About Spies, Lies & Cybercrime

Welcome to my monthly newsletter where I will share the hidden realities of espionage and work to build cybersecurity awareness in a world where spies and cybercriminals increasingly overlap. Subscribe and look forward to information on recent cyberattacks, tips and toolkits you can use to defend yourself, stories about espionage, cybercriminals and much more.

Imagine sitting across from the most notorious spy in FBI history—Robert Hanssen. It took decades and millions of dollars for the FBI and CIA to uncover the smallest hints of his betrayal. Then, without much preparation, the FBI assigns you—pulled from your deep-cover work—to face him directly, with one task: prove Hanssen is the spy known as Gray Suit, and find the evidence that leads to his arrest.

That was me, sitting across from Hanssen in room 9930 at FBI Headquarters, when he said words I’ll never forget: “The spy is in the worst possible place.”

He handed me a legal pad. “Write your full FBI name, address, social security number, and birthdate. Then your wife’s name—Juliana, right?—and her social security number. Add your parents’ names and address.”

I hesitated. My confidence drained as I stared at the pad. I was alone—no team, no backup.

“Why do you need this?” I asked.

“Protocol. I’m your supervisor,” he replied dismissively.

Reluctantly, I wrote down my life—my personal information, the key to identity theft or espionage. When I handed it back, Hanssen scanned it like a teacher grading an exam. “Did they ever teach you about Hanssen’s law?”

I shook my head. “What’s Hanssen’s law?”

“The spy is in the worst possible place,” he said. “Russians always target the most damaging information in the most damaging places. That’s where you’ll find the spy.”

Hanssen clicked his pen. “We’re here to catch spies. Think you can do that?”

I raised my chin. “I’ll try.”

Hanssen’s law—finding the spy in the most damaging place—became a cornerstone of cybersecurity. He was the trailblazer for the cyber-attacks and breaches we face today. The FBI wanted me to succeed where so many had failed.

And I did.

My career began in the FBI’s counterintelligence trenches as an undercover operative. Since then, I’ve spent decades as a national security attorney, corporate investigator, national cybersecurity strategist. I’ve spoken to thousands each year on stages of all sizes across the globe, had a movie made about me (Breach, Universal Studios 2008) and wrote my bestselling book about catching Hanssen (Gray Day, Crown 2019).

This newsletter is my opportunity to reach those interested in my story every month and sometimes more often. Please make certain you are subscribed and share freely with your friends and network. Let’s not leave anyone behind on this journey to catch spies, stop cybercrime and make the world safe from Dark Web cyberattacks!

Cybersecurity News: Help! My Social Security Number was Stolen!

You probably heard about the massive breach of National Public Data and the theft of a reported 2.9 billion records. The company collects information for background checks on consumers and job applicants and lost 27 billion records to cyber criminals. The investigation is ongoing, but it looks like criminals breached the data aggregator company and compiled the data for months before releasing it online. There is no excuse for this cybersecurity failure.

Now people all over the country are learning that their social security numbers, Social Security numbers, addresses, phone numbers, email addresses, and other personal information are up for sale on the Dark Web. Expect a massive amount of identity theft, impersonation attacks, spear fishing attacks and more. If you are like me and so many others who have lost their personal information through this and many other breaches, there is action you can take:

1. Monitor Your Credit Regularly: Check your credit reports from Equifax, Experian, and TransUnion for unauthorized activities every 12 months, spreading your checks every four months to catch early signs of fraud.

2. Use Identity Theft Protection: Consider signing up for identity theft monitoring services like Aura or LifeLock, which monitor your sensitive data across credit agencies and the dark web for suspicious activity.

3. Freeze Your Credit: Request a credit freeze from the major reporting agencies to prevent new accounts from being opened without your consent. Be sure to securely store your unfreeze code.

Cybersecurity Tip of the Month

You’ve heard it time and again, but this is the kickoff newsletter, so let’s start with the single most important defense you have against cyberattacks. Use Multi-Factor Authentication (MFA).

Passwords are no longer enough to keep your accounts secure. Multi-Factor Authentication (MFA) adds an extra layer of protection by requiring a second verification step. This could be a text to your phone, an email, or even a biometric scan. Make sure to enable MFA on your most critical accounts.

Gadget of the Month: Duo Mobile

Each month I will highlight a new cybersecurity tool, espionage gadget or amazing new piece of tech that I’ve come across or started using. This month’s is Duo Mobile. I’ve used Duo Mobile for years as my preferred smartphone authentication application and have dozens of multi-factor accounts stored within.

Duo Mobile’s authentication app is an intuitive, user-friendly solution for securing logins with two-factor authentication (2FA). It supports push notifications, passcodes, and biometric verification, providing multiple layers of security for accessing applications. The app’s sleek interface makes it easy to set up and use, whether you're verifying your identity for work or personal accounts. One of the standout features is its seamless push notification system, which allows users to approve login requests with a single tap. It’s a reliable and efficient tool for enhancing smartphone security.

Have any questions about cybersecurity or a topic you’d like me to cover? Reply to this email, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world. Remember, there are no hackers, there are only spies.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions