CyberWire Daily - The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]
Episode Date: April 14, 2019Eric O’Neill is a former FBI counterintelligence and counterterrorism operative, and founder of the Georgetown Group, a security and investigative firm, as well as national security strategist for C...arbon Black. In his book Gray Day, My Undercover Mission to Expose America’s First Cyber Spy, Eric O’Neil shares the fascinating and sometimes harrowing tale of his experience being assigned to help expose Robert Hanssen, the FBI’s most notorious mole. In 2001 Hanssen pleaded guilty to multiple charges of espionage for sharing classified information with the Soviet Union and Russia over the course of over two decades. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose,
and showing the world what AI was meant to be. Let's create the agent-first future together.
Head to salesforce.com slash careers to learn more.
Hello everyone and welcome to this Cyber Wire special edition.
I'm Dave Bittner.
Eric O'Neill is a former FBI counterintelligence and counterterrorism operative and founder of the Georgetown Group, a security and investigative firm,
as well as national security strategist for Carbon Black.
In his book, Gray Day, My Undercover Mission to Expose America's First Cyber Spy, Eric O'Neill
shares the fascinating and sometimes harrowing tale of his experience being assigned to help
expose Robert Hansen, the FBI's most notorious mole. In 2001, Hansen pleaded guilty to multiple
charges of espionage for sharing
classified information with the Soviet Union and Russia over the course of two decades.
Stay with us.
In writing Gray Day, what you have to understand was I never wanted to make a movie.
You might know that there is the movie Breach that came out in 2007 that looks at my experiences within the Robert Hansen spy investigation.
The reason I made a movie before writing a book is because by the time I got permission to tell my story from the FBI, the fact that I worked
undercover in that office 9930 in FBI headquarters against the spy was classified until the FBI
chose to declassify just that tiny little part of the investigation so I could tell my story.
And by the time they gave me that permission, there were already, I think, six
books in the hands of publishers. It took quite some time. And so I was a little discouraged.
And my brother, who was a screenwriter out in Hollywood, and two other screenwriters
got together with me and we wrote what became the movie Breach. But I always wanted to write
a book. The movie was amazing. It opened many doors,
but it was a story told about me. And Gray Day is my story told by myself. And it took a few years,
and I'm actually happy it worked out that way. Because if I had tried to write Gray Day,
what became Gray Day at 26, it would have just been that Robert Hansen narrative. It wouldn't be the story that it is now.
A deep look at espionage and the evolution of espionage and how espionage has become cyber attacks.
Well, let's go through.
Can you give us an overview for those who aren't familiar with the story of Robert Hansen? Of course, Robert Hansen was arguably the worst spy in US history and certainly
the worst spy in FBI's history. He was a senior FBI executive, a special agent,
who for over 22 years worked within the FBI as a mole for the Russians. And if you know your
history, that means that he began spying for
the Soviet Union and spied for so long, he survived the collapse of the Soviet Union and the
reformation into the Russian Federation at a time when many of our spies were being caught. And we
were catching theirs as well during that collapse of the regime. So he was an incredible spy, a very long-lasting spy.
During that time, Hansen stole some of the most significant secrets
and damaging secrets that have been given to a foreign intelligence service.
Things like our nuclear secrets, our nuclear arsenal,
and where we'd fire if we were attacked and what we would
do if we were attacked, including our continuity of government plan where we would send the
president and vice president and everyone that matters in politics if there was a catastrophic
event. Very near and dear to my heart, he gave up undercover operatives and undercover operations
that we were working, not only here in the US, but around the world. That caused a number of our
Russian assets to be flown back to Moscow and either executed or imprisoned. So we lost that
source of intelligence, but worse, we lost human lives. And he also gave up many intelligence
secrets, including a tunnel that the United States, that the FBI and the NSA had dug right
under the Russian embassy in Washington, DC.
At the end of that tunnel, they put a listening device.
We were able to hear everything the Russians were saying in their embassy.
The problem was that even before the tunnel was completed, Robert Hansen had given it
up to the Russians.
