Charles Harvey Eccleston, a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC), was indicted on charges of attempting to extract sensitive, nuclear weapons-related information and sell them to a foreign country. According to the indictment unsealed on Friday, Eccleston allegedly attempted to extract this information from computers at the Department of Energy through “spear-phishing” emails.
A spear-phishing attack involves crafting an email that appears to be from a trusted source, and infects the recipient’s computer with a virus when opened. According to the FBI, Eccleston sent such emails to over 80 computers in January. However, no computer virus or malware was transferred to these systems.
“As alleged in the indictment, Eccleston sought to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent to allow foreign nations to gain access to that material,” John P. Carlin, the assistant attorney general for national security, said in a statement.
Eccleston’s activities came to light during an undercover FBI operation when he offered to design and send spear-phishing emails that could be used to damage the computer systems used by his former employer. He also went to the embassy of an unnamed foreign nation and offered to sell classified information.
Eccleston, 62, had been living in the Philippines since 2011 after he was fired from the NRC in 2010, reportedly for failing to meet the requirements of a two-year probationary period. He was detained by Philippine authorities in Manila on March 27, 2015, and deported to the United States to face criminal charges. He will remain in detention pending his hearing on May 20.
“This prosecution demonstrates federal law enforcement’s vigorous efforts to neutralize cyber threats that put consumers, our economy, and our national security at risk,” Acting U.S. Attorney Vincent H. Cohen Jr., said in the statement.