Charles Harvey Eccleston, 62, a former U.S. government scientist, has pleaded guilty to a federal offense for an attempted e-mail “spear-phishing” attack in January 2015 targeting Department of Energy (DOE) employee email accounts. He pled guilty to attempted unauthorized access and intentional damage to a government computer. He also pled guilty to criminal forfeiture.
According to documents filed in the U.S. District Court for the District of Columbia, Eccleston caused or attempted to cause damage to a computer without authorization.
“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” said Assistant Attorney General for National Security John P. Carlin, according to a U.S. Department of Justice release.
Justice Official Thanks FBI
“This prosecution underscores our commitment to prosecute those who carry out or plan cyber-attacks against our government, whether they are in the United States or in remote locations overseas,” said U.S. Attorney Channing D. Phillips of the District of Columbia U.S. Attorney Phillips. “Thanks to the work of the FBI, this former federal employee was arrested before he could do any damage and he now is being held accountable for actions that could have threatened our national security.”
Eccleston worked as a scientist for the Nuclear Regulatory Commission (NCR) and the Department of Energy (DOE), according to court documents. In this role, he had a security clearance granting him access to nuclear energy program information. He left his position in 2010 and moved to the Philippines in 2011.
Eccleston Offers Email List
In April of 2013, Eccleston visited a foreign nation’s embassy in Manila and told them he had secret U.S. government information he wished to sell them. He offered a list of 5,082 email accounts of U.S. energy agency employees, engineers and officials in exchange for $18,800.
Asked the benefit of this information, Eccleston said the addresses were top secret and were used for official correspondence between employees and officials.
Asked what he would do if the country was not interested in the information, Eccleston said he would offer it to Iran, China or Venezuela. He provided the embassy official a contact email and a code to use if they wanted to pay him.
FBI Goes Undercover
The embassy official informed the FBI. An FBI agent then contacted Eccleston posing as an intelligence agent for the foreign country.
Meeting at a hotel in Manila on Nov. 7, 2013, Eccleston told the undercover FBI agent that he held a top secret security clearance and worked on top secret projects. He said he had previously tried to sell U.S. government information to China and Venezuela but did not get access to officials from those countries.
Eccleston showed the agent a list of about 5,000 email addresses and names of NRC employees and offered to sell it for $23,000. He said the addresses could be used to insert a virus into NRC computers.
He also said emails could be sent to these accounts to shut down NRC servers. He offered to develop and implement such a plan. He gave details about how he would do this.
Eccleston further suggested the agent could re-sell the addresses to Hezbollah.
He told the agent that if he did not get back to him in 60 days, he would sell the information to the French.
The undercover agent agreed to buy a thumb drive containing about 1,200 NRC employee email addresses. The agent gave him $5,000 for the addresses and another $2,000 for expenses.
Phishing Attack Planned
Eccleston met with a second undercover agent on June 24, 2014 in a Manila hotel. This agent paid him $2,000 for his travel time. Eccleston said he had a list of 30,000 email accounts at the DOE that contained every scientist and engineer responsible for designing, researching and building U.S. nuclear weapons. He repeated his plan for conducting a cyber attack on a U.S. government agency.
During this meeting, Eccleston agreed to pursue the plan in exchange for $1,000 for each recipient who received an infected email.
In July of 2014, Eccleston sent documents to the undercover agent using a cloud-based file service. One document contained a chart including names, email addresses, and identified positions of 55 DOE employees. It included an assessment of the type of information to which the individuals had access.
Malicious Software Implanted
In January of 2015, Eccleston asked the undercover agent for a link to a malicious computer code to plant into an email he had drafted. He later sent the agent a different version of the email containing the link the agent had provided him to about 80 DOE employees. He believed he would receive about $80,000 for this activity by the foreign country.
A search of the DOE servers confirmed the email reached the intended recipients at Oak Ridge National Laboratory in Tennessee, Los Alamos National Laboratory and Sandia National Laboratory, both in New Mexico, Lawrence Livermore National Laboratory in California, and the DOE in Washington, D.C.
Analysis revealed the email addresses Eccleston provided were publicly available.
Featured image from Shutterstock.