Former FBI counterintelligence specialist Eric O’Neill joins Chris to recount his mission to help capture one of the most damaging spies in American history: Robert Hanssen. They discuss Hanssen’s transformation from a wannabe Bond into a real-life cyber mole, his staggering betrayal of US intelligence, and how O’Neill built trust with a man he knew he had to take down. Eric also shares how the Hanssen case shaped his transition into cybersecurity, explores the rise of cybercrime as a $12 trillion black-market economy, and explains why AI deepfakes, ransomware, and social engineering attacks pose growing threats to national security and everyday life.
Subscribe and share to stay ahead in the world of intelligence, geopolitics, and current affairs.
Subscribe and share to stay ahead in the world of intelligence, geopolitics, and current affairs.
Please share this episode using these links
YouTube: https://youtu.be/vmViAP6jits
Podfollow: https://pod.fo/e/2bfdc5
Find more about Eric on his website: https://ericoneill.net
Podfollow: https://pod.fo/e/2bfdc5
Find more about Eric on his website: https://ericoneill.net
Support Secrets and Spies
Become a “Friend of the Podcast” on Patreon for £3/$4: www.patreon.com/SecretsAndSpies
Buy merchandise from our Redbubble shop: https://www.redbubble.com/shop/ap/60934996
Subscribe to our YouTube page: https://www.youtube.com/channel/UCDVB23lrHr3KFeXq4VU36dg
For more information about the podcast, check out our website: https://secretsandspiespodcast.com
Buy merchandise from our Redbubble shop: https://www.redbubble.com/shop/ap/60934996
Subscribe to our YouTube page: https://www.youtube.com/channel/UCDVB23lrHr3KFeXq4VU36dg
For more information about the podcast, check out our website: https://secretsandspiespodcast.com
Connect with us on social media
Bluesky: https://bsky.app/profile/secretsandspies.bsky.social
Instagram: https://instagram.com/secretsandspies
Facebook: https://facebook.com/secretsandspies
Spoutible: https://spoutible.com/SecretsAndSpies
Follow Chris and Matt on Bluesky:
https://bsky.app/profile/fultonmatt.bsky.social
https://bsky.app/profile/chriscarrfilm.bsky.social
Secrets and Spies is produced by F & P LTD.
Music by Andrew R. Bird
Secrets and Spies sits at the intersection of intelligence, covert action, real-world espionage, and broader geopolitics in a way that is digestible but serious. Hosted by filmmaker Chris Carr and writer Matt Fulton, each episode unpacks global events through the lens of intelligence and geopolitics, featuring expert insights from former spies, authors, and analysts.
Instagram: https://instagram.com/secretsandspies
Facebook: https://facebook.com/secretsandspies
Spoutible: https://spoutible.com/SecretsAndSpies
Follow Chris and Matt on Bluesky:
https://bsky.app/profile/fultonmatt.bsky.social
https://bsky.app/profile/chriscarrfilm.bsky.social
Secrets and Spies is produced by F & P LTD.
Music by Andrew R. Bird
Secrets and Spies sits at the intersection of intelligence, covert action, real-world espionage, and broader geopolitics in a way that is digestible but serious. Hosted by filmmaker Chris Carr and writer Matt Fulton, each episode unpacks global events through the lens of intelligence and geopolitics, featuring expert insights from former spies, authors, and analysts.
[00:00:00] Announcer: Due to the themes of this podcast, listener discretion is advised.
Lock your doors, close the blinds, change your passwords. This is Secrets and Spies.
Secrets and Spies is a podcast that dives into the world of espionage, terrorism, geopolitics, and intrigue. This podcast is produced and hosted by Chris Carr.
[00:00:37] Chris Carr: On today's podcast, I'm joined by Eric O'Neill. Eric's a former counterintelligence operative who worked for the FBI. We discuss his past in the operation to take down Robert Hanssen, who was one of the most damaging Russian spies deep within the FBI. We then examine Eric's work in cybersecurity and he shares his insights and how best to protect ourselves from cyber fraud and hackers. I hope you find this episode interesting. Thank you for watching, and thank you for listening. Take care.
[00:01:05] Announcer: The opinions expressed by guests on Secrets and Spies do not necessarily represent those of the producers and sponsors of this podcast.
[00:01:27] Chris: Eric, welcome to the podcast. It's great to have you on. Just for the benefit of the audience, please, could you just tell us a little bit about yourself?
[00:01:36] Eric O'Neill: Sure. I'm Eric O'Neill. I started my career as an undercover operative in the FBI. I was tasked with counterintelligence and counterterrorism, so I worked against spies and terrorists, primarily in the DC area. The final case, uh, which is my claim to fame, if you will, uh, in the FBI was to go undercover in the most unique case the FBI had ever run to catch a spy named Robert Hanssen. Now, at the time that I went undercover, we had very good evidence that he was the spy we were looking at. Uh, but during the course of my investigation, which was only about three months, we learned that not only was he a spy, he was the spy, uh, a legendary spy that the FBI, in fact, the entire intelligence community, uh, across nations, had been after named Gray Suit.
After leaving the FBI, which wasn't very long after that case, I finished law school, became an attorney, worked in national security law, started a company called the Georgetown Group, which empowers trust. We do high-level, uh, diligence investigations, and competitive intelligence work for clients, a lot of like what I did in the FBI, but now in the corporate world. I just started a company called NexaSure, which is a cybersecurity advisory, uh, company that, um, helps people protect themselves from cyber attacks and also some ambassadorship to get the name out there if you have this new, innovative technology. Uh, I'm an author of, uh, a book Gray Day, which chronicles catching Robert Hanssen, but also my theories on, uh, the evolution of espionage from the cloak and dagger, you know, dark shadows and meets at train stations and dead drops of yore to today, which is mostly cyber attacks. My next book, The Invisible Threat, is coming out later this year, and I'm pretty prolific, uh, speaker, I'm on stages all over the the world and on wonderful podcasts like this. Um, so, there you go. That's me in a nutshell.
[00:03:31] Chris: Fantastic. Thank you very much for that. And, um, it's kind of interesting being here because I recognize your voice from when I was at the Spy Museum back in November. Uh, so it's quite surreal for me.
[00:03:42] Eric: That's right. I, I do a lot of work with the International Spy Museum in Washington, DC. In fact, we're, we're lining up right now, uh, this great, uh, practical exercise I do at the Spy Museum called Surveillance 101, where, uh, people buy tickets and then they get to see what it's like to be an undercover ghost, a surveillance operative for the FBI, following a spy throughout Washington, DC and trying not to get made.
[00:04:06] Chris: Yeah, yeah, it's not easy. I, I once did a, a day's course in London about surveillance and, uh, and yeah, it's not easy because you've gotta keep track of the target as well as, um, sort of disappearing into the background and, and also not being suspicious to other people around you. It's quite, quite interesting.
