by Eric O'neill
Hacking is the necessary evolution of espionage.
There are no hackers; there are only spies.
We must hunt the threat before the threat hunts us.
Because the spy is always in the worst possible place.
If cybersecurity is the future of counterintelligence, the future is yesterday. In order to prevent breaches, cybersecurity must leverage real-time analytics and mountains of data instantly to identify vulnerabilities before the attack occurs, spot attacks as they happen, and future-proof the attacks of tomorrow. Only then can cyber defenses orient to decisions fast enough to outpace increasingly aggressive and clever attacks. We focus security on the endpoint to move that security as close to the human operator who will make a mistake that lets the spies in or, like Robert Hanssen, turn traitor. But the solution isn’t as simple as securing our devices. Amateurs may hack machines, but professionals hack people.
The Hanssen investigation teaches us that the best spies and attackers embrace advances in technology to carry out traditional espionage goals. Cybercrime has followed the spy playbook. All attacks are now espionage, and to defeat the wave of continually evolving attacks, cyber professionals must become spy hunters. Understand the attackers, discover their flaws and vulnerabilities, actively seek them out, and neutralize them when they attack. Security is an exhausting journey that defies even a momentary lapse of guard. Only by hunting the cyber spies will we be able to create a world safe from cyberattacks. Only then can we beat O’Neill’s law.
EPILOGUE
July 2001
Dim light stretched through the low windows into my living room. The afternoon had crashed into evening without warning. I thought about turning on a lamp, but left the moment to shadows. Some conversations sounded best in the dark.
My brother snatched a Jack Daniel’s bottle from the coffee table. He poured two glasses with the cultivated flourish of a bartender. David had spent long evenings slinging spirits across stained oak bars in London, saloon counters in Austin, wild clubs in New York City, and finally at a quiet little beach bar near Hollywood. He’d long since traded his bartender license for a Screen Actors Guild card, but he could still make a perfect pour.
We clinked glasses. Most people forget that Washington, DC, was built on top of a swamp. After nearly a year, Juliana and I still hadn’t convinced our landlord to repair our struggling air conditioner. The thin trickle that struggled out of the vent barely flapped a purple ribbon Juliana had tied there when we moved in. My glass sweated condensation against the sticky humidity that slowed the nation’s capital to a crawl. The lone ice cube floating in the brown liquid wouldn’t last long.
“So you’re telling me,” David said, “that this guy all over the news. The master spy. You caught him?”
“I helped catch him.”
The last time I’d seen Hanssen, I’d told him, I’ll catch you later. I doubt he appreciated the joke. Days before my conversation with David, Hanssen had made a deal to plead guilty to fifteen counts of espionage and conspiracy to commit espionage. I had since left the FBI, but still jumped each time the phone rang. If the judge rejected Hanssen’s plea and sent the case to trial, Kate would call me in to testify, a possibility I was dreading.
Despite my knowing better, I’d asked Kate whether I could visit Hanssen in the Pennsylvania federal penitentiary where he awaited the judge’s decision on his guilty plea. I’d wanted closure on a case that had dominated and defined my young life.
The FBI debated and then denied my request. Kate put it best: “If he knows it was you that betrayed him, he’ll rattle the bars of his cage.”
“Okay.” David rolled his eyes. “You helped catch him. But that was your boss?”
“You wouldn’t want this guy to be your boss,” I said. “Did I tell you about the time he practically massaged my back?”
I told David about Hanssen’s favorite nickname for me. And how he would call out his “idiot” for every imagined mistake. I described the way I had surrounded my desk with chairs to enforce my personal space. My eyes fell as I recalled near misses and desperate gambles. The case had taken everything from me and had left me wrung out and empty.
“Why did he do it?”
I shrugged and hid my smile. “No one knows.”
David’s sigh called to mind years spent in a small room fighting over which of us got the top bunk. My grin broke through. “But I have a pretty good idea.”
