Welcome, Eric O’Neill!

Rachael Lyon:
Hello everyone. Welcome to this week's episode of the To the Point Podcast. I'm Rachael Lyon, here with my co-host, Jon Knepher. Jon, I'm quite curious. What is your New Year's resolution? Do you even bother with those?

Jonathan Knepher:
My goodness, I don't know that I have in a while. But always uptime and delivering all of our services to our SLAs, that's always my resolution.

Rachael Lyon:
Well, that's a wonderful resolution, right? It's nice to set a goal and a purpose for the year ahead, as always. Well, I am really excited to kick off the year with today's podcast guest. Please welcome Eric O'Neill. He's an American FBI counterterrorism and counterintelligence operative. He worked as an investigative specialist with the Special Service Surveillance Group and played a major role in the arrest, conviction, and imprisonment of FBI agent Robert Hanssen for spying on behalf of the Soviet Union and later Russia. His book, written about the experience, My Undercover Mission to Expose America's First Cyber Spy, was published in spring 2019. And for those playing at home, the 2007 movie Breach was also based on his experiences.

Rachael Lyon:
He is a public speaker and security expert who lectures internationally about espionage and national security, cybersecurity fraud, corporate diligence and defense, hacking, and many other topics. Welcome. Welcome to the podcast. Eric.

Eric O'Neill:
Rachael and Jon, it's great to be here. And let's not forget my new book, Spies, Lies, and Cybercrime, which just came out in October and is going to be very relevant to what we talk about.

Rachael Lyon:
Wonderful. We'll make sure to link to that in the show notes, Eric, as well, so all of our listeners can get that.

Eric O'Neill:
Awesome. Sounds wonderful. And if I had a. If I had a New Year's resolution, I always bounce between a bunch of them, and I tend to be. I tended to take on too much. It's probably to continue writing my weekly newsletter. I should have done it monthly, but I did it, you know, weekly for the last year, and I am committed to continuing to do this.

Eric O'Neill:
The audience has grown enough that I think I kind of have to.

Rachael Lyon:
Weekly. That's a lot. We do a weekly podcast, and so we can absolutely appreciate that. Yes, and that is a lot.

Eric O'Neill:
That's a lot more. I think I just get to write.

Jonathan Knepher:
You've got a lot more work to do weekly. Comes around every week.

Rachael Lyon:
It's funny.

Eric O'Neill:
That's right.

Rachael Lyon:
Funny how that happens.

[02:52] Cybercriminals or Digital Spies

Jonathan Knepher:
So let's hit it off here. Drawing from your experience in the FBI and as a leading cybersecurity expert, how have you seen cybercrime evolve over the course of your career?

Eric O'Neill:
Well, you know, it's great that I promoted the book because that's the focus of spy size and cybercrime. I've had this theory for years, and I first stated it in Gray day know in 2019, that there are no hackers, there are only spies. And I like to say that on stage, you know, this crazy idea, there are no hackers. Because when you say that, you know, audiences, people, anyone who hears it thinks, wait a minute, all I hear about is hackers. Because that's what's in the news. If you're looking in the news and it's talking about something cybersecurity related, it's not really about how you protect yourself. It's more about this hacker did this, this hacker did that. The hackers are coming after us, right? And my idea is that part of the education that I want to do is to get people to stop thinking about this idea of a hacker.

Eric O'Neill:
Because when I think of a hacker, right, I'm thinking about all my friends from the 80s who are now working for cybersecurity companies. They're the white hats, they're the good guys. Sometimes they were bad guys who are now good guys. It's spies. So the biggest change that we've seen in how cyber attacks, whether it's cyber crime, cyber espionage, cyber terrorism, hacktivism, so many different ways that different buckets of attackers are coming after our data. The biggest change that we've seen is that everybody is modeling spies. And spies are the best in the business. And criminals have become so incredibly successful at cybercrime because not only have they modeled the best in the business, those spies who have just changed the way that they commit espionage, but they've even hired them, they brought them on board in criminal syndicates to not only help them launch attacks, but teachers their, their criminal workers how to launch better and more pressing attacks.

Eric O'Neill:
So when we see attacks today, all of it begins with deception. And deception is the hallmark, starting point engine of espionage.

