On the day that they entered the headquarters of a renowned technology company, the security unit was nondescript—quiet as a mouse. It had to be that way, naturally. For months prior, the tech behemoth’s upper management had suspected that something nefarious was going on inside their organization: files were disappearing; millions of dollars’ worth of intellectual property was being copied, they believed; personal and private information, too. Worse, the executives in the corporate suite were mystified about their culprit. But they recognized the veracity of an adage in the tech industry: there are two kinds of companies—those that have been hacked, and the ones that haven’t been hacked yet.

As the tech company’s workers endeavored on their quotidian tasks that day, perusing their computers, carrying on with their familiar series of tasks, the security sleuths surreptitiously flipped open their laptops, connected to the network, and subtly began their forensics investigation. The team ran software to search for viruses and malware, which turned up nothing. They checked the servers for illicit software, which similarly turned up an absence of leads. Eventually, the operatives from the security company set up network-monitoring tools to detect where traffic might be leaving the building. Soon enough, their screens were filled with charts and numbers—reds, yellows, greens—that zigzagged up and down like an E.K.G. or digital seismograph. One of those spikes indicated that a massive amount of data was flowing out of a single computer elsewhere in the company’s offices.

But this evidence suggested another troublesome challenge. The company had always had a B.Y.O.D., or bring your own device, policy. Anyone who worked in the office could come in, connect their individual device to the network, and commence their day independent of company machinery. The computer that was funneling information, therefore, didn’t register on the roster of machines controlled and owned by the I.T. department. This left the security team with one definitively old-school option: they literally followed the wire that ran from the server to the rogue computer. One by one, they plucked up the tiles in the server room, followed the Cat-5 cable as it swam alongside hundreds of other cables, inside the walls, past yellow and white power wires, and through the labyrinthine office, until they found themselves at the end of the cord, which terminated inside a small closet. There, seated behind a laptop, was a young Chinese woman.

The security specialists searched her personal computer and immediately discovered more than 30 pieces of malware that were funneling information out of the servers and back to dozens of computers in China. The woman wasn’t an employee of the tech company. Instead, she had been hired as a student intern after e-mailing the company out of the blue, asking if she could assist in the office.

For the tech company, the problems didn’t end there. Silicon Valley may imagine itself as a larger-than-life cauldron of drama. But large companies don’t operate like John McTiernan movies or John le Carré thrillers. And even if this tech company was convinced that this intern had bilked it for critical secrets, it couldn’t prove that she was a spy or had committed espionage, or if she had been nefariously targeted herself. (For what it’s worth, a security expert on the team told me they suspected the former.) Furthermore, the company didn’t want to alert authorities, perhaps fearful that the press would find out, and the company’s valuation would be affected. Instead, it quietly parted ways with the intern and changed the company’s tech policies.

Spies and corporate espionage are a fixture of Silicon Valley. Employees at companies from Twitter to SpaceX have privately told me they suspect spooks work within their walls, stealing corporate secrets, plans for new technologies, or entire servers full of code to replicate back home. Some have suspected that these alleged agents were trying to figure out how their company’s network worked. The C.E.O. of one of the big tech companies in Silicon Valley once confided in me that not only was there “no question” that Russian and Chinese agents worked at the company, but that it was impossible to know who they were or prove that they were indeed foreign agents.