This website uses cookies

Read our Privacy policy and Terms of use for more information.

Sponsored by

Weekly Intelligence for a Digital World

INTELLIGENCE BRIEF // DECLASSIFIED

Briefing No. 094
July 13, 2026

Title Story: A 47-year friendship over a few beers reveals why trust remains our greatest strength—and our greatest vulnerability.

Breach of the Week: The latest Scattered Spider case shows how attackers are bypassing firewalls by manipulating the people behind the help desk.

Tip of the Week: Learn the simple verification habit that can stop the most common social engineering attacks before they succeed.

AI Watch: Artificial intelligence is helping cybercriminals scale deception faster than ever, but the fundamentals of defense haven't changed.

From the Field: Last week I had the privilege of speaking with members of U.S. Cyber Command.

Title Story

Who Do you Trust?

Last week I met one of my oldest friends for a couple of beers.

Mike and I met in first grade at a tiny Catholic school just outside Washington, D.C. We were six years old. Forty-seven years later, we’re still friends.

Life tried its best to separate us. Different high schools. Colleges a thousand miles apart. Careers. Wives. Kids. Mortgages. Deadlines. All the ordinary chaos that slowly crowds old friendships out of the calendar. Somehow, we always found our way back, eventually becoming neighbors again just a few miles apart.

The strange thing wasn’t that we lived close. It was that months could pass without seeing each other.

So, we changed that.

Once a month we meet at a brewery halfway between our homes. Sometimes others join us, but usually it’s just the two of us. We complain. We solve each other’s problems. We celebrate victories. We remind each other that everyone is carrying burdens they don’t advertise. Most of what we say never leaves the table.

I leave every one of those conversations feeling lighter than when I arrived.

It struck me afterward that genuine human connection has quietly become one of the rarest things in modern life.

Many of us work from home. We stream movies instead of going to the theater. Happy hours have become occasional instead of routine. We text instead of calling. We email instead of walking down the hall. None of those changes are inherently bad, but together they’ve nudged us into increasingly isolated lives.

That matters for reasons far beyond our mental health.

As a former FBI counterintelligence operative, I’ve spent much of my career studying deception. One lesson keeps resurfacing: trust is far easier to establish face-to-face than through a screen. Criminals know this. They exploit distance. They exploit anonymity. They exploit the fact that we’ve become comfortable building relationships with people we’ve never actually met.

Technology has made communication effortless but has not made trust any easier.

One of the first recommendations I make in Spies, Lies & Cybercrime isn’t technical at all. It isn’t about passwords, encryption, or artificial intelligence.

It’s this: spend more time with real people.

Have the coffee. Meet for the beer. Walk across the office instead of sending the email. Build relationships in the real world before you’re forced to rely on them in the digital one.

Because in an age where almost anything online can be faked, authentic human connection has become one of our greatest security advantages.

Tip of the Week

Trust…But Verify.

Here’s a habit worth practicing this week:

Before acting on any unexpected request involving money, credentials, sensitive information, or urgency, stop and verify it through another channel.

  • Call the person.

  • Walk down the hall.

  • Start a new email.

  • Text the number you already know—not the one in the suspicious message.

Cybercriminals thrive on speed and emotion. We can stifle the criminals if we don’t give into it.

Breach of the Week

The Help Desk Is the New Front Door

One of the world's most active cybercriminal groups continues to remind organizations of an uncomfortable truth: your greatest vulnerability probably isn't your firewall.

It's your people.

Last week, the Department of Justice announced that Scattered Spider member Peter Stokes, 19, was extradited from Finland to the United States to face charges tied to a series of cyber intrusions. According to prosecutors, the alleged scheme included an approximately $8 million ransom demand and caused victims to incur at least $2 million in disruption and incident response costs. Those numbers reflect more than stolen data. They represent the staggering price of successful social engineering.

The charging documents reinforce what investigators have been seeing for years. Modern attackers increasingly bypass sophisticated security tools by manipulating help desks, customer service representatives, and employees into resetting passwords or multi-factor authentication credentials. Rather than spending weeks writing advanced malware, they spend minutes convincing another human being to open the door.

That's classic espionage.

Whether you're recruiting a spy or stealing corporate credentials, the first objective is the same: earn someone's trust before exploiting it.