They knew exactly what we
were doing and they could give us false information. He was a disaster for the intelligence community
and for the FBI's ability to pursue counterintelligence here in the United States. And when the FBI
can't conduct good counterintelligence, bad things happen. Terrorists are able to become more active. Spies are
certainly more active. And it hurts America as a whole.
And seemingly, I mean, he had nine lives within the organization. There were times when he
had near misses when it seemed he was lucky to not get caught.
Yeah, he was certainly like a cat. He was very lucky and he also made his own luck in
many ways. In a lot of ways, you can compare Hansen to that bank manager who knows all of the ins and
outs of security for his bank and slowly and methodically robs it over many, many years and
never gets caught because he knows all the flaws in that security. Hansen was exactly the
same. He knew the flaws in the FBI security, particularly because the FBI was in the middle
of an operation to computerize the Bureau. And he knew a lot more about computer security
than many of the FBI agents that surrounded him. And that also meant that he knew how to exploit flaws in that security.
What I wanted to portray very carefully in Gray Day is that Hansen wasn't just our worst spy in U.S. history,
but our first cyber spy.
He was a hacker back in the time when hackers used to be bad guys.
Now they're mostly the good guys.
He was able to use his affinity and ability to
penetrate computer security systems to steal secrets in a way that we couldn't catch.
So how did you come to cross paths with him?
Well, I was asked to join this investigation. I wasn't prepared to investigate a spy in this manner. During my entire time in the FBI, all those years,
I was what's called an FBI ghost. So I was an undercover operative. I pursued terrorists and
spies primarily around the Washington DC area. And most of my role was to surveil and investigate
targets that we suspected or knew were spies or terrorists.
And that might mean that on any given day, I would change disguises three times, I'd use
telephoto lenses, I used all sorts of tips of the trade and methodologies to follow someone
surreptitiously without them knowing I'm behind them, or if they turn around and see me, I look
completely different than the last time.
I would stay completely gray. And I only spoke to one of my targets once by accident. I tell the story in the book where we had lost this spy that, you know, this massive operation,
and the FBI had tricked him to coming home from where he was hiding out in Germany on a pretext.
And all my team had to do
was take him from the airport and put him to bed in his hotel room so they could arrest him there
where he was isolated and he wouldn't be around other people. This was before 9-11. This was when
you could actually meet someone at the gate. And this spy comes out and somehow dodges an entire
team of ghosts. I mean, that's next to
impossible. He gets all the way down and it must have been just blind luck and misfortune for the
ghosts, luck for him and misfortune for us. But he gets past an entire team and somehow makes it all
the way down to where I was the last guy. I was sort of the outfield safety. We're all looking and looking and I hear
just in my ear, do you know where the Hertz gold bus is? And I turned and looked and there he was.
And I just kept my face blank. And I said, sure, I know. And I took him to the bus. I took him to
his rental car. I read out the plates and told the team where he was going to go. And they jumped on
him and we won our case for the day. This is literally before Hanson, the only time I'd ever talked to a spy. And suddenly my supervisor shows up from my house
unannounced, it's the first chapter of the book, and asked me if I know a guy named Robert Hanson.
And it's a Sunday morning. He scared the hell out of me because supervisors don't come to you in
the FBI, you go to them. And I'm outside sitting
in the car with him. And he asks me if I know the guy. And I say, no, I hadn't investigated him.
And he said, good, because we want you to go undercover and investigate him. And I said,
why did you have to come out here on a Sunday to tell me that? That's what I do.
And he said, we don't want you to ghost him, Eric. We want you to work undercover in an office we're going to build for him in FBI headquarters.
And we want you to go undercover as yourself.
Now, if that sounds bananas to you, imagine how I felt on an early Sunday morning sitting
outside my apartment in my supervisor's car.
And of course, I said, yes.
What are you going to say? You know, it's an opportunity,
a case of a lifetime, and it turned out to be the biggest case the FBI had ever run.
