by Eric O'neill
My mask slipped, and I could feel microexpressions colonize my face. “I’m an investigator,” I said, forcing myself back to neutral. “Years on a terrorism squad ghosting targets. Two years ago when I started law school, I transferred to computer analytical work.” I thought it best to leave out the years I spent tracking spies.
Hanssen scooped up his pen and wrote a single word on a yellow legal pad: “Investigator.”
“We are protecting every data system in the FBI—FBI NET, ACS, Trusted Guard, our data center—all of it.” The pen whirled and clicked. “Take the Automated Case System, for example. Complete garbage. All it would take is one bad bureau person to invalidate the security. ACS works as long as someone is not a spy.”
As of 2018, the FBI has jurisdiction over violations of more than 200 categories of federal crimes; employs 35,000 people; and staffs 56 field offices throughout the United States, more than 400 resident agencies in smaller cities and towns, and more than 60 international offices called “legal attachés” in US embassies worldwide. In other words, the FBI is massive, and it does a lot of things. The FBI relied on ACS to share immediate information between squads. It sought to solve the problem of FBI SWAT agents kicking in the front door of a drug-cooking operation while, unbeknownst to them, an FBI organized crime task force stormed the back door. Worst-case scenario? Top FBI marksmen fire at each other while the bad guys cower in the middle of the raid site with their hands over their heads.
To add to the complications, the FBI is not the only agency that conducts counterintelligence and counterterrorism operations, or chases spies, or deals with corruption, crime, and kidnapping. Tens of thousands of civilian law-enforcement personnel across the DEA, CIA, NSA, Secret Service, ATF, and others all have a stake in the game of defending the United States from domestic and external threats. For this reason, the FBI shares certain case information with other agencies as well.
Hanssen made a good point. Sharing information works only as long as no one gives access to a spy. He clicked the pen. The noise had grown past a distraction. Each press of his thumb drove a nail into the side of my head.
“I heard you attend George Washington Law School,” he said, a switchback turn. “I have a nephew who graduated from there. My son is in law school at Notre Dame.”
I grabbed the lifeline and pulled my way back into the normal rhythm of conversation. We learned that our mothers share the same name—Vivian. Both of our fathers served in the Navy when we were born. Hanssen’s father had then become a Chicago police officer. My grandfather walked the beat in Queens, New York. Commonality. The more I could find in common with the guy, the better I could do my job and chip away at him. I sat forward and fought against the smile that tickled the edge of my lips. Maybe I could do this. Hanssen was known to be discreet, to keep to himself. He rarely spoke to people, and he made those who spoke to him feel inferior, turning them off from further conversation. If he went to a party, no one remembered him. If he walked up to a craps table, the next throw would seven out. He was the ultimate cooler. He had the perfect demeanor for a spy.
The detail-oriented, analytical FBI had chosen me over countless senior agents with decades of experience in making people talk. I had no idea why, but maybe they’d put me in this chair across from Hanssen’s desk because they knew I had something that the undercover superstars didn’t. Maybe I was the superstar.
Hanssen shoved the legal pad across his broad executive desk. I caught it before it could slide off onto the floor.
“I’d like you to write your full FBI name, your address, Social Security number, and birthdate. Under that I’d like your wife’s name. Juliana, was it? And her Social Security number. Then jot down your parents’ names and address.”
I froze. Every scrap of confidence retreated. It took all my self-control not to look back at the spot where I knew a hidden camera probably couldn’t see a thing in this gloom. Radios, cell phones, and sometimes hand signals dialed us in to constant contact in the field. When I was a ghost, a team member always had my back, and I could consult my team leader in real time for orders. But Hanssen’s face murdered all thoughts of excusing myself to a forgotten appointment or to the bathroom. There would be no opportunity to call to Kate to ask how I should proceed. I was alone in the wind. Undercover as myself.
“Why do you need this?” I tried to keep my voice from squeaking.
Hanssen waved away my concerns. “Protocol. I’m your supervisor.”
I picked up a pen and wrote. Each letter, every number invested me deeper into the case. Since antiquity, the oldest stories have shared a common trope: knowing a person’s true name gives you power over them. Criminals use what we now call personally identifiable information (PII) to steal someone’s identity. Spies can use it to compromise a target. If information is the most valuable commodity on earth, personal information is the Holy Grail.
I finished writing my parents’ names and address and hesitated before pushing the pad back to Hanssen. In my mind, I tore the page away and ate it, or set it on fire as I ran from the room. In reality I shrugged. No big deal.
Yeah, right.
Hanssen pursed his lips like a schoolteacher grading an exam. One thumb moved along the paper almost intimately. I would have to change my shirt when I escaped his office or I’d spend the day smelling like sweat.
Two seconds before I succumbed to nerves, he spun the pad around so I could see my writing. Hanssen’s next words burned into my brain.
“Did they ever teach you about Hanssen’s law?”
My wife’s name, written in blue, caught my eye. I wet my dry lips and asked the obvious question. “What is Hanssen’s law?”
“The spy is always in the worst possible place.”
Hanssen’s opening salvo punched me in the gut. “We didn’t learn that in Quantico,” I said, each word measured and tested against the baseline. I recalled the polygraph examination chair, tight belly bands strapping me in. “What does it mean?”
Hanssen held up a finger. “One, the Russians are constantly targeting the most damaging information at the most damaging places. That is where you’ll find the spy.” He held up a second finger. “Two, the spy has the knowledge to take that information and sell it where he can make the most money and do the most damage.”
Hanssen clicked his pen, his eyes never leaving mine. To this day I don’t know whether he was challenging me to catch him or toying with me like a cat batting around a cornered mouse. In the moment, I could only stare back, not trusting my voice.
“We are here to catch the spies, Eric,” he said. “Think you can do that?”
I raised my chin. “I’m going to try.”
* * *
Kate’s FBI car pulled up on the corner of 11th and E, which would become our usual nightly meeting spot. I’d spend my day locked away with Hanssen and wait patiently until he left. I would call Kate, who would inform a team of ghosts that their target was approaching. Then I’d rush down nine floors and two blocks to meet her.
“You’ll never believe what Hanssen told me today!” I slid into the passenger seat. Kate started the car and pulled into traffic. “Did you hear the recording?”
She glanced at me. “Sorry, kiddo. We can’t hear anything. Something is wrong with the audio in the room.”
“He whispers.” I frowned. If they couldn’t hear audio, my job just became a lot harder. “He’s a low talker.”
“You’ll have to do a better job memorizing,” Kate said. “Do you have yesterday’s notes?”
I handed her my “law school notes” disk. “On there. Not much, but today’s will be better.”
“Do tell.”
I told her about Hanssen’s law, about his theories about the ACS and the holes in our security. I told her about how he interrogated me about Juliana, and the business with the legal pad and my personal information. I talked unti
l we pulled up outside the GW Law Building and then for five minutes more. I was late for class, but also giddy with excitement over all I’d accomplished.
“Great start,” Kate said when I took a breath. “A few notes…” She drew up a knee so she could turn to face me. Kate had a way of giving you her full attention when sharing a conversation. She never looked away or fidgeted—microexpressions of boredom and escape. She knew how to build rapport and trust.
“First, never call him Hanssen. Not in our conversations or in your logs. From now until you write a book someday, he’s Gray Day—or GD if you prefer.” She winked. “Second, good work. It might seem like he was trying to intimidate you. GD probably was—but you got him talking. Keep it up. Third, we want you to steal his keys. If you get an opportunity to nab them without him knowing, you’re authorized.”
I turned to leave and then turned back. “Gray Day. The name reminds me of another guy we followed. A CIA guy named Brian Kelley. He had a similar code name. We called him GD too.”