The lesson isn't to distrust everyone. It's to verify before acting. A password reset, MFA enrollment, or account recovery should never be treated as a routine customer service request. It is a security event.

Security awareness training shouldn't be an annual compliance exercise. It should become part of an organization's culture.

Because every employee eventually becomes part of the security team.

Read more: (Justice.Gov)

AI Watch

Artificial Intelligence Doesn’t Need to Fool Everyone

Artificial intelligence is rapidly becoming a force multiplier for cybercriminals.

The frightening part isn't that AI has become smarter than humans. It's that AI never gets tired.

In one recently documented operation, researchers observed an AI-driven attacker exploit an exposed system, harvest credentials, move laterally toward a production database, adapt after failed attempts, encrypt data, and leave behind an extortion demand. The machine didn't need someone to trust it. It needed access—and permission to keep moving.

Researchers caution that this appears to be the first documented example of agentic ransomware, not a completely autonomous cyberattack. Human involvement almost certainly remained part of the operation, and investigators could not determine how the attacker originally obtained critical database credentials. Even so, the experiment demonstrates where cybercrime is heading: AI systems that can plan, adapt, and persist with minimal human oversight.

The good news is that the fundamentals of defense haven't changed.

  • Question unusual requests.

  • Verify identities through a second channel.

  • Require multiple approvals for sensitive actions.

  • Limit privileges so a single compromised account can't roam freely.

  • Meet in person whenever possible.

Technology is evolving at a dizzying pace, but critical thinking, sound security practices, and healthy skepticism remain the best defenses.

Read more: (sysdig.com)

From the Field

Speaking at U.S. Cyber Command

Last week I had the privilege of speaking with members of U.S. Cyber Command.

I obviously can’t share much about the visit itself—and that’s exactly as it should be—but I left with one overwhelming impression.

Optimism.

The men and women responsible for defending our nation’s networks don’t look like movie hackers. They’re engineers, analysts, military officers, civilians, and problem-solvers quietly working behind the scenes every day to keep our country secure.

Like the way I operated when I was undercover with the FBI, most Americans will never meet them or know their names. That’s the nature of national security.

We spend a great deal of time worrying about the threats we can see. It was encouraging to spend time with the people whose full-time job is thinking about the threats we can’t.

Continue the Mission

If you enjoyed this week’s newsletter, you’ll find even more inside my new book, SPIES, LIES, AND CYBERCRIME. Drawing on my years hunting spies for the FBI, it reveals how espionage, cybercrime, and AI-powered deception intersect—and what you can do to stay one step ahead.

Ready for the next mission?

Already read the book? A quick review on Amazon or Goodreads helps more readers discover it. Thank you for your support.

Please support my sponsors. It only takes a click - no purchase necessary!

The World's Biggest Dev Event Hits Silicon Valley

WeAreDevelopers World Congress comes to San José, CA — September 23–25, 2026, in the heart of Silicon Valley. 10,000+ developers, 500+ speakers, 20+ stages, and the full software development lifecycle in one place. 

Kelsey Hightower. Thomas Dohmke (fmr. CEO, GitHub). Christine Yen (CEO, Honeycomb). Mathias Biilmann (CEO, Netlify). Olivier Pomel (CEO, Datadog). The people actually building the tools you use every day — all on one stage.

Three days of AI, agents, cloud, security, and architecture, plus workshops, live coding, and the official Congress party. Prices rise as the event gets closer — lock in today's rate. 

Use code GITPUSH26 for 10% off.

Know Someone Who’d Enjoy This?

If someone forwarded you this newsletter, join more than 4,500 readers every Tuesday for practical lessons from the worlds of espionage, cybercrime, artificial intelligence, and the human stories behind them.

Think Like a Spy

Every spy operation, every cyberattack, and every confidence scam ultimately asks the same question:

Who do you trust?

It’s a question worth asking far more often—in business, online, and in life. I’ll see Mike again next month and we’ll solve very few of the world’s problems over another couple of beers.

But we’ll reinforce something far more valuable.

Trust.

And in a world increasingly filled with artificial intelligence, deepfakes, anonymous strangers, and digital deception, that may be one of the smartest security investments either of us can make.

Praemonitus Praemunitus!

Forewarned is Forearmed!

~Eric

Reply

Avatar

or to participate

Recommended for you