[00:04:23] Eric: Right. You need to be able to blend into the circumstances you're in so that you, you, you don't look interesting, so that when that person turns around, you just look like you're supposed to be there and they're not interesting to your eye. And you know, the, the second most difficult thing for people who are uh, trying to be undercover for their first time is not to have tunnel vision, not just focus on that target, but actually be aware of all your surroundings, uh, especially cars when you're trying to cross the street.
[00:04:49] Chris: Yes. You don't wanna get run over.
[00:04:51] Eric: That's why I use the buddy system.
[00:04:54] Chris: That's good. Well, um, can you just tell us a little bit about your career in the FBI? Because I was interested about why you joined and the sort of work that you were doing before the Hanssen investigation.
[00:05:04] Eric: Certainly, uh, I had graduated, uh, with a psychology and political science degree from Auburn University, thinking like in the future I would go into law, but needed some time to figure out what exactly I was gonna do. I got a job, uh, in Washington, back in Washington DC as a litigation consultant, which I thought was gonna give me some experience, uh, before becoming an attorney, before committing to law school and all that that entails. It turned out that I just did a lot of Excel. Um, now consultants do very important work, but at 21 years old, that wasn't for me sitting in a windowless office looking for a penny in an Excel spreadsheet. So a year to the day, I decided to leave. At that point, I had applied to the FBI. I got a job working for the Foreign Claims Settlement Commission, which is part of the Department of Justice, um, while I waited for my security clearance came to come through, so, uh, I, I didn't realize the fact that quitting before you actually got your clearance, you know, you get, you get accepted to the FBI, but then you have the clearance and that took almost a year, uh, for the clearance to come through. I had a, uh, Top Secret, uh, SCI clearance, which is the highest you can get. Um, and of course they wanna vet you and make sure everything is fine and the clearance process takes some time. So finally, I was cleared and got in.
Uh, what I did for the FBI, and, I, I should, I should go backwards, the reason that I joined the FBI is I wanted to serve in some way. I wanted to do something that mattered. I wanted to learn skills I couldn't get anywhere else. Uh, in my entire trajectory of my life until then was to go into the military. I didn't do that, I felt like I let my parents down, and I was going to find a way to make that right. Uh, and, uh, I have no regrets for the time that I spent in the FBI was one of the most amazing, uh, periods of my life. Very difficult, very stressful, but amazing. Uh, I got a job, uh, in the FBI. I was too young to, uh, join special agents class. It was only 22 when I applied to the FBI, and you had to be 25 at that time. But they liked me enough that they said, would you try this? And it was then a top secret group, now it's been declassified, and certainly if you read my book, Gray Day, you'll learn a lot about what it's like to be on a go as a ghost undercover. It's one of the first books to ever do that, I think it's the first book to ever do that.
[00:07:22] Chris: Yeah.
[00:07:22] Eric: I was an FBI, uh, ghost, which is the, the cool term for, uh, a member of the Special Surveillance Group or an investigative specialist. So my job was to investigate and surveil, uh, foreign, uh, counterintelligence threats or terrorist threats on American soil. So, flip a coin, one day I would be following a spy and the other day following a bomber and trying to keep them from doing harm to the country.
[00:07:48] Chris: So that obviously put you in a good position with regards to the Robert Hanssen investigation because you're used to sort of working, um, in this sort of undercover way where you sort of disappear into plain sight. So I was wondering if you could talk to us about like, how you were assigned to that investigation, what you learned about it. Because you said earlier, you know, it wasn't a done deal, that he was guilty, you were there to kind of gather evidence. Um, so what did you sort of learn about him going into that assignment and how did it feel for you being asked to spy on this sort of senior FBI, um, special agent?
[00:08:20] Eric: Well, Chris, you would think that, uh, my, my wealth of years of experience being undercover, following targets and, uh, catching them before they did their dastardly deed would help to go undercover in FBI headquarters against one of the, the top spy in the world. Uh, but I wasn't prepared for it at all. Uh, the fact of the matter is that when you work undercover, you're not supposed to be seen, or if you're seen, you wanna be seen in a way so that eyes just kind of slide by you and don't think you're interesting. I, I, I only had one conversation with a, uh, spy that I was tracking once, by chance, when he walked up to me randomly, uh, just out of the blue, complete roll of the dice, right? And, and just, I was the guy he asked, Do you know how to get to the bus, you know, at the airport? And, and I learned to have a very good poker face. And I turned, I looked and I said, Ah, that's the guy, right? I said it in my mind. Um, and, and outwardly, I, I just looked like, you know, anyone in Washington DC, like, why are you bothering me? And then I, Okay, okay. Here, you know what? I'm going to that bus, too. Why don't we go together? I'll show you, right? And, uh, put him on the bus and then took him to his rental car and, you know, he got off the, I got on the back of the bus, he got on the front. I watched him as he went to his rental car. I called out the license plate over my field radio to my team. Uh, they continued the surveillance. I got to go home because I was burned. So, you know, I got, I got, I got to leave work early that day because I, I broke the case for the whole team. That was the only time I'd ever talked to a spy. Just one little sentence, right?
And, uh, now I'm thrown undercover, as myself, in a brand new division that the FBI created for Hanssen, to catch Hanssen. We had received information from a former KGB source that, uh, was circumstantial, uh, you know, like some of it was really strong, but not stuff that he couldn't argue with a great lawyer. So, so it was as a trash bag. It had a partial print. He would just say that I've been working Russians for 22 years, you know? It, it's, it's not surprising that a, some part of my print might be on something. And of course, letters that were written that, that some of the analysis of the letters and the handwriting and the um, uh, and, and the, the way that things were phrased went back to him. But of course, that's not a slam dunk either. The, the most, the most critical piece of evidence we had is a phone call where he had called the consulate to ask where his money was, and that was his biggest mistake.
[00:10:45] Chris: Hmm.
[00:10:45] Eric: And we recognized his voice. But, you know, these are things that with a, with a big battle, you can explain away. And then maybe he gets conspiracy to commit espionage and 25 years and he shuts up and never says a word, rides out his prison sentence, and that's the end of it. Uh, that was not gonna work for the FBI because if he was Gray Suit, and we believed he was, the most legendary spy in the FBI's history, we had to know what he did so we could fix it. So, the real aim of the case was to get enough pressure on him, which means the death penalty, to get him to plead guilty and to agree to, uh, years of debriefing so he could, uh, tell the FBI and the entire intelligence community, how he broke it so they could build back better, uh, out of sort of this fire that they were under and, um, become a stronger institution. Uh, so that was my goal. Go undercover and, first, confirm that he's the spy we're after, and then once you do that, figure out, uh, a smoking gun to catch him. You can't ask an investigator in any discipline to go do that and have a high degree of success.
[00:11:48] Chris: Yeah.
[00:11:48] Eric: Finding a smoking gun in any investigative case or even a legal case, is next to impossible. Uh, so anytime a client asks for that, it's always, uh, you can't expect it, we're gonna try our best, right? Uh, but here I was able to do that. Um, I, I kind of learned on the job. I learned from Hanssen how to do this job, how to do this face-to-face investigation, which, uh, in the security term we call elicitation. So Chris, you and I are having a conversation, but I have an agenda and I don't want you to know I have in the agenda and I'm trying to give, I'm trying to use leading phrases that aren't quite questions to get you to just talk and talk and the more you talk, the more I might challenge you here or there and, and to get you to, to try to defend yourself. And, and then suddenly, you make a mistake. And that little bit, those little mistakes he would make here and there, I would bring to the analysts and they would compare it to all these former cases and, uh, we were slowly winning.
[00:12:46] Chris: Brilliant, brilliant. Now what did he, what, what was Robert Hanssen like on a sort of day-to-day basis? Because I, I think of the film, um, with Chris Cooper, and he comes across a very kind of prickly man and not somebody I'd want to spend all day with. So, how did he make you feel? What was he like on a day-to-day basis?
[00:13:03] Eric: Yeah, prickly is a very good, uh, yeah adjective for Hanssen. He certainly, uh, had a temper. Um, he was a narcissist, so he was always right, always knew better than everyone else. Uh, he would say he knew better than the director of the FBI and, and you know, if, if the director listened to him, it would be a better FBI, which ironically, maybe that's true because he was the one destroying it from within. Uh, he was a difficult boss. If you ever seen the movie Horrible Bosses, he was, he was kind of like right up there with any of them. Um, he, and Chris Cooper did an excellent job in Breach. You know, I've talked to a lot of old agents who knew Hanssen, um, over the years, and some disagreed with Breach, thinking he was, he could actually be a very sweet guy, a nice guy, you know, very intelligent guy. Sure, if he saw you as a peer, but if he saw you as anything under a peer, then he was absolutely, directly horrendous. And that was the, that was the beginning of our relationship. He was, uh, very, uh, brusque. He was, uh, demeaning. He made my life incredibly difficult. It was one of those places I just didn't want to go, FBI headquarters, you know. Day by day, I would get up in the morning and, and just lie there for five minutes, you know, bringing, bringing myself to a point where I could actually get dressed and go to work. And, you know, those are the worst jobs ever, right?
Um, there was a point, however, where I gained his trust. And once I gained his trust, I think he realized I gotta sit in an office for eight, eight hours, eight to ten hours a day with this guy, you know, let's have some conversations. And he started to realize that all of the reasons the FBI picked me for this job, right? And, you know, because they, they got brilliant psychologists too, and, and they looked for, for someone who could go undercover and do this, were commonalities we had. And the more we had those commonalities, the more Hanssen had things to talk to me about. So let's tick them off. We're both Catholic. That was super important. The guy's religion was, uh, immensely important to him. He, he was Opus Dei, which is like super Catholic. I get to church when I can on Sunday, so he would call me a junior varsity Catholic. And I was like, all right, whatever. Um, you know, he had a son who was in law school, his old, his oldest son at, in the exact same year that I was in law school. I was also in law school while I was, was doing this case, which didn't make things any less stressful at all. Uh, we both know a lot about computers. Uh, you know, back in the '80s we were both hackers. Um, he was a bad guy hacker, I was a good guy hacker, you know, trying, he's breaking security, I'm trying to, um, protect it. And so we could talk computers, which was his absolute passion. Programming, you know, um, how to design systems. I mean, our job was to build cybersecurity for the FBI. I mean, they put him in charge of that because it was a dream job, it was something that was a skillset of his, it enticed him to stay in the FBI and not retire. And, um, it also gave him access to data, because we wanted him to make a final drop to the Russians. And, you know, we had all these commonalities and, uh, and that meant that he would talk to me. And that's how you get a spy to start giving up some of the things that are going to lead you down the road to eventually catch them.
[00:16:14] Chris: Thank you for that. So, um, I think if I remember correctly, in your book you kind of called Hanssen, one of the first of cyber spies, I think. And um, so what kind of information was he sharing with his Russian handlers and how was he kind of communicating with them?
[00:16:29] Eric: I call him one of the first cyber spies, if not the first, because he was one of the first spies at, at particularly at his level, uh, and, and remember we're going way back to the time of the KGB, to drop data to his, uh, Russian spy masters. Uh, and, and you know, he might have been the first to drop floppy discs, if you remember, if we go way back in the time machine, there used to be these things that, for your young audience, that you would shove into a computer and they were about that big, right? They were five and a quarter, five inches and, uh, and, and a quarter inch in size. And, uh, you would stick like 20 of them in to make the computer go at a time. You'd just swap 'em, uh, to, to get more data into the program. So he would save things on floppy discs by stealing information from computer systems in the FBI that were still neophyte, and never really meant to defend against a trusted insider. There was never this concept that one of us will go bad and steal this data and somehow get it in a format that can extract it from, uh, the FBI headquarters or a field office, and then put it in a hole in the ground or under a bridge, is what Hanssen did, in order to get it to a foreign power. And of course he graduated to the much more firm, three and a half, uh, floppy discs, not quite as floppy. And, uh, we caught him before he could use thumb drives. And at one point he was actually trying to convince the Russians that, he loved his PalmPilot, right? And, uh, that that's the, that, that's the PalmPilot that was used in the movie, Breach, right?
[00:17:54] Chris: Oh, cool.
[00:17:54] Eric: So that's what it looks like. And, um, he was trying to say, look, I, I can save data on my PalmPilot, I'll just, I'll just drop that to you and then when you pay me money, you leave a Palm in there and we'll swap them, because I can encrypt the Palm. So even if someone comes across it, it'll be useless to them, right? Um, so he was, he was trying to be very innovative in how he, he pushed the, the traditional way that espionage was conducted.
[00:18:23] Chris: Yeah. And that's very cool, that PalmPilot just, uh, above, yeah, that's really amazing. So that's the prop from the film.
[00:18:27] Eric: Yeah, right next to it is, um, is, yeah right there, is Hanssen's pen, which he had this nervous tick, I don't know if it was a nervous tick or he just wanted to drive me insane, but he would click it and it would just (clicking noises). So, if you saw the movie Breach, we put that in the movie. Chris Cooper is constantly clicking that pen and it drives you a little nuts. Uh, it, it certainly had that effect on me.
[00:18:47] Chris: Oh my goodness. Yeah. A lot of fun, that was. So, um, how much damage did Hanssen do?
[00:18:54] Eric: Well, unfortunately we got him at the very end of his career. He was about to retire. Uh, he, uh, we only learned about him in December of 2000. We caught him in February of 2001.
[00:19:04] Chris: Wow, okay.
[00:19:05] Eric: And he was gonna retire in April, his mandatory 25-year-retirement, gold watch, pension. And he had already lined up a job at a cybersecurity company, so imagine the damage you could do there. So he had done most of his damage. Now that final drop, of course, from working within the Information Assurance Section, we, we absolutely didn't want him to get that out. So, there was a lot of pressure on me to find out when that drop date was going to be so we could be there ahead of him and there was no way he could get away with it. The damage he did has been in the billions of dollars. He completely dismantled how the United States conducts counterintelligence, which is the science of stopping spies and terrorists. Uh, when, uh, the bad guys have our playbook and they know what we're gonna do ahead of what we do, they can undermine everything from undercover operations to exposing the names of, uh, undercover operatives like, people like me. Fortunately not me, but people like me who rely on their cover to keep themself safe, uh, keep themself employed and continue to do their jobs.