Kate’s look gave me chills. “Forget Kelley. Gray Deceiver is old news. Hanssen changes everything. If the mole was in the FBI this whole time…”
We both stared at the passing traffic on Twentieth Street. Kate’s sobering words brought home the gravity of the Gray Day case. It would scoop the intelligence community into its orbit and forever change the business of counterespionage. But sitting in Kate’s car on a lonely January night on the second day of the investigation, we knew only one terrifying fact: the FBI had a trusted insider problem.
“I thought we never spoke his name,” I said.
Kate snorted. “Speak of the devil.”
I opened the passenger door. The noise of Washington, DC, drove away the haunted moment. “I’m the one that has to speak to him.”
“You’ll do fine.”
CHAPTER 7
TRUST BUT VERIFY
On February 28, 2007, Hanjuan Jin lined up with other passengers before a jet bridge at Chicago O’Hare Airport. Jin’s cropped black hair and petite frame lent her a disarming pixie quality that few would ever consider a security threat. Born in China, Jin accepted a position with Motorola’s global headquarters in the Chicago suburbs in the late ’90s and worked for the communications giant for nearly a decade. Her degree in physics from the University of Science and Technology of China and master’s degree in physics from the University of Notre Dame gave her the perfect background to work on Motorola’s Digital Enhanced Network (iDEN) program. Over the course of her employment with Motorola, Jin received eight merit increases in her salary, two hierarchy promotions, and a special adjustment. She was a star employee working on one of Motorola’s critical cellular telecommunications technologies. She had become a naturalized citizen of the United States just a few days earlier.
Jin shuffled through the line. Three people ahead of her showed their boarding pass and passport to the gate attendant and passed US Customs and Border Protection officers behind a small table. When Jin showed her documents to the attendant, a small beep ruined her life.
Officer Nicolas Zamora called Jin over and asked her to place her carry-on bags on the table. She had been randomly selected for an examination. Jin handed over her travel documents and Zamora noticed something odd about Jin’s ticket to Beijing: it was one-way.
“Are you traveling with more than $10,000?” Zamora asked. “If so, you are required to declare the currency.”
Jin fought for composure. “I have $10,000.”
Zamora hadn’t expected Jin to answer so frankly. He gave Jin a form that explained the currency reporting requirements. She asked for one in Chinese and he produced it. It didn’t take a crack investigator to spot that something was off with this passenger.
After reading the form, Jin amended her currency declaration to $11,000. She drew two bank envelopes from her laptop bag, each stuffed with $5,000 in cash. Then, after a moment, she fished another $1,250 out of her purse. The other passengers streamed by Jin on their way down the jet bridge toward the massive plane that would carry them to China. Each rubbernecked out of the corner of their eye, relieved that customs hadn’t singled them out. How embarrassing.
“Is this all you have?” Zamora asked.
Jin nodded. “Yes.”
“I’ll have to examine your bags.”
Jin watched the last person pass and board the plane. If only she had lined up one person earlier or perhaps later—
“Ma’am.”
Jin nodded.
Zamora found four additional bank envelopes, each containing $5,000, for a total of $31,252. He also found Motorola documents marked as “confidential and proprietary information,” a laptop, a hard drive, several thumb drives, and other documents in Chinese.
“You’ll have to come with us.”
Zamora and his CBP colleagues escorted Jin to their office. They read Jin her Miranda rights, parked her in a nondescript holding room, and called the FBI. Two FBI agents interviewed her for nearly five hours. Jin missed her flight.
In February 2012, a judge convicted Jin of three counts of theft of trade secrets. According to the evidence from Jin’s laptop and numerous FBI interviews, Jin took a medical leave of absence from Motorola in February 2006. While on sick leave, she traveled to China and pursued employment with Sun Kaisens, a Chinese telecommunications company that among other things developed products for the Chinese military. From November 2006 until February 2007, Jin worked directly for Sun Kaisens on military projects for the People’s Republic of China. Sun Kaisens even gave her classified Chinese military documents to review in order to better assist with her work.
On February 15, 2007, Jin returned to the United States, in part to become a naturalized citizen five days later, but also to steal secrets. She purchased her one-way ticket to China on February 22 and the next day told her boss at Motorola that she wanted to end her medical leave and return to work. On February 26, Motorola put Jin back on the full-time payroll and reactivated her building access card.
