by Eric O'neill
Juliana froze and then dropped her hands in her lap. She turned to collect her books. I could feel the tension vibrating against my skin.
“You talked to him.”
She sat upright. “What?”
Now I turned toward her. “My boss. Mr. Hanssen. You talked to him.”
She looked at me like someone waiting for a punch line to a stupid joke. “And…”
“He’s creepy, right?”
Her shoulders fell from her ears and she slumped into the couch. “Yeah. You could say that.”
“What did he want?”
She shrugged. “He asked a lot of weird questions. About Germany and growing up behind the Wall. Personal things.”
“So you called and he just picked up the phone?”
She shivered. “Yes. I called you and he answered, Eric’s line.”
I relaxed hands that had clenched into fists. I’d learned that with Hanssen, nothing was innocent. He’d crossed a line in the sand, redrawn it, and then kicked it in my face.
“He speaks Russian, you know,” Juliana said. She scooped her books into her backpack. “Not well, but he asked me whether I had ever been to Russia.”
Lightning rode my back and exploded behind my eyes. Now I was fully awake. “What did you say?”
She frowned. “What could I say? Of course I’ve been to Russia. I have family in Russia. You know that.” She stood and grabbed her heavy backpack. “Was I supposed to lie to him?”
“No,” I said. “Of course not.”
“Wait…” She narrowed her eyes. I could feel the connections forming in her brain. “Is this a case?”
I crossed my arms before I could stop myself. “No!” I answered too quickly. “I mean, of course not. It’s a promotion to—”
“A computer job. I get that, but…”
“But nothing.” My eyes hardened. “It’s not a case.”
Juliana held my eyes for a long moment. Neither of us blinked. “See you tonight.”
She left without kissing me goodbye.
* * *
Rain battered my umbrella on the way to the Metro and hounded my long slog to headquarters. I reached Room 9930 rumpled and grumpy, hoping to get a few minutes to skim case law before the boss stormed in. I found the lights off and the office empty, and smiled for the first time that morning.
Juliana’s picture stood on my desk. Her father had snapped the photo a week before she first left for America. Juliana’s smile, full of youth and promise, curls to the side as though she holds the secret of a great adventure. During the long months of our separation and engagement, I would stare at that picture and take comfort that I was the adventure she crossed the sea to find. Now her picture filled me with guilt for failing her expectations.
Beside it, my office phone blinked with the angry light of an unheard message. I couldn’t have Hanssen speaking to Juliana. I’d begged off phone calls with Kate in front of Hanssen by pretending the conversation was with my wife. If he picked up my phone and asked Juliana about one of those calls…
I decided to make it difficult to come behind my desk. Instead of studying, I arranged the three unused office desk chairs around my workstation so they made a phalanx. I pulled my FBI NET workstation around to the side of my desk and left only a narrow space between the two to pass. Hanssen would have to work through my defenses to answer my phone or massage my shoulders.
Pleased with my work, I cracked my thick Corporations book and flipped through to the cases for the evening’s lecture. Before I could read a word, Hanssen barged through the door into the SCIF and slumped into one of my defensive chairs. “Buzzwords are bullshit,” he grumbled.
I looked up from my law book and tried to surreptitiously slide it off my desk and into my lap. Hanssen either didn’t notice or didn’t care. His shoulders slumped and a few extra lines traced his face, making him look older. “ ‘Information assurance’ is a buzzword that agencies are real hot on right now. Everyone thinks they need to create an office for it, and no one knows what it is.”
I felt as defeated as Hanssen looked. “Are you saying we’re wasting our time?”
“No, idiot, I’m saying that the FBI is wasting everyone’s time. This place is so filled with incompetents it’s no wonder Russia outthinks us.”
Hanssen retrieved his pen from his pocket. That pen. The moment he clicked it, I forgot the investigation. Everything fled from my mind except for the crazy urge to dive across the table and stab him with the thing. Instead, I plastered a smile on my face.
“John Boyd,” Hanssen said.
“Boyd?”
“Am I not making myself clear?” Hanssen leaned back in his professorial pose—slouched in the chair, legs wide, one hand clicking that accursed pen—and began the lesson.
During the Korean War, Boyd studied why the F-86 Sabre was so successful in shooting down the Russian MiG-15 of that generation. Boyd discovered that the US planes, while inferior to the Russian MiG in terms of speed, range, and altitude, were more maneuverable and therefore able to act faster than the MiG could react. Boyd saw in the Sabre’s ability to turn in rapid response to the more cumbersome MiG a blueprint for succeeding by thinking and reacting ahead of the enemy. He used that insight to devise a system: gather all the facts, observe the way the target reacted, process all the information, and then make lightning decisions. He called this an OODA loop, a rapid process of observation, orientation, decision, and then action. The decision maker who moved through this process faster than an opponent prevailed because, by acting first, he changed the situation for the adversary.