Uh, he gave up, between '84 and '85, uh, Robert Hanssen, who was the biggest spy in the FBI's history and Aldrich Ames, arguably the biggest spy in CIA's history, uh, gave up similar names of spies who were operating for the United States in the Soviet Union. And between those two years, in '84 and '85, which was the absolute height of the Cold War, right, we were completely blind in Russia. Every one of our assets was rounded up and either executed or pressed into prison and hard labor. Uh, so we were losing the Cold War. Hanssen also gave up our nuclear warfare plan, well, our entire playbook if there was a nuclear war. So, that's a pretty bad thing to have if, uh, you know, for United States, and the entire Western world, for Russia, for the Soviet Union, to have their hands on that. Our continuity of government plan where we would send, uh, everyone in government that matters if, uh, if there was a catastrophic attack, and so much more. So much more. At one point he was, uh, assigned as an auditor to, uh, legal attaché offices all over the world. And of course, as he was auditing their information, he was able to cherry pick and steal whatever he wanted.
[00:21:14] Chris: Yeah. The scale is mind blowing, actually. That's, uh.
[00:21:18] Eric: Mind blowing and I think it's still being repaired. I, I mean, Hanssen passed away in June of, uh, 2023, uh, in supermax prison. And, uh, you know, I, I think up until the day he died, the FBI has still been trying to fix so much of the damage that he caused.
[00:21:36] Chris: Mm, yeah. I know he is very much not, uh, liked at all at the FBI. Um, I was on the, uh, FBI tour last year, and, um, his name briefly came up as, and then a curse word followed very quickly afterwards.
[00:21:49] Eric: Oh, I think there was a line of agents who wanted to go in the interrogation room and just, Can I just have two minutes with them? And, and beat 'em, beat 'em bloody.
[00:21:57] Chris: Mm-hmm.
[00:21:57] Eric: But once again, the, if you, if you're putting on your counterintelligence hat, if you're thinking like a spy hunter, sometimes, as much as you wanna punish the person, the most important thing is to, to learn everything that they broke so you can fix it. And that was the overwhelming goal. If you, if you, if you kept your eye on the ball, that was the overwhelming goal with Robert Hanssen.
[00:22:18] Chris: Where were you when he was arrested, and how do you feel? How did you feel about it?
[00:22:23] Eric: Yeah. I wasn't, uh, at the arrest. Uh, I wouldn't be there. In fact, my role was continued to be classified. I went, after the Hanssen case, I went back, uh, undercover as a field operative, and so I wouldn't be at the arrest. I, I didn't traditionally make arrests. That wasn't part of my mandate as an investigative specialist. And also, it would be really weird if I was there, Hanssen would be like, why? Because Hanssen, uh, you know, uh, even post arrest had no idea that I was the one who did what I did. And in fact, after that arrest, I asked if I could talk to him. I felt I needed that closure. And they said that, uh, he still doesn't know that you were instrumental in bringing him down. And our analysts feel that, and this is their quote, not mine, uh, this is what I heard. He will rattle the bars of his cage, clam up and, uh, lawyer up, and not speak to us if he finds out that it was you. So I, I was denied that, uh, opportunity to talk to him. I, I was, uh, incredibly emotional. I, I, you know, I tell the story in my book, Gray Day of, um, getting the call that it was done. Uh, my wife and I were driving. I had to pull off the road on, on a, on a pretty busy highway, um, because my hands were shaking. And, um, and I just, I put the car in park and I looked at my wife and, uh, the only question I asked Kate, the, the special agent who was my handler for this undercover investigation was, can I tell my wife Juliana? And she said, yes, just her. We're trying to catch the intelligence officer, we're keeping this under wraps. And I did, sitting there on the side of the road, uh, you know, at, at night with, you know, cars rushing by and, uh, and rain starting to fall. I, I told her everything, the whole case. I just thought that, hey, you know, I figured that I've got permission.
[00:24:05] Chris: Mm-hmm.
[00:24:05] Eric: And, and, uh, and she, I, I thought she was gonna be really upset because I'd been lying to her for months. And, um, instead she said, Now I understand everything that's been going on. It was one of the most important words she could ever say.
[00:24:16] Chris: Yeah. So, do you have any insight on why he did what he did?
[00:24:20] Eric: I, so, I always caveat, caveat my answer to this with the fact that no one actually knows why he did it. So Hanssen is a narcissist, right? Uh, textbook narcissist and many trusted insiders, moles, people who decide to go rogue and betray everything that they swore to uphold all suffer from some degree of narcissism. And, look, a little bit of narcissism, believing in yourself, ain't so bad. But his level of narcissism, uh, was, was sociopathic. And, um, he steadfastly refused through all those years of interrogation to ever tell them why he did it. You know, you say, you don't need to know why I did it. That doesn't help you fix anything. That's, that doesn't present you anything, and I'm not gonna tell you, right? So that, that was his one little scrap of power that he kept for himself. But I spent hours and hours and hours alone in a room with him that was designed to just let it, make us talk to each other, to bore us enough to make us talk to each other about all sorts of things. And I think I have a really good idea why he did it.
I mean, he be, you know, if you, everything I've learned about him, so all of this is stuff that I learned. Fact. He loved James Bond. He loved the James Bond movies, the films, the books, everything. He could quote them chapter and verse. He wanted to be James Bond. He wanted to be a law enforcement officer. He wanted to go undercover and catch spies. He wanted to be just like Bond, impress his father, um, and, you know, you know, make him feel that that image of himself in his head was true. And he gets into the FBI and he's in the Midwest because he's from Chicago. This isn't where counterintelligence happens, and he beg, borrows and steals and makes a ruckus, and they finally, uh, transfer him to New York City, which is one of the hubs of intelligence, right? You've got the United Nations there, like all sorts of spies, second only to Washington DC, which is still the spy capital of the world. And, uh, he's can't afford his life. So he gets his dream job and he can't afford his life. And then the FBI quickly realizes that he's a terrible manager. He's, uh, very abrupt. He's not good with people. He's not good at supervising people. And so they make him an an analyst. He's not a field operative, he's not undercover like what I was doing, chasing spies down and, uh, doing those field investigations. He's in the room, uh, taking the data, absorbing the data, and doing what he was incredible at, uh, taking a wide set of data and, um, synthesizing it into actionable intelligence that would help break cases. Uh, but, and you know, the FBI's gonna use you where you're the best at. The guy was great, but he felt in his mind that they were snubbing him, which wasn't true at all, but that's how he felt. So he was angry.
So we have a couple things. Guy needs a lot of money. He's having a lot of kids, he's married someone who comes from a wealthier family than he is, and he feels based on his personality, that he has to be the provider. Um, and, uh, he can't afford his life. He's, he's living in New York. He should have stayed in the Midwest, it would've been cheaper. And at the same time, he's a disgruntled employee. He's mad at the FBI for not treating him the way that he feels he needs to be treated. And so he decides that he's going to be James Bond. He's gonna be that spy that he always wanted to be, but he's going to be the rogue spy, the trusted insider, or the mole. And his first act of espionage was to volunteer his services to the KGB. And he did it in a letter that gave up two people, um, who were killed. Um, two of our top spies in the Soviet Union. He was a pretty bad guy.
[00:27:54] Chris: Mm, very bad guy. One random question, um, you mentioned he was a Bond fan. Did he have a favorite Bond movie?
[00:28:03] Eric: Uh, you know, I don't know. I think he might've said Dr. No. He was a, he was a, he was a big fan of the old Bond movies. Um, and, uh, and, and yeah, he, he, he could quote them chapter and verse, and he had like CDs with some of the data. And he had a Walther PPK, um, and a Leica camera that he brought in and showed me. He was also a huge fan of Monty Python.
[00:28:25] Chris: Oh, was he?
[00:28:25] Eric: He did have a sense of humor. He would bring in the Monty Python CDs and play them and just sit there laughing. And I, it was really awkward too, you know?
[00:28:33] Chris: Yeah.
[00:28:34] Eric: And some of it's a little risque and we're in a government office and that just doesn't happen very often. But, you know, sometimes I think he was testing me in ways, you know, seeing like, what's the reaction I'm gonna get from Eric? Like, how's he gonna respond to these things? And I just tried to kind of mirror what he thought, um, so I could be a little bit more of a sponge.
[00:28:52] Chris: Yeah, no, fair enough. Well, um, final question about Hanssen. What lessons did you learn from your involvement in the investigation that you believe are sort of valuable today?
[00:29:02] Eric: Yeah. My theories on cybersecurity begin in that room with Robert Hanssen. I remember we were tasked with building cybersecurity for the FBI. Uh, that, that was of course, to lower him back to, uh, FBI headquarters, keep him from retiring, give him the job that he always felt. But he had great ideas. I mean, sadly, if Hanssen had been a different man, a man with, with better moral, uh, standing, he, he might've been a great asset for the FBI because he, he truly did have innovative thoughts on how to protect information. Now, of course, he was cheating. He's the guy who'd broken it for years. So we knew everything that he had done and how to, how to stop someone like him. But we had many discussions about that. And that, that was the, the genesis of a lot of my thought leadership. It was the spark that ignited this new way of thinking about protecting information. And I was one of the first people, uh, to come out, uh, you know, on stage and with companies as a national security strategist and, and say that there are no hackers, there are only spies, which got a lot of people scratching their head. But my point was that we have to stop thinking of this kid in a basement as a hacker, that the actual cyber attackers are these well-funded espionage groups who have shifted their techniques and tactics from, you know, dead drops and signals to spearfishing emails. And until we elevate our thinking to go after spies, not cyber criminals or, or attackers or this word hacker, uh, we're not going to defeat the problem. And that all began with Robert Hanssen, especially when I understood that Hanssen was a hacker who had evolved ahead of the FBI to defend against him.
And, uh, you know, the, after the case I had, I've, I've, I've just constantly been in it, you know, in my mind, I, I do this, um, and maybe your listeners and, and viewers would, would love to read it, but I do a once-a-week newsletter and maybe you subscribe to it, but the, the last one I did last Tuesday, it comes out once a week, just Tuesday, I don't use your information for anything other than to create this sort of community of people who are interested in this stuff. Last week, I, I wrote a letter to Hanssen. It was on the, it just happened that Tuesday is when I released my newsletter, it was on the 18th, which is the anniversary of February 18th, the anniversary of his arrest. And I, I wrote a letter to Robert Hanssen that I'll never get to send because, um, I, I never managed to get into supermax prison to see him. Uh, and then he died. And I've always regretted missing that opportunity. So, I wrote a letter to him and, and in it, you know, I, I actually thank him for some of the, some of the, some of what he taught me that has, uh, led me to be, uh, a, a, a much better, uh, cybersecurity strategist than I ever would've been.
[00:31:43] Chris: Well, it's important, isn't it, to turn a negative into a positive, and it sounds like that's exactly what you've done.
[00:31:48] Eric: Certainly, I, I, I've done it now, you know, of course there was also the PTSD I suffered from being in that room and all, you know, and thinking in one moment that this is the moment I die. There was, uh, you know, there was sleepless nights, the having to repair my marriage, like all of the, the negative, but you're, you're right, Chris. You always have to find a positive in every situation. I mean, no matter what, how horrible situation you're in, it's an opportunity to learn. And that's what I took from that. And so did the FBI because in the years after Hanssen was caught, uh, because of course I did find the smoking gun I had, you know, we, the information I found, finding that PalmPilot, stealing it from him and getting it back in time before he even knew it was gone, led us to that drop site, because PalmPilot's just a digital calendar. And if you knew the math, because I had stolen other information from him, you could, you could break his code and, and learn exactly when he was gonna make that final drop. So whether ahead of him, and we had him, yeah, we, we had him dropping secrets he shouldn't have at a known drop site, uh, a um, SVR drop site and, um, a Russian intelligence drop site. And he, he had no way out. And so he pled guilty, which is exactly what we, he wanted. And part of the guilty plea was that he had to submit to interrogation for, uh, an un unidentified period of time. So it was just years and years. And by interrogating him, the FBI and the CIA and the NSA and the entire intelligence community was able to learn what he did and prevent any spy like him from ever being able to do this in the future.
[00:33:19] Chris: Well, thank you for that, Eric. Let's, uh, let's take a break and we'll be right back.
Welcome back, everybody. So, Eric, why did you decide to leave the FBI and move into the world of cybersecurity?
[00:33:46] Eric: Well, I left the FBI because I was about to graduate law school. I had also felt quite burnt out. I had spent five full years undercover. Um, in the beginning of my career I was not married, but by the end I was married. And, uh, I, I felt like I owed it to my wife and the family that we wanted to, to have to, um, not do this very intense, stressful, undercover work, which, you know, I can never talk to her about what I did. I was, I would disappear every once in a while, go black, go dark. And, um, I, I, I felt owe that to her. And I, again, I was about to graduate law school. So I, I decided, I'm gonna see what I can do as an attorney. I did that for five straight years before deciding to start a company that is, that still conducts competitive intelligence. And then, uh, as I became more of a public speaker, as I was thinking more about cybersecurity, I started working with cybersecurity companies as a national security strategist, elevating the thinking of the nation and, uh, cybersecurity in general. And what I like to say is, I'm the guy who brought counterintelligence to cybersecurity.
[00:34:51] Chris: Can you give us a brief history of cyber crime and why there are so many cyber attacks and how this is sort of just the beginning?
