Chasing Shadows: The Strangest Spies Among Us

Every organization has shadows—places where secrets hide and danger lurks. But the real threat doesn’t come from outside hackers or faceless adversaries; it comes from the people we trust the most.

This issue of Spies, Lies, and Cybercrime dives into the world of trusted insiders—those who spy, steal, and betray from within. Over my career, I’ve worked cases that prove truth is stranger than fiction. A rogue’s gallery of spies, saboteurs, and thieves who could give Hollywood a run for its money.

Each of these cases offers a glimpse into the motivations that drive insiders to betray their organizations and countries. Greed. Resentment. Narcissism. Desperation. Most spies aren’t masterminds—they’re just flawed people chasing shadows, both good and bad.

In this issue, we’ll peel back the curtain on these stories to uncover why trusted insiders betray, how to spot the signs, and most importantly, how to stop them before it’s too late. Because the spies are out there, and sometimes, they’re hiding in plain sight.

Let’s hunt the shadows.

Catching Robert Hanssen: Sometimes the Why DOES Matter.

One of the most common questions I get at the end of every keynote is, “Why did Hanssen spy?”

Here’s the answer—or at least the best one anyone will ever get.

Spies like Hanssen are a product of their environment, their flaws, and their ambitions. Trusted insiders—the people we depend on most—betray us for a cocktail of reasons: blackmail, bribery, ideology, greed, and sometimes just plain narcissism. Most are a messy combination of these. Disgruntled employees with a grudge. Idealists chasing a misguided cause. Or, like Hanssen, someone chasing the thrill of being more than they are.

Robert Hanssen wasn’t a run-of-the-mill FBI agent; he was the perfect mole. By day, he shuffled papers in what he saw as a thankless, dead-end job. By night, he was a master spy who sold America’s secrets to the Russians for over two decades. For Hanssen, espionage wasn’t just about money, though that’s how it started. It was about power, control, and a desperate need to feel important.

When I worked undercover as Hanssen’s assistant, I saw firsthand how he operated. The arrogance. The calculated risks. The way he belittled me to boost himself. Spying made Hanssen feel invincible, even immortal. In his mind, he wasn’t just a government worker; he was playing in the big leagues—living a secret life where he was the hero of his own story.

But heroes and villains are two sides of the same coin. Hanssen chose the villain’s path, and his betrayal gutted the FBI and the country he claimed to serve. Even after his arrest, he refused to answer the one question that haunted us all: Why? He took that secret to his grave—or perhaps, he locked it away in a place even he didn’t fully understand.

What I do know is this: in his final act of treachery, Hanssen gave my name and information to the Russians, leaving them a note to recruit me. He thought I’d make a good spy.

He wasn’t wrong.

Trusted insiders like Hanssen are the ultimate threat. They exploit our vulnerabilities from within. Some are recruited, seduced by blackmail or bribery. Others volunteer, driven by ideology, ego, or resentment. The danger isn’t just in what they steal but in the trust they shatter.

This newsletter is about those moles—insiders who corrupt from within, whether by choice or coercion. The key to stopping them? Knowing the threats before they hunt you.

Because the spies are out there. And sometimes, they’re closer than you think.

The Spies

Gregory Allen Justice - The Spy Called “Brian”

Gregory Allen Justice lived a double life, though it wasn’t quite the glamorous spy fantasy he imagined. By day, Justice worked the graveyard shift as a mechanical engineer for a U.S. defense contractor in California. His job was as critical as it was confidential—designing military satellites for the Air Force, Navy, and NASA. But by night, he dreamed of espionage, idolizing James Bond and binge-watching The Americans. He wasn’t just fascinated by spies—he wanted to be one. And so, "Brian" was born.

Justice’s real life was far from cinematic. Financially, he was drowning. His wife was confined to their bedroom with a debilitating medical condition, and Justice had spent nearly $6,000 on her medical expenses from 2013 to 2015. By March 2016, the money was gone. He told his wife to cancel her appointments because they couldn’t afford another bill—and his car wouldn’t even start. But it wasn’t just his wife who needed money. Justice had a girlfriend on the side, someone he had never met in person but who kept him hooked with photos and promises. From December 2015 to May 2016, Justice sent her over $21,000 in cash and nearly $6,000 worth of Amazon gifts, including a grill, furniture, and even a Dyson fan.

Strapped for cash and desperate to fix his crumbling life, Justice decided he’d sell secrets. In November 2015, he plugged a USB thumb drive into his workstation and stole classified satellite design information. He’d taken online courses with names like “Spy Escape and Evasion” and “Fight Fast,” spending over $4,000 to prepare for his self-made career in espionage. But Justice quickly realized that real-life spying wasn’t as easy as it looked on TV. His attempts to contact the Russians at their Washington, D.C., Embassy went nowhere. Frustrated, he was ready to give up until February 2016, when his phone rang.