Most of us rinse and repeat our lives. We are content to wake and sleep, work and play. To carve out happiness in family and friends, children, and achievement. But some want more. Robert Philip Hanssen was the greatest spy in US history. His reign lasted over two decades in a time when espionage required immense skill and patience. Breaking his record will be next to impossible in a world of WikiLeaks and ransomware.
Hanssen’s dreams demanded greatness. Heroes work and toil to scrape out their place in history. Villains take shortcuts. But both heroes and villains stretch to touch the infinite. Spying made Hanssen feel that he belonged to something far greater than himself. To the Russians he was an unknown national hero. To his family, he was a provider and a role model with uncompromising morals. I’ve always viewed Hanssen as a tortured man who balanced his love of family and religious faith against the pulse-pounding euphoria that rushed through him every time he dropped secrets under a bridge or saw a line of tape on a telephone pole.
During a quiet moment near the end of our time together, Hanssen sat across my desk from me and said, “Children are amazing. The best of what we are. You leave something of yourself behind in your children, Eric. They make you immortal.” I didn’t understand my old boss then, but I do now. The birth of my own children years later completed this last of Hanssen’s lessons. Our children reflect the best of what we are and what we have to give. Hanssen had played the villain for most of his adult life, but he had also brought good into the world in the children he left behind. I’d like to think that he chose to plead guilty and abandon a lengthy court battle to keep his family out of the spotlight, and to ensure that they kept their home and part of his pension.
In the sentencing memorandum, the US attorney wrote: “For all the words that have been written about him, for all the psychological analyses, the speculations about his motivation, and the assessments of his character, this is, at the end of the day, all that really warrants being said about Hanssen. He is a traitor and that singular truth is his legacy.”
“Hanssen’s attorney argued that Hanssen was insane,” I told my brother. I flicked on the desk lamp that Juliana had bought me when I left the FBI and joined DLA Piper as a new associate. Light pooled across my computer workbench and tinted everything the green of the glass shade. “Hanssen must have hated that.”
“I read that his psychologist said he had demons.” David shivered. “Maybe he was the demon.”
Hanssen’s insults and quips, morals and lessons rattled around in my head. Good and bad. “He wasn’t a demon,” I said. “He was cold and calculating. He planned every act with the precision of a master machinist. He knew every act of spying was wrong, but did it anyway. But he wasn’t completely evil. He was…gray.”
Hanssen had refused to answer a single question throughout almost ten months of sweat-soaked, stale-coffee interrogations: Why did you do it? His words—The “why” doesn’t matter—fit his personality. He pled guilty to his crime in return for his life and to ensure that his family kept their home, cars, and his twenty-five-year FBI veteran pension. The plea agreement required Hanssen to submit to a lifetime of questions from four commissions. Many of his interrogators repeated the same questions until Hanssen could memorize each word. The several hundred hours of debriefings included polygraph examinations, psychological evaluations and testing, and a requirement that Hanssen waive both attorney-client privilege and a priest-penitent privilege.
/> Our investigation had brought him low, but the master spy clutched at one last fragment of power. The interrogators emptied Hanssen’s mind, but could not breach the tiny lockbox where Hanssen hid his “why.” He’ll likely take that answer to his grave.
The FBI had the first crack at Hanssen’s debrief. After all, the spy had gutted the bureau in a way that would take decades to repair. The CIA director formed a Hanssen Damage Assessment Team (HDAT) to assess the interagency repercussions of Hanssen’s breach. Judge William Webster, the only person to have served as both FBI director and director of the CIA, led the Commission for the Review of FBI Security Programs. Finally, the inspector general of the Department of Justice got a crack at the captured spy. Each of the four commissions wrote a letter to the US attorney to evaluate nearly a year of wringing secrets out of Hanssen. If they found his answers honest, Hanssen’s plea deal would stand. If the balance of commissions called Hanssen a liar, the spy would face the death penalty.
