How One Man Exposed His Fellow FBI Agent as a Russian Spy


James D. Ratley, CFE
ACFE President

Here’s the situation. You’re a new FBI undercover field operative. But the bureau has called you into headquarters, put a suit and tie on you, and ordered you to take a desk job as the assistant to a longtime FBI special agent and computer systems expert. You’ll be locked in a soundproof, two-office vault to do one thing: covertly surveil this man suspected of being a master spy for the Russians.

That’s where Eric O’Neill found himself in 2001. He became a loyal assistant to Robert Hanssen — an intimidating, demanding and suspicious boss. The FBI had its eye on Hanssen, but they just needed a smoking gun.

O’Neill, who will be a keynote speaker at the 28th Annual ACFE Global Fraud Conference, June 18-23 in Nashville, watched Hanssen for months, but couldn’t find anything incriminating.

Finally, O’Neill was able to get to Hanssen’s Palm Pilot. O’Neill rushed it to the FBI techies on another floor who decrypted it and found Hanssen’s drop date and location of classified material to the Russians. They had him.

Hanssen was arrested on Feb. 18, 2001, at Foxstone Park, near his home in Vienna, Virginia, where he’d made his last drop. He was charged with selling U.S. secrets to the Soviet Union and then the Russian Federation for more than $1.4 million in cash and diamonds in 22 years.

He pleaded guilty to 15 counts of espionage and was sentenced to 15 life terms without the possibility of parole. The U.S. Department of Justice described his spying as “possibly the worst intelligence disaster in U.S. history.”

I’m impressed that O’Neill was able to gather information on Hanssen, who prided himself on being able to detect any hint of deception.

The story was so dramatic that Hollywood transformed it into the 2007 movie, “Breach,” starring Ryan Phillipe as O’Neill, Chris Cooper as Hanssen and Laura Linney as “Kate Burroughs,” O’Neill’s handler. O’Neill was an onsite advisor for the film.

During the 28th Annual ACFE Global Fraud Conference, O’Neill — who now runs an investigative and security consulting firm, and works for a security protection software company — will be addressing recent changes in fraud and cyberespionage through the eyes of sophisticated attackers.

“I will use elements of the Hanssen investigation as a framework and also to tell an entertaining story,” O’Neill says. “The audience will understand why I say that there are no hackers; there are only spies.”

3 Tips to Help Prevent and Detect Fraudulent Travel Expense Activity 


Misty Carter, CFE, CIA, CISA
ACFE Research Specialist

Have you ever wondered, “Are my travel expenses being reviewed?” Fraudsters who have been successful at defrauding companies through the submission of fictitious travel expenses most likely have. If management, though, has never considered this question from the employee’s perspective, they might unknowingly be paying out thousands of dollars to fund a fraudster’s lifestyle — that fraudster being one of their own employees.

Unfortunately, this was the case with New York State Assemblyman William Boyland, Jr. Boyland, indicted on charges of allegedly filing tens of thousands of dollars’ worth of fraudulent travel expenses, claimed he had been traveling on legislative business in Albany, New York, between January 2007 and December 2011 when he allegedly was not (as reported in Metropolis, a Wall Street Journal blog). In fact, in some of the instances where he allegedly claimed he was traveling to Albany, he was in New York City meeting with undercover investigators who were building an unrelated bribery case against him.

While the exact dollar amount falsely claimed by Boyland is still uncertain, an audit found no record of him being in Albany 609 of the 975 days he claimed he had traveled there. Based on these audit findings, Boyland is required to repay the state $67,497 in mileage reimbursement and per-diem payments. In addition to the indictment for submitting fraudulent travel expenses, Boyland has two other pending charges against him related to bribery and mail fraud.

This is just one example of many where employees abuse company or tax-payer dollars through expense reimbursement schemes. According to the 2016 Report to the Nations, expense reimbursement fraud schemes made up 14 percent of the asset misappropriation schemes with an average loss of $40,000. The report also noted that these frauds lasted a median of 24 months before being detected, as was the case with Boyland.

Even though the detection and prevention of fraudulent employee expenses can seem overwhelming, there are controls that management can put in place to mitigate risk in this area. The following tips can aid in the detection, prevention and deterrence of this type of fraud:

  • Implement continuous control monitoring software. This software is automated and can review 100 percent of expense data. It can be configured to identify outliers or areas where fraud and noncompliance are most likely to be detected. Data reported from these monitoring solutions can help decrease fraudulent expense activity through trend reviews of anomalies. Employees might also be deterred from attempting a fraud if they know that a tool is in place to review all expenses submitted. 
  • Implement a formal travel and entertainment expense policy. It is important for management to develop a clear travel and entertainment expense policy and communicate it to their employees. Management should also ensure employees are aware of their expectations toward policy adherence and establish consequences for failure to comply with policy requirements. 
  • Hold management accountable. Management might be lax in its review and approval of employee expenses, but if held accountable for approving fraudulent expenses, they might spend more time reviewing them. Approving managers should also consider occasionally questioning employees about expenses they submitted. This practice can actually have a deterrent effect: if employees know someone is actually reviewing what they submit, they are less likely to submit a fraudulent expense. 

Although expense reimbursement fraud is rampant, it can be minimized if the proper action is taken. Management must be proactive and implement the necessary controls to help deter employees from committing schemes and detect if they do occur. Failing to take action can be detrimental to the company and leave it exposed to this and other types of fraud schemes.

Episode Notes for Fraud Talk: 'The Problem With Too Many Choices'


Emily Primeaux, CFE
Associate Editor, Fraud Magazine

In January I had the pleasure of interviewing Bret Hood, CFE, about using data analytics in fraud examinations and the problem of “choice paralysis.” Currently the director of 21st Century Learning & Consulting and a retired FBI supervisory special agent, Hood has spoken at ACFE Annual Global Conferences and is a federal court-recognized expert in fraud and money laundering.

Hood recently wrote an article for the January/February 2017 issue of Fraud Magazine about choice paralysis using a grocery store study. In the article and on the podcast, he explained that this study helped highlight that when people are given too many choices, they freeze and can’t make a decision. The same can happen when a fraud examiner approaches an investigation using data analytics.

Data analytics software can produce an endless amount of data — some usable, others distracting. In the podcast, Hood explained that it’s important for fraud examiners to determine which data sets are relevant. “If we’re doing a billing fraud, I should only be concerned with the billing and not something else,” Hood said. “So if I have billing fraud, I don’t necessarily care about accounts payable. It depends on what kind of billing we have, but what happens is when we start to focus on other things, when we start to take the divergent path, that distracts us from what our original purpose is.”

Other highlights from the interview include:

  • Recommendations for how fraud examiners can overcome choice paralysis, including prioritizing three things that are relevant to your case, focusing on those and fighting the urge to move down other paths as they become present.
  • An analysis of how the brain processes information, including a look at your “working memory.”
  • System 1, the reactionary part of your brain, versus system 2, the reasoning part of your brain.

You can listen to Hood’s entire interview at and join the discussion about the podcast in the ACFE Community.

Helpful Resources Mentioned in This Episode