Now, with your previous experience with the agency, because the type of work you were doing,
is this a situation where you didn't have to worry about, you know, running into someone
in the cafeteria who may have previously known you
as being an FBI agent. Right. Well, I was never an FBI agent. That's a misconception that many
people draw. The ghosts, which are officially called investigative specialists and members
of the special surveillance group of the FBI, are a little-known group. They used to be fully
classified. No one knew who we
were at all, not even within the FBI. That since has been relaxed, primarily so the FBI could
recruit ghosts. And grade A is the first time that the FBI has ever let anyone write about them.
So I got to tell a lot of really cool stories about what it was like being on the street
undercover before the Hansen case. For me to do this kind of role
for a non-agent, I mean, I had a badge and I had credentials. The only difference between the
ghosts and the agents are we don't make arrests and we're typically not armed because it's hard
to conduct surveillance when you're armed. You typically would have a trained agent in this role. But the problem was,
they couldn't find an agent who had the combination of knowledge of counterintelligence
and spy hunting, which I had from my years on the street as a ghost, and the ability to turn
a computer on and understand what was happening. And I just happened to meet both of those
qualifications. Because what we were doing
is we were putting Hansen in charge of a new section in the FBI that was built just for him.
It was called the Information Assurance Security Team. He changed the name to the Information
Assurance Section because he wanted to promote himself and who was going to argue with him.
It was built to examine the FBI's computerization efforts, the security behind them, and build
information security for the FBI. This was 2000, 2001. Today, we would call that cybersecurity.
So follow me here. They took the biggest spy in US history, the first cyber spy in U.S. history, and put him in charge of building
cybersecurity for the FBI.
And the only other person he put in the room with him to keep him from giving up these
secrets and catch him in the act was a 26-year-old ghost who they pulled off the street and threw
into a role that I wasn't prepared for and had to learn on the job.
Yeah, and a lot of the book outlines
your relationship with him. What was that dynamic like? It was a difficult one. He was a very quirky,
narcissistic, and complicated person. He would harass. He would name call. He could be very
tough. He was very demanding as a boss. Let's put it that way. He was exact and
precise. I had to be there in the office before he arrived and I couldn't leave until he left.
He was also brilliant. He certainly knew his way around computer systems. He understood
computer security intrinsically, which makes a lot of sense because he was the guy sliding a
scalpel through the FBI's computer systems and stealing for years.
It's sad because had he been a different person with different drives
and values, he could have done very good things for the FBI if he had maybe years
before been put in charge of a section like this and building security rather than tearing it down.
Were there any moments along the way where you were worried that perhaps your true motives would be revealed?
Oh, there certainly were.
As I said, I was figuring this out as I went along.
figuring this out as I went along. There's a particular art to undercover investigations where you're having a conversation with another person and the goal is to pull or extract
information from the other person that is pertinent and important to the analysts who
are going to dissect every word without that person knowing that that's what you're trying
to do. The art is called elicitation.
So I had to figure this out as I was going on and it was difficult because if you're Hanson and you're suddenly promoted to this brand new section
and to executive service and you're given everything you've ever asked for at the very twilight of your career,
and it also happens that you're the biggest
spy in FBI's history, you've got to be a little suspicious.
But his problem was that he was locked in a room and the only point of attack he had
to find out whether this was a real job or whether it was an elaborate mousetrap was
me.
So while I was trying to pull information out of him without him knowing that's what
I was trying to do,
he was doing the same thing to me. And he was a little bit more of the brute force effort
because he didn't have to worry about whether I was upset or not. And I, on the other hand,
had to try to be very subtle. And that meant I stumbled around for a long time trying to
figure out how to do this. There was one time I had trouble because I was
trying to memorize everything he said, then I would have to remember it and write it as
verbatim as possible later that night. And I would take little notes of the most pertinent
things he said on little post-its and shove them in the back of my top drawer of my desk.
I know there are a lot of people out there probably groaning and hearing that.