Rachael Lyon:
I like that kind of characterization because you're, you're hearing more and more as well about, you know, these attackers that just lie in wait. So they really are spying on these businesses for years and years and years. Waiting for the moment that they do want to reveal themselves and, you know, and take the data or whatever else it is thereafter. So it sounds like then businesses should probably be thinking about a counterintelligence checklist, right? In terms of how they're going to manage through these challenges, what would you recommend on how they get started?

Eric O'Neill:
You know, Rachel, and you're incredibly right right there. And let's. Let me put a pin in there for a second, then I'll get to the checklist because what, how cybercrime has evolved. And honestly, if you're a business, what you have to worry about, number one, is cybercrime. Less about Russia and China and Iran, North Korea, and others coming after you. They all are. But more about cybercriminals, because there are so many more of them. And cybercrime has already, it's already surpassed about $17 trillion through dark web cybercrime.

Eric O'Neill:
That's in a massive economy. So there are plenty of them out there, and they are going to hit you. And they're using traditional espionage techniques. So if you think of the traditional espionage technique, what a spy is going to do, right, the first thing he's going to do is reconnaissance. He's going to learn about you; he's going to take time in order to learn anything he can about you. And what he's looking for is weaknesses, pressure points, ways he can exploit you. Use urgency, use attacks that co-opt people, gain their trust, and find a way in. And then, of course, deception.

Eric O'Neill:
There has to be a way in for the attack, and that's where they're going to fool a person into opening the doors. And, and one of the biggest misconceptions right now of cybersecurity is that what attackers are doing is attacking your machines, stealing the data from your machines by using machines. And that's not how it's working. That used to work, and then cybersecurity got really good, and it doesn't work anymore. So what attackers are doing is fooling a person who already has access into just opening the doors for them. And you can't blame the people because they're so good at this. So you're exactly right. What you said is right on point.

[07:08] The Spy-Hunter Mindset: Counterintelligence in Cybersecurity

Eric O'Neill:
What we have to do if we want to stop cybercrime, cyber espionage, or any sort of cyber attack is become spy hunters. We need counterintelligence. Counterintelligence is my background. It's the science of stopping the intelligence goals of a foreign adversary. We're going to do that in cybersecurity, and that has been the platform I've been standing on for the past 25 years talking about. So a checklist? Well, it's a long checklist. The good news is that you know my book, my new book, Spy Zeiss and Cybercrime, it's a thrilling story that I use stories to tell all these things, but it's the exact checklist. So, how you can learn to spot all of the different attacks, and I've segmented those attacks into a number of buckets.

Eric O'Neill:
All of the traditional espionage goals. Right. And cybercrimes are co-opting. So it starts with deception, then infiltration, how they get in, and then impersonation and confidence schemes. Impersonation, confidence scheme is fooling a person into believing a lie that somewhere in their heart of hearts they know is, is not true. Right. Impersonation, confidence schemes, exploitation, and finally destruction. Right.

Eric O'Neill:
They're going to exploit you, they want to get paid, and they're probably going to destroy things on their way out, whether it's ransomware or just destroying information or changing it from, or doing some sort of mayhem. And the acronym is diced, right? Which is a great acronym. I didn't have it that way. I had it sort of jumbled. And then my editor was like, if you just move this, I here it spells diced. I was like, this is great. Thank you. You did your job.

Eric O'Neill:
Yes. So let's just take deception because you know that's, that's six different, six different techniques to look into. And that would take our entire podcast. But if we just look at deception and the checklist there, if you're a business, if you're someone in charge of cybersecurity, so maybe you're the IT director who has been placed in charge of cyber security, or maybe you're a ciso, or maybe you're just someone at home who wants to protect their laptop and the data on it. Here are just some of the things that you should think about, right? You know, thinking, putting yourself in the mind of the attacker, understanding what the spy wants. So what narrative will make the person suspend disbelief? That's what the attacker wants to do. Because what they want to do is short-circuit our ability to say I don't trust you and make you trust. So what does that target already believe that they can reinforce? How can they look boring, normal, and familiar, Someone that you're not going to focus on and be concerned about.

