Hacked - The Protege — "Possibly the Worst Intelligence Disaster in U.S. History"
Episode Date: February 2, 2026Two FBI agents. One room. One of them is the most damaging spy in U.S. history. Robert Hanssen told a lot of lies — including a really weird one about booking the Beach Boys for the FBI. That lie d...idn’t matter all that much, but the others did. For 22 years, Hanssen sold America’s deepest secrets while hunting moles inside the Bureau. With retirement looming, the FBI set a trap: a fake department, a fake job, and a young agent named Eric O’Neill placed three feet from the suspected spy. This episode is our conversation with Eric O’Neill — the man tasked with spying on the spy — about lies, tradecraft, psychological warfare, and the sting operation into what the DOJ later called “possibly the worst intelligence disaster in U.S. history.” Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Hacking is nothing more than the necessary evolution of espionage.
Of all of the lies in this story,
and there are a lot of lies in any story about Spycraft
and unprecedented decades-long intelligence leaks in the FBI.
Of all of the lies in this story,
the weirdest concerns the Beach Boys.
He said that he got the Beach Boys to come play in that courtyard.
Two guys, FBI agents Robert Hansen,
and Eric O'Neill are sitting somewhere inside the FBI.
And Robert, older of the two, tells Eric this story about how he was responsible for the time
the Beach Boys came to Quantico and played a show in the courtyard of the FBI.
Robert says, I'm the guy that made the call that made that happen.
And I called BS. I'm like, there's no way that happened.
And I just wouldn't, he was swearing up and down that it was him.
He made the call. It happened.
This was a lie.
Weirdly, in the 1980s, the Beach Boys did actually play a courtyard gig at Quantico.
I looked this up after the interview.
Jeffrey Foskitt, the guitarist for the band, called his friend who was an FBI intelligence analyst
to let him know that the then vocalist for the group wanted to, quote, rock the FBI headquarters
and asked his friend if he could arrange for a concert.
That part really did happen.
And I just like, I'll agree to disagree.
And then later, you know, when I was getting debriefed by the squad, I asked about that.
And they were like, oh, yeah, they came and played here.
but the part where Robert Hansen called them and had anything to do with it was a lie.
A pretty weird lie.
That's because Robert Hansen was a liar.
But boy, Scott, what a liar he was.
I don't know lying about the beach boy is pretty big.
I don't know what else he could have done.
Had a place like the FBI.
Well, let me tell you.
For 22 years, the FBI had been investigating a mole.
A spy, somewhere inside the federal law enforcement apparatus, selling secrets.
Someone had been stripping the U.S. of some of its most sensitive national security assets.
The identities of Soviet double agents, many of whom were actually executed,
the existence of a multi-million dollar eavesdropping tunnel under the embassy in D.C.
Highly classified details regarding U.S. nuclear war strategies, continuity of government plans.
Big white-knuckle stuff.
And gradually over the years, the evidence they painstakingly collect into the identity
of this mole all kind of points itself at veteran officer Robert Hansen.
The lied about the Beach Boys guy.
And the window to catch Hansen is rapidly closing.
He's mere months away from retirement.
And as such, a scheme is hatched.
If I may, a pretty wacky one.
It was beyond wacky.
And just to put a little point on that, they had to give Hans,
and basically his dream job to entice him to come back to headquarters and take the job.
Bringing us into that room with Robert, the suspected spy who didn't know he was suspected,
and Eric O'Neill, his seeming protege.
Seeming.
Seeming.
Seeming.
Eric, the guy that we're talking to this episode was in that room with Hansen for one reason.
As a matter of fact, the whole room existed for one reason.
the entire department they were a part of existed for one reason,
which was to catch Hansen before it was too late.
The room, the department, the job Robert and Eric were there to do,
which was ironically catching moles,
was all of it a ruse to catch the biggest mole of all, Robert Hanson?
Spy versus Spy.
There will always be spies.
The trusted insider is still one of the most dangerous breaches for any organization.
and that if you don't prepare,
and now we're talking about cybersecurity,
ahead of the event,
if you wait for that pressure situation,
then you will lose.
So this is my conversation with former FBI agent,
author and cybersecurity expert Eric O'Neill,
the guy that they put into that room
with Robert to try and take him down.
The protege.
The protege.
You ready to get into it?
Let's do it.
Let's do it.
This is the story of what has been described
by the U.S. Department of Justice as possibly the worst intelligence disaster in U.S. history,
and the time our interview spent two months in a psychological pressure cooker trying to finally catch him.
Here on Hacked.
Thank you for taking the time to talk with me.
Jordan, it's good to be here on Hacked.
I have a bunch of stuff I want to talk with you about.
But I want to start with a story that I know you have told before.
You haven't told it to me.
It concerns your relationship with a guy named Robert Hansen.
My claim to fame
Is the early 2000s. Let's go back just before that.
Just set the scene a little bit.
What was your job before the Hanson situation?
What does an investigative specialist at the FBI do?
What's the day-to-date of that look like?
Certainly.
So I was a undercover field operative.
My job was to pursue investigations in counter-intelligence and counter-terrorism.
So counter-intelligence being the science of catching spies
and thwarting foreign intelligence officers trying to do everything
from steal information to recruiting sources here in the United States.
And counterterrorism is obviously stopping terrorists, mostly from blowing things up.
