podcast

The ghost and the mole; Eric O'Neill's Gray Day.

Eric O’Neill is a former FBI counterintelligence and counterterrorism operative, and founder of the Georgetown Group, a security and investigative firm, as well as national security strategist for Carbon Black. In his book Gray Day, My Undercover Mission to Expose America’s First Cyber Spy, Eric O’Neill shares the fascinating and sometimes harrowing tale of his experience being assigned to help expose Robert Hanssen, the FBI’s most notorious mole. In 2001 Hanssen pleaded guilty to multiple charges of espionage for sharing classified information with the Soviet Union and Russia over the course of over two decades.

Transcript

Dave Bittner: [00:00:11] Hello everyone, and welcome to this CyberWire Special Edition. I'm Dave Bittner. Eric O'Neill is a former FBI counterintelligence and counterterrorism operative, and founder of the Georgetown Group - a security and investigative firm - as well as national security strategist for Carbon Black. In his book, "Gray Day: My Undercover Mission to Expose America's First Cyber Spy," Eric O'Neill shares the fascinating and sometimes harrowing tale of his experience being assigned to help expose Robert Hanssen, the FBI's most notorious mole. In 2001, Hanssen pleaded guilty to multiple charges of espionage for sharing classified information with the Soviet Union and Russia over the course of two decades. Stay with us.

Dave Bittner: [00:01:03] This CyberWire Special Edition is made possible by our sponsor, KnowBe4. It can take a hacker to know a hacker. Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. You might ask, hey, where can I get the skinny on the latest threats? And where could I find out, "What would Kevin do?" Well, at KnowBe4's webinar, that's where. Kevin and Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, give you an inside look into Kevin's mind in this on-demand webinar. You'll learn more about the world of social engineering and penetration testing by listening to firsthand experiences and some disconcerting discoveries. You'll see exclusive demos of the latest attack ploys, find out how they could affect you, and learn what you can do to stop them. Go to knowbe4.com/hacker to register for the webinar. That's knowbe4.com/hacker. And we thank KnowBe4 for sponsoring our Special Edition.

Eric O'Neill: [00:02:19] In writing Gray Day, what you have to understand was I never wanted to make a movie. You might know that there is the movie, "Breach," that came out in 2007, that looks at my experiences within the Robert Hanssen spy investigation. The reason I made a movie before writing a book is because by the time I got permission to tell my story from the FBI, the fact that I worked undercover in that office, 9930, in FBI headquarters against the spy was classified until the FBI chose to declassify just that tiny little part of the investigation so I could tell my story. And by the time they gave me that permission, there were already, I think, six books in the hands of publishers. It took quite some time.

Eric O'Neill: [00:03:06] And so, I was a little discouraged, and my brother - who is a screenwriter out in Hollywood - and two other screenwriters got together with me, and we wrote what became the movie "Breach." But I always wanted to write a book. The movie was amazing. It opened many doors, but it was a story told about me. Gray Day is my story, told by myself. And it took a few years, and I'm actually happy it worked out that way, because if I had tried to write Gray Day - what became Gray Day - at 26, it would have just been that Robert Hanssen narrative. It wouldn't be the story that it is now - a deep look at espionage, and the evolution of espionage, and how espionage has become cyberattacks.

Dave Bittner: [00:03:53] Well, let's go through - can you give us an overview for those who aren't familiar with the story of Robert Hanssen?

Eric O'Neill: [00:03:59] Of course. Robert Hanssen was arguably the worst spy in US history, and certainly the worst spy in FBI's history. He was a senior FBI executive - a special agent who, for over 22 years, worked within the FBI as a mole for the Russians. And if you know your history, that means that he began spying for the Soviet Union, and spied for so long he survived the collapse the Soviet Union and the reformation into the Russian Federation, at a time when many of our spies were being caught, and we were catching theirs as well, during that collapse of the regime. So, he was an incredible spy - a very long-lasting spy.

Eric O'Neill: [00:04:47] During that time, Hanssen stole some of the most significant secrets, and damaging secrets, that have been given to a foreign intelligence service. Things like our nuclear secrets, our nuclear arsenal, and where we'd fire if we were attacked, and what we would do if we were attacked, including our continuity of government plan - where we would send the president and vice president, and everyone that matters in politics if there was a catastrophic event. Very near and dear to my heart, he gave up undercover operatives and undercover operations that we were working, not only here in the US, but around the world. That caused a number of our Russian assets to be flown back to Moscow, and either executed or imprisoned. So, we lost that source of intelligence, but worse, we lost human lives.