The idea is to make a better, faster decision than your opponent using the information directly at hand. In military terms this meant distilling information from the often chaotic combat environment into the essential facts needed to make choices that outplayed the enemy. In other words, in a confusing and jumbled situation, the soldier who adapts to what is happening around him and shoots first wins.
The example Boyd gave, in a thought-experiment presentation titled Strategic Game of ? and ?, required his students to imagine a few scenarios: carving the snow on a ski slope, towing water-skiers behind a motorboat, riding a bicycle during a spring day, and showing your child a toy tank with rubber caterpillar treads in a department store. He then challenged students to remove the skis, outboard motor, handlebars, and rubber treads from each scenario and asked what you created when you combined them.
If you guessed a snowmobile, congratulations! You just accomplished the most important aspect of the OODA loop: orienting effectively in the face of uncertainty. The first student to orient the scenario to an active decision that you have a snowmobile won.
It may sound simple, but as Boyd pointed out, most of us view the world around us as we insist it should be rather than shifting our perspective and incorporating new circumstances as they arise. And in the world of espionage, circumstances, allegiances, even truth change on every day that ends in a y. Those who are not flexible in their thinking are destined to lose.
“The FBI is terrible at thinking and reacting to the Russians.” Hanssen gestured at the room around us. “Look at this place. The Information Assurance Section is an example of the FBI’s difficulty upgrading technology, working outside the system, and conducting counterespionage.” He slammed one hand down on my desk. “This place is a joke. You’d have to be a moron to expect the FBI to modernize.”
I clenched my jaw to bite back my words. Hanssen liked to intersperse “idiot,” “moron,” and “dummy” into his conversations the way a politician might sprinkle applause points in a campaign speech, and I had little choice other than to just take the abuse. It’s not like I could report Hanssen to HR or commiserate with a buddy over drinks. But this time, I had to admit Hanssen had a point. The Russians have an edge on US intelligence agencies, primarily in the number of people t
hat they deploy. Russian intelligence officers in Washington assume that no one is following them—and they’re usually right. Meanwhile, our spies in Moscow know they’re being tailed by a legion of Russian surveillance operatives on any given day, requiring them to operate by deploying misdirection, subterfuge, and sleight of hand. We are more skilled, and they have more people. The result is an overall balance in the great game of spy versus spy. But the Russians continually swap the playing board and rarely follow the rules.
Even as a new Russian government stumbled from the crumbled stone façade of the Soviet Union, and we rounded up Cold War moles who had long since retired, Russian intelligence officers continued to punch their time cards. While the old guard raided file cabinets for future meal tickets, a new generation of Russian spies built castles within a new espionage sandbox. The FBI called it Moonlight Maze.
The decades-old case remains one of the most cryptic and secretive espionage investigations in the FBI’s history. Sometime between 1997 and 1998 (many details remain classified), the US intelligence community learned that intruders had compromised numerous unclassified computer systems belonging to US military and government networks across the United States. The attackers had cleverly compromised various servers belonging to universities, businesses, and even libraries in different countries and had used those computers to launch attacks against critical US agencies. The old-school hacking technique functioned like a modern-day VPN. By launching attacks from middleman computer systems, the spies could mask their origin. The complex network of attacks resembled a maze.
FBI investigators discovered that for over a year, the attackers had stolen information from air force bases, NASA, the Naval Sea Systems Command, the Army Research Lab, and the Department of Energy’s nuclear weapons research lab, to name a few. The stolen unclassified records included military logistical plans, procurements, personnel records, email messages, and research information. The attackers had also left behind backdoors in each of the networks they compromised so that they could reconnect and continue stealing whenever they wished.
FBI computer forensics traced the IP addresses through cut-out servers to Russia. Agents also examined the pattern of attacks and noted that they all happened during weekdays between eight a.m. and five p.m. Greenwich Mean Time +3—that is, Moscow time. They also never occurred on a Russian holiday. The Russian spies apparently worked bankers’ hours and took holidays off as they compromised US systems from afar. Moonlight Maze made the US intelligence community wake up to the new reality of Internet espionage.
The Russians integrated the OODA loop into their approach to spying. While the FBI conducted studies and pointed fingers at the CIA, the newly formed Russian Federation was preparing for a second Cold War fought in cyberspace. The Moonlight Maze of servers and compromised computer systems was a Russian OODA snowmobile. Russian spies observed the way that the Internet created new pathways to information. They oriented to the new conditions by observing how hackers in the 1980s and ’90s compromised computer systems and building these practices into their espionage plans. And these new Russian cyber spies wasted no time in deciding to act.
“Boyd got things done and still bucked the system,” Hanssen said. “Sometimes he worked outside of the system.” The boss pointed his pen at me and gave it a click. “You should try it sometime.”
I was getting four hours of sleep on a good night. I didn’t have the energy to buck anything right then.
“Boyd was brought up on court-martial proceedings three separate times.” Hanssen sat back. “They couldn’t defeat him. He applied his theory to his life and stayed one step ahead.”