But it could also be a biological attack.
It could be getting funding to people who would harm others and all the things you can think that terrorists might do.
Which wasn't always foreign terrorism.
It was also domestic as well.
So my job from day to day would be typically to get assigned to target.
the analysts at headquarters or the field office primarily would assign us a target.
And then in a team situation, we would track that target and investigate the target,
learn every single thing about their lives, their likes, their wants, their desires.
Literally, how many times they check their watch or tied their shoes over the course of a day,
who they met, who they spoke to, whether they like coffee or tea or shopping at big stores or
small boutiques. We could even listen to them sleep. We had those people completely in pocket.
So we could learn about them, investigate them, and then of course call in a squad team with guns
anytime there had to be a rest and then fade into the shadows, which is why my squad were called
ghosts. We were never seen. Or if we were seen, we had so much detailed disguise training.
You never knew we were there. So that was my day to day. And so,
You know, the transition to the Hansen case was complex for me because my day-to-day job was to be separate and apart from my target.
I would use telephoto lenses.
I would use vehicular or surveillance foot surveillance training.
I would use, as I said, disguises so that if the person saw me, then I look different every single time.
So I was always blending in and I was always avoiding getting noticed by my target.
And then suddenly in the Hanson investigation, I was face to face with my target.
Yeah, you're right there in the room with him.
You're this young guy.
I think you were 26 before all of this starts kind of happening.
And like you said, you're watching people from a distance.
You made reference, and I just want to dig in on this for a second to you could literally listen to people sleep.
I think is what you just said.
What is the mechanism by which you would do that?
Are we talking bugs?
Are we talking?
Right.
We could deploy all sorts of technology.
You know, you have a few different techniques.
and tactics. One is the human intelligence and the surveillance work that we could do, which could be
physically following a person using vehicular surveillance, which means you're following their car.
There's an actual science to that to make sure that you're not spotted, in particular if you're
following a very trained foreign intelligence officer, like a Russian, for example, or some of the best,
you know, they are actually looking for people following them because they're trying to clean themselves
before they do their active espionage.
And then there were quite a bit of technology we used,
and I can't really get into a lot of it.
I do talk about some of it that I was allowed to talk about by the FBI in my first book,
Gray Day, and more of it in my second book, Spies Lies and Cybercrimes.
If you want to read those books or listen to the audio, if you like my voice,
you'll hear some of that.
But a lot of the techniques and tactics we use, I have to take to my grave
because they are still top secret.
So you get yanked out of this one role.
Probably worked out how to do it.
You got him pretty good at it.
And they say, we're going to pull you into something a little bit different.
It seemed like it was something bigger, something maybe with higher stakes inside of the
Bureau.
Like, why do you think they picked you?
Well, I was a veteran undercover operative.
So I knew how to track and investigate spies.
And the FBI had a horrible conundrum with Robert Hanson.
So just to set the stage a little bit, it turned out that Hansen was the most
devastating spy in U.S. history, certainly in FBI's history, for over 22 of his 25-year career
in the FBI. He was Russia's top mole in the U.S. intelligence community. And the entire
intelligence community, that includes the FBI, CIA, NSA, military intelligence, everyone that had
anything to do with counterintelligence had been hunting for a mole that we knew was highly
placed somewhere in the intelligence community, but nowhere, no idea of where, right? And the
FBI had bet that it was the CIA, which was a mistake. Oh, interesting. We'd all been going after. Yeah,
we'd all been going after the spy that we only knew with the code name, gray suit. And, you know,
it ended up being Hansen. But we didn't know until the very end of his career, right before he was
about to hit his mandatory retirement, when the FBI, with a little bit of hard work and a lot of
luck, put together a FBI CIA task force to recruit a source in Russia who would maybe confirm
for him, for them, that this CIA case officer they were after was gray suit. And to their
amazing shock and surprise, when they received this slim file of information from a former
KGB intelligence officer who had just saved his file, right, for a rainy day, decided that at the
end of his career, he was going to sell it, move to the U.S., get in witness protection, sit on a beach for
the rest of his retirement.
They opened the file and it pointed directly to Robert Hansen.
And hearts fell within that little room of agents who received that data because Hansen at one
point, as one of the top Soviet analyst, was put in charge of catching himself and made sure the
The FBI never came close.
In fact, he sent the FBI on hundreds of wild goose chases to protect himself.
So there were a lot of people who realized that their entire career in chasing gray suit had been a complete waste of time because he was in the room with them, steering them the wrong direction.
He was a pretty bad guy.
And just, you know, going through the damage that he did, some of the things were giving up our nuclear secrets during the Cold War.
We would have been at a deficit if there actually had been a nuclear war.
Our continuity of government plan, where you send the president, vice president, and everyone in the cabinet, if there is a catastrophic attack.
So that would allow the Russians to hit the head, right, if they did decide to commit an act of war against the United States.
Also, undercover operations, undercover operatives whose covers were blown.
And between 1984 and 1985, which we call the Year of the Spy, sort of that middle,
of those two years. We lost every single asset in Russia. We were completely blind during the Cold War. We were
losing the intelligence game. And that those deaths and arrests, many of them were pressed into hard
service, were shared by Robert Hanson and a CIA spy named Alder Games, who just passed away a few
days ago. So he was a bad guy. I get, I could spend our entire time, Jordan, just talking about what he did.
