A former Nuclear Regulatory Commission scientist pleaded guilty Tuesday to a federal computer crime, admitting that he attempted to launch a cyber-attack on government computers by sending employees emails that he thought contained a virus.
Charles Harvey Eccleston, who was detained in the Philippines last year and deported to the United States to face charges, faces up to 10 years in prison when he's sentenced.
Prosecutors say Eccleston last year attempted "spear-phishing" emails to dozens of Energy Department email accounts — a technique in which hackers send targeted, legitimate-looking emails that when opened can launch malicious software onto a recipient's computer network. The goal was to expose the computer system to a virus and extract sensitive information on nuclear weapons that could then be passed to a foreign country.
But the email attachment in this case — an invitation to a conference — was actually benign and was manufactured as part of an undercover FBI operation in which an agent posed as a foreign intelligence officer.
The scheme began in 2013 when Eccleston entered a foreign embassy in the Philippines — where he moved after being fired from the NRC in 2010 — and offered to sell more than 5,000 "top secret" addresses of Energy Department employees in exchange for more than $18,000.
Eccleston said that if the embassy refused, he could offer the "top secret" information to Iran, Venezuela or China. The identity of the embassy was not revealed in court documents and remains classified, prosecutors said.
Instead, the embassy contacted the FBI, and an undercover agent posing as an intelligence officer then reached out to Eccleston to coordinate on the planned cyber-attack.
Eccleston spoke briefly at the plea hearing, saying that the email addresses he offered to sell to the embassy were not classified.
"I never set out to do anything that this developed into," Eccleston told U.S. District Judge Randolph Moss.