Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Former Nuclear Regulatory Commission Worker Pleads Guilty Over Attempted Hack

Former U.S. Nuclear Regulatory Commission Employee ‘Tried to Sell Nuclear Secrets’

A former Department of Energy employee pleaded guilty today to a federal offense stemming from an attempt to hack agency computers to steal and sell nuclear secrets to Iran, China and Venezuela, the U.S Department of Justice said Tuesday.

Former U.S. Nuclear Regulatory Commission Employee ‘Tried to Sell Nuclear Secrets’

A former Department of Energy employee pleaded guilty today to a federal offense stemming from an attempt to hack agency computers to steal and sell nuclear secrets to Iran, China and Venezuela, the U.S Department of Justice said Tuesday.

Charles Harvey Eccleston, 62, who also worked at the Nuclear Regulatory Commission (NRC), pleaded guilty to a federal offense stemming from an attempted e-mail spear-phishing attack in January 2015 that targeted dozens of DOE employees.

Harvey was caught in an FBI sting operation that was launched after he entered a foreign embassy in Manila, Philippines and offered to sell a list of e-mail accounts of all officials, engineers and employees of a U.S. government energy agency.  

Saying that he was an employee of a U.S. government agency and held a top secret security clearance, he asked for $18,800 for the accounts, stating they were “top secret.”

According to the DOJ, Eccleston, had been living in Davao City in the Philippines since 2011, was terminated from his employment at the NRC in 2010, reportedly due to performance and conduct issues. He was detained by Philippine authorities in Manila on March 27, 2015, and deported to the United States to face criminal charges, where he has been in custody.

In its announcement, the DOJ detailed the sting operation.

“Eccleston, a U.S. citizen who had been living in Davao City in the Philippines since 2011, was terminated from his employment at the NRC in 2010.  He was detained by Philippine authorities in Manila, Philippines, on March 27, 2015, and deported to the United States to face U.S. criminal charges.  He has been in custody ever since.


According to court documents, Eccleston initially came to the attention of the FBI in 2013 after he entered a foreign embassy in Manila and offered to sell a list of over 5,000 e-mail accounts of all officials, engineers and employees of a U.S. government energy agency.  He said that he was able to retrieve this information because he was an employee of a U.S. government agency, held a top secret security clearance and had access to the agency’s network.  He asked for $18,800 for the accounts, stating they were “top secret.”  When asked what he would do if that foreign country was not interested in obtaining the U.S. government information the defendant was offering, the defendant stated he would offer the information to China, Iran or Venezuela, as he believed these countries would be interested in the information.


Thereafter, Eccleston met and corresponded with FBI undercover employees who were posing as representatives of the foreign country.  During a meeting on Nov. 7, 2013, he showed one of the undercover employees a list of approximately 5,000 e-mail addresses that he said belonged to NRC employees.  He offered to sell the information for $23,000 and said it could be used to insert a virus onto NRC computers, which could allow the foreign country access to agency information or could be used to otherwise shut down the NRC’s servers.  The undercover employee agreed to purchase a thumb drive containing approximately 1,200 e-mail addresses of NRC employees; an analysis later determined that these e-mail addresses were publicly available.  The undercover employee provided Eccleston with $5,000 in exchange for the e-mail addresses and an additional $2,000 for travel expenses.


Over the next several months, Eccleston corresponded regularly by e-mail with the undercover employees.  A follow-up meeting with a second undercover employee took place on June 24, 2014, in which Eccleston was paid $2,000 to cover travel-related expenses.  During this meeting, Eccleston discussed having a list of 30,000 e-mail accounts of DOE employees.  He offered to design and send spear-phishing e-mails that could be used in a cyber-attack to damage the computer systems used by his former employer.


Over the next several months, the defendant identified specific conferences related to nuclear energy to use as a lure for the cyber-attack, then drafted emails advertising the conference.  The emails were designed to induce the recipients to click on a link which the defendant believed contained a computer virus that would allow the foreign government to infiltrate or damage the computers of the recipients.  The defendant identified several dozen DOE employees whom he claimed had access to information related to nuclear weapons or nuclear materials as targets for the attack. 


On Jan. 15, 2015, Eccleston sent the e-mails he drafted to the targets he had identified.  The e-mail contained the link supplied by the FBI undercover employee which Eccleston believed contained a computer virus, but was, in fact, inert.  Altogether, the defendant sent the e-mail he believed to be infected to approximately 80 DOE employees located at various facilities throughout the country, including laboratories associated with nuclear materials.


Eccleston was detained after a meeting with the FBI undercover employee, during which Eccleston believed he would be paid approximately $80,000 for sending the e-mails.

Eccleston faces a prison term of 24 to 30 months and a fine of up to $95,000, and is scheduled for sentencing on April 18, 2016.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...