But it's not really what he did that matters as much as how he did it.
He was able to steal information from computer systems in the FBI that were never built to defend.
And so in order to catch a cyber spy, you needed a hacker.
And that's where I came in.
I wasn't just a spy hunter and undercover operative who knew how to investigate spies.
I also had gotten a little notoriety by writing computer programs that made my life.
and my squad's life easier.
And so they realized that I was the only person
who could possibly do the undercover job,
although there was an entire squad of agents
who bet against me, actually bet money that I would fail.
There were three squads working the Hansen case at the end of it,
and one of them bet against me.
The squad running me bet for me,
so fortunately they made some money,
and I think the other squad abstained.
But, you know, they needed someone who could catch us by
and turn a computer on.
And because the FBI was so behind in computerization in 1999, 2000, that, you know, they didn't have a lot of options.
And I was their best bet.
I don't want to go off on a tangent about how often these cases turn on who's betting against who, though I'm curious.
Like, I would love to know the like internal betting brackets inside of the FBI on what case is going to go which direction.
Well, you know, at least the squad running me bet on themselves.
Yeah, sure.
Because I ended up winning the kids.
case, I found the smoking gun. It was an impossible task and somehow I managed to succeed
despite the entire deck being stacked against me. Hansen being far more highly trained,
suspicious, even before I set foot in this brand new section that the FBI built just for him
at FBI headquarters. I mean, not only built this section for him, built the entire room,
9930 in FBI headquarters that we would stage the investigation, promoted him to executive.
service, you know, gave him staff, that was me for the first time in many years, brought
him back to headquarters. He hadn't worked in headquarters in many years. And this is, this was
at a point when he had three months to retire. So imagine how suspicious you have to be.
And I had to withstand that because the only point of attack he had was the only other person
in that room, and that was me. Okay. I wanted, I want to drill in on that little period of time
because I find this so interesting. The evidence, the evidence.
evidence points to Hansen. He's this mole. He's been operating for years. The fallout of this has been
catastrophic. He's retiring in three months. We need to hatch a scheme. And they hatch this plan,
which is kind of where you enter into the story of room 9930. Right. They set up a fake department
dedicated to finding spies. They put Hansen the suspected spy in that department. They put you in there
to spy on him, which means you're spying on the spy secretly spying in his capacity as
as a spy investigating spies.
Right.
This is respectfully a very wacky scheme.
It was beyond wacky.
And just to put a little point on that, they had to give Hansen basically his dream job to entice him to come back to headquarters and take the job.
So for much of his career, Hansen, and this is incredibly ironically, had been banging a drum that the FBI was behind in computerization, had not practiced good cybersecurity, and was going to be.
breached by an in by a mole inside the FBI right basically he was warning them that everything he'd
been doing his entire career was going to happen yeah they ignored him which made him angry so he
was a disgruntled employee and so what they did is they gave him his dream job they put him
in charge of building cybersecurity for the FBI which took oh you know that took some some
some real confidence on the part of the FBI because they essentially gave him access to
everything, put him in charge of something that could be incredibly devastating to the FBI if
that data were lost. And then, of course, looked around for the person who knew how to, you know,
go undercover and turn a computer on because we had to sell the job of building cybersecurity for
the FBI. So actually, that was my first job in cybersecurity was the most sophisticated and
important investigation the FBI has ever run. So you find yourself sitting there in a room with
the guy who's lecturing you in a sense on how to catch a mole and the importance of cybersecurity
while himself being a cybersecurity vulnerability and a mole.
You know, day one, the irony strikes you.
Day two, you got to start getting kind of annoyed at the arrogance.
Like, I would be annoyed at the arrogance of that.
Were you annoyed?
Oh, certainly.
I mean, he was a textbook narcissist, which I was able to turn against him.
He had to be right on everything.
He would pontificate forever.
it was clear that he wanted to mold someone in his image, but I used that, I used that as
as an asset in the investigation.
But, you know, there was a point where you either sink or swim in these things.
When you go undercover, you have to fully go undercover.
You have to dive into it.
In fact, you have to believe it so much that you forget that you're undercover sometimes,
that your reactions always fit because there's something a normal person would do.
you've sort of suspended your disbelief that you're undercover, right?
To use a Shakespearean quote.
You know, and it's interesting because I just, I am still friends with Ryan Philippi
who played me in the movie Breach.
So Universal made a movie about this.
It was such a huge case when it broke.
That's about me going undercover to catch Hanson.
And recently the two of us got together and we had a conversation about the intersection
between working undercover and being a Hollywood actor and how,
They are very similar.
The way that you prepare for a role and then, you know, engage in that role when you're acting so much that the audience believes that that it's true.
It's the same thing undercover.
You have to believe it.
You have to believe the lie you're spinning and telling.
Otherwise, your cover gets blown.
You'll be spotted especially by someone as adept as Hansen.
