Saturday 23 March 2019

A false sense of security? Covert ops at Anglo Irish Bank

In the last days of the Celtic Tiger, counter-espionage expert Seán Hartnett found himself servicing Anglo Irish Bank's increasingly paranoid drive for privacy. He tells the tale in an exclusive extract from his new book

Before the storm: Sean FitzPatrick and David Drumm at Anglo Irish Bank's AGM in February 2008. Photo: Jason Clarke
Before the storm: Sean FitzPatrick and David Drumm at Anglo Irish Bank's AGM in February 2008. Photo: Jason Clarke
'Client Confidential' by Sean Hartnett from Merrion Press

'It's what the client wants, so just design it, price it and deliver it," the architect growled at me angrily. The discussion had been going back and forth, not just at today's project management meeting but over the past couple of meetings. He was now getting annoyed at my failure to comply with David Drumm's wishes.

"This is way over the top. It's simply not required. You're talking military grade here. The cost will run into six figures," I continued to argue. My job was to deliver the best possible solution for the client, and that included value for money. I was the expert here but, as is often the case at these meetings, egos tended to outweigh experience. The client was requesting armoured communication cables into his office and those of other senior executives, along with some of the meeting rooms and boardrooms.

Please log in or register with for free access to this article.

Log In

I had designed many such systems over the years, but all of them were for military installations. Hell! MI5 HQ in London had armoured cable, but only because it might be subject to a physical attack on its communications. That was it! The penny finally dropped! The combination of all the other shadowy work I was doing for this client unbeknownst to everyone else in this room was now making sense.

Armoured cable is used as a preventative measure against a physical tap being placed into a communications network. It prevents side leakage from the cables contained within it, so the armoured cable would have to be dug up, cut into and then a physical tap put on to it. This is time-consuming, very obvious and takes a certain amount of skill to achieve it clandestinely. There is only one type of organisation that has both the lawful right and the expertise to do this, and that is a law enforcement agency of some form.

Anglo Irish Bank, my client, and in particular David Drumm, knew the bank was in trouble. It seemed to me he had known for quite some time, and now they were prepared to do anything to keep it quiet, including preventing any regulatory or investigating body from accessing their communications network.


It was all coming together for me now. The trouble was, in my own small way, I had been helping them in their subterfuge. I had been involved with the design of Anglo Irish Bank's new headquarters in the heart of Dublin's trendy Docklands since the very beginning. It was to be a beacon of excellence, and with that a demonstration of just how pampered the Irish banking system and its employees really were. The complex included individually climate-controlled workstations for the traders and had not one but two gyms - the senior executives could not be seen sweating with their juniors, after all. The executive top floor boasted a rooftop bar, and private dining room and kitchen - perfect for entertaining developers and politicians alike. It was everything that was wrong with the Celtic Tiger. But it was all fur coat and no knickers, as my mum would say. I was part of the security design team, and everything about it would be state-of-the-art. The access control systems included end-to-end encryption, thus making an unauthorised breach almost impossible.

There was so much CCTV covering the building that it would be impossible to move anywhere without being seen. But it was the executive levels and communications rooms where most of the security was focused, and now I knew why. This all made sense for a bank, but not for a bank that didn't actually hold any cash.

From the outset, I had encouraged the design team to focus on information security, as that was where the bank's main vulnerability lay. However, my advice fell on deaf ears, and more and more focus seemed to be fixed on preventing people entering the building, in particular the executive levels. The lifts to the executive levels were to be access-controlled, again a move I would not have taken much notice of had I not known the other work I was doing on behalf of the bank and its executives.


By now there were signs in the market that the boom would soon become bust. It had started in February 2007 when the markets were briefly rattled by fears over US sub-prime mortgages, but they soon recovered. This was only a few weeks after one of my many sweeps at Anglo Irish Bank. I believe those at the top of Anglo Irish Bank knew then what was coming.

The first fall in property prices since the start of the property boom were recorded in March 2007, and the following month Morgan Kelly on RTÉ's Prime Time forecasted a collapse in property prices and massive bank losses.

In February 2008, Northern Rock was nationalised by the UK government. But it was March 2008, when US bank Bear Stearns was rescued from the brink of collapse and Anglo Irish Bank shares fell 30pc in a single day - the St Patrick's Day Massacre - that the cracks finally started to show, not only in Anglo Irish Bank but in the Irish economy as a whole. It was at this point that a colleague on the project management team pointed out that this would be a great time to buy shares in Anglo, as the shares were bound to recover in time. If only he knew what was really going on. Share prices continued to fall over the coming months while lending to the Quinn Group rose - a course of action that would eventually lead to one of the biggest court cases in the history of the state.


