An Opus member agent who recorded their sexual relations, Former FBI employee Eric O'Neill managed to hunt, thanks to an electronic agenda, an infiltrator who sold information to Russia for more than 20 years.
He was only 22 when the then Washington (USA) law student Eric O'Neill, born in 1973, was recruited by the FBI, “because he knew how to turn on a computer,” to be part of the team that captured Earl Edwin Pitts , an exaggerated convicted of being a Russian spy. His mission, under the alias of Werewolf, was to become "ghost", an undercover cash dedicated to following the suspects. Four years later, special agent Gene McClelland called him one Sunday morning to entrust his life's mission: stopping Robert Hanssen, an FBI agent considered the first cyber spy in the United States , an active member of Opus Dei and who was intervened, among numerous secret material, audiovisual archives of sexual encounters with his wife.
“It was one of ours and we were not prepared,” O'Neill recalls in Miami, where he has participated in the first cybersecurity summit organized by the Acronis company and to which EL PAÍS has been invited along with other international media. The now lawyer and computer protection expert remembers an FBI without media, where computers did not support the usual programs used by any student and only one computer per unit was available to connect to the internet. "It was like a large family house with only one bathroom," he jokes.
Hanssen (Chicago, 1944), with training in business and computer expert, was an FBI agent since 1976 and only three years later he began spying for the Soviet Union and continued to do so for Russia until his arrest on February 18, 2001. Pitts le He pointed out as a possible double agent, but the FBI lacked evidence.
The US research agency decided at the beginning of the last decade to appoint him as chief information security supervisor and place O'Neill as his personal assistant in order to hunt him with a "smoking gun." “They needed to catch him on the spot,” explains the cybersecurity expert, who has picked up his story in the Gray Day book (Crown 2019).
O'Neill, earned the trust of who was known among the companions as Doctor Death. He recorded each movement and each conversation on a floppy disk that he delivered on time every day. “We all have routines and criminals too,” says O'Neill about the key to his work. From these constant behaviors, fundamental information is obtained: if you reduce the speed in a certain place, it is because you are looking for a signal, a message, or if you alter your daily activity, it is because something abnormal is happening.
Hanssen received one day a notice of his PDA (personal digital agenda). It was a reminder of the hour of prayer. The spy, an exluteran who became a member of Opus Dei, regularly attended mass and gave a copy of Camino (book of the founder of the Work, Escrivá de Balaguer) to his assistant. O'Neill then noticed a routine that would be key in resolving the case. His boss kept the PDA in his back pocket and left it in a briefcase next to him every time he sat down. It never took off from the device. O'Neill thought that the role of that electronic agenda in the life of his boss was fundamental.
An appointment outside the hermetic office of Hanssen, which closed whenever he was absent and no one was allowed access, was the opportunity for the counterintelligence team to access personal files. After the meeting, O'Neill intentionally chose a return route where he knew there would be a traffic jam to give his teammates more time. They discovered that the FBI agent, who was assigned the code name Gray Day, had sensitive documentation, which included information on the US nuclear arsenal, and communications with Russian agents signed as Ramón García or as simply B.
But it was not enough. They could only prove that Hanssen had secret material obtained as "infiltrating trust" and thanks to the weak security measures established at that time. On an earlier occasion he was discovered with sensitive material and claimed that he had it to demonstrate the lack of protection. That was his job.
The FBI needed proof that the destination was to sell it to Russia . A subsequent search of your vehicle allowed you to find adhesive tape to leave signs and waterproof material to wrap that made you suspect an imminent delivery. But it was necessary to surprise him on the spot.
O'Neill decided to act. He scheduled an unexpected visit to the office of a superior who invited Hanssen to practice shooting. Weapons were one of his obsessions and he always carried one or two on top. Hanssen did not have time to react and, for the first time, left the PDA in the briefcase. The assistant had only a few minutes. He entered the office, picked up the device and ran to an office where some colleagues were waiting to copy the files. The information was encrypted, so they decided to clone it and decrypt it later.
O'Neill had the right time to return to the office and return the device. He did not remember which of the four pockets of the briefcase he had taken the PDA and decided to leave it in one of them with the fear that, if Hanssen realized, he could suspect and flee without completing the delivery.
