Eric O’Neill: Exclusive Interview With FBI Agent Who Captured Robert Hanssen

Why Trust Techopedia
KEY TAKEAWAYS

  • Former FBI intelligence agent Eric O’Neill helped bring down Robert Hanssen, the most notorious and damaging spy in United States history.
  • Robert Hanssen was an FBI agent who secretly spied for Russia and the former Soviet Union for more than 20 years.
  • There likely will never be a spy at Hanssen’s level again, just because so many of the controls have changed.
  • The nature of insider threats has evolved since the days of Hanssen.

It was a situation so unbelievable it could have been a plot device straight out of a summer blockbuster: A brilliant FBI agent, Robert Hanssen, is thrust into a high-stakes game of cat and mouse when he’s assigned to hunt down the spy leaking classified information to the enemy.

Little does the FBI know that the very agent is the Russian mole — the FBI asked Hanssen to catch himself.

But this was no Hollywood movie.

Robert Hanssen was an FBI agent who secretly spied for Russia and the former Soviet Union for more than 20 years. He shared top-secret information, which seriously harmed U.S. intelligence. His spying is considered one of the worst cases of betrayal in American history.

The saga was embarrassing to the FBI and great for Hanssen, says Eric O’Neill, the legendary spy hunter who helped bring Hanssen down.

About Eric O’Neill

Eric O'Neill

Eric O’Neill’s career began in the FBI’s counterintelligence trenches as an undercover operative. His work brought down Robert Hanssen, the most notorious and damaging spy in United States history. Since then, O’Neill has spent decades as a national security attorney, corporate investigator, and national cybersecurity strategist.

O’Neill is the bestselling author of “Gray Day,” and the inspiration for the film Breach, in which he was portrayed by actor Ryan Phillippe. O’Neill is the founder of The Georgetown Group, an investigative and security services firm, and serves as a national security strategist for cybersecurity companies. O’Neill’s next book, “The Invisible Threat: Secrets from a Spyhunter in an AI World,” is due out in 2025.

Techopedia sits down with O’Neill to learn more about hunting Hanssen, whether another such mole could ever exist, his work in the private sector, and more.

The Hunt for a Double Agent

Q: Can you reflect on your experience working with the FBI to expose FBI Supervisory Special Agent Robert Hanssen? What lessons did you learn from that case?

A: The FBI was faced with a bit of a conundrum with Hanssen. Everyone in the intelligence community knew of the legendary spy, only known as ‘Gray Suit’, which was the top secret code name in the FBI for the spy who had penetrated deep into the U.S. national security intelligence community for more than two decades [1979-2001].

The title of my book is “Gray Day” because that was the code name we gave Hanssen, which is a derivative of “Gray Suit.” So we gave a derivative name to every spy and person of interest who could be ‘Gray Suit’.

At the very twilight of his career, the FBI learned that Hanssen was a spy. Hanssen had been the top analyst against the Soviet Union for years — he had been asked at one point to catch himself, which was rather embarrassing to the FBI and rather great for Hanssen.

We learned about him in December 2000, and he was going to retire in April 2001.

So the FBI had to put together probably the most rapid operation they had ever thrown together in the most unique circumstance in FBI history, and they decided to give him his dream job.

They put him in charge of a brand new section they built at FBI headquarters called the Information Assurance section, which was building cybersecurity for the FBI.

They then looked around for the only person who could work undercover, catch a spy, and turn a computer on, and that ended up defaulting to me.

So they took a chance, threw somebody who was not trained to go undercover in a face-to-face investigation like this but who could sell the job of cybersecurity for the FBI, and they hoped I came out OK.

And I did. I succeeded in discovering that Hanssen was gray suit — he was the spy we were after.

Lessons Learned

Basically, I learned how to catch a spy from him because he loved to brag. I quickly realized he wanted to be a mentor and explain his genius to somebody, and he was getting very close to recruiting me. I had gained his trust to that extent.

What I took from the case is the idea of analyzing information, synthesizing it, and using it to create actionable intelligence. That’s a long-winded way of saying performing very direct counterintelligence against an adversary.

I started to realize that there’s a need for counterintelligence in cybersecurity. Previously, cybersecurity had tendered to just consider the mechanical threat of an attacker attacking a computer.

But what really is happening is attackers are not attacking computers; they’re attacking people. They’re using all the same deceptive techniques that spies have used for millennia, and they’re positioning those attacks against humans who will make mistakes.

Could There Ever Be Another Robert Hanssen?

Q: Given your Involvement with Robert Hanssen, do you believe it’s possible for another high-level insider to compromise national security in a similar way?

A: I think it would be very difficult. What Hanssen was able to do was penetrate computer systems that were just never built to defend against the trusted insider at his level.

