The C919 airliner, a jet plane under development by the Chinese state-owned aerospace firm Comac, represents an ambitious attempt by China to create a domestic rival to counter foreigners Boeing and Airbus. The sky-faring vessel also appears, in the estimation of the sleuths at hack-investigation firm CrowdStrike, per a new report which supplements earlier federal indictments, to be a beneficiary of rampant intellectual property theft sponsored by the state.

From 2010 to 2015, a sprawling collection of burglars—intelligence officers at China’s Ministry of State Security, underground hackers, security researchers, and corporate moles—is said to have infiltrated overseas suppliers, including GE, Honeywell, France’s Safran, and others. The group’s apparent intention was to steal technologies pertinent to the C919’s development, such as designs for a new turbofan engine and other component parts. It is “highly likely,” the CrowdStrike researchers write, that the makers of a particular Chinese-made engine, the CJ-1000AX, “benefited significantly from the cyber espionage efforts of the MSS”—China’s Ministry of State Security, that is—”knocking several years (and potentially billions of dollars) off of its development time.”

The report is an eye-opening indictment of Beijing’s economic subterfuge. It lays out, in depth, how China “uses a multi-faceted system of forced technology transfer, joint ventures, physical theft of intellectual property from insiders, and cyber-enabled espionage to acquire the information it needs” to leapfrog its peers.

The turbofan engine is just one example of likely trade secret plundering which former U.S. officials have dubbed “the greatest transfer of wealth in history.” Such violations remain a major point of contention between China and the U.S. as on-again, off-again trade talks continue. If any deal is to fly, it’ll have to address all the thievery.

Robert Hackett | @rhhackett | robert.hackett@fortune.com

THREATS

Bounty hunters. Facebook is expanding its bug bounty programs, offering bigger payouts and rewards for finding flaws in hardware devices such as Portal and Oculus Quest. Google is temporarily boosting the rewards it pays for bugs related to "site isolation," a cybersecurity feature for Chrome that the company recently extended from desktop to Android. Justin Schuh, Chrome's engineering director, called the advance, which protects the data of web browsers, "the single greatest advance in browser security since the creation of the sandbox."

Jail time. Federal prosecutors last year indicted a 23-year-old South Korean man who they allege ran the "world's largest" child exploitation site, per a recently unsealed court document. The website is said to have contained 8 terabytes of child abuse imagery—more than 250,000 unique videos. TechCrunch's Zack Whittaker describes a legal dilemma he encountered in trying to cover the story two years ago.

In session. College admissions websites are tracking the web habits of prospective applicants in order to determine which candidates are likely to accept an enrollment offer and be able to pay the tuition. Some privacy experts are concerned that these schools' data-handling practices could be violating federal law designed to protect student education records.

Hitting the jackpot. Hackers have been targeting ATMs around the world with malware that makes them spit out money, Motherboard reports. Officials believe a $1.5 million spree in Germany that took place in 2017 is linked to a single criminal gang. Reports indicate that such attacks may be on the rise in the U.S., Latin America, and Southeast Asia.

Dial-up Internet tones as digital mating calls. 

Share today’s Cyber Saturday with a friend.

Did someone share this with you? Sign up here. For previous editions, click here.

ACCESS GRANTED

BuzzFeed News published an investigation into Ads Inc., a business it says abused Facebook and thousands of consumers in a fraudulent, ad-based, money-making scheme. The story is billed as "an unprecedented, detailed inside look at how black hat affiliate markers weaponize targeted advertising, fake news articles, and overseas labor to exploit Facebook on a massive scale." The piece does not disappoint.

Since 2015, Ads Inc. has made money — lots of it — by executing one of the internet’s most persistent, lucrative, and sophisticated scams: the subscription trap. The subscription trap works by tricking people into buying what they think is a single free trial of a celebrity-endorsed product. Although the customers would receive the product — which in most cases was not made by Ads Inc. itself — in reality, the celebrity has nothing to do with the offer. And in purchasing the free trial, the customer unwittingly commits to a pricey monthly subscription designed to be hard to cancel.

FORTUNE RECON

How to Claim a Cash Settlement of Up to $358 for Yahoo’s Data Breaches by Chris Morris

Mark Zuckerberg Calls Facebook a Free-Speech Zone as Critics Demand More Restrictions by Danielle Abril

Samsung Galaxy S10s With Screen Protectors Can Be Unlocked by Anyone. Here’s How to Keep Your Data and Display Safe by Lisa Marie Segarra

Secretive Data Firm Palantir May Be Skipping the 2019 IPO Market by Lucinda Shen

Chinese Officials Must Notify U.S. Before Making Contacts by Matt Lee

Apple’s Routing of User Data to Google Could Be Breaking EU Privacy Law by David Meyer

ONE MORE THING

Meet le blob. This peculiar, yellowish, unicellular organism, now on display at the Paris Zoological Park, is a confounding, classification-averse species. The creature, charmingly called "slime mold," has no brain, exhibits 720 sexes, looks like a fungus, and seems to move and learn like an animal. Pretty weird!