The US attorney received four letters and probably wished he could go back in time and insist on three commissions, or five. The FBI and Webster Commission judged Hanssen’s responses predominantly truthful. HDAT and the CIA gave Hanssen a resounding thumbs-down. No man wishes to hold the fate of another in his hands. Fortunately for Hanssen, the US attorney split the difference in Hanssen’s favor. On May 10, 2002, a US district judge sentenced Hanssen to fifteen consecutive sentences of life in prison without the possibility of parole.
“The FBI ostracized Hanssen,” I said. “He wanted to be James Bond, but they made him a librarian.” I thought about the piano that Juliana and I still couldn’t afford. “The boss…Hanssen…needed money to support his growing family and couldn’t make ends meet.”
David frowned. “He did it for money? That’s lame, man.”
“In the beginning, yes.” I started to pace. Four steps from the desk to the window and then back again. “But after enough promotions he made enough to survive.” I looked at David. “Imagine the thing that you are the best at—or that you want to be the best at.”
“Like acting.”
“Sure. Imagine you’re Leonardo DiCaprio after Titanic. Literally on top of the world. Do you give it up because you’ve just made enough money to keep you comfortable?”
David smirked. “I wouldn’t give it up.”
“Neither could Hanssen. Spying made him more than himself. He was a cookie-cutter FBI agent, but he was a master spy.”
“But you said he was gray?” David shrugged. “Was there anything good about him?”
We are all chasing shadows, good and bad. Hanssen exploited the FBI’s flaws and did incalculable damage to this country. But his interrogation and the countless pages of analysis that followed dragged the FBI into the modern world. The bureau instituted mandatory polygraph examinations before upgrading clearances. Task forces began to look inward before a disgruntled employee could turn traitor. Dinosaur systems like the ACS were scrapped for modern databases with strict audit trails. The FBI’s Laboratory Division, Operational Technology Division, Criminal Justice Information Services (CJIS) Division, and the Information Technology Branch pushed to hire STEM professionals to carry the FBI into the information age. A Cyber Division was formed to catch cyber terrorists, cyber spies, and computer criminals. Agents learned to turn on computers. Everybody got a mouse.
“Want to hear something weird?” I asked.
“Anything!”
“I heard a rumor about Hanssen’s last drop. More like a whisper of a rumor.”
David leaned forward. Our conversation had haunted the room and I wished I had turned on more lights.
“In his final drop to the Russians, Hanssen left a final present for those he called his friends.” I jabbed my chest with a thumb. “My name and information, with a note to recruit me. Hanssen told them I’d make a very good spy.”
He was right.
AUTHOR’S NOTE
February 18, 2018
I began writing this book in May 2001 after I walked out the front doors of the FBI’s Washington Field Office for the last time. The investigation had isolated me not just from my friends and family but also from my colleagues and team members in the FBI. With the exception of Kate, I could discuss the case with no one. A great deal of emotional baggage builds up when an investigation closes you into a dark box. I put it all in writing. I recorded the facts of the case in classified surveillance logs that I turned over to the FBI. I dumped the rest into private journals and notes, often rambling, that memorialized the oddest conversations with Hanssen and reminded me which days locked in Room 9930 made the biggest impact on my life.
I had left the FBI to resurrect my marriage and to practice law. In the cracks between reading legal briefs and arguing cases, reconnecting with family and friends, and all the overdue quiet moments with my wife, I wrote the first draft of this book. But I couldn’t share it with anyone until I received permission from the FBI to tell my story. The FBI had kept my role in the investigation secret, even from the boss himself. The Affidavit in Support of Criminal Complaint, Arrest Warrant and Search Warrants filed in the US District Court in United States v. Robert Philip Hanssen places a great deal of previously classified information into the public record; I relied on it heavily in writing this book. But the 103-page document only tangentially mentions my role when discussing the smoking gun that won the case: Hanssen’s Palm IIIx.