However, there have been large-scale breaches of massive amounts of data that have crippled agencies. For example, the Edward Snowden theft of information from the National Security Agency crippled [that agency] for quite some time.

Other spies can cause damage, but the damage Hanssen caused was pinpointed, and so directed at undermining the United States’ ability not only to protect itself but to perform the act of counterintelligence.

 

He really gave up our playbook. I don’t think there will ever be a spy at his level just because so many of the controls have changed.

I call Hanssen the modern architect of the FBI. And in a way, he really is because by picking apart everything, the FBI was able to rebuild itself to be far more secure and make it much more difficult for a trusted insider to create that much damage.

That said, the way that we store and analyze and communicate and deal with information now is not on paper. This does make national secrets vulnerable because if a spy is able to access large databases of data, they can extract it very quickly.

Insider Threats: Then and Now

Q: How has the nature of insider threats evolved since the Hanssen case? Are there new challenges or opportunities for counterintelligence?

A: Trusted insiders have evolved quite a bit. Now, the majority of trusted insiders are not the employees within your organization or within a government agency who steal. That still happens, but it’s not as prominent as what I call the ‘virtual trusted insider’.

Hanssen was never recruited by the Soviets. He volunteered because he needed the money, and he was angry at the FBI. Traditionally, a spy would recruit someone using the big three ways to recruit: blackmail, bribery, or ideology.

It’s not that they don’t work anymore; it’s just that spies don’t need to because it’s far easier to launch a cyberattack.

Now we’re in cyber espionage, and from wherever you sit in Moscow, Beijing, Pyongyang, or Tehran, you can infiltrate a flaw or vulnerability in a computer system to hijack somebody’s account.

You’ve just stolen the credentials — the username, password, and authentication of someone who is already within the circle of trust in an organization, and unbeknownst to them, you’ve made them a virtual trusted insider.

And you’ve created a mole, and you’re puppeteering them through data to steal it. This is the way that the majority of major, large-scale cyberattacks happen.

So if China wants to attack government officers or people in the U.S. government, they attack Microsoft Exchange and start stealing emails.

AI and Cybersecurity

Q: How is artificial intelligence being used to improve and threaten cybersecurity? What are the potential risks and benefits?

A: The risks are that the rise of artificial intelligence has created a situation where trust has become an uncommon commodity. There are statistics that predict within the next few years, 90% of what we see and read on the Internet will be synthetically generated. We’re already seeing deepfakes that are causing problems in this latest political cycle.

There are some good things that are going to come out of AI. I think very shortly, we’re going to see entire movies that are created by AI. By just one person who, using AI voice modulation, does all the acting roles, and using AI video is able to create just amazing themes and characters.

But AI has also been hijacked by criminals who are using AI to write code, and AI is coding better than a lot of coders. AI can also assist in launching cyberattacks. Cybercriminals will use AI to go scout a network.

A year ago, a cybercriminal would have to sit there and just probe the network for hours and hours and hours. Now they can take a nap while the AI is doing it for them. So this allows attackers to perform more attacks without hiring more bad guys.

From the FBI to the Private Sector

Q: How did you transition from your career as an FBI agent to founding your own cybersecurity company?

A: It was difficult for me to leave the FBI. I joined the DLA Piper law firm, then after five years, I was ready to do something new. I wanted to get back to a lot of the work that I had done in the FBI.

I decided to start a company called The Georgetown Group that did a lot of the competitive intelligence and counterintelligence work that I was doing in the FBI, but on the corporate side.

Cybersecurity sprung out of that because I realized, primarily as a professional speaker, that there was a real need for someone to tell the story of the need for cybersecurity and to change our way of thinking about how we approach our own security, personally and for business.

I’m a storyteller. That’s what I do. I tell stories. And the beginning of all of my thought leadership in cybersecurity came right from discussions with Hanssen. The sad thing about the man was he actually was quite brilliant and had he been on the side of the angels, he could have truly improved the cybersecurity of the FBI and prevented someone like him.

But those lessons I learned, I carried forward in my writing and thought leadership, and every time I’m on stage.

Advice for Young People Exploring Cybersecurity Careers

Q: What advice would you give to young professionals who are interested in pursuing careers in cybersecurity?

A: Don’t just get a general degree in computer science, or computer engineering, or something like that. You can go be a software developer with that, and there are plenty of jobs.

But a young person, a student, or someone who already has a career wants to get into cybersecurity, they should look for a discipline that’s necessary and really marketable, for example, threat hunting and incident response.

top 12 hardest cybersecurity jobs (1)

The world needs so many more people who can go out and perform the hunting work, to go find the attackers before they land, or find the attackers when they land, or understand how to use cybersecurity technology intrinsically.

Cybersecurity companies desperately need these folks, as do companies in all different business verticals.

Related Terms

Related Article