[00:34:58] Eric: Yeah. Well, if you wanna go all the way back to the original cyber attacks, we, we don't have time for that then we're, then, we're doing like an eight-part series. But, uh, I'll go back to the pandemic because you can look, uh, the, the, the FBI's IC3, for example, the Internet Crime Complaint Center, uh, tracks, uh, a, a good portion of cyber attacks. Now it's only stuff that's reported, but people are reporting more and more to the IC3. And you can see this incredible delta going straight, uh, straight up, um, from, from, uh, before the pandemic through the pandemic to today. And it increases exponentially year after year. It's incredible. The, the pandemic is when one day we're all working in an office and literally the next day we're all working from home. And, uh, security never had an opportunity to, to, to get ahead of it. Uh, so you saw more attacks in those few years of pandemic than ever had been in history before. If you add 'em all up then and everything before that, there were more during the pandemic, and that allowed the cyber crime syndicates to grow using the dark web and the FBI can't shut down the dark web. You know, no law enforcement, Interpol can't shut down the dark web. It, it exists as a part of the internet, all the way throughout the internet. It's 10% of the entire internet. Uh, so it's never going away. And the, uh, criminal syndicates who have, are using it not only as a launchpad, but an e-learning platform to recruit more people, uh, to teach people how to launch attacks, an affiliate program where if you want to get into, uh, the business of ransomware, which is an immense business, one of the, um, largest businesses on Earth, then you can, uh, download a toolkit, go on their e-learning platforms, learn from them, start launching ransomware attacks, and you just have to kick 25% of your gains, uh, back up to the crime syndicate. So, in light of this, it's very hard to stop cybercrime, and it continues to grow. Right now, today, the cost of cybercrime through the dark web is more than $12 trillion. So that makes it the third largest economy on Earth. By GDP, it goes to us, then it goes China, and then it's the dark web. And by 2026 it will be, uh, $20 trillion and growing from there. Um, so I mean, by 2026, it might actually be ahead of China because China's kind of on a downward. That's what we're up against. We're not gonna be able to stop cyber crime by turning off the dark web. So it's up to all of us to, um, to protect ourselves.
[00:37:29] Chris: Indeed. So what are the kind of key factors driving this explosive growth of cyber crime and other illicit activities? And is it purely financial or are there other motivations at play with this?
[00:37:41] Eric: So when I talk about cyber attacks, what I like to say is there are kind of three buckets, right?
You have your traditional cyber espionage, which will never go away. That is the majority of the way that espionage is, is now conducted over the world. Why would you spend months and years to embed a spy? I mean, they still do it by the way, but, uh, a spy in a diplomacy, in a country that you want to attack like Washington DC and, uh, they will spend months and months, uh, trying to identify someone who might become a mole like Hanssen and recruit them, and, uh, when you can just send a spearfishing attack to that same person and fool them, right? Uh, so, cyber espionage has grown, um, uh, a a as these attacks have become more and more successful, and we're seeing it every day. Right now, the most concerning cyber, uh, espionage attack is on critical infrastructure throughout Western countries. So, where you are in the UK, where I am, here in the US, um, Russia, China, and Iran have been seeding our critical infrastructure at all levels with probe attacks. The idea is that they're going to get in and then do what we call in cybersecurity, maintain persistence. That means hide and not be seen, uh, and then try to spread themself as wide as possible so that if there is a future war, or when there's a future war, it's gonna start with a, uh, denial of the services that we need to be happy. That's espionage.
Then we have crime. Now, cyber crime is all about making money. Uh, what I like to say is the only difference between an espionage cyber attack and a criminal cyber attack is the outcome. Uh, they're using all the same tactics, uh, deception, um, confidence schemes, deepfakes in, in order to fool you into giving them access. And then they want to quietly maintain that access until they've, uh, reached a critical mass of your systems. Now they, in espionage, they steal data and wanna get away without you knowing, right? They want you to never know you were there, they were there. In crime, they smash and grab on the way out, lock you with ransomware, steal all your data. And then, uh, you might say, I have a great backup system, I'm not paying you anything. And they say, well, I've also stolen your data, and if you don't pay us, we're publishing it everywhere, we're giving it to your competitor, or we're going to, uh, go through it carefully and weaponize all the embarrassing things you don't want anyone to know. And that is immense pressure to pay.
Number three, cyber terrorism or cyber activism. This is a, a, a growing area of cyber attacks and, um, because terrorists have, have found that, hey, we can cause damage too by launching cyber attacks on critical event infrastructure, on bringing down organizations we don't like. Um, this is, uh, happening a lot in, uh, in the eastern side of the world, uh, as, as different countries are using cyber attacks to get after each other, as cyber, uh, attacks are, the battleground right now is in Ukraine where it's, it's constant attacks back and forth between, uh, Ukrainian cyber attackers and um, Russian cyber attackers.
[00:40:46] Chris: Yes, yes. There's been a lot of that. And obviously now in the world of AI. So how is that impacting security and cyber crime, both positively and negatively?
[00:40:55] Eric: Oh, AI has changed everything about everything. I mean, AI is one of the biggest force multipliers of change in our lifetime. Uh, since the advent of the internet. Um, we are seeing the growing adoption of AI in real-time. Uh, we are also, you know, in all areas of industry in the world, um, you know, I, I've been as a futurist on stages telling people, if you are not adopting AI in some way, shape, or form to augment and make more efficient the work you're doing, you're gonna fall behind and become obsolete. It's like someone who continues to push paper and doesn't decide to turn on a computer. The bad guys are using it, too. I mean, you know, we, we have our ChatGPTs and, and different AIs, uh, that we're using to help us in business and, um, and give us a heads up, make ourselves more efficient. The bad guys have their own AIs.
Dark web AI doesn't have any safeguards or guardrails. It is evil and racist and mean and nasty, and it will do whatever you ask it to do. And, and it does. They are using it to write novel code. Um, AI, AI, you know, I, I, my, my, I, I'm writing something now about the things, the things AI can do that people don't know, right? That, that people don't, haven't even thought about. And I, I've been fascinating to find how many, um, advances AI or, or interesting things AI can learn and do that bogle the mind of scientists. Like for example, AI can analyze your iris and determine whether you are a man or a woman. They can determine your sex just by analyzing your iris. And scientists have no idea how it does it. It wrote the code itself, it, it, they don't understand how it does it, but it's absolutely accurate, um, and, and so much more. And so AI that's sort of unleashed on the dark web is able to build this novel cyber attacks that cybersecurity hasn't seen yet. So what cyber, so cybersecurity is adopting AI, uh, for the side of the angels, for the good guys, right? So you have these, this bad AI who's attacking and, and good AI who's defending. And for example, I work with a few companies that are developing malicious software in a, uh, in, in a very controlled environment. And one of the, one of the companies I'm working with actually has it on an island somewhere that's completely air gapped so this stuff can't get out.
[00:43:14] Chris: Yeah, wow.
