No response by the Russians using the GUARD channel? This is the common airband channel for all aircraft regardless of tail number or flag. Essentially this appears to come close to electronic warfare.
WASHINGTON (AFP) – A US Air Force reconnaissance plane was intercepted by a Russian SU-27 jet in an “unsafe and unprofessional” manner while flying a routine route in international airspace over the Baltic Sea, the Pentagon said.
“The US aircraft was operating in international airspace and at no time crossed into Russian territory,” said Laura Seal, a Pentagon spokeswoman.
The incident comes shortly after Russian aircraft repeatedly buzzed the USS Donald Cook this past week, including an incident Tuesday in which a Russian Su-24 flew 30 feet (nine meters) above the ship in a “simulated attack profile,” according to the US military’s European Command.
Russia has denied the action was reckless or provocative.
“This unsafe and unprofessional air intercept has the potential to cause serious harm and injury to all aircrews involved,” Seal said of Thursday’s incident.
“More importantly, the unsafe and unprofessional actions of a single pilot have the potential to unnecessarily escalate tensions between countries.”
The US aircraft in question was an RC-135.
***
FreeBeacon: Navy Captain Hernandez said the U.S. aircraft, a militarized Boeing 707 jet, was operating in international airspace “and at no time crossed into Russian territory.”
“This unsafe and unprofessional air intercept has the potential to cause serious harm and injury to all aircrews involved,” he said. “More importantly, the unsafe and unprofessional actions of a single pilot have the potential to unnecessarily escalate tensions between countries.”
According to Hernandez, the Su-27 carried out “erratic and aggressive maneuvers” by approaching the RC-135 at a high rate of speed from the side.
The Russian jet “then proceeded to perform an aggressive maneuver that posed a threat to the safety of the U.S. aircrew in the RC-135U,” the spokesman said.
“More specifically, the SU-27 closed within 50 feet of the wing-tip of the RC-135 and conducted a barrel roll starting from the left side of the aircraft, going over the top of the aircraft and ended up to the right of the aircraft,” he said.
The U.S. government is protesting all the incidents this week to the Russian government through diplomatic channels, he said.
The RC-135U, an electronic intelligence-gathering aircraft, is normally operated by five air crew and up to 16 electronic warfare officers and six or more regional specialists.
The dangerous aerial incident came two days after a simulated Russian aerial assault against the guided missile destroyer USS Donald Cook in the Baltic Sea. Washington called the simulated assault a military provocation, and said it nearly caused an international shootout.
Two Russian fighter-bombers, identified as Su-24s, made close passes over the Cook, including one jet that came within 30 feet of the warship.
A Navy officer said the buzzing was the most reckless flyover of a U.S. warship by either a Russian or Chinese warplane since the Cold War. “I’ve been in a lot of those situations and I’ve never seen any plane come that close,” the officer said.
The aerial harassment appears to be part of a Russian military campaign of intimidation against the United States and NATO.
Moscow has adopted hostile military policies toward the United States over U.S. deployment of missile defenses in Europe, which Moscow says threaten its missile forces. The Russians also have been upset by Western sanctions against its military annexation of Ukraine’s Crimea.
Strategically, Russian leader Vladimir Putin has been seeking to regain control and influence over what Moscow calls the “near abroad”—former Soviet republics and Eastern Bloc nations along the periphery of Russia’s borders in Eastern Europe.
The policy has led to military aggression against the Republic of Georgia in 2008 and Ukraine in 2014, where Russian troops took over the Crimean peninsula and are continuing to fuel separatist activity in eastern Ukraine.
In response, the United States and NATO are bolstering U.S. and allied military forces in Eastern Europe, with a specific emphasis of increasing military forces and troops near the Baltic states of Latvia, Estonia and Lithuania, as well as in Poland.
The recent Russian military provocations coincide with military activities by Moscow in the Russian enclave of Kaliningrad, which remains a major subject of U.S. monitoring. Russia in the past has threatened to deploy nuclear-capable Iskander short-range missiles in the enclave on the Baltic Coast between Poland and Latvia.