So while I didn't like the guy, most of it in my mind, I was thinking like he's a horrible boss, right?
not he's a spy. And, you know, even going into the case, I wasn't told anything other than we suspect
him of espionage, which was critical. They didn't want to give me any information that I could
mistakenly reveal, right? You tell your undercover asset only what they need to know. It was later,
maybe the midpoint of the investigation before I caught him, that I, you know, my desire to be there
was flagging. I, you know, I actually asked at one point to be taken off the case because it was just
disrupting my entire life. I was in law school at the time. I'd just gotten married before I got
put on this case. And we had a pretty bad honeymoon year. Let's put it that way. And then they
told me more detail. And actual detail from information I had gathered during the investigation
that they didn't let me into right away. And that reignited my desire to catch him, to bring him
to justice for what he'd done. I want to get to that moment when you bring him to justice,
but you said something interesting. You were talking about, you know, you identified,
there's some narcissism at play here. Let's just call it what it is. You figure out a way to
turn it against him. I want to understand that moment. Like you've described Hansen as a human lie
detector. He's doing stuff that's very cinematic. He's like watching your pupils and, you know,
your pulse and your breathing. And I was reflecting on the stress that that would have to put into
your life to be day to day going into a room with a narcissistic human lie detector.
What were moments during that time where you thought, I'm cooked, this guy knows, he's just
playing with me, take me through that.
But there were, you, you couldn't allow yourself.
So you, you walk this wire as a spy, as someone who's undercover trying to catch a spy
in any kind of special ops world, right?
This wire between suspicion and paranoia.
So you always have to be suspicious.
I always had to wonder, you know, is he on to me?
I'm my pushing a little hard here.
Am I laying it on a little thick?
But I couldn't allow myself to fall into paranoia.
If I walked into that room believing he could beat me at any given time, it's over for me.
You have to have this supreme confidence in yourself.
And I learned that on the street working undercover.
When you're tracking a target, you have to know that that target didn't get away, that that
target didn't see you.
You have to feel that supreme confidence in yourself.
And it's something that's been useful to me throughout the rest of my
my life and career.
But here, every time I kind of girded myself before walking in room 9930, and there were moments
where I knew he was in there and I would take a minute just to breathe and think and get
kind of into character, right?
And prepared for the misery I was going to subject to myself to for the next eight to ten hours.
I would have to believe in myself.
It started there.
And my most important role, well, actually, this is the cadence that they get.
gave me, right? Number one, Eric, don't screw up because you're the biggest point of failure in
this entire investigation. So your first job is not to make a critical mistake that makes him think
that this is a trap. And then, you know, the likely event is he shoots you and runs, right? So
really didn't want to make that mistake. He shoots you and runs. Yeah. Then he, please,
you know, you know, if I had screwed up, he, he might have ended up right now today. Maybe he's,
you know, in an apartment with Edward Snowden in Moscow eating caviar and drinking vodka.
I don't know.
But that was number one.
Number two was critical.
It was gain his trust.
You can't investigate someone in a face-to-face investigation like this without gaining their trust.
They have to trust you.
They have to believe you.
And then they tell you things.
So gaining his trust was that critical thing I had to do.
And number three, of course, was find the smoking gun and catch him, which all of this is impossible.
You know, as now a lawyer, you know,
legal cases you don't find smoking guns. As an investigator, investigations, you don't find smoking
guns. It's very rare. And here, that's what we needed, and we needed it fast. So gaining his trust
meant I exploited that narcissism to realizing that he just really wanted someone to shape and mold.
He wanted to be a mentor. He really did. End of his career, you know, he's facing retirement.
This is his last chance in the FBI to really mold.
and shape someone in his own image, and I let him access that. I became that person for him,
kind of like the Robin to his Batman, right, in his mind. And I let it happen. You know,
and part of gaining his trust was going to church together. I think one of the main reasons I was
picked was also because I'm Catholic and a practicing Catholic. And his religion was critical
to him. And so I can remember the biggest amount of scrutiny I got to
from Hanson during that entire case is, you know, he would take me to church in the middle of the day at
this little chapel in the back of a Christian information center, right? I thought it was a bookstore.
And in the back there was a chapel and they had church every day. And he's watching me like a hawk as saying
the our father, right? And I was like thanking Sister Rose, you know, from kindergarten that I knew that
prayer back and forth. So I was one of the first times I felt completely confident in the case.
The narcissism means he wants to be seen as knowledgeable, his expertise to be honored. So you present
yourself as the protege. I'm willing. I'm interested. I want to learn everything you have to teach me.
Certainly. But you know what? Jordan, he was also a bully. In what way? And so you had to do it right.
You couldn't be a toadie because a bully, you know, will just take advantage of a toadie and never really
think of them as an equal. So I had to also, I had to play it very carefully. I had to challenge.
him right so so I couldn't just say oh that's so great you're so amazing I can't be
sticophantic yes yeah right I say there's no way that happened you're you are just you're
spinning some kind of crazy tale that is lunacy there's no way there's a spy in this
department for decades right make him have to prove it like one of the things he told me was
that he uh he himself Robert Hanson reached out and was the person that got the
Beach Boys to come play at FBI headquarters.
So if you ever been to D.C., FBI headquarters is a monstrosity of a building.
And after 9-11, they closed off the courtyard.
It takes like two city blocks.
And you used to be able to walk right through.
Any person could walk right through under FBI headquarters.
There was a huge courtyard.
It was for the public.
And it's a shame that because of terrorism, you know, no one can go through that
courtyard anymore.
But he said that he got the beach boys to come play in that courtyard for Washington, D.C.
And everybody crowded around FBI headquarters and it was a huge party.
And I called BS.
I'm like, there's no way that happened.
And I just wouldn't.
