Category Archives: NSA Spying

Porn Scandal in Federal Govt Continues

Posted on by

SMH = Shaking my Head

Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution?

A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America’s best interests.

Historically, some illicit activity, like downloading child pornography, which is different to perfectly legal and enjoyable content from sites similar to tubev, has occurred on government computers and been prosecuted.

But today, the digital lives of employees cleared to access classified information extend beyond the office.

About 80 percent of the National Security Agency workforce has retired since Sept. 11, 2001, says Kemp Ensor, NSA director of security. When the millennial and Gen Y staff that now populate the spy agency get home, they go online.

“That is where were we need to be, that’s where we need to mine,” Ensor said.

Currently, managers only look for aberrant computer behavior on internal, agency-owned IT systems – it’s a practice known as “continuous monitoring.”

But the military and intelligence communities are beginning to broaden checks on cleared personnel in the physical and digital worlds. It used to be that national security workers were re-investigated only every five or 10 years.

Under the evolving “continuous evaluation” model, the government will periodically search for signs of problems through, for example, court records, financial transactions, and — if authorized — social media posts.

Ensor and other federal officials spoke April 28 about new trends in personnel security at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

On government devices, “the amount of child porn I see is just unbelievable,” said Daniel Payne, director of the Pentagon’s Defense Security Service. The point being, there’s a need to routinely scan agency network activity and criminal records to gauge an individual’s suitability to handle classified information.

Payne, whose 34 years of counterintelligence experience have spanned the military, CIA and National Counterintelligence and Security Center, was not referring to any specific agency or any specific timeframe, his current employer told Nextgov.

Payne just returned to the Defense Security Service in February, after starting his career there.

“Director Payne provided this example to demonstrate the range of issues identified during the personnel security process, and the range and value of different data sources that have a bearing on an individual’s ability to access sensitive information,” the Defense Security Service said in an emailed statement.

Ensor echoed his colleague’s concerns, noting he sees child pornography on NSA IT systems. In the national security space, “what people do is amazing,” he said. Ensor’s guess about the presence of explicit material is that there are many “introverts staring at computer screens” day in and day out. This is why it is so important to look at individuals holistically when determining who might be a so-called insider threat, Ensor said.

In the past, military and intelligence personnel have exploited minors online, without notice, for years or even an entire career.

The Boston Globe broke a story in 2010 that a significant number of federal employees and contractors with high-level security clearances downloaded child pornography — sometimes on government computers — at NSA and the National Reconnaissance Office, among other defense agencies.

At least one NSA contractor holding a top secret clearance told investigators in 2007 he had been spending $50 to $60 monthly fees on various sexually explicit websites similar to hdpornvideo.xxx for the past three years, according to a Defense inspector general report on the matter. After each session on the porn sites, he would wipe the browsing history of that system. The Pentagon investigation did not state who owned the computer.

More recently, a military official pleaded guilty to pedophile crimes and accessing child pornography through the Internet — but at home.

On April 15, a U.S. district judge sentenced former Army Corps of Engineers official Michael Beeman, of Virginia, to 30 years in prison for molesting minors, beginning in the 1980s while working in public affairs at Patrick Air Force Base. He later downloaded child pornography to personal devices, court records show.

Case files state the illegal online activity occurred between 2010 and 2014, which according to LinkedIn, was when Beeman served as an Army Corps of Engineers public affairs regional chief.

Cables: Taliban, Haqqani, Kidnapping and Bergdahl

Posted on by

Facts are funny things and the CIA is fearless. Dates matter too.

For the additional details on the attack on the CIA base mentioned in the body of this post, go here.

Supporters “Are in the Oil Industry”: Declassified DIA Cables Show Haqqani Network Revenue Streams

 

Haqqani Network map; courtesy of the National Counterterrorism Center.

Haqqani Network map; courtesy of the National Counterterrorism Center.

NSAArchive: Less than a dozen men were running the militant Islamist Haqqani Network (HQN) by the time the State Department declared it a Foreign Terrorist Organization in 2012, and this extremely small group continues to determine which illicit activities the organization engages in to fund its fight against US-led forces in Afghanistan. Defense Intelligence Agency documents dated from 2008 through 2010 recently obtained by the National Security Archive in response to a FOIA request offer a window into a transitional period for the organization, before the State Department declared the group a terrorist organization and the US Treasury designated Haqqani leaders as Specially Designated Global Terrorists in 2014, subjecting them to sanctions. The documents illuminate the group’s efforts to diversify its funding away from the foreign sources it relied on during the Cold War, including the CIA and Pakistani intelligence services, and towards more traditionally criminal activity – and show squabbles over the sharing of ransom money, dispersal of funds to suicide bombers, financial links between HQN and the Karzai government, and Taliban funding for the group’s activities.

Jalaluddin Haqqani

Jalaluddin Haqqani

One of the early financial challenges for Jalaluddin Haqqani, the group’s founder, was coping with the end of the Cold War and the drying up of American resources. Barbara Elias notes in 2009’s “The Taliban File” that Haqqani received tens of thousands of dollars and weapons from the CIA between 1986 and 1994. CIA funding ended by the mid-1990s, although Haqqani’s relationship with the US only deteriorated in earnest in the late-1990s after the US bombed an HQN-linked training camp in retaliation for al-Qaida attacks on the US embassies in Kenya and Tanzania and Haqqani’s relationship with Osama bin Laden deepened.

A Confidential June 12, 1998, State Department cable, first published in Elias’s 2012 “The Haqqani History,” notes that Jalaluddin advocated for bin Laden within the Taliban, and that bin Laden’s increased power was due at least in part to “the growing strength of his supporters within the Taliban movement.” The US’s growing concern with bin Laden is shown in a May 24, 1999, cable summarizing a meeting between Haqqani and US officials, during which Haqqani agrees that bin Laden is “a problem,” but insists that “maybe the best solution is what is taking place now with him remaining in the country.” Haqqani also says that “he was deeply appreciative of U.S. assistance during the ‘jihad’ (holy war) against the Soviets and the (Afghan) communists,” but remains antagonistic over US destruction of a terrorist camp in Khost, Afghanistan, in August 1998. Haqqani even initiates the meeting by “joking” that it was “good to meet someone from the country which had destroyed my base, my madrassh [sic], and killed 25 of my mujahideen.”

Despite the historical ties  between the groups, al-Qaida funding is not a major source of income for HQN; a September 24, 2009, DIA cable shows that when al-Qaida funding was received, it was relatively small amounts that were “generally provided by Al Qaida leader Shaykh Said al-Masri through Sirajudding Haqqani and Jan Baz Zadran, who is a HQN commander in Miram Shah, PK, in amounts of approximately 3,000 – 5,000 USD.”

West Point’s Combatting Terrorism Center (CTC) notes in a 2012 report that Jalaluddin was also motivated to decrease his organization’s dependence on Pakistani financing, and began vigorous fundraising efforts in the Gulf States in the 1990s to do so. A newly released April 8, 2010, DIA cable shows this practice continues. According to the cable, a well-connected individual “travels on behalf of the Haqqani network to a city in the vicinity of Dubai to collect charitable donations which are used to fund unspecified Haqqani network operations.”

However, a series of DIA cables (from January 11, 2010, and February 6, 2010) show that some funding for Haqqani attacks are still provided by the Pakistan Inter-Services Intelligence Directorate, including $200,000 for the December 30, 2009, attack on the CIA facility at Camp Chapman.

200k

Excerpt from a Feb. 6, 2010 posting on ISID funding for Haqqani attacks.

During Jalaluddin’s tenure the group also offered microloans to those living in its territory in North Waziristan, Pakistan, in a move that fostered goodwill and “really made a difference in these communities.” The attempts at public relations under Jalaluddin is not entirely unsurprising; a 1997 State Department cable reports Jalaluddin to be “more liberal” in his opinions on social policy, such as women’s rights, and seems to have understood the importance of maintaining credibility with the local community.

Jalaluddin was forced to retire in 2005, however, and his son Sirajuddin assumed the leadership, marking an increase in the group’s illicit activity.

wantedPoster

FBI Wanted Poster – Sirajuddin Haqqani, son of Haqqani Network founder Jalaluddin Haqqani.

Protecting smuggling enterprises in the border areas under its control, as well as engaging in its own, has become an important source of income for HQN under Sirajuddin. Interestingly, according to the CTC report, HQN imports “the precursor chemicals used to process raw opium into morphine base and heroin, including lime, hydrochloric acid and acetic anhydride (AA). If true, this may indicate that the Haqqanis have a non‐competition agreement with the Kandahari Taliban in the heroin business, or it could simply suggest that Haqqani leaders have realized that smuggling precursors is less risky and often more lucrative, since a glut in poppy production drives down wholesale opium prices.”

These sustained efforts have ensured that the group remains financially autonomous from the Taliban, although it receives a monthly stipend from the Quetta branch “to cover operational costs, and the budget shifts depending on the season and the funding capacity of the Taliban leadership.”

A September 24, 2009, DIA cable notes that the Quetta branch remains a stable source of HQN funding, saying that “A large majority of the Haqqani Network (HQN) funding comes from the Quetta, Pakistan-based Taliban leadership.” The cable goes on to say that “HQN pays fighters who conduct successful attacks against coalition forces (CF) Afghan National Army (ANA) or Afghan National Police (ANP), with larger amounts paid for killing a coalition member. A key point in the dispersal and receiving of funds within the HQN is the videotaping of attacks.”

Bowe Bergdahl, held by the Haqqani network. AP photo.

Bowe Bergdahl, held by the Haqqani network. AP photo.

One of the shifts that occurred along with the change in leadership was HQN’s increase of kidnap-for-ransom, a “growth industry” in which HQN cooperates “seamlessly” with other militant groups, but one that seems to have effected HQN’s credibility. Bowe Bergdahl is perhaps HQN’s most famous kidnapping victim, and would have undoubtedly been on HQN’s list of “legitimate targets,” which include “government officials and security personnel; those who cooperate with government; foreigners; transporters servicing NATO; and alleged spies.” New York Times journalist David Rohde and Afghan diplomat Haji Khaliq Farahi were also targets. The CTC report notes, however, that such behavior “appears to have lowered the network in the public estimation.”

Kidnapping-for-ransom, however, remains a way for unpaid Haqqani militants to make money. Low-ranking militants earn little, if any, money, and operate with a great deal of autonomy – making the occasional moonlighting – and tension over it – all but inevitable.  A Secret September 29, 2009, DIA cable recounts one such ransom dispute. “As of late September 2009, Spera District Haqqani Network (HQN) commander Hamid (Rahman) had strained relations with the HQN leadership, including senior commander Siraj (Haqqani), over ransom money embezzled by Rahman. Rahman and an unidentified Iraqi Al-Qaida associate had kidnapped a road construction worker in Spera District for ransom and neglected to send the ransom money obtained to HQN leadership in Pakistan. As a result, Siraj Haqqani ordered Rahman to return to Miram Shah/[redacted] north Waziristan, PK, in order to account for the money. Rahman ignored the order and did not travel to Miram Shah due to fear that he would be killed by HQN leadership for his transgression.”

transgression

Donations and fundraising continue to be an important for HQN. A Secret March 22, 2009, DIA cable provides an example of a routine donation for HQN. It notes, “As of mid-February 2009, the Hadika ta Uloom madrassa in Dera Ismail Khan, PK was facilitating financial support for the Haqqani Network (HQN). The leader of the mosque, Maulawi din Mohammad (Khalifa), was facilitating contact between HQN commanders and local businessmen willing to donate money and assistance to the HQN.” The five businessmen contacted, all from the oil industry, provided a total of $17,000 USD.

HQN leaders also recognize the importance of a good media campaign. The CTC report finds that “Just as Jalaluddin before them, network leaders today conduct fundraising road shows, visiting large mosques around the region where they ask for alms from worshipers. As in the past, the Haqqanis appear to realize the importance of publicity materials to communicate their successes and to help to generate donations at these events. The network publishes considerable multi‐media material concerning its activities, and appears to consider publicity a core aspect of financial operations.”

HQN’s complicated relationship with the Afghan government, and its financial payoffs, are also highlighted in a Secret August 31, 2010, cable. The cable explains how a security manager in Khost province, Qabool Khan, simultaneously provides HQN with intelligence on US bases in Salerno and Chapman, while providing HQN with money and the license plate numbers of US vehicles of military personnel and contractors that serve on the two bases. Khan obtained his position with the security company – which posted private security guards on US bases – through Mahmoud Karzai, brother of Afghan president Hamid. “Khan receives $800.00 U.S. dollars per guard, per month, in which $200.00 U.S. dollars goes to the guard, $300.00 U.S. dollars to Khan, and $300.00 U.S. dollars is given to the Haqqani network… in return Khan is not attacked by Haqqani operatives leaving the American base or Khan’s personal residence. Khan leaves his window down when leaving the American base as a signal to Haqqani operatives not to attack his vehicle.”

These documents were requested under the FOIA as part of the Archive’s Afghanistan, Pakistan and Taliban project, and we will continue to post on interesting documents as they come in.

China’s Cyber Attack on Pentagon Missile Defense Daily

Posted on by

So, where are the strongly worded letters, the condemnation, the sanctions the counter-measures?

Cyber-warfare, industrial espionage, economic warfare.

 

November 2015:

WASHINGTON (Reuters) – The U.S. military on Sunday hailed the success of a complex $230 million test of the U.S. missile defense system that it said showed the ability of the Aegis and THAAD weapons systems to identify and destroy ballistic and cruise missiles at once.

The test was conducted near Wake Island in the western Pacific Ocean around 11:05 p.m. EDT by the U.S. Missile Defense Agency, U.S. European Command, U.S. Pacific Command, the Ballistic Missile Defense System Operational Test Agency and the Joint Functional Component Command for Integrated Missile Defense.

“This was a highly complex operational test of the BMDS which required all elements to work together in an integrated layered defense design to detect, track, discriminate, engage, and negate the ballistic missile threats,” MDA said in a statement released late Sunday.

The Missile Defense Agency website.

Admiral: China Launching Cyber Attacks on Missile Defense Nets ‘Every Day’

Cyber threat comparable to Iranian, North Korean missile danger

FreeBeacon: Chinese military hackers are conducting cyber attacks on the Pentagon’s Missile Defense Agency networks on a daily basis and will soon shift to hacking into networks of missile defense contractors, the admiral in charge of the agency told Congress on Thursday.

Vice Adm. James D. Syring, the MDA chief who is in charge of building multi-billion dollar anti-missile defenses, told a House hearing that while his networks are successfully fighting off the cyber attacks, missile defense contractors need to improve their network security.

The three-star admiral said the threat of Chinese cyber attacks was equal to North Korean and Iranian missile threats.

“I view the cyber threat that I specifically face with MDA and the systems we are fielding on par with any ballistic missile threat that either Iran or North Korea possess,” Syring said.

Asked by Rep. Mike Rogers (R., Ala.), the chairman of the House Armed Services subcommittee on strategic forces, if he is fighting off cyber attacks from Chinese military hackers, Syring answered: “Yes, sir.” He limited his comments and said he would provide details of the cyber threats during a later closed-door session of the subcommittee.

“We have taken inordinate steps to protect both our classified and unclassified networks from attack, [with] constant 24/7 monitoring with teams in place plus good material protections of those systems,” he said.

“My biggest concern remains in our cleared defense contractor base and their protections,” Syring added, noting that Chinese efforts to break into missile defense networks are relentless.

“They are continuing to try and attack my government networks, every day, classified and unclassified,” he said. “But where they’re going next and we’ve gotten examples of this is to my cleared defense contractors with the unclassified controlled technical information.”

Bolstering the network security of contractors is a high priority across the entire ballistic missile defense system, he said.

Foreign states are seeking to penetrate missile defenses and other weapons systems to steal technology and data for use in their own weapons. They also seek to disrupt or destroy the systems in the event of a crisis or conflict.

A report by the Defense Science Board warned in 2013 that critical U.S. weapons and other military systems are vulnerable to cyber attack.

“The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a ‘full spectrum’ adversary,” the report concluded.

Syring said in prepared testimony his agency is deploying upgraded command and control systems with better security against cyber attacks. Missile defense personnel also are being trained to prevent cyber intrusions.

“We know that malicious cyber actors are constantly attempting to exfiltrate information from U.S Industry,” Syring stated. “We will continue to work with the defense industrial base, the FBI, and other partners to identify these issues and raise the costs of this behavior to those responsible, in coordination with national authorities and in accordance with national policy.”

Syring said a key objective is hardening U.S. missiles defenses for future conflicts, which will likely involve cyber attacks against its networks.