[00:43:15] Eric: It's trying to develop, like, the most horrible cyber attacks no one's ever thought of, right? So that they can then create the defenses to it, so that they can train good cybersecurity AI to see it before it lands. That way so it's sort of this AI arms race right now that's happening. And uh, look, I'm a big, I'm a big movie buff. I'm a child of the '80s, I love to go back to movies in the '80s, and I, I like to think of the movie Tron, right?
[00:43:41] Chris: Okay. Yeah, yeah, yeah.
[00:43:42] Eric: It's, it's the good guy. It's the good programs versus the bad programs and it's happening in cyberspace right now. Like, all that stuff that was in that movie in the '80s is happening today. It's actually happening. And, um, we, we just can't see it.
[00:43:54] Chris: Yeah. Do you know, you just made me think of the film, uh, War Games as well. That's another kind of good one for that.
[00:43:59] Eric: Yes, exactly. That's a great one. That's an absolutely, everybody, everybody, uh, in, in, in cyber loves that.
[00:44:06] Chris: Oh, do they? It, I only watched it for the first time, like a year ago, and I was surprised at how, even though obviously it's in the '80s, how well it kind of holds up and is relevant.
[00:44:14] Eric: Absolutely. Yeah, it was just really well, well done. And, you know, people who are, who were old hackers back then were like, Yes, that! That's exactly how we did it.
[00:44:23] Chris: Wow. Well, um, can you describe a few common cyber attack scenarios like phishing, ransomware, and explain how individuals and organizations could better protect themselves from those threats?
[00:44:34] Eric: In, in the, the new book I'm writing right now, The Invisible Threat, uh, I, I say that if we want to protect ourself, we need to change the way we think about defense, right? And, and, and what I'm saying is we have to go on offense. Uh, and the, the, the whole premise of the book is I'm gonna teach you how to think like a spy to recognize the number one ways that, uh, cyber attackers attack. And they're using all the old traditional espionage techniques that is just in a modern era. Um, and then act like a spy hunter. Now that you've identified the threat, you need to know what to do to stop it. And one of the things that I, I, one of the tips that I give is to, uh, be an email archeologist. So what do I mean by that? When you get an email, you have to assume that email is a threat. We start with that assumption. The email is a threat. And I'm going to find a way, and we do some archeology, you know, and, and I like to say it, the, the kind of archeology, not like dusting the dinosaur bones, I'm like a whip in a fedora, you know, a leather jacket going into the tomb, like avoiding the traps and the like, because that's what you're, you, you gotta be Indiana Jones with this stuff. Um, so you're going to find a way to trust. So, we start with the premise that that email is trying to deceive me, to fold me. It's a confidence scheme. It's a deepfake. It's a trick. And, uh, you're finding a way to trust it. I no longer click on links or open any attachments on email. Um, I, I, I just don't.
Um, one of the best things that anyone can do to avoid a spear phishing attack, and I, I guess I should go back, uh, a spear phishing attack is literally an email that makes you trust it's true. What they'll do is they will put a link in it, so it might say, it might come from your mail carrier and says that you've missed a package. We've tried to deliver it three times, and now we're going to return it unless you reach out to us and give us directions and maybe correct your address, or tell us where you want it delivered, or what time you'll be home, right? Here's a handy link. You go to the link and the attackers are using AI to build a website that completely is identical to your mail carrier, and they can do it in moments, and they don't have to worry about grammar or spelling anymore, right? And you go on and you think you're on that mail carrier, and the domain might be off by a letter, but you don't see it because you just think, oh, oh, I, you know, I want the package, right? Everybody's getting packages everywhere all the time. And so you log in, uh, to your mail carrier and you direct them to where you're going. Now, they can do one or two things. Once you're on that website, it can do, uh, what's called drive-by download. So now it's, it's scanning your computer and trying to find a vulnerability or flaw in maybe your operating system that it can exploit to get in, or you're giving them their, your credentials to something that now they're going to use against you. And they can use it for identity fraud, they can use it in order to get into your computer. Um, and sometimes these things end up with, uh, it gets you into dark web call centers where it says, call us for help. And you call and you, they have just, just hundreds of these people who just sit there waiting for the call and um, and they're trained to fool you into giving over your information.
This is happening a lot right now in the United States because we're in tax season. Taxes have to be filed, the last date is April 15th, and right now, um, people are getting all sorts of spear phishing emails about how there's a problem with your taxes and call us here. And you call the number and you think you are talking to an IRS person, but you're actually talking to a dark web cyber criminal who now has your social security number, your address, and all that information.
So you have to take immense care when you're looking at email because it is the number one way that attackers are trying to fool us. If they can phish you, if they can get you with one of these emails, if they can, uh, if they can get you to trust, if they can get you to do something you shouldn't do, like open that attachment or click on that link, and they can get into your systems, they lock you with what's called ransomware. Ransomware is a cyber attack that uses malicious software, which we call malware, to encrypt your data. So we use encryption for everything. If you have an iPhone, for example, your iPhone's encrypted, um, that way if you lose it, uh, somebody can't actually see what the data is, even if they're able to access it. Um, and you can use encryption for bad. If someone takes all the data on your computer and encrypts it using malicious software, malware, then you can't see your own data. You have no access to it. And what they do is they sell you the key to your data. That's a ransomware attack. They hold it for ransom. And because the solution to that is always have a good backup. Like, like personally, I back, I back up my computer every week to an external drive and then I unplug it and I lock it in a drawer. So if anything goes wrong, I, I've only lost a week of work and since I saved most of my stuff in an encrypted cloud anyway, um, someone could steal my laptop and I just buy a new laptop, download it all from the cloud, and I'm good to go, right? Um, because attackers know that we're smart and innovative and we do this, what they've started doing is not just encrypting your data and trying to sell the key to you since they're in your computer anyway, they steal it all. So they steal all your data, they steal your email, they steal your files, they steal your intellectual property, they steal your pictures, and they tell you that if, uh, you don't pay, they're going to publish it everywhere. And what they'll do is they'll go through your data and try to find embarrassing things that they can use against you.
[00:49:54] Chris: Yeah.
[00:49:54] Eric: Because you don't want the pictures you had on there that you didn't want anyone to see, uh, you know, sent to your grandmother. And they know who she is, too. So, um, it, it, it's all very nefarious and dark. Um, and the idea is create the biggest pressure situation possible that is going to get you to pay them money so they don't make things worse.
[00:50:16] Chris: Thank you for that. Well, let's take a break and we'll be right back.
Welcome back, everybody. So, Eric, what is the sort of single most important piece of advice you would give to individuals and organizations to protect themselves from cyber crime?
[00:50:45] Eric: The best thing that any organization or individual, I mean, this stuff applies, it really just, you, you scale it up to an enterprise or you use it for yourself. The, the few best things you can do to protect yourself from a cyber attack are, are these things.
Be very careful in how you access the internet and how you look at email. Think like a spy, act, like a spy hunter. So we're going to be careful not to click on links or open attachments. If you do get a link from your mail service, uh, you, you just close the email and then go to the mail service directly on the website and log in and find out if it's true. I do that all the time and I constantly find out it's not true.