My more covert work at Anglo Irish Bank had become more and more bizarre. I was still being tasked by the bank to carry out TSCM (technical surveillance counter measure) sweeps at an alarming rate, but that wasn't the only unusual aspect of the work. It was becoming increasingly obvious to me that many of the senior executives at Anglo were keeping the TSCM sweeps I was carrying out on their behalf to themselves. None of them wanted the other high-level executives to know what I was doing for them. It was now a case of rats leaving a sinking ship and every man for himself. Paranoia at Anglo Irish Bank hit levels I had never experienced before either in the commercial world or even in the world of military intelligence. I wasn't even sure if I was being paid by Anglo or individual executives themselves for much of the work I was doing. In fact, much to my own detriment later, many of the bills weren't paid at all. I wasn't too concerned at that time, however. After all, they were a bank, so I'd eventually get paid, wouldn't I?

I knew something was seriously amiss when I was asked to do a full sweep of Anglo's backup data site. For anyone who works in the area of commercial counter-espionage, this is a highly irregular request. Due to the level of cybersecurity that companies, in particular financial institutions, invest in their IT networks, illicit penetration of such sites is almost impossible.

And yet, despite my recommendations to the contrary, here I was heading to this off-site data centre located in a high-security facility on the outskirts of Dublin. I arrived and went through the rigorous security checks to gain entrance to the building. I was escorted by a security guard to the area containing the Anglo Irish Bank equipment. It was a state-of-the-art facility, containing row upon row of climate-controlled cabinets in which the data servers were stored.

I did a complete sweep of the system, looking for any software or hardware bugging. None was found. It was utterly ridiculous that a rival commercial firm could plant an illicit device in such a high-security facility, and I didn't believe a word of the story that Anglo had spun me. Some of those at the very top of Anglo believed they were under surveillance by some form of regulatory or law enforcement body, and I was there to ensure that anything that may have been planted was found and removed. Even paranoid people have enemies, as the saying goes, and that was what was behind all this.


The next time I saw David Drumm he was not the same man I had seen when I first began working for Anglo Irish Bank. Gone was that confident, almost brash figure that stalked around the Anglo HQ, sending people scuttling out of his way. By now, I had carried out sweeps of every part of his life: office, car and home. He was a shadow of his former self. The weight of the world was on his shoulders, and I finally knew why, and he wasn't the only one. And then it happened. The message was short and to the point: the following morning's project management meeting was cancelled and the bank would be in touch with further instructions. The phone started hopping. Everyone was ringing around trying to find out what was going on, but it was obvious to me that the new Anglo Irish Bank headquarters would never be finished, at least not by Anglo.

Many of us were left holding the can, with bills unpaid. For me it was even worse. I had been working for the bank in two capacities, and now the invoices for both were outstanding.

My mind was now racing with worry, when people within the bank who would normally take a call from me at a moment's notice were suddenly unavailable. No form of communication was being replied to. All the TSCM work from Anglo had dried up overnight, and I was about to learn a very harsh business lesson. On September 15, the US bank Lehman Brothers collapsed, filing for bankruptcy in New York and causing turmoil in the global financial system. Two days later, Anglo Irish Bank executives met a Central Bank official. Anglo wanted a €7bn emergency loan. On September 29, 2008, the Irish government took an overnight decision to guarantee the banking system by covering customer deposits and the bank's own borrowings to a total of €440bn. As late as December 3, 2008, Anglo Irish Bank was still trying to convince the market that it was still profitable and solvent in its annual results. Two months later, in January 2009, Anglo Irish Bank was formally nationalised. It would report a loss of €12.7bn - the biggest corporate loss in Irish history.

To be perfectly honest, I didn't give a fuck about all that. I was primarily concerned about the money I was owed and my own business. My hands were tied for now. The queue of people looking for money from Anglo was a mile long, and I was very much to the rear of that queue, but I was prepared to play the long game. I did, however, get the opportunity to add to Anglo's woes: I tried to make it easier for any investigation by ensuring they knew where all of Anglo's information was kept. A mate of mine from CAB (Criminal Assets Bureau) called me on the morning that the bank guarantee was announced. He was calling on behalf of one of his own contacts in another anti-fraud unit.

"Seán, anywhere other than their offices that we should be looking?" said the voice down the phone. I knew who 'they' were without asking, and I also knew where he might have a chance to pick something up, where Anglo officials might not have had an opportunity to clean house yet. "Their backup site. It might not be sanitised yet."

He didn't even say goodbye as I gave him the address, such was the rush to get hold of anything that they could use later against Anglo and its executives.

Despite all the money that Anglo Irish Bank and individual executives within that institution had spent on TSCM and commercial counter-espionage, it was their own internal system that had caught them out. I'm not sure if that's what they call irony, but it sure is bloody funny. It was in the now-infamous Anglo tapes that each of the Anglo executives accused of wrongdoing would hang themselves.

These were the internal calls on Anglo's own telephone system that were recorded. Most, it is assumed, knew they were being recorded as part of standard practice, but as with most things over time, one tends to not so much forget about them as become comfortable with them. It was something that had never really crossed my mind.

My TSCM operations were there to find illicit eavesdropping devices planted by those outside of the company or on behalf of someone outside of the company. The tapes would demonstrate the true disdain that those at the top had for the Irish people. For me the tapes would put the final piece of the puzzle into place.

* The above extract has been lightly edited.

'Client Confidential' from Merrion Press is available soon

Indo Review

Also in Business