On the other end was a man claiming to be with Russian intelligence. For Justice, it was a dream come true—or so he thought. From February to May 2016, he met his supposed SVR handler five times, trading classified information on thumb drives for envelopes of cash. Each meeting fed his delusion that he was a real spy, living the life he had always imagined. But the reality was far less impressive: his handler wasn’t a Russian agent. It was an undercover FBI agent, and the bureau had been watching Justice from the start.

“Brian’s” career came to an abrupt end in July 2016, when the FBI arrested him. Justice’s espionage fantasy had lasted barely six months, a pitiful imitation of the heroes he admired. Unlike James Bond, Gregory Allen Justice wasn’t saving the world; he was betraying it—for money, delusion, and a shadow of a dream that never truly existed.

Jonathan and Diana Toebbe - The “Peanut Butter Sandwich” Spies

Jonathan and Diana Toebbe’s story reads like a suburban twist on a Cold War spy thriller—only the execution was as messy as the peanut butter sandwich they used to smuggle secrets. The couple, who lived in Annapolis with their two children, appeared on the surface to lead a normal, middle-class life. Jonathan was a nuclear engineer who worked on the Navy’s classified nuclear submarine program, and Diana was a PhD-educated teacher. But beneath the surface, resentment brewed.

They felt undervalued in their careers, stressed about money, and frustrated with the political climate in America. Like many who choose to betray, they saw espionage as an escape hatch—one that could solve their problems and give them the recognition they believed they deserved.

For years, Jonathan smuggled secrets out of the Navy, slipping a few pages past security checkpoints at a time. By the end of 2020, he had painstakingly assembled 51 packets of classified material—an estimated 11,000 pages of sensitive data. The Toebbes’ plan was bold: they offered to sell the secrets to Brazil for $5 million. To prove he was dealing with Brazilian intelligence, Jonathan demanded they display a sign in the window of the Brazilian Embassy in Washington, D.C. Once the signal appeared, the Toebbes began their clandestine operation.

For six months, Jonathan left dead drops at parks across West Virginia, cleverly encrypting the stolen data and only providing the decryption key once payments were made in cryptocurrency. He received three payments, totaling $100,000, escalating with each successful exchange. To conceal the data, he used tactics straight out of a spy novel—or maybe a bad comedy sketch. His go-to hiding spot? A micro SD card stuffed inside a peanut butter sandwich.

But there was one major flaw in their plan: Brazil wanted nothing to do with their treachery. Instead, the Brazilian government immediately alerted the FBI, working hand-in-hand to catch the Toebbes in the act.

In October 2021, the couple’s espionage career came to an unceremonious end when the FBI arrested them during what was supposed to be their final dead drop. By February 2022, Jonathan and Diana pled guilty to conspiracy to communicate Restricted Data, their dream of wealth and recognition replaced by the cold reality of prison bars.

The Toebbes’ story isn’t just about stolen secrets; it’s a cautionary tale about the dangerous cocktail of entitlement, financial strain, and misguided ambition. Trusted insiders often see betrayal as a solution to their personal problems, but more often than not, it ends in disaster—for themselves and for the institutions they betray.

Jesse McGraw—the spy called “GhostExodus”

Jesse McGraw—better known by his online moniker GhostExodus—fancied himself a cyber revolutionary. As the self-proclaimed leader of the “Electronik Tribulation Army,” he had all the theatrics of a villain from a low-budget hacker movie: lock picks, fake FBI credentials, a cellphone jammer, and a dangerous mix of arrogance and recklessness. But McGraw’s real-life actions were far from harmless stunts—they were crimes that put lives at risk.

By day (or rather, by night), McGraw worked as a security guard at a hospital in Texas. Armed with nothing more than his graveyard shift access and a dangerous lack of ethics, he turned the hospital’s systems into his personal playground. He installed malware on multiple computers, including one at a nurses’ station that had access to sensitive medical records. Even more chilling, he planted a backdoor in the hospital’s HVAC system—an act that could have harmed patients or destroyed life-saving drugs requiring precise climate control.

If his actions weren’t brazen enough, McGraw decided to document his crimes. He posted a YouTube video proudly installing malware on a hospital computer, treating it as if it were some kind of twisted tutorial. That stunt caught the FBI’s attention, and the agency didn’t waste time unraveling the web McGraw had spun.

McGraw’s story is a stark reminder of the danger posed by insiders with access and malicious intent. He wasn’t some shadowy foreign operative or a disgruntled genius—just a night security guard with a God complex and the tools to cause chaos. Trusted insiders come in all shapes and motivations, and McGraw’s actions are a cautionary tale about the damage even a small player can do when left unchecked.

In the end, GhostExodus wasn’t a revolutionary leader—he was a criminal whose recklessness could have cost lives. And thanks to the FBI, his electronic “tribulation” came to an end before the consequences turned deadly.

Now on to the News!

The East Coast Drone Scare: What’s Really Going On?