One of the most important things you can do is something that you might have heard many different times, but I'm gonna reiterate it because it is literally critical. If you don't do this, then you're probably already suffered a cyber attack. Turn on two-factor authentication. Do not trust a password. Passwords can be cracked. Computer systems are getting so fast they can crunch fast enough to break passwords unless you've got just an exceptional one and nobody does. People tend to use the same password over and over and over again, so you lose it in a breach over here and it's for sale on the dark web. All our information is for sale on the dark web. And so they'll use it at your work account, or they'll use it at any other account they can find that you own. They've already learned all about you on social media. Um, so you want to have, uh, unique passwords, but you don't wanna just rely on the password. Two-factor authentication, for anyone who doesn't know what that means, sometimes called multi-factor authentication, is something beyond the password. So, you log in with your username and your password and then you get the text to your phone. Or even better, you open your authenticator app and you've got the one-time code that lasts 30 seconds and you get it in there really quick.
That's the safest way to protect your data, um, right now. Uh, you know, if you just do those things, then you're going to protect yourself from 99% of cyber attacks. If you, if you're smart in how you think about approaching your security, um, and you're using two-factor authentication. And like I said earlier, back up your data. Make sure you back up your data. Because sometimes it's not a cyber attacker, sometimes it's just a glitch. And we saw what's happened when we rely on these big supply chain companies that provide us, um, uh, operating systems like Microsoft or cybersecurity. You know, there's a cybersecurity company, CrowdStrike, that had a glitch that crashed everyone's computers.
[00:53:08] Chris: Oh, yes.
[00:53:08] Eric: Have a good backup because, um, you wanna protect your data. Data is now the currency of our lives. It's the most important thing we have. I mean, money isn't even money anymore, it's, it's, it's really just data. It's, it's ones and zeros. So we wanna protect that data with everything we can.
[00:53:25] Chris: Yeah. Thank you very much for that. What do you think are some of the emerging threats on the horizon that we should be most concerned about in the next sort of five to ten years? And how can we prepare for those threats?
[00:53:34] Eric: Let's go back to AI, because AI deepfakes are the emerging threat right now.
[00:53:39] Chris: Hmm.
[00:53:39] Eric: So maybe I'll define it a little bit. That can be voice or it can be video, or it can be both. And what we're seeing is attackers are learning everything about you on social media because we're putting it all out there. They're going through your Instagram, they're going through your Facebook, they're going through your Twitter, I, I guess now X. Um, all, all of the resources where you put out information about yourself, and then they're crafting these incredibly deceptive deepfakes. So it might be a video of, uh, one of your relatives saying that I am traveling and I'm trapped in a, uh, in a hotel and I'm using somebody's phone to call you. Uh, all my stuff is stolen. I need you to wire me money immediately because I can't pay my hotel room. Uh, I need to buy a plane ticket home. I'll pay you back as soon as I get back. You know, just go on Western Union, send to this, to this number. Um, once you wire the money, it's gone. And the entire thing is a deepfake. It takes five minutes and just a, uh, a little bit of someone's image or video to create a deepfake, that looks just like me talking to you right here in the video, right? Or sounds just like me. Um, there, you know, if you call security people right now, it's funny if you call their voicemails, almost all of them, uh, you get the robo response, right? You've reached, dot-dot-dot-dot-dot, is not here right now, please leave a message. Instead of, you know, the very polite. Hi, you've reached Eric O'Neill, I'm not available to take your call. Uh, but leave a message and I'll get back to you. That's my voicemail. With just that, uh, and, and, and a good AI, free off the internet, someone can deepfake my voice and, uh, use it, uh, against my family, against my, um, uh, business associates. And it's happening constantly.
Um, one, one of the biggest ways it's being used is to fool employees into thinking the CEO or the CFO just told them to, uh, wire money. Uh, you know, billions of dollars are being stolen from companies right now, and by all predictions, by 2026, just a year from now, 90% of the internet, 90% is gonna be synthetic, created by AI. That's the videos on the internet, those are the images we see. Uh, it, it's a lot of what is spoken. You're, you're seeing it more and more and more, um, as AI becomes more and more adopted. So we, we have to be very careful about, about those, uh, criminal deepfakes.
[00:56:06] Chris: Yeah. So truly shocking statistic, that. Um, 90% of the internet being synthetic that generated is, uh, quite scary.
[00:56:13] Eric: Yeah. And you know, some of it is, uh, a lot of social media isn't actually real anymore. There are Instagram accounts, beautiful women and men on Instagram who don't exist. They're, they're entirely generated by AI, you know, putting on fashion, putting on makeup. They're not real people and, but people follow them thinking that it's this, you know, really interesting influencer. Uh, you know, just, just random people are, are, have five, six influencer accounts that have sponsorships and they're all just AI. And as a business, I mean, I guess it's a good idea. It's a, it's a lot of work to just create convincing deepfakes that sell stuff. But, um, that's the future. We're going to see movies, entire movies that are created by one person where all of the actors are synthetic, all of the voices are synthetic. Um, and, and this one person can add his computer, be a, uh, director, a producer, a choreographer, all, all of it. Even the music is written by AI. Um, you know, that's right on the horizon.
[00:57:18] Chris: Yeah. Well, Eric, is there anything else that you'd like to add that we haven't talked about today that's important to you?
[00:57:23] Eric: If, if we take an intersection between counterintelligence and cybersecurity, what we're really trying to do is find a way to trust. And that's the goal, to trust what you see, to trust what you believe, to trust what you interact with. And so to protect yourself against cyber attacks, you wanna make sure that you are finding your way to trust, that you're empowering trust in everything that you do. There are a lot of tools out there, there's a lot of learning there, uh, that you can follow. Um, you know, podcasts like this are great for, um, for learning about things and opening the way that you think of things to be. Yeah, I mean, everyone who's listened to this is now going to be like 80% less likely to get spearfished just because you're gonna be thinking about it every time you open that email. So you, you need to look for, for resources.
If you wanna follow me, uh, there are plenty of places online that you can do that. I'm, I'm on my Instagram and, uh, on X and, uh, you can just go to my website, www-dot-Eric-O'Neill-dot-net. If you wanna follow my, uh, weekly newsletter, just click the top banner and you can subscribe. I promise, I'm cybersecurity, I don't use your information for anything, it's just your email address, that's it. Um, but, but go out there and learn, find the resources that will help you make yourself and the world safe from cyber attacks.
[00:58:37] Chris: Thank you, eric. When's your book The Invisible Threat out?
[00:58:40] Eric: I am in negotiations with my publisher right now. In fact, as we were in, as we were uh, in the middle of recording this podcast, my agent called me and I'm hoping it's good news. I'm hoping for an, uh, October release this year.
[00:58:52] Chris: Fantastic, fantastic. Well, good luck with that, and thank you so much for joining me today.
[00:58:56] Eric: Thank you for having me.
[00:59:30] Announcer: Thanks for listening. This is Secrets and Spies.