Charles Harvey Eccleston, a 62-year-old former employee of the Nuclear Regulatory Commission (NRC) and Department of Energy (DOE) currently living in the Philippines, was the subject of an undercover investigation by agents from the Federal Bureau of Investigation (FBI) after a cyber attack was used to attempt to steal files from the Department of Energy.
Eccleston worked at the Department of Energy between 1988 and 2001, had been terminated from his position as a Facilities Security Specialist at the NRC in October 2010 due to performance and conduct issues, and moved to the Phillipines in May 2011. After moving to Davao City in the Philippines, Eccleston married a local woman, and needed money to stay in his new country of residence.
From his actions, it appears that Eccleston was more than disgruntled after his termination by the NRC. In the fall of 2012, Eccleston published an article titled “The Nuclear Regulatory Commission and NEPA Review”, which strongly criticized the NRC and claimed regulators have “failed to adequately evaluate the impact of serious nuclear accidents under the National Environmental Policy Act (NEPA). Eccleston claimed that the NRC policy is geared towards continuing the operation of nuclear power plants in the face of a “growing body of evidence about the risks and hazards facing the country’s aging nuclear fleet.”
In February 2013, Eccleston sent an email to Allison MacFarlane and the other Commissioners of the NRC, in which he claimed to expose the agency’s “deceptive and tainted license renewal process” in a book he published in 2012.
According to a press release from the FBI, it was the desire to collect funds to stay in the Philipines that led Eccleston to walk into a foreign embassy, report that he was a government employee with top-secret security clearance and offer “to provide classified information, which he claimed had been taken from the U.S. government.”
Eccleston first offered a list of over 5,000 email accounts of all officials, engineers, and employees of the NRC in exchange for $18,800, which he claimed was about the cost of a new Honda Civic. He also said that he could obtain accurate engineering blueprints of U.S. nuclear reactors, but didn’t relay an asking price for that information.
Representatives of the foreign embassy, which has not been identified in court documents, reported the events to the FBI, who verified Eccleston’s movements and actions.
In October 2013, the FBI sent agents posing as representatives of the foreign country and offered money in exchange for conducting a cyber attack on the computer systems at the DOE.
Eccleston sold the undercover FBI agents some 1,200 NRC email address for $5,000 and an additional $2,000 for expenses.
The undercover agents told Eccleston that he would receive more payments in the future if he would conduct a spear-phishing cyber attack on the email accounts of government employees, which would give access to sensitive nuclear information.
A spear-phishing attack involves the creation of an email from a trusted source which convinces select recipients to open it, after which the computer of the receiver is infected with a virus.
The agents gave Eccleston a phony computer virus, which he attempted to send to 80 email addresses on January 1st, 2015.
According to John P. Carlin, Assistant Attorney General for National Security, “Eccleston sought to compromise, exploit, and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent to allow foreign nations to gain access to that material.”
In a criminal affidavit it is reported that Eccleston was planning to provide the nuclear secrets to China, Iran, Venezuela, or another unidentified country.
The affidavit also says that while Eccleston explained that he couldn’t guarantee the success of his phishing attack, he claimed to be willing to continue attacking using various methods until the task was completed. In an email to agents posing as representatives of the foreign country, he wrote, “Due to things that are occurring as we talk, in the newspaper, everybody is going back for retraining, and they are teaching people to be very careful … to be prudent, to be careful what they click on and for people to go in for retraining and I honestly don’t know successful this will be,” he said in the email. “However, if it’s successful, then the project, we can try more projects. If it’s not successful, I have more sophisticated ideas on how to do this. So I have … if it doesn’t work well, I have several other ideas that I think will be much, much, more successful.”
The complaint also reports that Eccleszton claimed to have worked for two “highly classified, unnamed U.S. government programs” and would reveal details about them for $100,000.
Eccleston planned to convince readers to open his emails and click his links by disguising them as innocuous invitations to nuclear training and education conferences. The invitations would contain a link entitled “Conference Details and Registration”, which would infect the computer with a malicious code if clicked by the recipient of the email.
According to the FBI, Eccleston sent the potentially damaging emails to over 80 DOE computers in January 2015, but was prevented from actually transmitting the malicious code to the government computers.
On March 27th, 2015, Eccleston was detained by Philippine authorities in Manila and deported to the United States to face criminal charges.
Eccleston has been indicted with three counts of unauthorized access to computer and one count of wire fraud – all of which are felonies, and faces up to 50 years in jail. The indictments are only attempted violations of the statutes because the FBI ensured that no computer virus was actually embedded in the spear-phishing emails.
The next hearing has been set for May 20th, 2015.
Source: Department of Justice
Source: Federal Bureau of Investigation
Source: The Guardian