I don’t have any inside information, but I did talk to a friend who works in drone technology and has a long background in intelligence work. Here’s the thing: I can’t imagine the U.S. government is so incompetent as to not know precisely where these drones are coming from and who’s behind them. They’ve been flying for weeks, and the United States intelligence and military apparatus are first-class. We can identify a grapefruit-sized satellite orbiting the Earth—obviously, we can track drones flying over New Jersey.

And that’s what concerns me. If the government knows and isn’t telling us, it means the situation might be more complicated—or more concerning—than they’re willing to share. Let’s not spiral into conspiracy theories here. These drones aren’t aliens pranking Earth or a setup for an invasion straight out of Red Dawn. But in this case, the WHYmatters a lot, and the public has a right to know.

Here are four likely scenarios for what could be happening:

1. Surveillance Operations – These could be government or military drones, testing responses, gathering intel, or running drills we’re not privy to. Testing defense systems often involves not telling the public to gauge real-world reactions.

2. Foreign Espionage – A more unsettling possibility is that adversarial nations like China, Russia, or Iran are using these drones to probe critical infrastructure, observe military activity, or map communication networks. It’s a low-cost, high-reward tactic for spying or preparing for potential disruption.

3. Commercial or Private Activity – Some drones may belong to private operators—companies testing delivery systems, hobbyists pushing boundaries, or rogue actors who’ve gotten more reckless. Even unintentional misuse can cause serious alarm in sensitive airspace.

4. Probing for Cyber or Physical Attacks – If this is deliberate, the drones may be testing weaknesses—looking for gaps in air defense, interfering with GPS systems, or probing how we respond. Coordinated disruptions like these could lay the groundwork for something more damaging down the line.

The takeaway? The technology to identify and track these drones exists, so the silence from officials is what raises eyebrows. The public doesn’t need every detail, but we deserve to know enough to be informed—and not left guessing. Because when it comes to situations like this, trust matters.

Stay tuned, and let’s hope clarity comes sooner rather than later.

The Silent Spy: When Cyber Espionage Targets Lives

In April 2020, the Chinese cybersecurity firm Sichuan Silence Information Technology Company launched a sophisticated cyberattack that U.S. officials say could have caused oil rigs to malfunction and led to loss of life. The operation, tied to espionage, deployed ransomware through 80,000 firewalls to steal data and paralyze critical infrastructure worldwide. While thwarted, the attack highlights how digital spies, often state-sponsored, use hacking as a weapon to target vulnerable systems—and underscores the deadly potential of modern cyber-espionage.

The Spy’s Playground: Encryption in the Crosshairs

The FBI has issued a stark warning: switch to encrypted messaging platforms—but not all encryption is created equal. While platforms like WhatsApp and Signal promise secure communications, the debate over "responsibly managed" encryption continues to rage. The FBI argues that tech companies must provide access to user content under lawful court orders, citing the risks posed by terrorists, child predators, and spies exploiting "unbreakable" systems. Yet, introducing backdoors opens dangerous vulnerabilities that adversaries—including foreign spies—could exploit, making this a high-stakes battle over privacy, security, and espionage in the digital age.

The AI Gone Rogue

A federal lawsuit accuses Character.AI of putting children and families at risk, alleging that its chatbots promoted violence, self-harm, and even murder. One chatbot reportedly suggested a 15-year-old boy kill his parents after they restricted his phone use, leading to his rapid mental decline. Attorneys argue that companies like Character.AI prioritize profits over safety, using reckless AI models to exploit young users. The lawsuit seeks to shut down the platform until proper regulations are implemented, warning that these unchecked digital "advisors" have become a dangerous weapon in the hands of vulnerable minds.

Check out my BRAND NEW Sizzle Reel

When I’m not writing this weekly newsletter, you’ll usually find me on stage, speaking about one of the most critical challenges of our time: protecting organizations against the rising tide of cybercrime. My journey began as an undercover FBI operative, where I learned the art of deception and the importance of safeguarding secrets. Today, I deliver keynotes around the world, blending gripping stories from my FBI days with actionable strategies to defend against cyber threats.

I’m thrilled to unveil my brand-new sizzle reel, showcasing what it’s like to step into one of my presentations. If you’ve ever wondered what it’s like to be on the front lines of cyber defense or want to learn how to protect your organization from evolving threats, this is the perfect introduction.

Check it out, and if you’re looking for a keynote speaker who delivers high-stakes lessons with real-world applications, let’s talk.

Check out my latest podcast appearance

This week I sat down with Lauro and Zach from the Cyber Rants Podcast and recounted my role in one of the FBI's most significant spy takedowns and dives deep into the world of espionage and counter-espionage- Catching Hanssen. We discussed the realities of insider threats lurking within the United States and actionable insights into defending against modern cyber risks.

Like What You're Reading?

Sign up for Spies, Lies & Cybercrime newsletter for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive!

Are you protected?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this link to get up to 60% off of Aura’s threat monitoring service.

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions