Former DOE employee sentenced to prison for hacking scheme

Former DOE employee sentenced to prison for hacking scheme
© Getty Images

A former Department of Energy (DOE) employee has been sentenced to 18 months in prison for attempting to hack dozens of other agency employees in the hopes of selling nuclear secrets to a foreign nation, U.S. prosecutors said Tuesday.

Charles Harvey Eccleston, a former environmental scientist for the DOE, pleaded guilty to one count of attempted unauthorized access and intentional damage to a protected computer in February. The “spear phishing” campaign he attempted was part of a sting operation facilitated by undercover FBI agents and never infiltrated DOE computers, prosecutors said.

ADVERTISEMENT
U.S. District Judge Randolph D. Moss also ordered Eccleston to return the $9,000 he received from the FBI in payment for the phony information.

"Charles Harvey Eccleston is a scientist and former government employee who was willing to betray his country and his former employer out of spite,” said U.S. Attorney Channing D. Phillips of the District of Columbia.

The FBI started tracking Eccleston in 2013 after he entered a foreign embassy in Manila and offered to sell lists containing the information of U.S. government officials, prosecutors said. He asked for $18,800 for the account details, claiming they were “top secret” and threatening to sell the information to China, Iran or Venezuela if it was not bought.

Undercover FBI agents then started corresponding regularly with Eccleston, posing as foreign intelligence agents while the former government worker designed the spear-phishing campaign.

Eccleston sold a thumb drive with roughly 1,200 Nuclear Regulatory Commission employees' emails to an undercover agent for $5,000. Later he created spear-phishing emails and offered to send them to roughly 80 DOE employees that he told FBI agents were located at laboratories with nuclear materials.

Eccleston was arrested in March 2015 after a meeting with the FBI agent, during which he believed he would be paid around $80,000 for sending the emails.

The emails never contained viruses, as the FBI had provided Eccleston with a fake malicious link.

“His attempts to sell access to sensitive computer networks demonstrate why the government must be so vigilant to prevent cyberattacks,” Phillips said.