capital One breachBY MIKE BAKERHallie Golden and Karen Weise contrib-
uted reporting.Paige Thompson had spent years lurching
between a promising career as a software
developer and a life of upheaval.PAIGE A. THOMPSONРРday on charges of computer fraud andday on charges of computer fraud and
Е
day on charges of computer fraud and
Е
day on charges of computer fraud and
Л
cording to prosecutors.
Лcording to prosecutors.
ЛMs. Thompson was arrested on Mon-Ms. Thompson was arrested on Mon-cording to prosecutors.cording to prosecutors.ИИ
Ms. Thompson was arrested on Mon-
И
Ms. Thompson was arrested on Mon-З
bomb vest,” she wrote in a Slack post, ac-
Зbomb vest,” she wrote in a Slack post, ac-
cording to prosecutors.cording to prosecutors.Зbomb vest,” she wrote in a Slack post, ac-bomb vest,” she wrote in a Slack post, ac-ПП
О“I’ve basically strapped myself with a
О“I’ve basically strapped myself with a
bomb vest,” she wrote in a Slack post, ac-bomb vest,” she wrote in a Slack post, ac-ОД
her online community.
Дher online community.
“I’ve basically strapped myself with a“I’ve basically strapped myself with aДГher online community.
Гher online community.
“I’ve basically strapped myself with a“I’ve basically strapped myself with aГher online community.her online community.ОО
Тto boast about the data theft to those in
Тto boast about the data theft to those in
her online community.her online community.Тto boast about the data theft to those into boast about the data theft to those inОО
ВProsecutors described how she seemed
ВProsecutors described how she seemed
to boast about the data theft to those into boast about the data theft to those inВИ
went by the online persona “erratic.”
Иwent by the online persona “erratic.”
Prosecutors described how she seemedProsecutors described how she seemedИЛwent by the online persona “erratic.”
Лwent by the online persona “erratic.”
Prosecutors described how she seemedProsecutors described how she seemedЛА
vestigators tracked Ms. Thompson, who
Аvestigators tracked Ms. Thompson, who
went by the online persona “erratic.”went by the online persona “erratic.”Аvestigators tracked Ms. Thompson, whovestigators tracked Ms. Thompson, whoГГ
went by the online persona “erratic.”Г
went by the online persona “erratic.”Р
That is in part how United States in-
РThat is in part how United States in-
vestigators tracked Ms. Thompson, whovestigators tracked Ms. Thompson, whoРУThat is in part how United States in-
УThat is in part how United States in-
vestigators tracked Ms. Thompson, whovestigators tracked Ms. Thompson, whoУП
about the things she’s doing.”
Пabout the things she’s doing.”
That is in part how United States in-That is in part how United States in-ППabout the things she’s doing.”
П
about the things she’s doing.”
That is in part how United States in-That is in part how United States in-ПА
ening emails. She’ll post things online
Аening emails. She’ll post things online
about the things she’s doing.”about the things she’s doing.”А"What's
her online community."What's
her online community.
“I’ve basically strapped myself with a"What's
“I’ve basically strapped myself with a
bomb vest,” she wrote in a Slack post, ac-
"What'sbomb vest,” she wrote in a Slack post, ac-
cording to prosecutors.cording to prosecutors."What'sNews"
Prosecutors described how she seemedNews"
Prosecutors described how she seemed
to boast about the data theft to those in
News"to boast about the data theft to those in
her online community.her online community.News"VK.COM/WSNWS
Prosecutors described how she seemedVK.COM/WSNWS
Prosecutors described how she seemed
to boast about the data theft to those inVK.COM/WSNWS
to boast about the data theft to those in
her online community.VK.COM/WSNWS
her online community.
“I’ve basically strapped myself with aVK.COM/WSNWS
“I’ve basically strapped myself with a
bomb vest,” she wrote in a Slack post, ac-VK.COM/WSNWS
bomb vest,” she wrote in a Slack post, ac-
cording to prosecutors.
VK.COM/WSNWScording to prosecutors.
Ms. Thompson was arrested on Mon-
VK.COM/WSNWSMs. Thompson was arrested on Mon-
day on charges of computer fraud andday on charges of computer fraud andVK.COM/WSNWSРЕЛИЗ ПОДГОТОВИЛА ГРУППА "What's News" VK.COM/WSNWS