And he was swearing up and down that it was him.
He made the call.
It happened.
It was a big feather in his cap.
And I just like, I'll agree to disagree.
And then later, you know, when I was getting debriefed by the squad, I asked about that.
And they were like, oh, yeah, they came and played here.
I said, really?
That's the crazy thing to me.
I know he's lying,
but I couldn't believe that the Beach Boys,
the Beach Boys came and played
under FBI headquarters once upon a time.
So wait, this is a total tangent.
They did come and play.
Did he make that?
Did he make the call?
No, he had nothing to do with it.
Oh, so we started with the truth,
which is pretty wild.
You know, yeah, every little bit of every great lie
uses a kernel of truth.
And of course, there he was.
He was. He would lie all the time. But I had, but calling him on it, pushing back, gained respect.
Right. It's kind of what you wanted a protege. You want them to be their own person.
Right. You want to be able to see yourself on them. And if you think that you're this very clever, you know, person, sure. That's what you want to see.
Exactly.
So I want to dig into the tech a little bit as we move towards the takedown and where this all goes is 2001.
From the way you've described, it sounds like the FBI is a very paper and pencil kind of place.
Hanson, meanwhile, is more tech literate.
So are you?
In the middle of this story is a Palm Pilot, which is just a great little piece of tech nostalgia.
Tell me about the Palm Pilot and the role all that plays in this.
Well, the Palm Pilot, right?
The Palm Pilot.
The Pinnacle event of personal data engineering.
It's got a stylus.
Circa of 1998 to 2001, right?
Yes.
Yes.
And it was a, for anyone who is not.
not Gen X, younger than Gen X, it was your first personal data assistant.
It's a clunky device.
You flip open the top, and there's a screen.
There were no touch screens back then.
So you pulled out a plastic stick that we called a stylus, and you just tapped it.
And after tapping it for a long time, you would get the data in.
It was honestly probably easier just to have a little notebook in your pocket and write addresses and things in there.
but Hansen loved the thing, absolutely loved it, said that it's the only way to organize your life.
Anyone who is an executive has one of these devices and you're nothing but a do-good,
no-nothing, useless clerk.
So you don't have a device like this and you'll never amount to anything.
That was what he told me.
So when got one?
Yeah, I requisitioned one from the Office of Science and Technology, which is we abstensibly
worked for that division in our section and got two i got a he he had a palm three x i got two palm
fives so it was slimmer and you could you know play games on it it had mind sweeper and you know that kind
of crap and um and uh it was a faster when you plugged it into outlook and synced your email
um and he didn't want it he shoved it back across the desk to me and he said that i've encrypted
my palm myself
and I'll keep this one
thank you. Oh interesting. In fact he said something
like these idiots at the FBI couldn't crack
this encryption on their best day.
He's not subtle, is he? And that was the moment I knew
well that was the moment I knew
that I had to get it away from him. I had to take
that palm pile away from him. We had to find out what
was on it. You encrypt
information you don't want others to see.
That's one of the key
ways to protect data.
And so
I knew we had to get away from the
problem was it was always in his left back pocket and the only time it was ever not in his back
pocket is when he sat down at his desk and then he would put it into one of the four identical
pockets in his shoulder bag his briefcase and then as he stood up like clock work clock work he
would retrieve the palm and put it back in his back pocket even before he gained his feet so that's a
routine and when you're trained as an undercover operative you're
are always looking for routines because all of us use routines to protect information devices.
I mean, like one routine as you get home and then you, you know, park your car and then you go
in the house and you hang your keys on the hook or you put them in the basket.
Because if you don't, when you leave, they're where?
Gone.
So routines are critical and spotting them can help you catch a spy.
I am still struck by the moment where he's giving you shit for the type of Palm Pilot and saying,
Like if you don't have one, you're just like a clerk.
It's like he sounds like a dick.
Yeah, well, he was, let me put it this way.
You didn't want to work from.
In fact, no one wanted to work for him, which is why he, he before being brought into this case, he'd been exiled to the State Department liaison role where he had nothing to do.
They were just parked him until he retired.
Okay.
And at one point, as the legend goes, and you can look up the legal case because, you can look up the legal case because,
I'm pretty sure she sued the FBI.
One of the secretaries, we had them back then, that was in his section.
So she worked for his squad, challenged him on something and then tried to leave before he gave her leave to leave.
And he grabbed her by the arm and threw her to the ground so violently she tore a tendon or a muscle in her arm.
and you know you just he had a temper and and and he wasn't he wasn't shy about lashing out
think about the last time you heard a breach story on this show it always starts the same way
someone somewhere saw something too late an alert buried a signal missed an SOC that just
couldn't keep up arctic wolf set out to solve that problem by rebuilding security operations
from the ground up for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform, a fully agentic system powered by the swarm of
experts. Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic
agents that handle whole entire workflows. Humans stay in the loop and on the loop to validate
the critical decisions and keep everything trustworthy, and all of this is just off running on
their secure operations graph. A constantly updating intelligence engine fueled by more than
9 trillion telemetry events every week and over a decade of real-world incident response.