The spy returned grumpily to his office and the first thing he did was check that the PDA was in the briefcase. He called his assistant to the office and asked, "Have you been to my office?" O'Neill remained calm: “We have both been. I left the memory in the tray. He saw?". Hanssen was silent and stared at him, waiting for a compromising gesture. “I don't want you to enter my office,” he settled before taking the briefcase and leaving the FBI facilities.
The PDA revealed when and where the delivery was going to take place : on Sunday, February 18, 2001 at eight o'clock at night at the Foxstone Park in Virginia. O'Neill tells the scene with satisfaction: “It was a gray and cold day. Hanssen had spent the day with his family and his friend Jack Hoschouer. He took him to the airport and fired him at the boarding gate. Then you could still and you didn't need to take off your shoes. When he returned, he took the files wrapped in waterproof material and went to a wooden bridge in the park, left the package on one of the pillars under the structure, returned to the road and smiled. Then the FBI agents appeared, who surrounded him with weapons. "Pistols are not necessary," he said.
The information intervened and subsequent records revealed a hitherto unknown aspect of this member of the Opus Dei daily mass. Robert Hanssen recorded his sexual relations with his wife and shared them with Hoschouer. Messages were also detected on internet chats in which he described the details of his sex life and records of numerous meetings with a dancer from a strip clubfrom Washington, which, after delivering valuable gifts, including a Mercedes-brand car, left shortly before his arrest. They were evidences of the double life that Hanssen led in all areas for more than 20 years and to which the people closest to him, including his family, were alien. It was the end of the one considered by the Department of Justice as "the worst intelligence disaster in the history of the United States."
"ANY TECHNOLOGY CAN BE ABUSED"
Eric O'Neill left the FBI after the case and founded the Georgetown group, a research and security firm. He also appears as an expert in national protection of the Carbon Black entity.
Question . Is it still linked to counterintelligence?
Answer . My job has been to bring my experience in capturing spies to cybersecurity. The main companies try to understand and predict threats before they occur. There is the human element to identify risks and understand what are the next threats in the chain. And, of course, there is the technological component, because none of this can be done without the best technology.
Q. Where are threats detected?
A. You have to spend a lot of time with threat analysis teams on the dark web, where all the tools are followed, bought and sold. And then reverse engineering is done to protect and find a solution against them.
Q. Is there a global solution?
A. There are many cyber security companies with good solutions. The ones that are most successful are those that have a large-scale collaborative approach. A safe world in the face of cyber attacks? I think it's very difficult because of the internet. The FBI has just issued a warning about malicious programs capable of overcoming two-factor authentication. In addition, people can be deceived only with social engineering. I think there are a couple of things that will happen in the future: we will fully adopt the cloud, because that allows us to instantly use artificial intelligence and analysis, update everything to address the threat when it hits and before it happens, as well as protect everything is in the same environment; on the other hand, passwords will disappear. They are archaic and the Achilles heel against any attack.
Q. And entities, are they protected?
A. To protect a company, you have to be better than the attackers, who will always go for the low fruit [whichever is easier to access]. There is a theory of security called displacement: keeping crime away from the entity that is being protected by making security better than everyone else's. The best cyber companies will survive and prosper, and the poor will be those that will fail and sink.
Q. Should we give up privacy for security?
A. I agree with the data protection laws. They're good. One of the fundamental ways of protecting information is to isolate it, limit the people inside and outside the company who have access to it, the access points. In doing so, there are more possibilities to protect it. On the other hand, the use of biometrics, for example, at airports can be beneficial. Where is the limit? Any technology can be abused.
Q. What do you think of the ransom payment for computer abductions?
R . If you don't pay, kidnapping makes no sense. It is preferable not to pay, but particular circumstances must be taken into account. If an entity does not have a backup of its systems it can lose a huge amount of money for a kidnapping and, perhaps, sink. You can think then that it is more profitable, as a commercial decision, to pay $ 10,000. The kidnappers are smart and know where to attack. They even know the financial situation of the entity to ask what they can afford. They are very quiet, meticulous and carry out, for months, slow attacks where they compromise multiple systems, steal data and learn a lot about the company or the State or the city. They look for organizations that have a lot of pressure, such as cities or hospitals.
Q. Will the next generation of terrorism be cybernetic?
A. It is not the next generation, it already is. There are already numerous attacks on critical infrastructure that have affected the United States and other countries. The wars of the future will not be with bullets and weapons, they will be in cyberspace.
COMMENTS