In This Issue

The Watchman Will See You Now

A Silicon Valley Espionage Thriller Based on Allegations from a Newly Unsealed Affidavit

I once worked undercover to catch Robert Hanssen — a special agent trusted at the highest levels of the FBI who turned out to be the most devastating spy in U.S. history. And what made Hanssen so dangerous wasn’t that he snuck in. It’s that he was already inside. Already trusted.

This story? It echoes that same chilling truth.

But it’s set not in the halls of federal intelligence, but in the cutthroat world of Silicon Valley. The story centers on allegations contained in a recently unsealed affidavit filed in an Irish court — allegations that read like a deleted scene from The Bourne Identity, featuring code names, encrypted chats, a shattered phone, and a covert escape plan.

Apparently, Keith O’Brien — a former employee of payroll-tech company Rippling — claims he was recruited by Deel, a major competitor, to become a corporate spy.

The person who allegedly recruited him? Alex Bouaziz, Deel’s CEO, who, according to O’Brien, made a pitch worthy of a spy movie: become the insider, feed us secrets, and get paid handsomely for it. O’Brien says he agreed.

In the affidavit, O’Brien alleges that Deel’s executives instructed him on how to steal information and avoid detection, including the use of code words and encrypted messaging apps. He also claims that top Deel officials — including CEO Alex Bouaziz and his father Philippe Bouaziz, Deel’s CFO and chairman — participated directly in the plan.

It’s important to note: These are allegations. Deel has denied all legal wrongdoing, and a company spokeswoman previously stated, “We deny all legal wrongdoing and look forward to asserting our counterclaims.”

“Send That Watch to London”

If true, the details in the affidavit are jaw-dropping.

O’Brien claims that after agreeing to the plan in a September phone call from Rippling’s Dublin office, Alex and Philippe added him to two private channels on the encrypted messaging app Telegram. One was used to pass stolen information — including customer data, product roadmaps, and internal complaints. The other, according to the filing, coordinated payment.

The alleged code to trigger a payment? Send a picture of a watch. Philippe would respond with phrases like, “Send that watch to London” and “The buyer is happy.”

Initial payments reportedly came through a bank account tied to the wife of a Deel executive. Later, the affidavit says, the funds shifted to Ethereum, a cryptocurrency, with Philippe allegedly stating that he wanted to leave “no trace.”

In February, the scheme unraveled.

Deel had apparently leaked some of O’Brien’s shared material to a tech journalist. That journalist passed the information to Rippling — which set a digital honeypot trap. O’Brien took the bait, logging into a suspicious Slack channel that was set up to catch him.

“Oh, sh—,” Alex allegedly wrote, once O’Brien revealed he had accessed the channel.

Shortly after, a solicitor arrived with a court order for O’Brien’s phone. Panicked, O’Brien ran into the bathroom, wiped the device, and left the office.

Then, according to his sworn statement, Deel’s legal team stepped in again. They allegedly encouraged him to fly with his family to Dubai, offered to cover his legal fees, and advised him to say nothing. One lawyer, he claims, instructed him to destroy the phone permanently.

O’Brien says he smashed it with an axe. Then tossed the remains into a drain behind his mother-in-law’s house.

Denials, Disputes, and What’s Next

Alex and Philippe Bouaziz have not publicly commented on the affidavit’s contents. Deel’s spokeswoman has reiterated the company’s stance: they deny all wrongdoing and intend to present their own claims in court.

In the meantime, Rippling has filed a civil lawsuit, and the allegations have exploded across the legal and tech communities — casting a sharp spotlight on insider threats in the corporate world.

Trust Is the Real Vulnerability

Whether in national security or billion-dollar business, the enemy isn’t always outside the gate. Sometimes, they’re already wearing your badge, attending your meetings, and passing secrets through encrypted chats.

As someone who once helped catch America’s most dangerous insider, I can tell you this: Technology can track anomalies, restrict access, and raise alerts — but it’s human behavior that tells the story.

The tools exist to catch rogue insiders. But only if you’re looking.

O’Brien now says Deel’s executives orchestrated the entire plot. Deel denies wrongdoing and promises counterclaims. But no matter how this shakes out in court, one truth is inescapable:

The real threat didn’t come from outside. It was sitting at a Rippling desk, checking Slack, sipping coffee — and leaking secrets one “watch” at a time.

Cybersecurity Tip of the Week

How to Spot a Trusted Insider Before They Betray You

Insider threats aren’t just a cybersecurity problem — they’re a trust problem.

Trusted insiders often look like model employees. But when they turn rogue, they already know the weaknesses in your system, how to cover their tracks, and where your crown jewels are stored. Fortunately, modern security tools and smart compartmentalization can give you the upper hand. Here’s how.

Context Is King: The “Who, What, and Where” of Data

To catch an insider, you need more than firewalls — you need contextual intelligence. That means:

• Who is accessing your data?

• What are they accessing — and does it match their job function?

• Where are they doing it from?

This kind of insight creates a data perimeter that moves with the user, not just the network. If an HR associate is suddenly downloading engineering source code from a VPN endpoint in Malaysia, your system should throw up a digital red flag — fast.

Compartmentalize Like an Intelligence Agency

In espionage, it’s called the principle of least privilege — no one gets more access than they need to know. Your business should work the same way.

By segmenting access based on role, department, project, or seniority, you limit exposure and create breadcrumb trails. These trails tell you:

• Who accessed sensitive files

• When and how they were accessed

• Whether the access behavior was routine or suspicious

That’s the kind of detail that cracks cases — and builds real accountability.

