Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Until his run ended in 2001, Robert Hanssen spent 20 years as a Russian mole burrowed deep in the FBI. That made him one of history's most successful inside threats — a class of threat that plagues both government agencies and private companies.

The big picture: The FBI agent who went undercover to bring Hanssen down, Eric O'Neill, recounts the operation in "Gray Day," which hits bookstores next week. He spoke to Axios about what Hanssen's tale can teach the rest of us about trusted insiders.

Why it matters: It's not just hackers who steal files or funds; sometimes it's inside threats — employees exploiting legitimate access to a network to rob their employers. "They are people who already have the keys to the kingdom," said O'Neill.

  • A 2016 survey found that 27% of cyberattacks were either known or believed to be spearheaded by insiders.

The intrigue: While Hanssen was paid by Russia, according to O'Neill he was also motivated by resentment about being passed over for the fieldwork he sought and instead sent to man counterintelligence databases in an office.

  • Disgruntled employees are a key source of insider threats. Just ask Tesla, where an employee passed over for promotion sent trade secrets to competitors last year.
  • "Sometimes the people who don't get treated well or don't get promotions or are tired of being seen as the IT geeks, they can really cause the most damage," said O'Neill. "So it really behooves you to take care of those people."
  • As in Hanssen's case, the biggest threats are the people with the most access, not necessarily the people with the highest status.

Trust, but verify: The FBI knew that someone in the government was leaking secrets to the Russians. But during their investigations, the agency refused to look internally for the mole.

  • "It was a psychological flaw, willful blindness making the FBI so sure it was a CIA person that we didn't see that the guy was someone in the room with knowledge of these cases," said O'Neill.
  • That's a block many organizations have when looking for insider threats. It's hard to doubt your own employees, and hard for employees to accept being viewed as a threat.
  • With Hanssen, that meant actively ignoring warning signs, including a tip that Hanssen's wife had found a suspect pile of cash in their home.
  • "My favorite thing to ask people is 'When do you think was the first time Hanssen, a 25-year vet of the FBI, was polygraphed?'" said O'Neill, noting that the FBI required a lie detector test every 5 years.
  • The answer is that he was never given a lie detector until after he was arrested.

What's needed: There are ways to thread the needle and guard against insider betrayal without destroying trust between management and staff.

  • "You have to make everyone feel like they are part of the process rather than being watched," said O'Neill.
  • That means telling people to be on the lookout for abnormal behavior. "If someone has a problem, it's not just their problem," he said.
  • Auditing networks for the removal of files or other strange activity is a non-invasive way of spotting trouble.
  • Segmenting networks — keeping data that doesn't need to be connected in separate compartments — and pruning unnecessary network access can limit exposure.

Editor's note: This piece was corrected to show Hanssen's run ended early 2001 (not December 2000).

Go deeper

Off the Rails

Episode 2: Barbarians at the Oval

Photo illustration: Sarah Grillo/Axios. Photo: Jim Watson/AFP/Getty Images

Beginning on election night 2020 and continuing through his final days in office, Donald Trump unraveled and dragged America with him, to the point that his followers sacked the U.S. Capitol with two weeks left in his term. This Axios series takes you inside the collapse of a president.

Episode 2: Trump stops buying what his professional staff are telling him, and increasingly turns to radical voices telling him what he wants to hear.

President Trump plunked down in an armchair in the White House residence, still dressed from his golf game — navy fleece, black pants, white MAGA cap. It was Saturday, Nov. 7. The networks had just called the election for Joe Biden.

Fringe right plots new attacks out of sight

Illustration: Aïda Amer/Axios

Domestic extremists are using obscure and private corners of the internet to plot new attacks ahead of Inauguration Day. Their plans are also hidden in plain sight, buried in podcasts and online video platforms.

Why it matters: Because law enforcement was caught flat-footed during last week's Capitol siege, researchers and intelligence agencies are paying more attention to online threats that could turn into real-world violence.

Kids’ screen time up 50% during pandemic

Illustration: Sarah Grillo/Axios

When the coronavirus lockdowns started in March, kidstech firm SuperAwesome found that screen time was up 50%. Nearly a year later, that percentage hasn't budged, according to new figures from the firm.

Why it matters: For most parents, pre-pandemic expectations around screen time are no longer realistic. The concern now has shifted from the number of hours in front of screens to the quality of screen time.