Jin got right to work, just not for Motorola. On her first day back, Jin accessed more than two hundred technical documents belonging to Motorola on its secure internal computer network. After calling it a day, she waited until the building emptied and then returned at nine p.m. to download additional documents. A review of Motorola security cameras showed Jin twice leaving a Motorola building with hard-copy documents and other materials after midnight.
The next day Jin sent an email to her supervisor, Bob Bach, saying that her physical condition would prevent her from further work, and that she’d like to volunteer for a layoff. “I’m afraid that I have to disappoint you,” she wrote. Bob had no idea that the real disappointment was yet to come. Or that the entire company would regret trusting Jin with proprietary secrets. To add insult to injury, once Bob and her other colleagues left for the day, Jin returned to the office for the second night in a row to download additional documents and snag a laptop bag to carry them.
By stumbling onto a search moments before Jin disappeared to China, the CBP and FBI seized more than a thousand electronic and paper Motorola documents from Jin. Many of the documents detailed Motorola’s iDEN technology, which combined a cellular phone, two-way radio, alphanumeric pager, and data/fax modem in a single network. When Jin stole the technology, Motorola still had about 20 million iDEN customers spread over twenty-two countries. She had handed iDEN to Motorola’s competitor. Some estimates have valued Jin’s stolen documents at $600 million.
Hanjuan Jin was a trusted insider. According to federal prosecutors, she abused Motorola’s trust and compromised carefully guarded information in order to benefit herself, a Chinese competitor, and ultimately the Chinese government. Jin was charged with theft of trade secrets and economic espionage under the Economic Espionage Act. At a bench trial, she was convicted on the theft of trade secrets charge and sentenced to prison for forty-eight months
and an additional three years of court supervision. The system denied her appeal but ultimately reduced her court supervision sentence by two years, setting her free in March 2018. Many would find that sentence lenient.
Trusted insiders are not the only security threat governmental agencies and private companies face, but as Jin’s case showed, they can do significant damage. A trusted insider can be an employee, a business partner, a contractor—anyone who, by virtue of their position, has authorized access to critical systems as a part of their daily duties but uses that access to steal, disrupt, or destroy. They know internal information and the secrets of the organization and are granted access to both physical locations and computer networks. They have access to and relationships with personnel at all levels and know exactly what keeps the organization afloat—and, therefore, how to cripple it. They are the “spy in the worst possible place.” In the world of espionage, we have a different term for the trusted insider. Spies like Gray Day are called moles.
There are many reasons people choose to spy. The basic motives are money, ego, ideology, coercion, blackmail, and divided loyalties. Most spies are motivated by more than one of these factors. Espionage also requires an opportunity to betray, a reason to commit the crime, and sometimes a stressful trigger event to set things in motion. People who spy tend to share certain character weaknesses, too: greed, impulsivity, narcissism, feelings of entitlement, a belief that the rules only apply to others, vindictiveness, alienation, paranoia, naïveté, and thrill seeking. If Hanssen’s grim image just popped into your head, you’re right on the money. But serious personal problems alone don’t necessarily lead a person to turn traitor. It’s when these factors come together and play off one another that a spy chooses to betray their company, or their country.
How does one catch a trusted insider? The same way you catch a spy, starting with a focus on security and controlling access. Motorola had layers of dedicated security, including limited access to only certain necessary doorways for employees, mandatory bag checks as personnel departed the building, and a fleet of security guards and constant monitoring from strategically placed cameras. Despite these layers of protection, Jin managed to access critical information while on sick leave, entered the building multiple times late at night, and dodged bag checks that might have revealed stolen documents. I suspect that Motorola security may have suffered from a common Achilles’ heel. When we focus our efforts outward, we may forget the old Russian proverb about diligence: Doveryai, no proveryai—“Trust but verify.” Sometimes the greatest threat sits in the office next door.