Eric O'Neill: [00:05:34] And he also gave up many intelligence secrets, including a tunnel that the United States - that the FBI and the NSA had dug right under the Russian Embassy in Washington DC, and at the end of that tunnel they put a listening device. We were able to hear everything the Russians were saying in their embassy. The problem was that even before the tunnel was completed, Robert Hanssen had given it up to the Russians. So they knew exactly what we were doing, and they could give us false information. He was a disaster for the intelligence community, and for the FBI's ability to pursue counterintelligence here in the United States. And when the FBI can't conduct good counterintelligence, bad things happen. Terrorists are able to become more active, spies are certainly more active, and it hurts America as a whole.

Dave Bittner: [00:06:27] And seemingly, I mean, he had nine lives within the organization. There were times when he had near misses - when it seemed, you know, he was lucky to not get caught.

Eric O'Neill: [00:06:39] He was certainly like a cat. He was very lucky, and he also made his own luck, in many ways. In a lot of ways, you can compare Hanssen to that bank manager who knows all of the ins and outs of security for his bank, and slowly and methodically robs it over many, many years, and never gets caught because he knows all the flaws in that security. Hanssen was exactly the same. He knew the flaws in the FBI security, particularly because the FBI was in the middle of an operation to computerize the Bureau, and he knew a lot more about computer security than many of the FBI agents that surrounded him. And that also meant that he knew how to exploit flaws in that security.

Eric O'Neill: [00:07:26] What I wanted to portray very carefully in Gray Day, is that Hanssen wasn't just our worst spy in US history, but our first cyber spy. He was a hacker, back in the time when hackers used to be bad guys. Now they're mostly the good guys. He was able to use his affinity and ability to penetrate computer security systems to steal secrets in a way that we couldn't catch.

Dave Bittner: [00:07:50] So, how did you come to cross paths with him?

Eric O'Neill: [00:07:53] Well, I was asked to join this investigation. I wasn't prepared to investigate a spy in this manner. You know, during my entire time in the FBI, all those years, I was what's called an FBI ghost. So, I was an undercover operative. I pursued terrorists and spies, primarily around the Washington DC area. And most of my role was to surveil and investigate targets that we suspected or knew were spies or terrorists. And that might mean that on any given day, I would change disguises three times, I'd use telephoto lenses, I used all sorts of tips of the trade and methodologies to follow someone surreptitiously without them knowing I'm behind them, or if they turn around and see me, I look completely different than the last time.

Eric O'Neill: [00:08:43] I would stay completely gray, and I only spoke to one of my targets once, by accident. And I tell the story in the book, where we had lost this spy that, you know, this massive operation, and the FBI had tricked him to coming home from where he was hiding out in Germany, on a pretext. And all my team had to do was take him from the airport and put him to bed in his hotel room, so they could arrest him there where he was isolated and he wouldn't be around other people. You know, this was before 9/11. This was when you could actually meet someone at the gate.

Dave Bittner: [00:09:18] Hmm.

Eric O'Neill: [00:09:18] And this spy comes out and somehow dodges an entire team of ghosts. I mean, that's next to impossible. He gets all the way down, and it must have been just blind luck and misfortune for the ghosts - luck for him, and misfortune for us. But he gets past an entire team, and somehow makes it all the way down to where I was the last guy. I was sort of the the outfield safety. We're all looking and looking, and I hear just in my ear, "Do you know where the Hertz Gold bus is?" And I turned and looked, and there he was. And I just kept my face blank and I said, "Sure, I know." And I took him to the bus, I took him to his rental car, I read out the plates, and told the team where he was gonna go, and they jumped on him and we won our case for the day. This is literally - before Hanssen - the only time I'd ever talked to a spy. And suddenly, my supervisor shows up at my house unannounced - this is the first chapter of the book - and asked me if I know a guy named "Robert Hanssen."