The FBI denied my request to tell my story until July 6, 2001, after Hanssen pled guilty and I would no longer be required to testify at my old boss’s trial. By then, a number of books about the Hanssen story, all of different flavors, were already in the hands of the big publishing houses. In February 2007 Universal Studios released Breach on the six-year anniversary of Hanssen’s arrest. The movie is a thrilling dramatization of the investigation, but it fictionalized enough events to remind me that I still had a story to tell. The fame Universal Studios lent to me led to an enthusiastic public-speaking career. Over time, as I left the second biggest law firm in the world and started my own investigative group, accepted a position as general counsel with a humanitarian NGO, and ultimately became the national security strategist for the top global cybersecurity company, I formulated what would become O’Neill’s law. My keynotes transitioned from speaking about the Hanssen story to tying Hanssen’s lessons into my own life experiences and why we can’t stop cyberattacks. I spoke about cyber spies and the world started to listen.
At a Charleston, South Carolina, Renaissance Weekend over New Year’s 2016 I met my agent, Becky Sweren. Becky had just heard me deliver a keynote titled “Cybersecurity in the Age of Espionage” that connected the dots from Hanssen’s espionage through the rise of Russia and why the majority of spies are now cyberattackers. She found me later and in a quiet moment encouraged me to write a book proposal. Becky met my skepticism head-on with words that sent my fingers to my keyboard on my flight home: “This is a story that needs to be told.”
But I had plenty of help. To fact-check my recollections, I consulted the aforementioned Affidavit in Support of Criminal Complaint, written by Special Agent Stefan Pluta, along with publicly available documents related to Hanssen’s indictment, plea agreement, and sentencing. I also leaned on the Office of the Inspector General’s August 14, 2003, Review of the FBI’s Performance in Deterring, Detecting, and Investigating the Espionage Activities of Robert Philip Hanssen to outline where the FBI made mistakes that allowed Hanssen to spy and how the FBI walked through the crucible of lessons learned to emerge stronger. Every investigator (and spy) knows that public records are his best friends. For background on the Hanjuan Jin, Gregory Allen Justice, and David Sheldon Boone cases, I scrutinized court filings and testimony.
Writing a narrative account seventeen years after the fact required a great deal of searching through my memories. I had journals and an ancient first draft for my conversations with Hanssen, but
I reconstructed other conversations using my best recollection. For example, in chapter 4 I recall discussing the FBI’s need to computerize into the modern era with Mr. Dies, but I cannot claim that the conversation is verbatim. In some cases I blended two separate conversations together to assist the pacing of the book. Most notably, in chapter 9, I blended two separate conversations with Kate (one that occurred in a restaurant with one that happened in a car) into a single scene across the Potomac. Neither Kate nor I can remember the name of the restaurant. In chapter 19 I moved the conversation with Hanssen about my mother’s Parkinson’s disease to the scene with Hanssen at church. Mom would have liked the Catholic Information Center setting more than a conversation across my desk in 9930. Also in chapter 19 I moved a conversation with Kate about Brian Kelley a bit earlier into the narrative. I was thinking a lot about the Kelley case then, and the conversation just fit better during the search of Hanssen’s office. In chapter 22 I combined conversations that actually took place with Hanssen in two separate car trips into one trip to Invicta. Finally, the conversation with my father in chapter 24 over a glass of scotch at the beach house actually happened in their home in Maryland. I hope you’ll agree that the nautical bar is a better setting.
Most of my FBI colleagues are no longer actively serving this many years after the case. I did not change anyone’s name and enjoyed rekindling old friendships as I asked permission and ran through old stories. I did change the code names for the ghosts who show up in a few places; where I could not recall a person’s name, I left it out.
I asked for permission to visit Hanssen in his cell at Supermax penitentiary, but I was denied. If I could visit him, I’d ask why he did it, even though I’m pretty sure I know.