Earlier this week, Brian McKeon, principal undersecretary of defense for policy, told a House subcommittee hearing that Russia has prevented U.S. and allied flights over Kaliningrad that are allowed under the Open Skies Treaty.
Mark Schneider, a former Pentagon strategic forces analyst who specializes in Russian affairs, said the recent incidents over the Baltic Sea, including the simulated attack of a U.S. warship, are fundamentally different from past Russian provocations.
“It is a major escalation of Russian aggressiveness although it fits into a pattern of Russian activity that goes back years,” Schneider said. “The Russian Defense Ministry reaction was blatantly dishonest.”
Schneider said the likely U.S. response to these provocations are what former Pentagon official Richard Perle once dubbed “demarche-mellows,” or very weak, pro forma protests.
“If so, incidents like this will probably continue to escalate,” Schneider said.
Thursday’s aerial encounter involving the RC-135 was at least the second time this year that Russian jets have conducted a dangerous intercept of a reconnaissance aircraft.
On Jan. 25, a Russian Su-27 came within 20 feet of an RC-135 over the Black Sea in what Navy Capt. Daniel Hernandez said was an “unsafe and unprofessional” action.
Unlike Thursday’s encounter, the Russian jet in January did not do a barrel roll, but instead made an aggressive, high-speed banking turn away from the intelligence aircraft.
The maneuver disturbed the pilot’s control of the RC-135.
The dangerous Su-24 overflight of the Cook on April 12 came a day after two other Russian Su-24s flew over the ship 20 times, including a dangerous pass as an allied helicopter was being refueled, causing a delay in flight operations until the Su-24s left the area.
The same day, a Russian Ka-27 Helix helicopter flew around the Cook, which had finished a port visit to Poland and had a Polish helicopter on board.
“The Russian aircraft flew in a simulated attack profile and failed to respond to repeated safety advisories in both English and Russian,” the European Command said in a statement.
The Pentagon released video of the encounter showing the close pass, which created a wake in the water.
Secretary of State John Kerry on Thursday criticized the Russian military provocation, though he declined to say what steps the United States would take in response.
The State Department lodged formal protests with Russia.
“We condemn this kind of behavior. It is reckless. It is provocative. It is dangerous. And under the rules of engagement that could have been a shoot-down,” Kerry told CNN and the Miami Herald.
“People need to understand that this is serious business and the United States is not going to be intimidated on the high seas. … We are communicating to the Russians how dangerous this is and our hope is that this will never be repeated,” Kerry said.
The Cook is equipped with anti-aircraft defenses including the Close-In Weapons System, an automated air defense gun that can destroy aircraft with 25-millimeter rounds. The weapon was not readied because the ship was operating under the U.S.-Russian agreement not to illuminate each other’s aircraft.
“We have deep concerns about the unsafe and unprofessional Russian flight maneuvers,” the European command said in a statement.
“These actions have the potential to unnecessarily escalate tensions between countries, and could result in a miscalculation or accident that could cause serious injury or death.”
Kerry on Friday discussed the Cook incident with Russian Foreign Minister Sergey Lavrov, a State Department spokesman said.
Moscow sought to play down the incident involving the Cook. Russian Defense Ministry spokesman Igor Konashenkov told the state-run Interfax news agency that the Russian pilots acted within safety guidelines.
The incidents violated the bilateral U.S.-Russian agreement designed to prevent incidents at sea. The accord prohibits conducting simulated attacks and also limits the use of automated anti-aircraft guns.
Other incidents in recent months included a near collision between a Russian fighter and an RC-135 over the Black Sea on May 30, and on April 7, 2015, a Su-27 flew within 20 feet of an RC-135 over the Baltic Sea.
Additionally, last October, two Russian Tu-142 bombers made low passes near the aircraft carrier USS Reagan as it sailed in the Sea of Japan near the Korean peninsula. And on July 4, 2015, two Tu-95 nuclear-capable bombers approached within 40 miles of the California coast and radioed a “happy birthday” message to intercepting U.S. pilots.
The July 4 provocation occurred the same day President Obama held a telephone call with Putin.
Russia also has sent Tu-95 bombers to circle the Pacific island of Guam several times. The island is a major military hub and central to the U.S. military’s pivot to Asia.
Category Archives: Cyber War
China’s Cyber Attack on Pentagon Missile Defense Daily
So, where are the strongly worded letters, the condemnation, the sanctions the counter-measures?
Cyber-warfare, industrial espionage, economic warfare.
November 2015:
WASHINGTON (Reuters) – The U.S. military on Sunday hailed the success of a complex $230 million test of the U.S. missile defense system that it said showed the ability of the Aegis and THAAD weapons systems to identify and destroy ballistic and cruise missiles at once.
The test was conducted near Wake Island in the western Pacific Ocean around 11:05 p.m. EDT by the U.S. Missile Defense Agency, U.S. European Command, U.S. Pacific Command, the Ballistic Missile Defense System Operational Test Agency and the Joint Functional Component Command for Integrated Missile Defense.
“This was a highly complex operational test of the BMDS which required all elements to work together in an integrated layered defense design to detect, track, discriminate, engage, and negate the ballistic missile threats,” MDA said in a statement released late Sunday.
The Missile Defense Agency website.
Admiral: China Launching Cyber Attacks on Missile Defense Nets ‘Every Day’
Cyber threat comparable to Iranian, North Korean missile danger
FreeBeacon: Chinese military hackers are conducting cyber attacks on the Pentagon’s Missile Defense Agency networks on a daily basis and will soon shift to hacking into networks of missile defense contractors, the admiral in charge of the agency told Congress on Thursday.
Vice Adm. James D. Syring, the MDA chief who is in charge of building multi-billion dollar anti-missile defenses, told a House hearing that while his networks are successfully fighting off the cyber attacks, missile defense contractors need to improve their network security.
The three-star admiral said the threat of Chinese cyber attacks was equal to North Korean and Iranian missile threats.
“I view the cyber threat that I specifically face with MDA and the systems we are fielding on par with any ballistic missile threat that either Iran or North Korea possess,” Syring said.
Asked by Rep. Mike Rogers (R., Ala.), the chairman of the House Armed Services subcommittee on strategic forces, if he is fighting off cyber attacks from Chinese military hackers, Syring answered: “Yes, sir.” He limited his comments and said he would provide details of the cyber threats during a later closed-door session of the subcommittee.
“We have taken inordinate steps to protect both our classified and unclassified networks from attack, [with] constant 24/7 monitoring with teams in place plus good material protections of those systems,” he said.
“My biggest concern remains in our cleared defense contractor base and their protections,” Syring added, noting that Chinese efforts to break into missile defense networks are relentless.
“They are continuing to try and attack my government networks, every day, classified and unclassified,” he said. “But where they’re going next and we’ve gotten examples of this is to my cleared defense contractors with the unclassified controlled technical information.”
Bolstering the network security of contractors is a high priority across the entire ballistic missile defense system, he said.
Foreign states are seeking to penetrate missile defenses and other weapons systems to steal technology and data for use in their own weapons. They also seek to disrupt or destroy the systems in the event of a crisis or conflict.
A report by the Defense Science Board warned in 2013 that critical U.S. weapons and other military systems are vulnerable to cyber attack.
“The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a ‘full spectrum’ adversary,” the report concluded.
Syring said in prepared testimony his agency is deploying upgraded command and control systems with better security against cyber attacks. Missile defense personnel also are being trained to prevent cyber intrusions.
“We know that malicious cyber actors are constantly attempting to exfiltrate information from U.S Industry,” Syring stated. “We will continue to work with the defense industrial base, the FBI, and other partners to identify these issues and raise the costs of this behavior to those responsible, in coordination with national authorities and in accordance with national policy.”
Syring said a key objective is hardening U.S. missiles defenses for future conflicts, which will likely involve cyber attacks against its networks.
“We must build resilient cyber defenses that are capable of detecting and mitigating threats without impeding operations in order to ‘fight through’ the cyber threat,” he said.
Two exercises simulating cyber attacks on missile defense networks were held last year. Another exercise is set for next month.
To prevent cyber attacks through equipment and parts, MDA is tightening the security of its suppliers.
“We also have a rigorous cyber and supply chain risk management inspection program to examine everything about our systems, from the truck to supply chain, to the fielded operational ability,” Syring said.
Chinese agents were detected spying on the U.S. missile defense interceptor base at Fort Greely, Alaska, several years ago, according to defense officials.
Barry Pike, executive officer for the U.S. Army’s missiles and space program, said during the House hearing that foreign military threats are growing with the emergence of synchronized air, missile, cyber, and electronic warfare attacks.
“Across all Army [air and missile defense] programs, we are improving our resilience and ability to mitigate cyber and electronic warfare attacks,” he stated in prepared testimony.
Rogers, the subcommittee chairman, said in opening remarks at the hearing that after eight years of President Obama’s administration “our nation’s security is in more jeopardy than any time in recent memory.”
“North Korea, Iran, Pakistan, Russia, and China are all advancing their ballistic and cruise missile programs, along with weapons of mass destruction programs, to put our military, our allies, and our homeland at risk,” Rogers said.
“At the same time, President Obama has cut missile defense practically every year he’s been in office,” he added. “America’s enemies know an opportunity when they see one; our allies see they are on their own.”
Disclosure of the Chinese hacking against missile defenses comes as Syring and other military leaders revealed the Pentagon is working on its own cyber weapons that could be used to disable or destroy missiles prior to launch.
Details about what the Pentagon calls “left-of-launch” measures remain classified but are said to include cyber attacks and other electronic warfare measures against missile launch controls and other information systems.
Pre-launch cyber attacks against missiles are designed to bolster other missile defenses, including lasers and anti-missile interceptors, that can attack enemy missiles in the early, middle, and late stages of flight, while decreasing costs.
China is developing both missile defenses and anti-satellite missiles that employ similar technologies and are known to be targeting U.S. and allied computer networks to steal technical information useful in developing its weapons.
China also has targeted U.S. and foreign suppliers that provide equipment and material used in missile defenses.
A briefing in 2014 by Joyce Corell, a senior U.S. counterintelligence official, identified numerous pathways used by foreign states to penetrate the U.S. supply chain.
“We have more than enough evidence to know the threat is real and dangerous, but we will inevitably have difficulty predicting targets and assessing impacts,” she stated in a briefing slide.
Pentagon Launching Cyber Bombs on ISIS
FNC: The U.S. has ramped up its fight against the Islamic State terror group’s online capabilities, dropping so-called “cyber bombs” on the militants, a top Pentagon official said Tuesday.
“Those guys are under enormous pressure. Every time we have gone after one of their defended positions over the last six months, we have defeated them. They have left, they have retreated,” Deputy Defense Secretary Robert Work told Reuters.
Defense Secretary Ash Carter gave some explanation for the concept of “cyber bombs” in a February NPR interview.
“We are using cyber tools, which is really a major new departure… These are strikes that are conducted in the warzone using cyber essentially as a weapon of war, just like we drop bombs,” Carter said.
Analysts say ISIS has frequently used the Internet to spread its message, regularly releasing photos and videos on social media. The latest edition of its magazine “Dabiq” went online this week.
Meanwhile, the U.S. has helped Iraqi forces as they prepare operations to retake the northern city of Mosul. While they got off to a slow start, there have been some recent advances, and officials say momentum has been growing in the fight against ISIS.
Secretary of State John Kerry, during a visit to Baghdad last Friday, pledged $155 million in new U.S. aid to Iraq and offered a show of political support to Iraq’s beleaguered Prime Minister Haider al-Abadi.