AI-Powered Vigilance: Spot the Signal in the Noise

Modern cybersecurity platforms use AI to detect behavioral anomalies in real time. Not just red alerts — smart alerts.

Say your marketing manager logs in at 2:00 AM on a Sunday, from an unfamiliar IP address, and pulls HR salary records she’s never touched before. That’s a red flag. Especially if:

• She normally works 9–5 from a specific city

• Has no business reason to view HR data

• Has never touched that file in 3 years

Smart systems flag it, quarantine access, and alert your security team — all in under a second.

Warning Signs of an Insider Threat

Keep an eye out for:

• Unusual access times (late nights, weekends, holidays)

• Lateral movement across departments or sensitive systems

• Sudden interest in files outside an employee’s job scope

• Bypassing standard procedures or download restrictions

• Frequent use of personal or encrypted communication tools

Technology won’t solve every problem. But when it’s paired with vigilance, policy, and a healthy respect for your data’s value, it can help you catch the next insider before they become a headline. Just like we did with Hanssen.

Cybersecurity Breach of the Week

AI, Exposed — When Prompts Become Evidence

You might think of prompting an AI as a private exchange — like whispering secrets into a digital void. But the latest breach by South Korean AI firm GenNomis proves otherwise. Security researcher Jeremiah Fowler uncovered an unprotected database leaking over 95,000 image prompts, some explicit, some illegal, and all traceable. Among the data: disturbing deepfakes, non-consensual adult content, and likely child abuse material. The company quickly locked things down, but not before a damning truth surfaced — users were unknowingly generating digital horrors, and the AI quietly remembered them all.

This breach isn’t a glitch in the Matrix — it’s a feature. Many users treat generative AI tools like private sketchbooks, unaware their inputs may be stored, analyzed, and repurposed. Even platforms like ChatGPT keep your data unless you turn that setting off. And opting out isn’t bulletproof — any data traveling across the cloud is only as secure as the weakest employee, server, or line of code. GenNomis’s lapse reveals a darker reality: AI isn’t just a tool — it’s a two-way mirror. So next time you ask it for help with that spicy idea, confidential plan, or personal confession…ask yourself: would I want this leaked?

Tech of the Week

🐺Dire Wolves Return—And This Time, They’re (maybe) Real

In a twist worthy of Game of Thrones, dire wolves—yes, those dire wolves—are back. Sort of. Brought to life not through magic or myth, but by gene-editing and artificial intelligence. Meet Romulus, Remus, and Khaleesi: three majestic pups born from a sci-fi blend of ancient DNA and modern biotechnology.

The minds behind this resurrection? Colossal Biosciences, a Texas-based startup that’s less Jurassic Park and more House Stark. Using AI to analyze ancient wolf genomes pulled from 13,000- and 72,000-year-old fossils, scientists pinpointed traits like jaw size, shoulder structure, coat patterning, and even the dire wolf’s shaggy, snow-ready fur. From there, they edited 14 genes in gray wolf cells—20 changes in total, 15 of which resurrected long-lost traits of the dire wolf. It’s the most genetic edits ever made to an animal, and the result is something primal, imposing, and eerily familiar.

But these aren’t clones. There’s no prehistoric tooth being zapped with lightning. Instead, they started with gray wolf blood, used AI to reconstruct extinct traits, and implanted the edited DNA into dog embryos. It took eight surrogates and a blizzard of trial-and-error to bring them to life. These pups don’t just look the part—they’re predicted to grow bigger than modern wolves, with all the muscle and mystery of their Ice Age ancestors.

Colossal calls them dire wolves. Some geneticists disagree. But let’s be honest—if it looks like Ghost and acts like Ghost, you’re going to name it Ghost.

Should we recreate legends?

Beneath the fantasy appeal lies something much more significant. AI-powered de-extinction opens the door to protecting biodiversity in ways we never imagined. Colossal isn’t just building beasts for headlines—they’re also reviving red wolves, a critically endangered species with fewer than 20 left in the wild. Their breakthrough method—cloning using blood cells rather than invasive tissue samples—could revolutionize conservation and biobanking.

It also raises questions: What defines a species? Should we bring back the past to fix the future? And what happens when we start editing life not just to save ecosystems, but to recreate legends?

Colossal doesn’t plan to release dire wolves into the wild (don’t worry, no Winterfell rewilding program—yet). But they do hope to spark conversations around conservation through awe, spectacle, and yes, a little bit of nostalgia for our favorite noble house from the North.

Winter came. Then science brought it back.

Appearance of the Week

See Eric on C-SPAN’s Book TV where Eric discusses his role in the investigation and capture of Robert Hanssen. This lecture was filmed at the Institute of World Politics in Washington DC on March 12, 2025.

AI Image(s) of the Week

I grew up with G.I. Joe, so when I saw the AI action figure trend, I had to jump in. Here are two collectibles in my Spy vs. Spy series. Now if only I can get Hasbro to make these! Send me a message and I’ll send you the prompts I used so you can generate your own.

Like What You're Reading?

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Are you protected?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this affiliate link to get up to 60% off of Aura’s Cybersecurity, Identity monitoring and threat detecting software!

Want to start a newsletter?

Use this Link to get a 30 days trial + 2-% Beehiiv!

Ready for Next Week?

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions

Partner Disclosure: Please note that some of the links in this post are affiliate links, which means if you click on them and make a purchase, I may receive a small commission at no extra cost to you. This helps support my work and allows me to continue to provide valuable content. I only recommend products that I use and love. Thank you for your support!