A former Energy Department employee accused of attempting to infiltrate the agency’s computer system to steal nuclear secrets and sell them to a foreign government pleaded guilty Tuesday to a reduced charge of attempting to damage protected government computers in an email “spear-phishing attack.”
Charles Harvey Eccleston, a former employee at the department and at the independent Nuclear Regulatory Commission, was arrested March 27 by Philippine authorities after an undercover FBI sting operation.
Eccleston, 62, a U.S. citizen who had been living in the Philippines since 2011, was “terminated” from his job at the NRC in 2010, according to the Justice Department. In January 2015, the department said, he targeted more than 80 Energy Department employees in Washington at four national nuclear labs with emails containing what he thought were links to malicious websites that, if activated, could infect and damage computers.
The FBI said that no computer virus or malicious code was transferred into government computers.
He was deported to the United States and indicted in April on four counts including wire fraud and attempted unauthorized access to defraud, extract information and cause damage to government and protected computers. If convicted on all counts, he faced a maximum of 50 years in prison.
Eccleston was charged Friday in a superseding information with one count of attempting to knowingly cause damage to 10 or more protected computers. He faces a maximum prison sentence of 10 years, but in a plea deal with prosecutors both sides said a term of 24 to 30 months is appropriate at sentencing April 18 before U.S. District Judge Randolph D. Moss of the District of Columbia.
“Is it in fact the case that you did attempt to cause the transmission of code to cause or attempt to cause damage to a protected computer system without authorization?” Moss asked during a 30-minute plea hearing.
“It is,” said Eccleston, dressed in an orange prison jumpsuit.
U.S. Assistant Attorney General for National Security John P. Carlin said in a statement that Eccleston admitted to attempting “to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information.”
The sting was launched after Eccleston offered to provide an unnamed foreign government with more than 5,000 email addresses of all Energy Department employees for $19,000, or else he would offer the information to China, Iran or Venezuela, according to court files.
After the unnamed foreign government reported the incident, the FBI sting operation sent undercover employees posing as the country’s representatives to meet with Eccleston in 2013. Eccleston provided 1,200 publicly available email addresses in exchange for $7,000, including expenses, authorities said.
Court documents say that in exchange for what he said would be $80,000, he later committed to design and send emails that he was led to believe would launch a cyberattack using a link to lure recipients, including some he said had access to information about nuclear weapons and materials.
Eccleston told Moss that he originally offered only to provide non-classified email addresses before the FBI came to him with a more elaborate plot.
“I never set out to do anything that this developed into,” Eccleston said, asserting that of many statements he had made to the FBI that he was “making it up.”
Eccleston agreed to pay a judgment of $9,000 and faces a potential fine of as much as $95,000 at sentencing.