Eric O'Neill: [00:10:14] And it's a Sunday morning. He's scared the hell out of me, because supervisors don't come to you in the FBI - you go to them. And I'm outside sitting in the car with him, and he asks me if I know the guy. And I say, no, I hadn't investigated him. And he said, good, because we want you to go undercover and investigate him. And I said, why did you have to come out here on a Sunday to tell me that? That's what I do. And he said, we don't want you to ghost him, Eric. We want you to work undercover in an office we're gonna build for him in FBI headquarters, and we want you to go undercover as yourself. Now, if that sounds bananas to you, imagine how I felt on a early Sunday morning, sitting outside my apartment in my supervisor's car. And of course, I said yes. (Laughs) But what are you going to say? You know...

Dave Bittner: [00:11:03] Right.

Eric O'Neill: [00:11:03] ...It's an opportunity, a case of a lifetime. And it turned out to be the biggest case the FBI had ever run.

Dave Bittner: [00:11:10] Now, with your previous experience with the agency, because - the type of work you were doing - is this a situation where you didn't have to worry about, you know, running into someone in the cafeteria who may have previously known you as being an FBI agent.

Eric O'Neill: [00:11:24] Right. Well, I was never an FBI agent. And that's a misconception that many people draw. The ghosts - which are officially called "investigative specialists" and members of the special surveillance group of the FBI - are a little known group. They used to be fully classified. No one knew who we were at all, not even within the FBI. That since has been relaxed, primarily so the FBI could recruit ghosts. And Gray Day is the first time that the FBI has ever let anyone write about them. So, I got to tell a lot of really cool stories about what it was like being on the street undercover before the Hanssen case. For me to do this kind of role, a for a non-agent - I mean, I had a badge and I had credentials. The only difference between the ghosts and the agents are we don't make arrests and we're typically not armed, because it's hard to conduct surveillance when you're armed.

Eric O'Neill: [00:11:24] You know, you typically would have a trained agent in this role. But the problem was they couldn't find an agent who had the combination of knowledge of counterintelligence and spy hunting - which I had from my years on the street as a ghost - and the ability to turn a computer on and understand what was happening. And I just happened to meet both of those qualifications. Because what we were doing is we were putting Hanssen in charge of a new section in the FBI that was built just for him. It was called the "Information Assurance Security Team." He changed the name to the "Information Assurance Section," because he wanted to promote himself, and who was going to argue with him? It was built to examine the FBI's computerization efforts, the security behind them, and build information security for the FBI. This was 2000, 2001. Today, we would call that "cybersecurity."

Eric O'Neill: [00:13:12] So, follow me here. They took the biggest spy in US history - the first cyber spy in US history - and put him in charge of building cybersecurity for the FBI. And the only other person he put in the room with him to keep him from giving up these secrets and catch him in the act was a 26-year-old ghost who they pulled off the street and threw into a role that I wasn't prepared for and had to learn on the job.

Dave Bittner: [00:12:18] Yeah, and a lot of the book outlines your relationship with him. What was that dynamic like?

Eric O'Neill: [00:13:46] It was a difficult one. He was a very quirky, narcissistic, and complicated person. He would he would harass. He would name call. He could be very tough. He was very demanding as a boss - let's put it that way. He was exact and precise. I had to be there in the office before he arrived and I couldn't leave until he left. He was also brilliant. He certainly knew his way around computer systems. He understood computer security intrinsically, which makes a lot of sense because he was the guy sliding a scalpel through the FBI computer systems and stealing for years. You know, it's sad because, had he been a different person, with different drives and values, he could have done very good things for the FBI, if he had maybe years before been put in charge of a section like this, and building security rather than tearing it down.

Dave Bittner: [00:14:46] Were there any moments along the way where you were worried that perhaps your true motives would be revealed?

Eric O'Neill: [00:14:54] Oh, there certainly were. I was, as I said, I was figuring this out as I went along. There's a particular art to undercover investigations, where you're having a conversation with another person, and the goal is to pull or extract information from the other person that is pertinent and important to the analysts who are going to dissect every word, without that person knowing that that's what you're trying to do. The art is called "elicitation." So, I had to figure this out as I was going on.

Eric O'Neill: [00:15:27] And it was difficult because, if you're Hanssen, and you're suddenly promoted to this brand new section, and to executive service, and you're given everything you've ever asked for at the very twilight of your career - and it also happens that you're the biggest spy in FBI's history - you've got to be a little suspicious. But his problem was that he was locked in a room, and the only point of attack he had to find out whether this was a real job, or whether it was an elaborate mousetrap, was me.