****
DefenseSystems: Given the classifications and operational security surrounding cyber operations, details on anti-ISIS activity in this domain are scant, though Carter added some information in a Pentagon press conference with reporters on Monday, saying the cyber component is aimed at disrupting ISIS’s command and control to cause them to lose confidence in their networks, as well as overloading their networks to limit their operational functionality. But given that the cyber tools are new, Carter said details are being kept under wraps, especially considering they are applicable to other conflicts globally.
Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford reiterated the point that DOD does not want to provide operational details in hopes of keeping the element of surprise. Dunford did say that, conceptually, DOD is trying to isolate ISIS in the same way it is trying to so in the physical space.
Both Dunford and Carter said that the capabilities being used against ISIS, and others globally, are exactly why the U.S. Cyber Command was established in the first place. Dunford said the command is building an inventory of tools to be used in cyberspace going forward.
Carter has said previously that the Defense Department will look to take the fight to ISIS in the cyber domain, even resorting to targeting members of ISIS’s hacking cadre with bombs. However, it is still believed that ISIS’ cyber capabilities remain low, limited to merely website defacements and denial-of-service attacks.
One concern, whether from nation-states or groups such as ISIS should they gain cyber acumen, is the targeting of U.S. critical infrastructure. “Although it’s not a popular target for people trying to make a profit – that’s good and bad, because the flip side is that the adversaries who are interested in potentially targeting critical infrastructure could potentially be more sophisticated adversaries,” Isaac Porche, associate director of the Forces and Logistics Program at RAND, told a panel of lawmakers last week. “So critical infrastructure today might have to deal with a more sophisticated threat than, let’s say, a hardware store might have to.”
Military and U.S. intelligence officials in the past have been careful about what, in their minds, the term “attack” connotes in cyberspace, potentially allowing conclusions to be drawn regarding current U.S. activity against ISIS. “Terminology and lexicon is very important in this space,” Adm. Michael Rogers, the head of the National Security Agency and Cyber Command, told the House Intelligence Committee last year.“And many times I’ll hear people throw out ‘attack’ and ‘act of war’ and I go, ‘That’s not necessarily in every case how I would characterize the activity that I see’.”
Director of National Intelligence James Clapper has said previously that the hack and theft of millions of records from the Office of Personnel Management did not constitute an attack, because it did not result in the destruction of systems, infrastructure or data.
“We generally look at all cyber events and we define it as an attack. In many cases you can do reconnaissance, you can do espionage, you can do theft in this domain we call cyberspace,” Director of the Defense Intelligence Agency Lt. Gen. Vincent Stewart told lawmakers recently. “But the reaction always is, whether it’s an adversary doing reconnaissance, an adversary trying to conduct a [human intelligence] operations in this domain, we define it as an attack and I don’t think that’s terribly helpful.”
Mossack Fonseca Offices Raided, and Spies too?
Panama raids offices of Mossack Fonseca law firm
Reuters:Panama’s attorney general late on Tuesday raided the offices of the Mossack Fonseca law firm to search for any evidence of illegal activities, authorities said in a statement.
The Panama-based law firm is at the center of the “Panama Papers” leaks scandal that has embarrassed several world leaders and shone a spotlight on the shadowy world of offshore companies.
The national police, in an earlier statement, said they were searching for documentation that “would establish the possible use of the firm for illicit activities.” The firm has been accused of tax evasion and fraud.
Police offers and patrol cars began gathering around the company’s building in the afternoon under the command of prosecutor Javier Caravallo, who specializes in organized crime and money laundering.
Mossack Fonseca, which specializes in setting up offshore companies, did not respond to requests for comment on Tuesday.
Earlier, founding partner Ramon Fonseca said the company had broken no laws, destroyed no documents, and all its operations were legal.
Governments across the world have begun investigating possible financial wrongdoing by the rich and powerful after the leak of more than 11.5 million documents, dubbed the Panama Papers, from the law firm that span four decades.
The papers have revealed financial arrangements of prominent figures, including friends of Russian President Vladimir Putin, relatives of the prime ministers of Britain and Pakistan and of China’s President Xi Jinping, and the president of Ukraine.