The system reasons on real signals and real context, not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SCC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions. The automation frees
your concierge security team to focus on higher value strategy and proactive risk reductions
while the agents handle the grind. If you want to see what trustworthy, production-ready
AI insecurity operations actually looks like, go to Arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th, diving to the most
impactful breaches of 2025. Their field CTO and security leaders are going to unpack not just
what happened, but why these attacks succeeded. And most importantly, what businesses can do to
fortify their defenses for it's too late. You're going to walk away with real insights into how
threat actors are evolving, how defenders are responding, and what strategies can help you
stay ahead of the next big breach. It's not fearmongering. It's practical, actionable, intelligence
from experts in the trenches. Register now at arcticwolf.com slash hackt. I want to talk about
the kind of, there's this like heist sort of moment in the middle of this story. This little window
of the time where you, you decide you're going to get a hold of this Palm Pilot and you're
going to clone it and try and get it back to him. Take me through that part of the story, this little
tiny window of time that you have where if you're a second light, the mission's over. So we decided,
I sat down with Kate, who was the special agent on the squad that was running me, that was
giving my information, giving me my tasks.
It was essentially my handler, right, as the undercover operative.
And Rich Garcia, who was the section chief in FBI headquarters, but also one of the only other people in headquarters because the case was run out of Washington field office, that knew that this was happening.
And that was my go-to.
If everything fell apart, I could get to his office, right?
and Rich was always very heavily armed, especially as this case was being run right under his nose.
And I said, look, we got to get this away from him, and the three of us hatched a plan.
And here's how it went.
I waited until we were both in his office, and I sent a text where he couldn't see under the decks that we were there on my Skytel,
the numeric pager, which isn't really a text, but let's just call it that for convenience.
And Garcia comes in unannounced with a assistant director that had been read into the case just for this.
And they walk into Hansen's room into his office, slammed $20 on his desk and say,
you and us, the shooting range right now, I bet you that 25 targets out of five, we can be done.
And Hansen tries to say no and he tries to beg off and he says he's too busy.
and the assistant director, who is his boss, right, his boss's boss,
says that wasn't a request, get your gear, let's go.
Now Hansen's mad, and when you get someone mad,
you can sometimes break a routine.
And it worked.
He stands up, he grabs his, he holsters his firearm,
grabs his eye protection, ear protection,
and trudges off after them,
and for the first time forgets that Palm Pilot.
So we're on room 9930 on the ninth floor.
And I know that the shooting range is all the way down in the sub-basement, and I had timed how long it would take if I ran and hit the elevators right at the second I hit the button to get from that range up to the ninth floor.
So I'd planned ahead.
Planning is critical and everything we do, right, if you want to be successful.
And as soon as he's down there shooting, I get another text saying he's in pocket and I go to the bag and there's the Palm Pilot.
And not only a Palm Pilot, the data card and a floppy disk, I rifled the bag and went through all four pockets, ran down three flights of steps, handed over to a tech team that started copying at one to one. And yes, the data card was sand disk, data card, and the palm were encrypted. And they said, we're just going to copy it one to one and then crack it later. I said, great, get it done. And as this is happening, I get another text saying, out of pocket coming to you. So I actually have seen the CCTV footage. He,
He sends his target down range.
He empties a clip.
He brings it back.
It's a wonderful little grouping of shots.
He was a dead shot.
Holsters his firearm.
It doesn't even pull the paper off of the target clip and just abruptly leaves.
Probably because he touched his bottom and realized he didn't have his palm pilot and was wondering how much do I actually trust Eric.
So he's on his way up.
These guys aren't done.
And I'm freaking out a little bit.
And I told them that I need.
the devices, they're like,
ah, we're almost done.
Don't worry.
I said, you don't understand.
He's armed and angry.
I'm not armed.
I'm not going to win.
He's going to shoot me.
So I do get it up there.
So I grabbed the devices.
I ran and I managed to get into the office moments before him.
I kneeled down in front of his bag, felt really good about myself.
And then realized I had three devices and had gone through four pockets.
And I had no clue.
I couldn't remember for the life of me, which they came out of.
So I'm trying to figure out.
this mad scramble like this, I think
this one here, and I think the floppy
disc was next to the palm, but the data
card definitely wasn't and wasn't on
this side of the bag or the other side. And I
know that Hanson is the most meticulous person
on earth. So,
you know, it has to be perfect.
Or he'll know.
And as I'm just trying to figure this out
and remember, I hear him coming through the door.
So I just dropped all three devices,
you know, zipped all four pockets. I probably made the sign of a
cross and set of prayer and random
my desk and sat there trying not to sweat and put the best poker face I've ever put on my face.
He swarms through the office, glars at me, slams his door, and of course I hear zip.
And at that point, I was thinking, I should not be here. I should be out. I should be running down
to Rich Garcia's office, right? Right? The escape hatch. But I knew that in that paradigm of
suspicion and paranoia, if I wasn't there when he came out, I think he was. I think he was.
he would have been pushed so far into paranoia that he would have cut and run. We knew at that
point he was going to make a final drop. We knew at that point he was the spy we were after.
We just had to catch him at that final drop. That was the smoking gun we needed, that information.
And I was just betting everything it was on the Palm Pilot. So even if I got it wrong, I had to
talk them in, or else, you know, this case would never be over. And he comes out of his office.
