Ex-government employee pleads guilty in nuclear secrets cyber attack scheme

A former government employee who was accused of trying to orchestrate a cyber attack against computers that contained information about nuclear weapons pleaded guilty to a federal computer crime, the Department of Justice announced in a news release on Tuesday afternoon.

Prosecutors said 62-year-old Charles Harvey Eccleston, a former employee of the Nuclear Regulatory Commission, admitted his guilt in the attempted “spear-phishing” attack that took place last January. Eccleston was arrested after an undercover operation in which prosecutors said the accused dealt with FBI employees who had been posing as foreign government officials.

Spear-phishing is a type of cyber attack in which people send authentic-looking emails to their targets, encouraging the recipients to open them. However, the emails contain malicious code.

According to the Department of Justice, Eccleston sent an email that he believed contained a virus to about 80 Department of Energy employees, thinking the code would allow a foreign country to infiltrate or harm their computers. Prosecutors said Eccleston targeted employees “whom he claimed had access to information related to nuclear weapons or nuclear materials.”

The code was harmless and was actually crafted by the FBI, according to the release.

Eccleston, who thought he would be paid roughly $80,000 for sending the spear-phishing email, was arrested last March during a meeting with an undercover FBI employee, prosecutors said.

“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” Assistant Attorney General John P. Carlin said in a statement announcing the guilty plea.

Prosecutors said Eccleston was fired from his job with the Nuclear Regulatory Commission in 2010. He moved to the Philippines the following year and had been living there until his arrest.

The alleged cyber attack wasn’t the first time that law enforcement heard Eccleston’s name.

Prosecutors said the FBI first learned about Eccleston in 2013 after he walked into an embassy in the Philippines and offered to sell a list of 5,000 U.S. government email accounts for $18,800. If the nation wasn’t interested, Eccleston said he would offer the list to China, Iran or Venezuela.

That November, the FBI sent undercover employees to meet with Eccleston and had them pose as foreign government officials. One FBI employee bought a list of 1,200 email addresses for $5,000, prosecutors said, though an investigation found the accounts were publicly available.

Prosecutors said Eccleston communicated with the employees for “several months,” and offered to help design the spear-phishing emails during a meeting with an undercover FBI employee in June 2014. He made the bogus emails look like advertisements for a nuclear energy conference.

Eccleston pleaded guilty to attempted unauthorized access and intentional damage to a protected computer and faces 24 to 30 months in prison and a $95,000 fine when he is sentenced in April, prosecutors announced.

Leave a Reply