Words like ‘spies’, ‘thieves’ and ‘international espionage’ invoke images of fast-paced thrillers for most of us, but for how many does the word ‘lawyer’ come to mind? In a sense, Eric O’Neill has acted as a lawyer, spy and star.
Formerly an FBI counterterrorism and counterintelligence operative, O’Neill solved the cybercrimes that took down Robert Hanssen, the former FBI agent who exploited security weaknesses in U.S. computer systems to sell confidential information to Russia during the Cold War, inspiring the movieBreach.
In Feb. 3’s keynote at Legaltech New York, titled “Cybersecurity and Data Espionage: Spy Stories for Lawyers,” O’Neill will regale listeners with his stories of espionage to demonstrate to lawyers how they can implement counter-espionage techniques, careful diligence and restraint when using social media to reduce vulnerability to cyber threats.
Legaltech News spoke with O’Neill to get the scoop on his upcoming LTNY presentation and how his tales of international espionage can help lawyers keep abreast in the cyber landscape. O’Neill, founding partner of the Georgetown group and now a national security strategist at Bit9 + Carbon Black, described his speaking style as that of “a storyteller,” noting that rather than “scaring a crowd” into believing that they’ll “all be hacked and be doomed,” he aspires to provide useful information that lawyers can implement in the fight against cyber crime.
“What I like to do is give some very good examples of past penetrations and hacks that were successful and why they were successful, with a cheat sheet of rational, reasonable things that any person or company can do in order to protect themselves,” O’Neill explained. “I leverage my background in counterintelligence to promote a theory that we need to each think of ourselves as spy hunters if we want to stop cyber attacks.”
O’Neill said that his keynote will commence with his takedown of Hanssen, which he described as one of his “biggest hits.”
“The Hanssen investigation sits extraordinarily well in a cybersecurity framework, because Hanssen was our first hacker spy,” he said. “He exploited our FBI computer systems, he used our automated case systems to … make sure he wasn’t under investigation, and also to steal information. He was also one of the first spies to drop his stolen information to the Soviet Union … in a data form. He was so early, he had to explain to the Soviets how to decrypt what he dropped, because they didn’t even have any idea what to do with the floppy disks he gave them.”
In this tale, O’Neill finds his lead-in to discuss “cyber spies” and “what we need to worry about.” Among the most “frightening” and “dangerous” types of spies, he noted those within the organization, as they are already inside of the network and “generally trusted.” Besides Hanssen, his examples of spies within “the firewall” include Edward Snowden and corporate actors.
Another group of cyber spies that O’Neill will discuss is government actors. In past presentations, O’Neill tended to discuss a wide range of nation-state threat actors, though now he said he likes to focus on China, due to the interest in it, timeliness and “the percentage of the threat.” Particularly, he will discuss the Anthem and Office of Personnel Management (OPM) hacks, in the latter of which his own information was stolen.
He added that he wants to explain why the OPM hack “will be seen as the worst attack in our history, at least to date, and maybe even into the future, because I don’t think we’ve seen the end of it. Especially because OPM has no clue how long the malware was collecting information and sending it over.”
Also on the table for discussion are hacktivists, the Ashley Madison hack, and how social media poses potential harm to individuals and organizations. In addition to illustrating the problem of cyberattacks, O’Neill will also devote time to discussing what can be done. Of particular importance, he said that there’s a need to compartmentalize information, which he considers “the most important first step.”
“If you don’t know what you want to protect, then how can you ever protect it?” he asked. “Especially when you have a very large organization with many endpoints … all of the many IT devices that access information.”
Social media will be addressed as well, a terrain that he described as “the best place to start” for hackers and spies.
“If you want to learn about an organization through their people … find the weakest point of attack in any system, which is the least security-conscience person in that system,” he said. “And because we’ve got this epidemic of social media, where everyone feels the need to regurgitate everything that’s happening with their lives into the public, it makes it very easy to find someone to exploit or manipulate, or trick, or attack, or hack.”