Only 22 years old when then-Washington (USA) law student Eric O'Neill, born in 1973, was recruited by the FBI, "because he knew how to turn on a computer, " to be part of the team that captured Earl Edwin Pitts, a former agent convicted of being a spy Russia. His mission, under the alias Of Werewolf, was to become "ghost," an undercover cash dedicated to following the suspects. Four years later, Special Agent Gene McClelland called him on a Sunday morning to commission his life's mission: to arrest Robert Hanssen, an FBI agent considered the first U.S. cyber spy, an active member of Opus Dei and who was interested in it , among numerous secret material, audiovisual archives of sexual encounters with his wife,
"He was one of ours and we were not prepared," recalls Now O'Neill in Miami, where he has participated in the first cybersecurity summit organized by Acronis and to which THE COUNTRY has been invited along with other international media. The lawyer and computer protection expert remembers an FBI without means, where computers did not support the usual programs used by any student and only one computer per unit was available to connect to the internet. "It was like a house of a large family with one bathroom," he jokes,
Hanssen (Chicago, 1944), with business training and computer expert, was an FBI agent from 1976 and only three years later began spying for the Soviet Union and continued to do so for Russia until his arrest on February 18, 2001. Pitts singled out him as a possible double agent, but the FBI lacked any evidence,
The Us bureau de investigation decided at the beginning of the last decade to appoint him chief supervisor of computer security and place O'Neill as his personal assistant in order to hunt him down with a "smoking gun." "They needed to catch him on the spot," explains the cybersecurity expert, who has collected his story in the book Gray Day (Crown 2019).Eric O'Neill, the FBI cash that allowed Hanssen's arrest. Acronis
O'Neill, he earned the trust of those who were known among fellow Symmates as Doctor Doom. It recorded every move and conversation on a flexible disk (floppy disk) that it delivered on time on a daily basis. "We all have routines and criminals too," O'Neill says of the key to his work. From these constant behaviors you get fundamental information: if you slow down in a given place it's because you're looking for a signal, a message, or if it alters your daily activity, it's because something anomalous is happening,
Hanssen one day received a warning from his PDA (digital personal agenda). It was a reminder of the hour of prayer. The spy, an exLutheran who became a member of Opus Dei, regularly attended Mass and gave a copy of Camino (book of the founder of the Work, Escrivá de Balaguer) to his assistant. O'Neill then reworked on a routine that would be key in resolving the case. His boss kept the PDA in his back pocket of his pants and left it in a briefcase next to him every time he sat down. It never peeled off the device. O'Neill thought the role of that electronic agenda in his boss's life was fundamental,
A date outside Hanssen's airtight office, which closed whenever it was absent and no one allowed access to, was the opportunity for the counter-espionage team to access the personal files. After the encounter, O'Neill intentionally chose a return route where he knew there would be a traffic jam to give his teammates more time. They found that the FBI agent, who was codenamed Gray Day, had sensitive documentation, including information about the U.S. nuclear arsenal, and communications with Russian agents signed as Ramon Garcia or simply B.
but it wasn't enough. They could only prove that Hanssen had secret material obtained as a "trusted infiltrate" and thanks to the weak security measures established at the time. On a previous occasion he was discovered with sensitive material and claimed that he had it to prove the lack of protection. That was his job,
The FBI needed proof that fate was to sell it to Russia. A later record of his vehicle allowed for the find of duct tape to leave signs and impervious wrapping material that made him suspect an imminent delivery. But you needed to be surprised on the spot,
O'Neill decided to act. He scheduled an unexpected visit to the office of a superior who invited Hanssen to practice shooting. Guns were one of his obsessions and he always had one or two on him. Hanssen didn't have time to react and, for the first time, left the PDA in the briefcase. The assistant had only a few minutes. He went into the office, took the device and ran to an office where some colleagues were waiting for him to copy the files. The information was encrypted, so they decided to clone and decrypt it later,zoom in Eric O'Neill, during the interview following the Acronis Summit in Miami, where he participated.