Eric O'Neill:
And of course, most importantly, how can I use deception to gain trust? So here's your checklist. When you are looking at someone accessing data, are you verifying why someone needs the information, not just who they claim to be? A lot of cybersecurity is so focused on identity, right? And that's very good. Are they who they say they are? Sure. But are you going one step further and saying, not just are they who they say they are, but why would they need the information? We called that compartmentalization in the FBI. So you're not just looking at why someone has access, you know, why someone is trying to access, but should they even have access at all? Right now, in the world of cybersecurity, we call that segmentation. The more you segment all your data, the less of a huge loss you can have if a spy gets inside. But it also gives you an early warning system that someone is trying to access something they shouldn't and steal information you don't want them to have. Here's another really big one.

Eric O'Neill:
Do you handle urgency by taking a step back and assessing the situation? Or do you use? Or does that urgency push you to do something you probably shouldn't? And this happens to people in the personal life all the time. It's the reason that so many individuals around the holidays get hammered by cyber attacks, because criminals use urgency to make us think we have to do something right now, and if we don't, bad things will happen, or we'll miss an opportunity. So one of the lessons is anytime there's urgency in anything, it's an email, it's a social media dm, it's something coming across your corporate systems. If there's some. If there's a vendor pressuring you, you have to do this right now, right? You take a step back, and you take a breath, and you think. Because what the cyber criminals want, you absolutely don't want you to do is think, and here's just one more, and then we can. We can get more into it.

Eric O'Neill:
Do you train your people to trust internal emails, texts, and Slack messages and any other way you communicate by default? Or do they act like a spy hunter and question first, trust last? That's really important in your personal lives, too. The Internet's not a safe place. It's a really dangerous place. It's a dangerous place for us. It's a dangerous place, especially for our children, for our elders. And if we're blindly trusting what we see, then we're in trouble. Especially in a world where AI is changing the entire game about whether we can even trust anything, anything we see on the Internet anymore.

Eric O'Neill:
I mean, even when I do research on the Internet now, you know, for this newsletter, I do every week, I have to verify every fact that I'm googling three or four times because now Google, even Google, and all the main search engines are using AI. And AI isn't always right. Sometimes it just dreams up stuff because it wants to make you happy. So you have to always verify everything you're looking at if it's on the Internet.

Jonathan Knepher:
Okay, so talk me through a little bit more on what these attackers are taking advantage of. You kind of went through the how, but, like, go a little more into the. Into the what and the who.

Eric O'Neill:
Sure, absolutely. So when you're looking at how an attack escalates, how it. How it forms, how it escalates, and how it finally hits payday for the. For the cybercriminal, what they're doing is they're trying to gain. Gain access using someone who is able to change your data. So that's why your system administrators, those people who are in IT and have the ability to generate new users, change passwords, give people access to their accounts, escalate privileges, is what we call it. Those are the primary targets. So a reconnaissance will usually start on social media to find out who those people are, and then they learn a lot about them, and then they find a way to target them in order to get them to just give up the information.

Eric O'Neill:
So that can be a spear phishing email, or even today, what we're seeing a lot of is AI deepfake attacks, where, for example, they might get a video call from their CEO, right? Or their boss telling them to do something, and they think, well, I'm talking to the guy real time right now. You know, on Zoom, I should do it. You know, I should pay this invoice, I should send this po, I should wire $25 million, which actually happened. I tell that story in the book because an AI cfo, chief financial officer, told a finance manager to do it. And so they will find a way to gain the trust of that individual and then co op their user account. And it could be just as simple as, you know, change your password here. And people are still falling for that in a dummy website. Now, once you have the account, you become that person within the environment.

Eric O'Neill:
So that. What that means is if I can steal the username and password and two-factor authentication, and hopefully that's turned on for everybody. That's like. That's like Cybersecurity 101, right? That's even before one-on-one. This. Even before you get in the class, like have two factor Turned on everywhere. If you don't have that, forget it. I can't help you.

Eric O'Neill:
You're already done. But, like, say you have that now. You have all three of those things, and you are able to become that person within the data. Now you're God in the data. You're a systems administrator. This is exactly how mgm, for example, you know, the hotel chain in Vegas, was overcome, and you had everything from. Because all their casinos were literally were almost shut down. You couldn't gamble, you couldn't make reservations.