I suppressed a yawn. It wasn’t every day a guy’s supervisor told him to rebel. I listened as Hanssen went on to criticize the FBI’s behemoth way of maneuvering—politics, turf wars, silos—contrasting it with the Russians’ straight line. I listened closely, mentally clocking every word for my logs. Hanssen, too, thought in straight lines—in simple, elegant approaches that worked. The ultimate OODA loop.
“The FBI can’t adapt,” Hanssen concluded.
“What’s the solution?” I asked.
“My method,” he said, and clicked his pen. “We can solve all of our computer and technical problems. A direct approach. One that outthinks the opponent.” He tapped the side of my monitor. “We use a secure Linux operating system on a central HQ server network that calls to the field offices for information and uses a protocol to mask the IP address so outside hackers can’t see the connection.” He shrugged. “It’s an evolution of the Hoover filing system. Hoover revolutionized the FBI decades ago with a simple, direct system.”
J. Edgar Hoover was the legendary FBI director who served eight presidents beginning in 1924. In addition to creating the FBI, Hoover developed a filing system that incorporated extensive cross-referencing between cases. He had started his career cataloging books in the Library of Congress, and he understood the importance of concise organization of information. As a Justice Department attorney, Hoover knew that researching case law required an index to show where courts had amended, dismissed, or upheld past decisions. These indexed citations tell an attorney whether law quoted from an old case in a brief or argument remains good law.
Law enforcement works the same way. Cases often build on each other, and without a way to index and cross-reference cases, FBI agents would spin their wheels over already-covered ground. Hoover brought an efficiency to the FBI’s system that was monumental in its day.
Today we would describe this as adding metadata or tagging files to create groups and quickly identify files that refer to a particular issue or idea. We do this today in our iTunes and photo libraries to allow us to sort by album or artist, or see every picture with Grandma’s face in it or from the vacation a few years ago in Hawaii. The FBI has called Hoover’s filing system “crucial to the success of Hoover’s Bureau as it grew and adapted to its expanding mission.”
I shrugged. “Let’s propose it.”
He lurched forward, red-faced and tightfisted. “We shouldn’t have to propose it, dummy! If the FBI is serious about solving these problems, my section should have control of all FBI technology. We’re nothing but glorified advisers.”
I sat back, trusting my phalanx of chairs to protect me. “Is this a bad time to hand in my definition of Information Assurance?”
That calmed him. “Let’s see it.”
I dragged a sheet of paper I’d printed at home from my bag and handed it to him. He scrutinized it and then read aloud: “Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” He dropped the page and scrutinized me. “Very good. Precise. Where’d you get it?”
“From the National Information Systems Security Glossary,” I said, and stifled a yawn. “I found it last night.”
He huffed. “INFOSEC. Good initiative, but these aren’t our words.” He tossed the paper back at me and dragged himself to his feet. “If you use someone else’s work, give them credit. Otherwise you’re stealing.”
Talk about the pot calling the kettle black. He dismissed me and left for his office. Hanssen had beat me at another aspect of the OODA loop. Whoever progressed through the process fastest not only defeated his adversary but also sent the opponent back to square one by resetting the loop. But Hanssen had unwittingly given me a potential key to victory. All I had to do was train myself to orient and decide faster than the spy. Like a child hoping to beat a chess grandmaster, I slid back in my chair and carefully itemized my failures, hoping one of them might light my path to victory.
That evening, as Kate drove me to the George Washington Law School campus, I repeated every diminishing detail of the day. After our one conversation, Ha
nssen had cloistered himself in his office, so I didn’t even get a chance to make him angry; and I still hadn’t been able to get his keys. As I prepared to draft my notes in the back of my law book, Kate briefed me on the next steps. The FBI needed to get into Hanssen’s car. I couldn’t get the keys, so we needed another plan.
“We’ve set up the meeting Hanssen wants with the DIA. While you’re there talking about computers we’ll take apart his car and search it. You’ll have to make sure he doesn’t drive. Reserve an FBI vehicle.”
“Got it.”
She looked as tired as I felt. “Something big is going to happen, kiddo. We aren’t sure what, but there’s chatter from overseas sources.” I grabbed my bag and she touched my arm. “Kiddo, this is the biggest case we’ve ever run.”
CHAPTER 11
PUNCH IN THE MOUTH
January 23, 2001—Tuesday
Garcia paced his office with balled fists. He strode past the sports memorabilia and the numerous awards senior executives on the fast track to somewhere accumulate, toward his open office door, where I stood perplexed. “That bastard,” he growled.
I had rolled out of bed to find Juliana already gone and the coffee pot cold. Spared our morning breakfast ritual, I leapt into my clothes and rushed to work for some extra studying time before the boss stormed in. The square of light falling out of Rich Garcia’s office had turned me away from the 9930 vault, and I decided to pay the section chief a visit.
“I’m not happy about it either,” I said. “Operationally, if he’s answering my phone—”
“None of that!” Garcia waved off what I might have said. “Let’s stick with what you told me. Your supervisor, who technically reports to me, although you’d never know it, is answering your phone and talking to your wife.”