Eric O'Neill: [00:15:56] So, while I was trying to pull information out of him, without him knowing that's what I was trying to do, he was doing the same thing to me. And he was a little bit more of the brute force effort, because he didn't have to worry about whether I was upset or not. And I on the other hand, had to try to be very subtle. And that meant I stumbled around for a long time trying to figure out how to do this.

Eric O'Neill: [00:16:20] There's one time, you know, I had trouble, because I was trying to memorize everything he said, then I would have to remember it and write it as verbatim as possible later that night. And I would take little notes of the most pertinent things he said on little post-its and shove them in the back of my top drawer of my desk. I know there are a lot of people out there probably groaning at hearing that...

Dave Bittner: [00:16:41] (Laughs)

Eric O'Neill: [00:16:42] ...But when you're stressed and you don't really know what you're doing, you know, and you're desperate to gather the information, and he says this nugget like, "The automated case system is a significant point of attack. It's only good if someone's not a spy," you really want to remember that and give that to the case agent handling you, and make sure the analysts get it. And so, I wrote it down, and as I'm writing, with my hands inside this front drawer of my desk, I look up and he's standing right there looking at me. You know, that moment where a whole band marches across your grave, right? It's not somebody stepping across it.

Dave Bittner: [00:17:18] Right, right.

Eric O'Neill: [00:17:18] There's shivers that just race up your back and straighten your spine. And I was just fumbling, like, what do I say, what do I do? And he looks at me, and says, "What are you doing there?" And I just - fortunately, I had a copy of Tom Clancy's The Bear and the Dragon, right? Shoved in that desk drawer. And I pulled it out, and I said, oh, well, boss I was reading. I'm sorry, I know I shouldn't be, but at least it's a book about intelligence work. That's what we're doing here, right? So it's sort of working. And he just went off on me about how we're here to work, we're here to get things done, we're not here to play, I'm surprised and disappointed at you. And in my mind, I was like, hey, tongue lash me all you want...

Dave Bittner: [00:17:59] Right.

Eric O'Neill: [00:17:58] ...As long as you're not noticing that I'm sitting here writing notes, I'm fine. (Laughs)

Dave Bittner: [00:18:02] Yeah.

Eric O'Neill: [00:18:02] And I think I ran to the bathroom, threw up, threw out all the notes, and I never did that again. You know, I learned to memorize everything. And my memory became very good. My ability to hear things and recall them later became pretty incredible during that case. Stress'll do that for you. And that really helped, years later, when I decided to write this book.

Dave Bittner: [00:18:25] Now, what sort of toll does this type of work take on you personally?

Eric O'Neill: [00:18:29] It can be very brutal. Undercover investigations as a whole can be very stressful. They are very stressful, but they - you bring that stress home, so they can be extremely damaging to a family. I speak about this a lot to military and law enforcement, about the struggles of working undercover, and the the difficulty of keeping that at work and not bringing it home. The problem is, when you're undercover, you're always being someone else. You're like an actor who can't leave that role, because leaving the role could destroy the operation, or it could get you killed. So you have to stay in-role when you're working undercover. You can't relax until you come out of the role. And that's normally when you go home.

Eric O'Neill: [00:19:16] The problem is that we're humans, and so we build up all of those stresses and pressures while we're undercover, and you can't show them to your target. And they have to come out somewhere. So, the unfortunate result is often they come out where you feel safe and comfortable, and that's with the people you love. It's like the child who's a perfect little angel at school, but then comes home and is a terror where she feels completely safe. I have three little children, so I know this well. And this is why so many undercover operatives end up in divorce situations, and it's very sad. For me, this case wasn't only catching Hanssen. It was catching Hanssen, getting out of the case, but also keeping my marriage.

Dave Bittner: [00:20:02] Now, what ultimately led to Hanssen's downfall?

Eric O'Neill: [00:20:06] I think his pride. His hubris. I had a part in it. The analysts had a good part in it. The agents who were working the case had a major part in it - in pursuing this investigation, learning that Hanssen was the person we were after, and creating this entire situation, and putting me in the room and giving me everything I needed to succeed. You know, Hanssen was a total lover of technology. And he was also like one of those villains who just has his information somewhere close at hand, and gives you that opportunity to find it. It sounds corny, but it was totally true. He kept a Palm Pilot. And yes, I am bringing everybody back into technology...