Eric O'Neill:
You couldn't do anything. You couldn't even get in your hotel room just because a system administrator's credentials are corrupted. And once you're in, you can do. You can do all sorts of mayhem. You can create beacons, which means you can start talking back and forth from the dark web to their data. You can create new user accounts. You can access all sorts of different buckets of information. And the only way to know whether that's happening is if you have the cybersecurity infrastructure that is intrinsic and understands context.

Eric O'Neill:
So what does that mean? That means that we know that a bad guy's there and they're doing bad things because we know what looks good, and now we see what looks bad. And our telemetry is telling us that someone's doing something they don't normally do and doing things that we don't want them to do. And so we reach out and shut down that account.

[16:08] Robert Hanssen and Insider Threats

Rachael Lyon:
I'd love to talk a little bit more about context, and this could be, I guess, a segue to the Robert Hansen incident, you know, because from what I read, and correct me if I'm wrong, I was, like, stressed out when I was reading this about your experience of getting his PDA and then, you know, having him download it before he got to his office and, you know, all of this stuff. 

But there. There had to be, you know, at some point, I guess, you know, some triggers of, okay, maybe there is some, you know, something happening here. And then you had to come in, right, and kind of get a lay of the land in the context and then figure out, okay, how do I assess human behavior, right? How do I? Do I need to be deceptive? How do I get there? I got to gain his trust, right? To your point. And I'd love for you to share, I guess, a little bit more about that because it translates so crisply right to what you're talking about today for cybersecurity, certainly.

Eric O'Neill:
So Robert Hanssen was the prototypical trusted insider. He's the lesson for everyone about how much damage a trusted insider can do. For 22 years of his 25-year career at the FBI as one of their decorated special agents, he undermined the entire FBI, and not only the FBI, but the United States ability to pursue counterintelligence by being the top spy for the Soviet Union and then Russia. That's how long he spied. He survived the collapse of the Soviet Union, and during that massive shelf life for a spy, he gave up some of the most egregious secrets that have ever been given to a foreign power. Like our nuclear weapons program, what we would do if there was a nuclear war, A continuity government program, undercover operations that were in the billions of dollars, that even before they got going, he had given them up, and so much more lives. I mean, we lost between 84 and 85 every single one of our assets in the Soviet Union. And you know, he's, he's sort of half of that Aldrich Ames, who was a CIA spy, was the other half.

Eric O'Neill:
And they didn't even know each other, but it was golden intelligence for the Soviets. So he's a really bad guy. And like we could spend all our time talking about the bad things he did. But I think more importantly, how did he do it? And context is a great point there because the FBI, one, didn't really have context to understand whether there was a trusted insider stealing. Two, they were blind to it because they weren't even looking. And three, there was a lot of institutional bias that said we're not the bad guys. We put on the white cowboy hats and ride out and catch the bad guys. It's gotta be those guys over at the CIA.

Eric O'Neill:
And so that's where they were looking. This was great for Hansen. He was also very smart. He was our first cyber spy, and he was stealing information from computer systems that back then were just not built to defend against a trusted insider. No one who really thought, oh, one of our guys is going to go rogue and steal from computer systems and drop floppy disks under a footbridge. And for Russians to come pick up, it was still very, you know, we're trying to track people stealing paper and taking out of the building, or like snapping pictures with microfish, the FBI could have audited their data system. There was, there was that functionality, just no one was doing it. And you know, when I was undercover trying to catch Hansen, we actually went, and he was sort of interviewing the chief in charge of the data system.

Eric O'Neill:
And he, I saw him smile when, when the scientist told him, yeah, we can audit, but we don't really do it. I mean, he felt really good about himself. I was like, wow, guys, like, don't start auditing now because we're trying to catch him. But like, yeah, because I want to catch him. But. But I mean, I was thinking to myself, are you? That's like, that's like not turning on two-factor authentication. It's like you have to audit.

Eric O'Neill:
You have to see what people are doing and where they're doing it. And that's just easy. You just look at who's accessing things they shouldn't. One of the things Hanson did his entire career is he would go on the FBI's automated case system, and he'd look for himself; he'd put in his name, he put in his address. And if he saw the way a case system worked, which was sort of messy, is if there was a record that you didn't have access to see, it would return a record. But it was all starred out. So you would know if you put in your address that there was an investigation just because a record was returned, otherwise nothing would be returned. So that was a mistake that he knew about, but he wasn't going to tell anybody about because he was exploiting it.

Eric O'Neill:
And trusted insiders always exploit the flaws in your cybersecurity. And that's what he was doing. So we got lucky. I mean, really got lucky. The FBI for years had been after this poor unfortunate soul over at the CIA, who just happened to live near Hanson, ran on this running route that went by the drop sites that we knew that this spy was using. Just, he just was. It was just unfortunate. And there was this big push to get a source in Russia to confirm that this was the guy.

Eric O'Neill:
And they found a source. And this guy got paid millions of dollars, and he moved to the US, and he's put in witness protection. He's disappeared. And when they opened the file, all of the intel led to not the CIA guy, but Robert freaking Hansen, who was at one point put in charge of catching the spy we only know as Gray Suit, which was handsome. So he put in charge of Ketchik himself. He was the top Russian analyst. And that had to make him feel really good about never getting caught. And so hearts fell in the FBI.

Eric O'Neill:
We had to create the most unique investigation that to date the FBI has ever run in its history, which was take a spy, not only a spy, but the most legendary spy in FBI's whole past and someone that the entire careers had been broken trying to catch and bring him to FBI headquarters. And put him in charge of building cybersecurity for the FBI just so he could spy. He would spy. He'd have access. He would spy. We could catch him in the act of espionage and then use all of the weight of the Department of Justice to crash down on him and get him to talk so everything could be rebuilt. And then they had to find somebody who not only knew how to catch a spy but turn on a computer.

Eric O'Neill:
And it turns out that the only person the FBI could do that was me. And I was thrown in the office. I was never trained to do this. And. And they said, you know, one, don't screw up, right? Two, gain his trust. And three, catch him. So essentially, they were asking me to find a unicorn running through Times Square, which is impossible. There's this.

Eric O'Neill:
Find a smoking gun. You know, if you're a lawyer or you're an investigator, you know, that never happens, but I succeeded.

Jonathan Knepher:
That's excellent. And good thing.

Eric O'Neill:
Good thing you caught him.

Jonathan Knepher:
You talked about a couple of the issues on not having the auditing being reviewed and so on. But what were some of more of the warning signs that you saw that are now visible in hindsight, and what we should all be looking for today, certainly.

Eric O'Neill:
So, one, one, of course, auditing. The best way to catch a trusted insider, the number one way, is through cybersecurity. You know, psychology, you know, it doesn't really work so well. Watching your colleagues. Well, you can't really do that anymore because everybody's working remote. And that never really worked. It just created an office. It was like being in the FBI.

Eric O'Neill:
What I did, everybody's watching the bad guys and each other. It's not really healthy. It's really cybersecurity. You see, you need to have that. Once again, we're getting back to that idea of context and intrinsic knowledge of data. If you know who is accessing data, when they're accessing it, and from where they're accessing it, right? Then you can get an idea baseline of an employee. You're looking at their identity. And this is when Eric usually works his hours, and from where, right? And now suddenly Eric is working from a Starbucks across the country at 2 in the morning when Starbucks isn't open, Right?

Eric O'Neill:
You know, it's like, these things don't add up, right? And so we shot his account. Click, his account's done. Now we do some work, like, where did he go? What did he do? We do the data forensics, we bring in a team, and we find out that he's, you know, on vacation, didn't tell anybody, but because he's a robo work employee, we don't know. And that Starbucks is open 24 hours, who knows? But we verify, right? Otherwise could be a spy, someone who's hijacked the account and is attacking today. You can't even, you can't even just look at IP addresses and say, we're just going to block everything from China because they're renting servers in Arizona and other places to make it even harder, North Korea just, Amazon just found out that North Korea was renting servers, was hiring actual Americans who had set up servers for them in Arizona. And then they were infiltrating their people as remote workers into Amazon to make salaries one and just take money and fund the country, but also to steal data. So Amazon is constantly fighting that fight. So you have to, you have to understand your employees, but you have to understand data.

Eric O'Neill:
And so that's why what we're doing now is we're doing a lot of work in AI analytics that can real time, look at changes in data and focusing really well on Endpoint, you know, XDR actually, which is like, you know, Endpoint technology is a sensor on everything that accesses your data. XDR is like not just looking at the doors, but all in windows, but looking at all the hallways, and you know, and all the corners, and you know, there's sort of like cameras recording everywhere. Here's some other ways, some other tells. Hanson was doing things that he should have been. I mean, he was caught, just nobody cared which, which boggled my mind. And then I go all through, I go through all of this. In Gray Day, he was caught trying to pull an Ethernet cable out of the ceiling so he could get his own Internet access. You know, there's, that's a tell.

Eric O'Neill:
Most people don't do that, right? Most people don't even have the technological ability to do that. But this dude's on his desk like pulling a cable out to try to get his own like exterior way to communicate where, you know, the FBI didn't have access to it. He had installed a keylogger on an FBI machine and he was, he was learning passwords when the IT person would come and service the computer. And when he was called on it, because they called him, he said, oh no, I just needed the password for the printer because I couldn't get color print to run. And you know, I know it's an end around, I shouldn't have done it. But you know, there were other things. Here's a great question: he had a top secret security clearance and all of the letters that go above that. You know, there's really nothing above top secret.

Eric O'Neill:
But then you get all these, these letters that give you access to buckets of other information, right? Yeah. Top secret sci. And when do you think? So he's a veteran 25-year FBI agent. When do you think the first time he was ever polygraphed? Wait, what? The first time he was ever given a polygraph, which some people call a lie detector. There's no such thing as a lie detector. But, but he was given the first time he was given a polygraph, a routine polygraph.

Eric O'Neill:
So, when do you think the first time he would have gotten was?

Jonathan Knepher:
They would not have done that during his getting his clearance in the beginning.

Eric O'Neill:
So yes, that would be the first time. And by law, every five years, right, to re-up your clearance. The first time he was ever polygraphed was after his arrest. So it's like, how many balls could you drop and help this guy out? He's a master spy, but he's like, he didn't even have to work so hard. So. So there are these other mistakes.

Eric O'Neill:
You need to watch these sort of things, and you know, employees who become trusted insiders. And we're talking about the guy who works in Kubicle 3B or now works from home remotely, right? They don't do things that are normal. They will have to take risks. They will have to try to access information that they don't have access to. And if you're seeing data loss and it's the bucket of information they actually have access to, then that's a very good clue. So by tracking the data, you can find the spy.

[28:15] AI Slop and Synthetic Reality: The New Information Frontier

Rachael Lyon:
You talk a lot about basically legitimacy, right? You know, trusted insiders, things like that. And I kind of keep coming back to like the CEO type examples or CFO or, you know, whatever the case may be. It'd be very difficult for someone, you know, not appear to the C level to question the CEO if it, you know, the video call, and oh my gosh, he's asking me this. But I don't know, it just. This is really out of character, you know, but it's the CEO. I guess I need to do it. I mean, how do you recommend people? How should businesses be thinking about these kind of situations where people could raise their hand and say, I just want to double check something before I make a mistake.

Rachael Lyon:
Is there a secret password? Or what do you think people should be thinking about here?

Eric O'Neill:
That's a Great question. I actually spend a whole chapter on the book here, on this, because AI attacks are growing in frequency and they're creating incredible damage for organizations. And we're talking in the millions, in the tens of millions, for organizations who succumb to just one of these attacks because they're so planned and so clever. And AI video fidelity is getting almost impossible to tell from real life. You know, a real video when we're in our little Zoom boxes, right? It's not like you have a whole screen to look at it. I mean, it's. They make it grainy and a little bit. A little bit distorted on purpose, right? So you can't put it on the employees.

Eric O'Neill:
That's the thing. You can't train employees and say, you need to spot this. You have to set policies. And this is why cybersecurity has to be part of the C suite. Cybersecurity has to be talking to the board. Cybersecurity is something that needs to inform the entire business, you know, your entire business from your first in employee all the way up to the chairman of your board. Because policies is the way that you do this. You have to set things.

Eric O'Neill:
For example, one of the biggest ways that AI is used in these, what I call impersonation attacks, going back to dice, is by just leveling up the idea of the business email compromise, which, by the way, still gets. Still takes trillions of dollars from companies. Just business email compromise. Business email compromise. For those who don't know, that's where you get an email, and it says, I'm the CEO, right? Comes from the CEO. You look at the address looks, right? And they know all sorts. They know all sorts about a vendor or something, but they're sending it to someone who can, for example, process payments, and they say, hey, we had this engagement. We need to pay this vendor.

Eric O'Neill:
Has to be done really quickly. You know, it's about a million five. I'd like you to wire this right now. Get it done. And you know, people, when there's no policies, and they don't have training, it's their boss, they'll send it. So you have the policy. We will never ask for this in an email, right? We will have a secure channel, and it will come in as a request, and it must be signed by the CEO and the cfo. Now, companies, because this AI thing, what they're doing is saying, you must call me on this number, right? And so if you're an employee and you even question it, also, by the way, what you want to do is create A culture where questioning things is okay, where you can call someone and say, hey, I just got this email from you.

Eric O'Neill:
I just want to make sure it was from you. Or we just chatted on FaceTime. You don't normally do that. I didn't even know you had my cell number. I just want to make sure it's you, you know, and the person you know, and the executive has to go, thank you. I really appreciate you doing the second step. That was me. Okay.

Eric O'Neill:
Because you have to create that culture. Otherwise, employees don't want, they don't want to call, like the vice president of sales. Right. You know, someone who's three levels above them. But you have to create that because now we have especially. We're remote. You have to have that more open-door policy with my partners in my companies, with my family, we have a code word. So, and this is because one of the biggest schemes right now, I have teenage kids, is they will call as your child and say, I'm kidnapped, and I'm going to die if you don't pay this money to the kidnappers.

Eric O'Neill:
And you hear your child's voice. And I say, okay, great, that's wonderful. What's the code word? Now they know that if it's really them, they're going to work it in, right? So. So yeah, you need to do that in the world of AI is getting worse. In my book, Spy's Eyes and Cybercrime, I predicted by, by this year, we're here, it's 2026 book came out in, in October of 25 that 90% of what we see online is going to be in one way or another informed or completely generated by AI. It's going to be synthetic. And we're already seeing that if you just scroll through your favorite social media app. Most of it is AI.

Eric O'Neill:
We even created a term for it, AI slop.

Rachael Lyon:
I. But I, I do sidebar. I do love TikTok, Eric and all of the. Apparently, the AI cats are everywhere. I mean, now there's a influencers traveling the world, you know, dog podcasters. I have to say it's really well done, and I'm here for it.

Eric O'Neill:
My, my favorite is the. I'm forgetting what it's called, but it's the AI politicians as babies. You can listen to all of the White House press briefings where all the characters are babies and all dressed, and they're dressed exactly how they were dressed. They're just de. Aged and it's, it just, it creates this level of humor, but you still get the information, and I just find it's a better way to get the content.

Rachael Lyon:
And I hate to do this, everyone, but we're going to pause today's discussion right here and pick back up next week. Thanks for joining us this week. And as always, don't forget to smash that subscription button, and we'll see you next week. Till next time, stay safe. 

About Our Guest

 Eric O'Neill, Founder, The Georgetown Group and NeXasure AI

Eric Michael O'Neill is an American former FBI counter-terrorism and counterintelligence operative. He worked as an Investigative Specialist with the Special Surveillance Group (SSG) and played a major role in the arrest, conviction, and imprisonment of FBI agent Robert Hanssen for spying on behalf of the Soviet Union and later Russia. His book written about this experience, Gray Day: My Undercover Mission to Expose America's First Cyber Spy, was published in spring 2019. He is a public speaker and security expert who lectures internationally about espionage and national security, cybersecurity, fraud, corporate diligence and defense, hacking, and other topics.

Learn more about Eric's books