There are more details. From Joseph FITSANAKIS of IntelNews in part:
The Süddeutsche Zeitung said on Monday that senior intelligence officials from Rwanda and Colombia are listed as Mossack Fonseca customers, but did not report the names of the individuals. It did, however, single out the late Sheikh Kamal Adham, who was director of Saudi Arabia’s General Intelligence Directorate in the 1960s and 1970s. During his 14-year directorship of the GID, the agency became a leading intermediary between the CIA and Arab intelligence agencies, notably those of Egypt and Iraq. Sheikh Adham was also a personal friend of CIA Director George Bush, who was later elected US president.
According to the Süddeutsche Zeitung, Sheikh Adham is one of many individuals with close CIA links whose names appear in the Panama Papers. Another is Farhad Azima, an Iranian-born American businessman, who is rumored to have leased aircraft to the CIA in the 1980s. The American intelligence agency is said to have used the aircraft, which belonged to Azima’s Kansas City, Missouri-headquartered Global International Airways, to transport weapons to Iran. The secret transfers were part of what later became known as the Iran-Contra scandal, in which US officials secretly sold weapons to Iran in return for the release of American hostages held by Iran-linked groups in the Middle East. The funds acquired from these weapons sales were then secretly funneled to the Contras, a medley of anti-communist paramilitary groups fighting the Sandinista-led government of Nicaragua.
Dept of Energy Computers, ah Really Nuclear Management
We often wonder just what kind of work the Department of Justice is doing if so many of the cases and crimes in the news never seem to have real consequences for the criminal…ahem Holder and Hillary.
Anyway, we will never know the scope of crimes that really do occur across the country and for sure those against the homeland from a foreign power or rogue actors.
There was the recent posting on this site about the industrial espionage or rather agricultural espionage by China against our farmers. Then there is the matter of drug cartels and money laundering. For sure you can think of other cases and your comments are welcome.
Rarely do we understand the matter of cyber intrusions or attacks. The case noted below is but one such case.
Justice News
Former U.S. Nuclear Regulatory Commission Employee Sentenced To Prison for Attempted Spear-Phishing Cyber-Attack On Department of Energy Computers
WASHINGTON – Charles Harvey Eccleston, 62, a former employee of the U.S. Department of Energy (DOE) and the U.S. Nuclear Regulatory Commission (NRC), was sentenced today to 18 months in prison on a federal charge stemming from an attempted e-mail “spear-phishing” attack in January 2015 that targeted dozens of DOE employee e-mail accounts.
The sentencing was announced by Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Channing D. Phillips of the District of Columbia, and Assistant Director in Charge Paul M. Abbate of the FBI’s Washington Field Office.
Eccleston pleaded guilty on Feb. 2, 2016, in the U.S. District Court for the District of Columbia, to one count of attempted unauthorized access and intentional damage to a protected computer. In his guilty plea, Eccleston admitted scheming to cause damage to the computer network of the DOE through e-mails that he believed would deliver a computer virus to particular employees. An e-mail spear-phishing attack involves crafting a convincing e-mail for selected recipients that appears to be from a trusted source and that, when opened, infects the recipient’s computer with a virus.
In addition to the prison time, U.S. District Judge Randolph D. Moss ordered Eccleston to forfeit $9,000, an amount equal to the sum the FBI provided to Eccleston during the course of the undercover investigation. Following his prison term, Eccleston will be placed on three years of supervised release.
“Eccleston’s sentence holds him accountable for his attempt to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” said Assistant Attorney General Carlin. “One of our highest priorities in the National Security Division remains protecting our national assets from cyber intrusions. We must continue to evolve and remain vigilant in our efforts and capabilities to confront cyber-enabled threats and aggressively detect, disrupt and deter them.”
“Charles Harvey Eccleston is a scientist and former government employee who was willing to betray his country and his former employer out of spite,” said U.S. Attorney Phillips. “His attempts to sell access to sensitive computer networks demonstrate why the government must be so vigilant to prevent cyber-attacks. Thanks to the FBI, this defendant was apprehended before he could do any damage. Together with our law enforcement partners, we will continue to make the detection and prevention of cyber-crimes a top priority.”