But when you're stressed and you don't really know what you're doing, you know,
and you're desperate to gather the information and he says this nugget, like the automated casism is
a significant point of attack. It's only good if someone's not a spy. You really want to remember
that and give that to the case agent handling you and make sure the analysts get it. And so, I wrote it
down. And as I'm writing, with my hands inside this front drawer of my desk, I look up and he's
standing right there looking at me. You know, that moment where a whole band marches across your
grave, right? It's not just someone stepping across it. There's shivers that just race up your back
and straighten your spine.
And I was just fumbling, like, what do I say? What do I do? And he looks at me, he says,
what are you doing there? And I just, fortunately, I had a copy of Tom Clancy's The Bear and the Dragon, right? Shoved in that desk drawer. And I pulled it out and I said, oh, well, boss,
I was reading. I'm sorry. I know I shouldn't be, but at least it's a book about intelligence work. That's what we're doing here, right? So, it's sort of working.
And he just went off on me about how we're here to work. We're here to get things done. We're
not here to play. I'm surprised and disappointed at you. And in my mind, I was like, hey,
tongue lash me all you want. As long as you're not noticing that I'm sitting here writing notes,
I'm fine.
And I think I ran to the bathroom, threw up, threw out all the notes, and I never did that again.
You know, I learned to memorize everything.
And my memory became very good.
My ability to hear things and recall them later became pretty incredible during that case.
Stress will do that for you. And that really helped years later when I decided to write this book.
Now, what sort of toll does this type of work take on you personally?
It can be very brutal. Undercover investigations as a whole can be very stressful. They are very
stressful, but you bring that stress home. So they can be extremely damaging to a family.
but you bring that stress home so they can be extremely damaging to a family. I speak about this a lot to military and law enforcement about the struggles of working undercover
and the difficulty of keeping that at work and not bringing it home.
The problem is when you're undercover, you're always being someone else.
You're like an actor who can't leave that role because leaving
the role could destroy the operation or could get you killed. So you have to stay in role when
you're working undercover and you can't relax until you come out of the role. And that's normally when
you go home. The problem is that we're humans and so we build up all those stresses and pressures
while we're undercover and you can't show them to your target.
And they have to come out somewhere.
So the unfortunate result is often they come out where you feel safe and comfortable and that's with the people you love.
It's like the child who's a perfect little angel at school but then comes home and is a terror where she feels completely safe.
I have three little
children, so I know this well. This is why so many undercover operatives end up in divorce
situations. It's very sad. For me, this case wasn't only catching Hansen. It was catching
Hansen, getting out of the case, but also keeping my marriage.
Now, what ultimately led to Hansen's downfall?
I think his pride, his hubris. I had a part in it. The analysts had a good part in it. The agents
who were working the case had a major part in it, in pursuing this investigation, learning that
Hansen was the person we were after, and creating this entire situation and putting me in the room and giving me everything I needed to succeed. You know,
Hansen was a total lover of technology and he was also like one of those
villains who just has his information somewhere close at hand and gives you
that opportunity to find it. It sounds corny,
but it was totally true. He kept a Palm Pilot. And yes, I'm bringing everybody back into technology.
And sometimes I speak to crowds and they have no idea what I'm talking about. And I can see how young they are. But the Palm Pilot, a digital, a personal data assistant, a PDA,
one of the original ones, and this was a Palm 3, so it was this big clunky thing
and you would use a stylus to tap information in. And he kept his entire life calendared in that
thing. And when I asked him about it, he said, I've written the encryption on this myself.
Even these idiots, and these are his words, not mine, that the FBI couldn't crack it on their
best day. Wow. I mean, wow. Come on. So I looked
at him and I said, all right, well, and in my mind, I was thinking we need to get this away from him.
The problem was he kept it in his left back pocket because it was so precious to him. He never pulled
it out of his pocket until he slid it in his bag next to his desk and only when he was sitting down.
So that's tough. I mean,
how do you distract someone and get it away with enough time? So we had to come up with this
crazy plan to separate him from the Palm Pilot with enough time for a tech team to copy it
and allow me to put it back before he knew it was gone. Yeah.