He leans over my desk. And he asks me point blank, were you in my
office and I told him yeah I was I put a memo in your inbox which I had right as a pretext
just in case and he just holds that look seeing if I'll break I don't and and he leaves for the day he
tells me I never want you in my office again and he leaves for the day and then as soon as he closed
that door then I let myself fall apart right and within about a week and a half he is on this
bridge in Foxstone Park in Vienna he stands on the bridge and
sure that he's all alone. It's the Sunday before President's Day in February. He looks around,
and when he feels he's alone, he reaches into his sport coat for his package of secrets. He slides him
under the bridge, which has been his drop site for his career, and then leaves the way he walked
in, sets a signal on a sign to let the Russians know he's loaded the drop. And then as he
approaches his car to van screech to a halt and FBI agents jump out.
point guns on him to arrest him. He drops his keys, raises his hands, and he says, the guns are not necessary. And then he says, in a very handsome way, what took you so long? And he was arrested and then pled guilty to espionage against the United States.
And he says, what took you so long? This is not an important detail. But do you think that was off the top of it? Do you think that was off the dome? Had he rehearsed that in front of the mirror? How long do you think he'd been planning?
If and when this all goes down, I know what I'm going to say.
I truly think he didn't believe he was going to get caught.
But he always had to be in control.
And by saying that, he was taking back control.
Like, maybe you caught me, but you're the screw-ups because I got away with it for over 22 years.
Right?
And by the way, we not, you know, talk about a win.
We not only knew where he would be at that park in Foxstone Park to Lodon,
in that last drop.
But when?
At 7.13 at night, because the Palm Pilot is a big digital calendar.
And once we decrypted it, that was the smoking gun that told us where he would be and when
so that we could record him making that final drop to the Russians.
It was such a slam dunk airtight case.
Even his attorney, who was the best attorney, Plato Concheris, who was like the attorney,
every big spy hired, right?
you know, told him you don't have a hope.
In fact, our best bet here is to make sure you don't get the death penalty.
The Palm Pilot.
You made reference, this is his calendar.
The Palm Pilot is what led you to know he was going to be doing this drop on this bridge,
which is how you finally caught him.
Do you remember what it was inside of the Palm Pilot?
What is the calendar event for that?
Do drop for Russian spy craft?
Like, what does it say to let you know this is happening?
I don't exactly.
No, what he did is he would put various dates in there because the way that the way the espionage at this level worked still does in some cases, but you know, now all espionage has changed. My entire first book is about that, right? But in the old days, you would have a pattern of scheduled dead drops and signal sites. And the goal is to never be in the same location. The intelligence officer is never in the same location in time as your asset.
So you're constantly doing the surveillance detection runs, looking for signals, saying the drop is loaded, going and collecting the information. Then you do, you go out another day, you set your signal, you do your SDR, you load the money in a different drop site, and then your asset goes through the same process and picks it up. But all these dates have to be coordinated, usually like a year in advance. So what Hansen would do is he would put them into his Palm Pilot, the dates of these things. And, um,
He had some sort of math.
It was like a multiple.
So it was never the actual date.
But some of the earlier information I was able to steal from him gave us that multiple.
So we were able to decrypt the Palm Pilot, see all the dates plugged in, multiply it by his number, and then find out when he was going to make that last drop.
And we were shocked in that it was literally right around the corner.
So it was just great serendipity that we were able to exercise.
execute that last operation and get that palm in time.
You were able to decrypt it.
We skipped over that part of the story where he's talking to all of this big game about how well
encrypted this Palm Pilot is.
And you were able to decrypt it.
Well, not me personally, but yeah, analysts at the epic.
And, you know, like, I'm not exactly sure who at the FBI, you know, whether it was a team
at the FBI or whether they leaned on the NSA.
Remember, you know, the government has all those assets, right?
They can say, hey, guys, this thing's encrypted.
And then he had to say, just crushes it, right?
Yeah, right.
So I would suspect.
But, yes, they were able to decrypt his bomb pilot, break the encryption, and then see those dates.
So, 2023 Hansen, he dies at his cell.
After that point, and this is kind of truly, truly done, what is the legacy of all of this?
Well, the legacy is the fact that there will always be spies.
that the trusted insider is still one of the most dangerous,
dangerous breaches for any organization.
And, you know, more specifically,
that if you don't prepare,
and now we're talking about cybersecurity,
ahead of the event,
if you wait for that pressure situation,
then you will lose.
Because cyber espionage, cybercrime, cyber attacks right now,
which is the way that espionage happens today,
And, you know, if you read my second book, Spies, Zies and Cybercrime, I prove that cybercriminals have modeled spies.
They've taken the best tactics and techniques from espionage and they've deployed it.
In fact, they've hired spies, intelligence officers, to come work for them, these cybercrime syndicates and groups.
So they are working with the best of the best.
And the only difference now between cyber espionage and cyber crime is the outcome.
They use all the same tactics.
the difference, of course, is that spies want to steal information and not let you know they've done it.
While cyber criminals do the same reconnaissance, infiltration, quiet exploitation, theft of secrets.
And then at the very end, they crash and burn everything, you know, lock you with encryption,
destroy data.
And then they either want to ransom your key back to you or they're selling your data back, right, that they've stolen.
And they, you know, they promise to delete it or not give it to your competitor.
or not publish it all over the place.
We call that double extortion.
So the lessons from Hansen are that you have to prepare for these things.
You can't just blindly think it's not going to happen to me because it will.
I want to talk about these two groups as we sort of wrap up.
