Skip to Content
Keeping secrets: FIU alumnus a dark web sleuth

Keeping secrets: FIU alumnus a dark web sleuth

April 20, 2018 at 12:32pm

There’s a reason it’s called the  Secret Service. Even two years after retiring from the agency, former covert operative Robert Villanueva ’89 holds the line when it comes to how much he reveals about his former professional activities. The FIU alumnus made a life of infiltrating crime syndicates, but don’t expect any juicy details. His loyalty and sense of propriety—not to mention a non-disclosure agreement with the U.S. government—keep him tight-lipped.

This Villanueva confirms: In his 25 years as an undercover agent, he investigated the counterfeiting of U.S. currency worldwide before transitioning into cyber intelligence work just as internet-based crime began to kick into high gear. During that time, he lived in Latin America, Europe, Washington, D.C., and his native South Florida, and much of his day-to-day involved posing as the same kind of unsavory characters he was trying to catch. Even as his job took a virtual bent, his goal remained to meet up in person with those he had connected with online so as to disrupt their activities and target them for arrest in their respective countries and eventual extradition to the United States.

In 2015, alumnus Robert Villanueva was a featured presenter at a cybersecurity conference held on campus and sponsored by the Department of Electrical & Computer Engineering, to which he has served as an advisor. At the time he headed the Secret Service’s Miami Electronic Crimes Task Force.

More often than not, the crooks Villanueva sought had him heading to Eastern Europe. When pressed for the names of countries, he gives barely an inch. “You can say ‘Eurasia,’” he allows.

That kind of face-to-face confrontation must have been frightening, right?

“When you’re dealing with a transnational criminal, many times they’re [part of] organized groups of real bad people,” Villanueva says. “Interacting with them, talking with them, there’s always a level of risk and there’s always a level of putting your life in potential danger. That’s just the nature of the job.”

Villanueva adds emphatically that the Secret Service takes “every precaution to protect their undercover agents at all times.” Even so, his clandestine operations would likely have led to some pretty dicey encounters, right? Perhaps ones where his life was threatened, right?

Villanueva broadly concurs with those statements but, despite much encouragement to spill a little of what must have been a rather thrilling career, he doesn’t offer an anecdote, an example or any other shred of detail. “I can’t speak to the specifics,” he says matter-of-factly.

Subverting attacks on the Treasury

Most Americans recognize the  U.S. Secret Service as the entity that provides physical protection to the nation’s highest elected leaders and visiting foreign dignitaries. (Think dark suits and earpieces.) What few know is that the United States’ oldest investigative agency, which dates back to the end of the American Civil War, was originally founded to combat the then-widespread counterfeiting of U.S. currency. In this century that mission has evolved to include the safeguarding of the country’s financial infrastructure, including payment systems. Hence Villanueva’s globe-trotting career.

Soon after graduating from FIU, the one-time criminal justice major submitted to a two-year vetting process that eventually gave way to his entering the elite agency’s academy. About a decade later, his natural aptitude for computers—he had taken a few computer science courses on his own—coupled with some high-level government training set him up to found and head global operations for the Secret Service’s Cyber Intelligence Section in Washington, D.C.

Villanueva and those he supervised soon became regulars on the dark web, a hidden part of the internet that is used for illicit activity and is inaccessible through standard web browsers. There they made “friends” with hackers and malware writers and others looking to filch financial information—be it from companies in large data breaches or from individuals whose security credentials were lifted from compromised computers—which in turn could be sold to the highest bidder.

Read more: Educating a generation of cyber warriors

“For the most part, the malware writers are highly educated computer scientists or programmers,” Villanueva explains of the cyber thieves, who often hold day jobs as system administrators and, in one case, a university professor. “We have folks that we’ve identified having Ph.D.s and master’s degrees in computer science, and at night they’re basically moonlighting conducting global cybercrime,” he says. “They’re looking for any network or software vulnerabilities worldwide and trying to exploit them for financial gain. Corporations and citizens in the United States are a very lucrative target when it comes to these miscreants stealing and exploiting their proprietary and personal data.”

In 2017 alone, a host of high-profile data breaches made clear the extent of the problem. In the case of the credit bureau Equifax, the personal data of 145 million people was stolen, including social security and driver’s license numbers, which could leave individuals open to identity theft for years to come. Universities, retailers, health care systems and hospitals, among others, also reported the purloining of highly sensitive information.

A cyber PI

Villanueva’s quest to rid the world of dregs lurking in the digital underworld continues unabated. After retiring from the Secret Service, he became a partner in South Florida-based Q6 Cyber. (Other offices are located in Costa Rica and Israel). Its  web site references “building impenetrable borders through proactive, intelligence-driven security.” Rather than waiting for the worst to occur, Villanueva explains, the company monitors private forums and other hard-to-find nooks and crannies on the dark web for potential threats against its clients, among them retail establishments, investment firms and financial institutions.

“Due to our years of experience in this field”—technical team members are all either ex-government or ex-military—“we’ve developed our own proprietary technology,” he says. “We can actually see and capture, real time 24/7, when and where [thieves] are posting compromised information so that we can notify our clients immediately of what’s going on. Additionally, after these cybercriminals steal information, we can also locate and analyze some of their conversations, learn any of their new techniques and tactics, so we can subsequently also inform our clients of this. Our analysts, engineers and collection tools are actually getting ahead of any eventual fraud, basically.”

Aside from working around the clock to stop potential damage to individuals and companies, Villanueva’s team provides whatever leads and other information they gather to the proper law enforcement authorities in hopes that the cyber villains will be taken down and apprehended.

Anyone curious to know the particulars of how such cyber sleuths glean the physical whereabouts of evildoers they encounter during treks through the various corners of the iniquitous dark web—well, you’ll just have to keep wondering. Villanueva’s not talking.