“Today’s sentencing sends a powerful message that no one will be allowed to sabotage the U.S. Government’s cyber infrastructure or threaten our national security through the illicit sale of information to a foreign intelligence service,” said Assistant Director in Charge Abbate. “The FBI will continue to investigate and pursue those who attempt to disclose sensitive knowledge about our nation’s information systems and bring them to justice.”
Eccleston, a U.S. citizen who had been living in Davao City in the Philippines since 2011, was terminated from his employment at the NRC in 2010. He was detained by Philippine authorities in Manila, Philippines, on March 27, 2015, and deported to the United States to face U.S. criminal charges. He has been in custody ever since.
According to court documents, Eccleston initially came to the attention of the FBI in 2013 after he entered a foreign embassy in Manila and offered to sell a list of over 5,000 e-mail accounts of all officials, engineers and employees of a U.S. government energy agency. He said that he was able to retrieve this information because he was an employee of a U.S. government agency, held a top secret security clearance and had access to the agency’s network. He asked for $18,800 for the accounts, stating they were “top secret.” When asked what he would do if that foreign country was not interested in obtaining the U.S. government information the defendant was offering, the defendant stated he would offer the information to China, Iran or Venezuela, as he believed these countries would be interested in the information.
Thereafter, Eccleston met and corresponded with FBI undercover employees who were posing as representatives of the foreign country. During a meeting on Nov. 7, 2013, he showed one of the undercover employees a list of approximately 5,000 e-mail addresses that he said belonged to NRC employees. He offered to sell the information for $23,000 and said it could be used to insert a virus onto NRC computers, which could allow the foreign country access to agency information or could be used to otherwise shut down the NRC’s servers. The undercover employee agreed to purchase a thumb drive containing approximately 1,200 e-mail addresses of NRC employees; an analysis later determined that these e-mail addresses were publicly available. The undercover employee provided Eccleston with $5,000 in exchange for the e-mail addresses and an additional $2,000 for travel expenses.
Over the next several months, Eccleston corresponded regularly by e-mail with the undercover employees. A follow-up meeting with a second undercover employee took place on June 24, 2014, in which Eccleston was paid $2,000 to cover travel-related expenses. During this meeting, Eccleston discussed having a list of 30,000 e-mail accounts of DOE employees. He offered to design and send spear-phishing e-mails that could be used in a cyber-attack to damage the computer systems used by his former employer.
Over the next several months, the defendant identified specific conferences related to nuclear energy to use as a lure for the cyber-attack, then drafted emails advertising the conference. The emails were designed to induce the recipients to click on a link which the defendant believed contained a computer virus that would allow the foreign government to infiltrate or damage the computers of the recipients. The defendant identified several dozen DOE employees whom he claimed had access to information related to nuclear weapons or nuclear materials as targets for the attack.
On Jan. 15, 2015, Eccleston sent the e-mails he drafted to the targets he had identified. The e-mail contained the link supplied by the FBI undercover employee which Eccleston believed contained a computer virus, but was, in fact, inert. Altogether, the defendant sent the e-mail he believed to be infected to approximately 80 DOE employees located at various facilities throughout the country, including laboratories associated with nuclear materials.
Eccleston was detained after a meeting with the FBI undercover employee, during which Eccleston believed he would be paid approximately $80,000 for sending the e-mails.
The investigation was conducted by the FBI’s Washington Field Office with assistance from the NRC and DOE. The case is being prosecuted by Assistant U.S. Attorney Thomas A. Gillice of the District of Columbia and Trial Attorney Julie A. Edelstein of the National Security Division’s Counterintelligence and Export Control Section. Trial Attorney Scott Ferber of the National Security Division’s Counterintelligence and Export Control Section assisted in the investigation of this matter. The Department of Justice’s Office of International Affairs and the government of the Philippines also provided significant assistance.