Dave Bittner: [00:20:49] (Laughs)

Eric O'Neill: [00:20:48] ...And sometimes I speak to crowds and they they have no idea what I'm talking about, and I can see how young they are. But the Palm Pilot - a digital, personal data assistant, a PDA. One of the original ones, and this was a Palm III, so it was this big clunky thing, and he would have to, you know, you would use a stylus to tap information in. And he kept his entire life calendared in that thing.

Eric O'Neill: [00:21:10] And when I asked him about it, he said, "I've written the encryption on this myself. Even these idiots..." - and these are his words, not mine - "...At the FBI couldn't crack it on their best day." Wow. I mean, wow. Come on.

Dave Bittner: [00:21:24] Yeah.

Eric O'Neill: [00:21:23] So, I looked at him, and I said, all right, well. And in my mind, I was thinking, we need to get this away from him. The problem was, he kept in his left back pocket because it was so precious to him. He never pulled it out of his pocket until he slid it in his bag next to his desk, and only when he was sitting down. So, that's tough. I mean, how do you distract someone and get it away with enough time. So we had to come up with this crazy plan to separate him from the Palm Pilot with enough time for a tech team to copy it, and allow me to put it back before he knew it was gone.

Dave Bittner: [00:21:59] Huh.

Eric O'Neill: [00:21:59] Yeah.

Dave Bittner: [00:22:00] How did that play out? I'm imagining a scenario with a decoy Palm Pilot or, you know - how did it come to pass?

Eric O'Neill: [00:22:07] Yeah, well, you know, all sorts of ideas, right? Do you think you could learn to bump him and pick his pocket? Well, that only works until he sits down, right? Then game over. And I'm not a magician, so I don't know how to do that. Or a decoy. Well, that's not going to work, because he's on it every five seconds.

Dave Bittner: [00:22:24] Hmm.

Eric O'Neill: [00:22:24] He was - I mean, he was a fidgeter. He jingled his keys, he clicked his pen, he pulled his Palm out, he tap-tap-tapped it with his stylus. It was like a habit. So, that wouldn't have worked, because the second he opens the thing, he would've known it wasn't his baby. So we had to physically remove it from him in a - using what we call a "pretext" - or in FBI speak, some shenanigans - to get him away from it a sufficient time for me to get it down, copy it, and get it back.

Eric O'Neill: [00:22:51] So, what we did is we used everything we learned about him in the investigation. He has massive, massive narcissism, which meant that he had no respect for anyone above him in seniority or in authority. He didn't like to be interrupted, right? And he really liked to shoot. So we had an assistant director and a special agent named Rich Garcia, who was the only other person on the ninth floor who knew about this investigation, and was technically Hanssen's boss, although Hanson denied that ever was true.

Dave Bittner: [00:23:27] Hmm.

Eric O'Neill: [00:23:27] The two of them walk in, right? The ADIC, the assistant director, was read into the case just for this operation. He had no idea about this beforehand. And they come in unannounced, when Hanssen was sitting down - that was important - slapped twenty dollars on his desk, and say, "You and us, downstairs, rifle range, right now. Twenty dollars, I beat you," right? And he tried to say no, and the assistant director said, "This is not a request." So he's mad, and he walks out after them grumbling, with his gun and his ear protection and eye protection, and all the stuff you need to go down all the way to the subbasement and shoot. And for the first time, he breaks his routine and doesn't grab that Palm Pilot.

Dave Bittner: [00:24:08] Hmm.

Eric O'Neill: [00:24:08] So I was really excited. I waited. I give it time. I get a text on - here's the other little piece of equipment from 2001 - the SkyTel alphanumeric two-way pager. I get a page saying "He's in-pocket, shooting." So I run to his bag, open all four pockets - they're all identical - pull out the palm pilot, and I find a data card and a floppy disk. All that stuff has data, right? Grabbed it all, ran down three flights of steps, handed it off to a tech team, and they start copying it - since this is a CyberWire podcast, I give you all the tech - using this program called Norton Ghost.

