WASHINGTON (Reuters) - The U.S. Justice Department has charged a former employee of the Department of Energy and the Nuclear Regulatory Commission for allegedly attempting an email attack on government employees to extract sensitive information on nuclear weapons.
According to an indictment unsealed on Friday, Charles Eccleston allegedly attempted the “spear-phishing” attack in January targeting dozens of email accounts, where he believed he was unleashing a virus to collect the information.
Eccleston, who has lived in the Philippines since 2011 after he was fired from the NRC in 2010, was caught in a sting by the Federal Bureau of Investigation after he approached a foreign embassy about providing classified U.S. information. Undercover FBI employees then posed as foreigners and promised to pay for the spear-fishing attack, according to the Justice Department.
Eccleston drew on his past career to draw up email lists and compose the text of an innocuous-seeming invitation to a conference that he sent to 80 Energy Department employees, according to the indictment.
Spear-fishing involves convincing an email recipient to click on a link in a message that then releases a virus and Eccleston believed the code he included in the invitation would both damage computers and extract information. But the link had been provided by an undercover agent, who ensured it would not infect recipients’ machines, according to the indictment.
The indictment did not identify the country Eccleston allegedly approached but the Washington Post has said it was China. A Justice Department spokesman declined to identify the country.
Eccleston, 62, was detained on March 27 and deported to the United States. The first hearing on the indictment is scheduled for May 20.
He was charged with four felony offenses, including crimes involving unauthorized access of computers and wire fraud. For the wire fraud charge, Eccleston faces a maximum sentence of 20 years.
Reporting by Lisa Lambert; Editing by Bill Trott