How did that play out? I'm imagining a scenario with a decoy palm pilot or,
you know, how did it come to pass? Yeah, well, you know, all sorts of ideas, right?
Do you think you could learn to bump him and pick his pocket? Well, that only works until
he sits down, right? Then game over. And I'm not a magician, so I don't know how to do that.
Or a decoy. Well, that's not gonna work because he's on it
Every five seconds he was he was I mean he was a fidgeter. He jingled these keys
He clicked his pen. He pulled his palm out. He tap tap tapped it with a stylus
It was it was like a habit so that wouldn't work because the second he opens the thing he would known it wasn't his baby
So we had to physically remove it from him in what we call a pretext or, in FBI speak,
some shenanigans to get him away from it, sufficient time for me to get it down, copy
it, and get it back.
So what we did is we used everything we learned about him in the investigation.
He has massive, massive narcissism, which meant that he had no respect for anyone above
him in seniority
or in authority. He didn't like to be interrupted, right? And he really liked to shoot.
So we had an assistant director and a special agent named Rich Garcia, who was the only other
person on the ninth floor who knew about this investigation and was technically Hansen's boss, although Hansen
denied that ever was true. The two of them walk in, right? The ADIC, the assistant director was
read into the case just for this operation. He had no idea about this beforehand. And they come
in unannounced when Hansen was sitting down, that was important, slapped $20 on his desk and say, you and us downstairs, rifle range, right now, $20, I beat you, right?
And he tried to say no.
And the assistant director said, this is not a request.
So he's mad.
And he walks out after them grumbling with his gun and his ear protection and eye protection
and all the stuff you need to go down all the way to the sub-basement and shoot.
And for the first time, he breaks his routine and doesn't grab that Palm Pilot.
So I was really excited.
I waited, I gave it time.
I get a text on here's the other little piece of equipment from 2001, the Skytel Alpha Numeric
Two-Ray Pager.
I get a page saying he's in pocket shooting.
So I run to his bag, open all four pockets.
They're all identical.
Pull out the palm pilot and I find a data card and a floppy disk.
All that stuff has data, right?
Grabbed it all, ran down three flights of steps, handed it off to a tech team and they
start copying it.
Since this is a Cyber Wire podcast, I'll give you all the tech using this program called
Norton Ghost.
So you can literally see the bar going across as
they're copying this encrypted data. Oh yeah. And I'm like, well, watching the bar, like 20%,
21%. And I'm dancing around and I'm so nervous. I can hear the music playing in the background,
you know, the tension. Yeah. Yeah. So they, yeah. And I'm so stressed out. They throw me out of the
room. So now I'm standing in the hall and, and I get another page and I look and it says, out of
pocket coming to you.
So, I knocked on the door, I was like very polite, hey guys, I'm going to need the Palm
Pilot and the floppy disk and the data card.
I need it now.
And they're like, oh, we're almost done, don't worry.
I said, you don't understand.
He's armed and I'm not. He's angry. I need to be there before him. And they got it. It took a
little while. I knew I had about nine minutes. If the guy ran, he probably wasn't going to run up
to the office, but he was going to hurry. And I got it. I ran up three flights of steps. I slammed
the big door to the SCIF, the secure compartmentalized information facility that we were in behind me,
which saved me. I ran into his office. It was a little separate office off of my main pit area
office. I got to his desk, knelt down before it, felt like I won and realized I have three devices,
four pockets and no idea which pocket I was supposed to put things into. It was a total
rookie mistake. I sat there trying to figure out how I was supposed to put things into. It was a total rookie mistake. I just, I sat there
trying to figure out how I was going to remember. The more stressed you get, the worse your recall.
And as I'm trying to figure this out, I hear him come through the door.
So I just dropped all three things, took my best guess, you know, circle C on the Scantron,
zipped up all four pockets,
ran back to my desk and put the best poker face on I've ever had in my life.
Trying to not look like you're in the pool of sweat that you're probably in.