Dave Bittner: [00:24:41] Hmm.

Eric O'Neill: [00:24:41] So you can literally see the bar going across as they're copying this encrypted data.

Dave Bittner: [00:24:46] (Laughs) This is a walk down memory lane.

Eric O'Neill: [00:24:46] Oh yeah. (Laughs) You know, like watching the bar, like 20 percent, 21 percent.

Dave Bittner: [00:24:51] (Laughs) Right, right.

Eric O'Neill: [00:24:50] And I'm dancing around, I'm so nervous...

Dave Bittner: [00:24:54] I can hear the music playing in the background, you know, the tension.

Eric O'Neill: [00:24:58] Exactly.

Dave Bittner: [00:24:58] Yeah, yeah.

Eric O'Neill: [00:24:58] Yeah, and I'm so stressed out, they throw me out of the room. So now I'm standing in the hall, and I get another page, and I look and it says, "Out of pocket. Coming to you." So, you know, I knocked on the door. I was, like, very polite, hey guys, I'm going to need that - the Palm Pilot and the floppy disk and the data card, and I need it now. And they're like, oh, we're almost done, don't worry. I said, you don't understand. He's armed and I'm not. He's angry. I need to be there before him. And they got it - it took a little while. I knew I had about nine minutes if the guy ran. He probably wasn't gonna run up to the office, but he was gonna hurry.

Eric O'Neill: [00:25:34] And I got it, I ran up three flights of steps, I slammed the big door to the SCIF - the secure compartmentalized information facility that we were in - behind me, which saved me. I ran into his office - it was a little separate office outside, you know, off of my main pit-area office - got to his desk, knelt down before it, felt like I won, and realized I have three devices, four pockets, and no idea which pocket I was supposed to put things into. It was a total rookie mistake.

Eric O'Neill: [00:26:02] I just - I sat there trying to figure out how I was going to remember. The more stressed you get, the worse you recall. And as I'm trying to figure this out I hear him come through the door. So, I just dropped all three things, took my best guess, you know, circle C on the Scantron, zipped up all four pockets, ran back to my desk, and put the best poker face on I've ever had in my life.

Dave Bittner: [00:26:27] (Laughs) Trying to not look like you're in the pool of sweat that you're probably in.

Eric O'Neill: [00:26:32] Oh yeah, I think my back was soaked under my suit jacket, and I mean...

Dave Bittner: [00:26:36] Yeah.

Eric O'Neill: [00:26:36] ...I knew I was going to have to change that shirt, and - but I couldn't let the sweat show on my face. I had to just look like a bored placid guy that he'd been talking to all these...

Dave Bittner: [00:26:48] Right.

Eric O'Neill: [00:26:48] ...All these weeks and months. And he storms into his office, slams his door, and I hear that telltale zip. And I just sat there, because I knew that if I left the room, I'd push him so far into paranoia, he would cut and run, and not make the last drop we were hoping he would make. I also knew that if I stayed in that room and I got that Palm Pilot in the wrong pocket - which was probably the case - there's a good chance that he comes out and shoots me. Because if it has what we hope it has, and were really hoping it had on it, he would have known that the entire case was over, and he'd be facing the death penalty.

Dave Bittner: [00:27:23] Huh.

Eric O'Neill: [00:27:23] He was very, very upset - I mean, ironically - very upset for anyone who betrayed him. And...

Dave Bittner: [00:27:28] To be clear here, you were unarmed.

Eric O'Neill: [00:27:31] I was unarmed, yes.

Dave Bittner: [00:27:32] Yeah, okay.

Eric O'Neill: [00:27:31] And he had plenty of guns. It was his thing. And I mean, do you really need a firearm in FBI headquarters? First of all, anyone who comes into FBI headquarters, if anyone has a chance to go through the building, it is the most miserably complex building on Earth. You would just get lost if you tried to raid FBI headquarters. And everyone in there has guns, so who's going to try to break in? So there's not a real reason to have a firearm in FBI headquarters, it's just some of these guys just can't let them go.

Eric O'Neill: [00:28:03] But he comes out, and he stares at me, and he asks, "Were you in my office?" And I just looked at him and I shrugged my shoulders and said, "Yeah, I was in your office. I put a memo in your inbox." And he looks at me, and he does that thing where you kind of look at someone, and you hold it so long it becomes creepy and nerve-wracking. And then he finally says I never want you in my office again.

