The Story of the Former Fed Who Tried to Launch a Cyberattack on Nuclear Scientists

A nuclear scientist formerly employed by the federal government admitted Tuesday that he tried to infect the computers of about 80 government employees whom he believed had access to nuclear materials and weapons.

According to court documents released by the Justice Department, the scientist, Charles Eccleston, pleaded guilty to one count of attempted unauthorized access to a protected computer.

Until he was fired in 2011, Eccleston worked for the Nuclear Regulatory Commission, a federal agency that oversees civilian use of radioactive materials. During his time at the commission, he held a security clearance in order to work on nuclear-energy issues, according to the documents. A year after his federal government job ended, he moved to Manila, the capital of the Philippines.

In 2013, Eccleston went to the Manila embassy of an unidentified foreign country, and offered to sell foreign officials a list of thousands of federal employees’ email accounts for $18,800. He said the addresses were “top secret” and used for official communication. As a negotiating ploy, he said he would take the list to China, Venezuela, or Iran if the embassy didn’t want them.

The foreign officials said they were interested, but unfortunately for Eccleston, they went straight to the FBI. Eccleston shared a plan with a foreign spy who was really an undercover FBI agent: He would set up a website for a fake conference, and distribute a link to the website to his list of NRC employees. Once they clicked on the link, they’d download a virus to their computers, which would allow the foreign country to monitor the U.S. employees’ computer use.

“I know what they’re looking for,” Eccleston told the undercover FBI agent, according to a court document that he verified as part of his plea deal. “I know what their needs are.” He proposed luring targets in by offering them fake chairmanships on fake committees, because “these people always want to be chairs of important … things.”

He also proposed later reselling the email list to Hezbollah, a detail which may suggest that the country he thought he was dealing with is allied with the militant group. Hezbollah is involved in the Lebanese government, is closely allied with the governments of Iran and Syria, and has good relations with Russia, among other countries.

Eccleston was then referred to another FBI agent posing as foreign intelligence, and offered to sell the agent a list of 30,000 Energy Department email addresses that he said belonged to employees involved in nuclear-weapons development. He proposed launching denial-of-service attacks, “if somebody really wanted to get pissed off.”

Over the course of many months, Eccleston worked with the FBI to develop a plan of attack. Finally, in January 2015, he pulled the trigger: He sent an email containing what he thought was a malicious link to about 80 Energy Department employees, advertising an upcoming nuclear conference in Washington, D.C. The link, which was received by employees in nuclear labs in Tennessee, New Mexico, California, and in the DOE headquarters in D.C., was harmless.

He was told he would be paid about $80,000 for his efforts. Instead, he was arrested by Philippine police and deported to the U.S. He signed a plea deal on Tuesday, affirming that the evidence the FBI gathered on him is accurate, and faces up to 30 months of prison time and up to $95,000 in fines. (He was originally charged with four felonies.)

And those “top secret” NRC email addresses Eccleston sold for thousands of dollars? The FBI later realized they were all publicly available.