Oh yeah. I think my back was soaked under my suit jacket. I mean, I knew I was going to have
to change that shirt. But I couldn't let the sweat show on my face. I had to just look
like a bored, placid guy that he'd been talking to all these weeks and months. And he storms into
his office, slams his door, and I hear that telltale zip. And I just sat there because I
knew that if I left the room, I'd push him so far into paranoia, he would cut and run and not make the
last drop we were hoping he would make. I also knew that if I stayed in that room and I got that
Palm Pilot in the wrong pocket, which was probably the case, there's a good chance that he comes out
and shoots me. Because if it has what we hope it has, and we're really hoping it had on it,
he would have known that the entire case was over and he'd be facing the death penalty.
it had on it, he would have known that the entire case was over and he'd be facing the death penalty.
He was very, very upset. I mean, ironically, very upset for anyone who betrayed him.
To be clear here, you are unarmed. I was unarmed, yes.
Yeah. Okay.
And he had plenty of guns. It was his thing. And I mean, do you really need a firearm in
FBI headquarters? First of all, anyone who comes into FBI headquarters,
if anyone has a chance to go through the building, it is the most miserably complex building on
earth. You would just get lost if you tried to raid FBI headquarters. And everyone in there has
guns. So who's going to try to break in? So there's no real reason to have a firearm in FBI
headquarters. It's just some of these guys just can't let them go. But he comes
out and he stares at me and he asks, were you in my office? And I just looked at him and I
shrugged my shoulders and said, yeah, I was in your office. I put a memo in your inbox.
And he looks at me and he does that thing where you kind of look at someone and you hold it
so long it becomes creepy and nerve wracking.
And then he finally says, I never want you in my office again.
And he left for the day.
And two weeks later, we arrested him in Foxtone Park in Vienna, Virginia, as he laid his last drop for the Russians under the bridge in the center of that park.
We knew where he was going to be and when, when we decrypted the Palm
Pilot. And, uh, the Palm Pilot, he said no one was going to be able to decrypt. Exactly. Because
it's a digital calendar. He put the dates of his drops in the Palm Pilot. What were those remaining
days at work? Like, did, did, did you come back to work the next day and everyone acted like nothing
had happened or what did you have to deal with? Yeah, I came back to work the next day and everyone acted like nothing had happened or what did you have to deal with?
Yeah, I came back to work the next day.
In the next few weeks, he bounced between sort of euphoria and depression.
It was almost like he was bipolar.
He was certainly working through something and knowing what we know now, he was working
through the fact that he was going to make his final
drop to the Russians.
After a two-decade career as their number one asset, he was going to bring an ending
to his alter ego, who he called Ramon Garcia, which was his sexy spy name.
He was going to leave the FBI and take a job in the civilian world for a cybersecurity
company. Can you imagine what he
could have done to some poor cyber company? So there were so many endings that were about to
happen. And he was processing all that. I could watch him process that through all our conversations.
The conversations also became very strange. He started talking to me about how upset he was that
Juliana and I didn't
have children and that we weren't pursuing having children and that was the purpose of marriage. I
got many lectures about that, kind lectures. It wasn't like he was – he became nicer near the
end. He started saying things like, well, there are ways that you can make ends meet and there are things you can do he was getting very close to explaining what he had done how he had
made ends meet how he had made the money he needed to support the lifestyle he
wanted in the family that he wanted in the beginning when he started his
espionage and the the agents running the case and analysts were convinced that he
was recruiting me that you know almost wrapping up he's wrapping up his career and he's looking
for a mentor to pass it on to exactly someone to to leave behind to hit what
he called his friends in russia
uh... you know to continue his good work and maybe he thought and and i was
playing the game to i would be
i would say things like
you know the fbi doesn't pay us anything. I might
have used a few expletives. They give us the keys to the kingdom and they expect that we're just
going to be caretakers even though they pay us less than someone working in the bottom of the
IT department in a civilian company. I was pursuing all this too. I was inviting him to recruit me
if that was where he chose to go. And of course, recruitments are careful and they take a long time.
You have to make sure you implicitly trust the person. In the end of the day, he did trust me.