Dave Bittner: [00:28:27] Hmm.

Eric O'Neill: [00:28:28] And he left for the day. And two weeks later, we arrested him in Foxstone Park in Vienna, Virginia, as he laid his last drop for the Russians under the bridge in the center of that park. We knew where he was going to be and when, when we decrypted the Palm Pilot.

Dave Bittner: [00:28:43] The Palm Pilot he said no one was gonna be able to decrypt.

Eric O'Neill: [00:28:48] Exactly. Because it's a digital calendar. He put the dates of his drops in the Palm Pilot.

Dave Bittner: [00:28:54] What were those remaining days at work like? Did you come back to work the next day and everyone acted like nothing had happened, or - what did you have to deal with?

Eric O'Neill: [00:29:05] Yeah, I came back to work the next day, and the next few weeks he bounced between sort of euphoria, depression - it was almost like he was bipolar. He was certainly working through something and, you know, knowing what we know now, he was working through the fact that he was going to make his final drop to the Russians after a two-decade career as their number one asset. He was going to bring an ending to his alter ego, who he called "Ramon Garcia," which was his sexy spy name, and he was going to leave the FBI and take a job in the civilian world for a cybersecurity company. Can you imagine what he could have done...

Dave Bittner: [00:29:44] Hmm.

Eric O'Neill: [00:29:43] ...To some poor cyber company? So, there were so many endings that were about to happen, and he was processing all that. I could watch him process that through all our conversations. The conversations also became very strange. He started talking to me about how upset he was that Julianna and I didn't have children, and that we weren't pursuing having children, and that was the purpose of marriage. I got many lectures about that, you know, kind lectures - it wasn't like he was - he became nicer near the end. And he started saying things like, well, there are ways that you can make ends meet and there are things you can do. He was getting very close to explaining what he had done, how he had made ends meet, how he had made the money he needed to support the lifestyle he wanted, and the family that he wanted, in the beginning, when he started his espionage. And the agents running the case and analysts were convinced that he was recruiting me that, you know, almost...

Dave Bittner: [00:30:42] He's wrapping up his career, and he's looking for a mentor to pass it on to.

Eric O'Neill: [00:30:48] Exactly. Someone to leave behind to what he called his "friends" in Russia, you know, to continue his good work and maybe he thought - and I was playing the game too. I would say things like, you know, the FBI doesn't pay us anything.

Dave Bittner: [00:31:05] Hmm.

Eric O'Neill: [00:31:05] I might have used a few expletives. And they give us the keys to the kingdom, and they expect that, you know, we're just gonna be caretakers, even though they pay us less than, you know, someone working in the bottom of the IT department in a civilian company. And, you know, I was pursuing all this too. I was inviting him to recruit me, if that was where he chose to go. And of course, recruitments are careful, and they take a long time. You have to make sure you implicitly trust the person. In the end of the day, he did trust me. He wouldn't have made that final drop if he didn't. And so, that was how I was able to win.

Dave Bittner: [00:31:40] So, he makes that final drop, and he's arrested. What sort of feelings did you have when that happened?

Eric O'Neill: [00:31:46] Yeah, they were pretty much every feeling you can feel just wash through me at once. I was driving when I got the call that he had been arrested and it was done. And I was shaking so badly I had to pull the car over. And at that time, I was driving with my wife, and I looked over at her when I could finally speak, and I said, I have to tell you a story. And I told her everything. Just sitting on the side of the road late at night, driving back from the Eastern Shore.

Eric O'Neill: [00:32:16] And that was probably one of the harder chapters for me to write in Gray Day, was retelling that moment. But I knew it was such an important moment, I took a long time writing it, because I wanted to get it just right. Even though I think it's one of the shortest chapters in the book. Because that was what the case meant to me. Was I going to win and beat the spy? But also keep my relationship with my wife intact, which was the more important thing.

Dave Bittner: [00:32:42] There's a really fascinating element of this to me, which is that I think we have a tendency to think of folks working for the FBI, and spies, and doing the kind of work that you were doing, as being sort of trained to be cold and calculating and by the book, and all those sorts of things. And one of the things that I really enjoy about your book is that so much is about the human element. That you - you're a human being. Hanssen is a human being. And so you have all of these interpersonal things that are woven through all of this.