You've spent your post-FBI career in cybersecurity focusing on the spy side of things first.
If there was like a Robert Hansen type operating today with digital communication and AI and deep fakes at his disposal,
What does that look like today?
Yeah, today, and I do talk about this at length in my new book, today, the majority of espionage, whether is done with virtual trusted insiders, right?
So you can have a Robert Hansen, and we have cases where, and I highlight some of them in the book where an individual goes rogue because he's mad and steals data.
Right?
And, you know, usually you have to extract it some way.
They're saving it to thumb drives.
I do talk about one organization that was prepared so they could see that thumb drives were connected to their data, that this engineer was accessing stuff he shouldn't, right?
And reported it to the FBI and they did an investigation and caught him.
But it's more likely that you will have what's called what I've called a coined the term a virtual trust insider.
a rogue spy who externally has co-opted the identity of one of your employees.
And that's a very fancy way to say they stole their username and password.
And they're using your access in your data and stealing information as you.
And you don't even know it, right?
Because you were sloppy, because they were incredibly clever, because they tricked you.
and they were able to steal your username password and often even your two-factor authentication
and become you in in the environment and then either steal information or smash it.
This is what happened to the MGM Grand of Hotels in Vegas.
It was a 10-minute phone call by a cybercrime group called Scattered Spider who are adept
at fooling people with basically the modern version of the prank call.
You just make a lot of money with it.
They were able, they did a lot of research and reconnaissance, and they were able to determine
who were the systems engineers for MGM.
And then going through a lot of social media, they learned all about them.
So they knew the, the answers to challenge questions.
And they called the help desk as that person and said, I've been locked out.
I need help getting locked in.
And within a 10-minute phone call, they got the, they got the username confirmed, the password reset, and the two-factor.
or authentication reset to something they controlled.
Then they were able to access MGM systems as the systems administrator and cause insane
mayhem.
And the next thing you know, you couldn't check into a hotel.
Slot machines weren't working.
Your key card didn't work in, you know, in the Cosmo, in the MGM grand and in so many
of the hotels, because it turns out MGM owns like half the hotels in Vegas.
Or your key card opened every door in the entire.
hotel. You couldn't make a reservation for dinner. You couldn't make a reservation to get into the
hotel. There were lines at the doors. They were sending guests to other hotels. It was complete
mayhem. They were putting cases of water in elevators just in case they got stuck between two
floors and they couldn't get to them for hours. Could you imagine that? And all because of a cyber attack.
So, you know, the fact is that, you know, your identity is so critical and what spies want to do is just
become you, make you the bad guy and you don't even know it.
Hmm. We, um, we tell a lot of cybersecurity stories on this show and they almost always turn
on some moment of social engineering. Yes. And when I think back to the two of you, room 9930,
and that little, that, that back and forth, I'm struck by how much social engineering and
Spycraft are almost kind of synonyms for one another. They are. And so my point when I say,
in my first book and then again in my second and every time on on stage there are no hackers
there are only spies hacking is nothing more than the necessary evolution of espionage my point
is that any time you're dealing with a cyber attack you are dealing with espionage you are
dealing with social engineering you are dealing with a tradecraft that spans thousands of years
and has been perfected into deceiving you into believing that a lie is true
and just handing over the keys to your information.
And so the only way to defend yourself against these sort of attacks is to become a spy hunter.
And so my second book is a lot of thrilling stories and all the stories of how this works so that you learn how it works.
So if you read spies and cybercrime, it's written from the perspective of a counterintelligence agent.
And the idea of that kind of training, like the training I got at Quantico, was you have to recognize the attack.
You have to see it coming.
You can't block a punch if you don't even see it coming towards your face, right?
So I break down the ways that cyber criminals are attacking us, modeling spies into a couple of buckets.
Deception, right?
Because all espionage runs on an engine of deception.
Infiltration, you know, you're going to find your way in quietly without your victim knowing.
Impersonation and confidence schemes.
Those are the kind of attacks that are incredibly successful, whether it's a situation.
spearfishing email or an AI deepfake that tells you what you want to hear. And then, of course,
exploitation and destruction. Very often cyber criminals are destroying things on their way out.
They're destroying your backups. They're destroying your data. They want to be the only ones who
have your data, so you have to buy it back. And I call the acronym Diced, because it's memorable.
And each one of those is a teaching moment so that you can see it coming. So you understand you're
under attack. Because if you can't even see it,
coming, then you can't defend against it.
Eric, I appreciate you taking the time to talk with me.
You got a new book out, like you said, spies, lies in cybercrime, cybersecurity attacks to outsmart
hackers and disarm scammers.
Where can people find that book?
Certainly.
So you can read all about both of my books on my website.
It's Eric O'Neill.net, 2Ls and O'Neill.
Obviously, they're wherever books are sold.
If they're not at your local bookstore, ask them why.
You can get it on Amazon.
And you can follow me weekly.
I do a newsletter that keeps the book alive.
I continually talk about new cyber attacks, what you need to know.
I do a cyber tip of the week, a spy hunter tip of the week to help you defend against the attacks.
And the newsletter is at ericoneal.net slash newsletter.
Or you can find it on my website if you just click the top banner.
Eric, thanks to chat with me.
It was a lot of fun.
Jordan, it's been my pleasure.
Thanks for having me on.