He wouldn't have made that final drop if he didn't. And so that was how I was able to win.
So he makes that final drop and he's arrested.
What sort of feelings did you have when that happened?
Yeah, there were pretty much every feeling you can feel just washed through me at once.
I was driving when I got the call that he had been arrested and it was done.
And I was shaking so badly I had to pull the car over.
And at that time I was driving with my wife and I looked over
at her when I could finally speak and I said, I have to tell you a story. And I told her everything,
just sitting on the side of the road late at night and driving back from the Eastern Shore.
And that was probably one of the harder chapters for me to write in Gray Day. It was
retelling that moment, but I knew it was such an important moment. I took a long time writing it because I wanted to get it
just right, even though I think it's one of the shortest chapters in the book,
because that was what the case meant to me, was I going to win and beat the spy, but also
keep my relationship with my wife intact, which was the more important thing.
There's a really fascinating element of this to me, which is that I think we have a tendency to
think of folks working for the FBI and spies and doing the kind of work that you were doing as
being sort of trained to be cold and calculating and buy the book and all those sorts of things. And one of the things that I really enjoy about your book is that so much is about the human element,
that you're a human being, Hansen is a human being,
and so you have all of these interpersonal things that are woven through all of this.
Yes, certainly. I mean, humans are squishy.
We aren't machines. We're not task-oriented. We have an idea of where
we want to go and what we want to do, but we meander a bit to get there. Emotions come into
play. Personalities come into play. Foibles about what we think and what we dream and what our
politics are all come into play in everything we want to do. At the end of the day, when you're an investigator, you have to, to the best extent, put all of
that aside and pursue the purest facts you can find without adding your own bias.
But in investigations, it can be hard and it can take a toll, both as a spy and as a
spy hunter. And, you know, it's sort of a central theme of that, of the book, of Gray Day,
is what it's like to be a spy hunter, hunting the biggest spy in history,
and also being locked in the room with that person.
And what does that do to you personally in order to win a case like that?
You know, swinging back to the concern with many of the folks in our audience,
which of course is cybersecurity,
it strikes me that in a way you're sort of dealing with the ultimate insider threat here.
And I'm wondering, do you have any lessons to take away from that
for folks who are out there fighting the day-to-day under more normal circumstances, of course. But, you know,
what are some of the suggestions you would make to folks who are out there trying to protect their
own systems? Yeah, certainly. Everything that I have, all of my theories and thoughts on
cybersecurity have stemmed from those moments in that office with Robert Hanson. As I said, he was brilliant. He had great ideas,
very early Nostradamus-like predictions of where espionage would go. And what I did is I took those
original theories that the two of us came up with in that office and pushed them forward into the
future. And I found that a lot of them were true. And one of those was that all
espionage at some point will be cyber espionage. Now there are still trusted insiders. People still
get recruited within organizations. Spies still try to get into buildings, but that is just not
happening with anywhere near the frequency that we were seeing in the 80s and 90s because
it's so much easier to penetrate a computer system externally sitting in Moscow or in
China or in any of the other intelligence service countries that want to do us wrong.
And so what I've started saying is that there are no hackers, there are only spies, and
that hacking is nothing more than the necessary
evolution of espionage. We've made data the currency of our lives. And as we have placed
all that data and taken it away from paper and placed it into computer systems, then network
computer systems and shared information, we've given the spies a very good way in. So the advice is to manage your data and be careful with it.
Be careful how much you're collaborating, who has access, and what cybersecurity you
are using to secure that data, because otherwise the spies will get in and they will steal
it.
Yeah.
Well, the book is Gray Day.
I have to say it's a real page turner.
Eric O'Neill, thanks so much for taking the time to speak with us.
Dave, thank you for having me on the show. It's been a pure joy. I love the podcast.
where they're co-building the next generation of cybersecurity teams and technology.
Our CyberWire editor is John Petrick, social media editor Jennifer Ivan, technical editor Chris Russell.
Our staff writer is Tim Nodar, executive editor Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. The End Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your
organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.