Eric O'Neill: [00:33:17] Yeah, certainly. I mean, humans are squishy. We aren't machines. We're not task-oriented. We have an idea of where we want to go and what we want to do, but we meander a bit to get there. Emotions come into play, personalities come into play, foibles about what we think and what we dream and what our politics are all come into play, and everything we want to do. You know, at the end of the day, when you're an investigator, you have to - to the best extent - put all of that aside and pursue the purest facts you can find, without adding your own bias. But in investigations, it can be hard, and it can take a toll - both as a spy and as a spy hunter. And, you know, it's sort of a central theme of that - of the book, of Gray Day, is of what it's like to be a spy hunter hunting the biggest spy in history. And also being locked in the room with that person, and what does that do to you personally, in order to to win a case like that.

Dave Bittner: [00:34:20] You know, swinging back to the concern with many of the folks in our audience, which of course is cybersecurity...

Eric O'Neill: [00:34:26] Mm-hmm.

Dave Bittner: [00:34:25] ...It strikes me that, in a way, you were sort of dealing with the ultimate insider threat here. And I'm wondering, you know, do you have any lessons to take away from that, for folks who are out there, you know, fighting the day-to-day - under more normal circumstances of course - but, you know, what are some of the things, suggestions, you would make to folks who are out there trying to protect their own systems?

Eric O'Neill: [00:34:49] Yeah, certainly. Everything that I have - all of my theories and thoughts on cybersecurity have stemmed from those moments in that office with Robert Hanssen. As I said, he was brilliant. He had great ideas, you know, very early Nostradamus-like predictions of where espionage would go. And what I did is I took those original theories that the two of us came up with in that office, and pushed them forward into the future. And I found that a lot of them were true.

Eric O'Neill: [00:35:22] And one of those was that all espionage at some point will be cyber espionage. Now, there are still trusted insiders. People still get recruited within organizations. Spies still try to get into buildings. But that is just not happening with anywhere near the frequency that we were seeing in the '80s and '90s, because it's so much easier to penetrate a computer system externally, sitting in Moscow, or in China, or in any of the other intelligence service countries that want to do us wrong.

Eric O'Neill: [00:35:55] And so, what I've kind of started saying is that there are no hackers - there are only spies. And that hacking is nothing more than the necessary evolution of espionage. We've made data the currency of our lives, and as we have placed all that data, and taken it away from paper and placed it into computer systems, the network computer systems, and shared information, we've given the spies a very good way in.

Eric O'Neill: [00:36:22] So, the advice is to manage your data, and be careful with it. Be careful how much you're collaborating, who has access, and what cybersecurity you are using to secure that data. Because otherwise, the spies will get in and they will steal it.

Dave Bittner: [00:36:38] Yeah. Well, the book is "Gray Day." I have to say, it's a real page-turner. Eric O'Neill, thanks so much for taking the time to speak with us.

Eric O'Neill: [00:36:45] Dave, thank you for having me on the show. It's been a pure joy. I love the podcast.

Dave Bittner: [00:36:52] Thanks to our sponsor, KnowBe4, for making this CyberWire Special Edition possible. They're the social engineering experts and the pioneers of new-school security awareness training.

Dave Bittner: [00:37:03] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. Our CyberWire editor is John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell, our staff writer is Tim Nodar, executive editor Peter Kilpe, and I'm Dave Bittner. Thanks for listening.

Copyright © 2019 CyberWire, Inc. All rights reserved. Transcripts are created by the CyberWire Editorial staff. Accuracy may vary. Transcripts can be updated or revised in the future. The authoritative record of this program is the audio record.

Supported by:
KnowBe4

Email is still the #1 attack vector the bad guys use, with a whopping 91% of cyberattacks beginning with phishing. But email hacking is much more than phishing and launching malware! Find out how to protect your organization in this on-demand webinar by Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and he also shares a hacking demo by KnowBe4's Chief Hacking Officer Kevin Mitnick. Go to www.KnowBe4.com/10Ways to watch the webinar!

Subscribe to the CyberWire
Subscribe to the CyberWire Podcast: RSS Stitcher Google Play Music
Follow the CyberWire