O'Neill had just the right time to return to the office and return the device. He couldn't remember which of the four pockets of the briefcase he had taken the PDA from and decided to leave it in one of them in fear that, if Hanssen realized it, he might suspect and flee without completing the delivery,
The spy came back grumpy back to his office and the first thing he did was check that the PDA was in the briefcase. He called his assistant in the office and asked, "Have you been in my office?" O'Neill remained calm: "We've both been. I left the memory in the tray. Did you see her?" Hanssen was silent and stared at him for a compromising gesture. "I don't want you to come into my office, " he swed before he took the briefcase and left the FBI facility,
The PDA unveiled when and where the delivery was to be made: Sunday, February 18, 2001 at eight o'clock at the night at Virginia's Foxstone Park. O'Neill recounts the scene satisfied: "It was a gray and cold day. Hanssen had spent the day with his family and his friend Jack Hoschouer. He took him to the airport and fired him at the gate. Then you still could and you didn't have to take off your shoes. When he returned, he took the archives wrapped in waterproof material and went to a wooden bridge in the park, left the package on one of the pillars under the structure, returned to the road and smiled. Then the FBI agents showed up, who surrounded him, pointing the guns at him. 'Guns aren't necessary,' he said.
The information involved and subsequent records revealed an evenly unknown aspect of this Opus Dei member of daily Mass. Robert Hanssen recorded his sexual relations with his wife and shared them with Hoschouer. Messages were also detected in internet chats describing details of her sex life and records of numerous encounters with a dancer from a club in Washington, to which, after giving her valuable gifts, including a Mercedes brand car, left shortly before his arrest. It was evidence of Hanssen's double life in all areas for more than 20 years and to which the people closest to him, including his family, were strangers. It was the end of the Justice Department's considered "the worst intelligence disaster in U.S. history.
Eric O'Neill left the FBI after the case and founded the Georgetown group, a security and security firm. He is also an expert in national protection for Carbon Black.
Question. Is it still linked to counterespionage?
. My job has been to bring my spy capture experience to cybersecurity. Major companies try to understand and predict threats before they occur. There is the human element to identify risks and understand what are the following threats in the chain. And, of course, there's the technological component, because none of this can be done without the best technology,
P. Where are threats detected?
R. You have to spend a lot of time with threat analysis teams on the dark web, where all the tools are tracked, bought and sold. And then reverse engineering is done to protect and find a solution against them,
P. Is there a global solution?
R. There are many cybersecurity companies with good solutions. The most successful are the ones with a large-scale collaborative approach. A safe world from cyberattacks? I think it's very difficult because of the internet. The FBI just issued a warning about malicious programs capable of overcoming two-factor authentication. In addition, people can be deceived only with social engineering. I think there are a couple of things that will happen in the future: we're going to fully embrace the cloud, because that allows you to instantly use artificial intelligence and analytics, update everything to address the threat when it hits and before it happens, as well as protect everything whatever you are in the same environment; on the other hand, passwords will disappear. They are archaic and the achilles heel in the face of any attack. I think biometrics will be the big change,
P. And are the entities protected?
R. To protect a company, you have to be better than attackers, who are always going to go after the low fruit [whichever is easier to access]. There is a security theory called displacement: to distance the crime from the entity being protected by making security better than that of everyone else. The best cyber companies are going to survive and thrive, and the poor will fail and sink,
P. Do I need to give up privacy for security?
R. I agree with data protection laws. They're good. One of the fundamental ways to protect information is to isolate it, limit the people inside and outside the company who have access to it, access points. In doing so, there is a better chance of protecting her. On the other hand, the use of biometrics, for example, at airports can be beneficial. Where's the limit? Any technology can be abused,
P. What do you think of the ransom payment for computer hijackings?
R. If not paid, kidnapping doesn't make sense. It is preferable not to pay, but particular circumstances must be taken into account. If an entity does not have a backup of its systems it can lose a huge amount of money for a kidnapping and, perhaps, sink. You can think then that it is more profitable, as a business decision, to pay $10,000. The kidnappers are smart and know where to attack. They even know the financial situation of the entity to ask for what they can afford. They are very quiet, meticulous and run, for months, slow attacks where they compromise multiple systems, steal data and learn a lot about the company or the state or the city. They're looking for organizations that have a lot of pressure, like cities or hospitals,
P. Will the next generation of terrorism be cyber-
R. It's not the next generation, it already is. There are already numerous attacks on critical infrastructure that have affected the United States and other countries. The wars of the future are not going to be with bullets and weapons, they're going to be in cyberspace,