“We must build resilient cyber defenses that are capable of detecting and mitigating threats without impeding operations in order to ‘fight through’ the cyber threat,” he said.

Two exercises simulating cyber attacks on missile defense networks were held last year. Another exercise is set for next month.

To prevent cyber attacks through equipment and parts, MDA is tightening the security of its suppliers.

“We also have a rigorous cyber and supply chain risk management inspection program to examine everything about our systems, from the truck to supply chain, to the fielded operational ability,” Syring said.

Chinese agents were detected spying on the U.S. missile defense interceptor base at Fort Greely, Alaska, several years ago, according to defense officials.

Barry Pike, executive officer for the U.S. Army’s missiles and space program, said during the House hearing that foreign military threats are growing with the emergence of synchronized air, missile, cyber, and electronic warfare attacks.

“Across all Army [air and missile defense] programs, we are improving our resilience and ability to mitigate cyber and electronic warfare attacks,” he stated in prepared testimony.

Rogers, the subcommittee chairman, said in opening remarks at the hearing that after eight years of President Obama’s administration “our nation’s security is in more jeopardy than any time in recent memory.”

“North Korea, Iran, Pakistan, Russia, and China are all advancing their ballistic and cruise missile programs, along with weapons of mass destruction programs, to put our military, our allies, and our homeland at risk,” Rogers said.

“At the same time, President Obama has cut missile defense practically every year he’s been in office,” he added. “America’s enemies know an opportunity when they see one; our allies see they are on their own.”

Disclosure of the Chinese hacking against missile defenses comes as Syring and other military leaders revealed the Pentagon is working on its own cyber weapons that could be used to disable or destroy missiles prior to launch.

Details about what the Pentagon calls “left-of-launch” measures remain classified but are said to include cyber attacks and other electronic warfare measures against missile launch controls and other information systems.

Pre-launch cyber attacks against missiles are designed to bolster other missile defenses, including lasers and anti-missile interceptors, that can attack enemy missiles in the early, middle, and late stages of flight, while decreasing costs.

China is developing both missile defenses and anti-satellite missiles that employ similar technologies and are known to be targeting U.S. and allied computer networks to steal technical information useful in developing its weapons.

China also has targeted U.S. and foreign suppliers that provide equipment and material used in missile defenses.

A briefing in 2014 by Joyce Corell, a senior U.S. counterintelligence official, identified numerous pathways used by foreign states to penetrate the U.S. supply chain.

“We have more than enough evidence to know the threat is real and dangerous, but we will inevitably have difficulty predicting targets and assessing impacts,” she stated in a briefing slide.

Pentagon Launching Cyber Bombs on ISIS

Posted on by

FNC: The U.S. has ramped up its fight against the Islamic State terror group’s online capabilities, dropping so-called “cyber bombs” on the militants, a top Pentagon official said Tuesday.

“Those guys are under enormous pressure. Every time we have gone after one of their defended positions over the last six months, we have defeated them. They have left, they have retreated,” Deputy Defense Secretary Robert Work told Reuters.

Defense Secretary Ash Carter gave some explanation for the concept of “cyber bombs” in a February NPR interview.

“We are using cyber tools, which is really a major new departure… These are strikes that are conducted in the warzone using cyber essentially as a weapon of war, just like we drop bombs,” Carter said.

Analysts say ISIS has frequently used the Internet to spread its message, regularly releasing photos and videos on social media. The latest edition of its magazine “Dabiq” went online this week.

Meanwhile, the U.S. has helped Iraqi forces as they prepare operations to retake the northern city of Mosul. While they got off to a slow start, there have been some recent advances, and officials say momentum has been growing in the fight against ISIS.

Secretary of State John Kerry, during a visit to Baghdad last Friday, pledged $155 million in new U.S. aid to Iraq and offered a show of political support to Iraq’s beleaguered Prime Minister Haider al-Abadi.

****

DefenseSystems: Given the classifications and operational security surrounding cyber operations, details on anti-ISIS activity in this domain are scant, though Carter added some information in a Pentagon press conference with reporters on Monday, saying the cyber component is aimed at disrupting ISIS’s command and control to cause them to lose confidence in their networks, as well as overloading their networks to limit their operational functionality. But given that the cyber tools are new, Carter said details are being kept under wraps, especially considering they are applicable to other conflicts globally.

Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford reiterated the point that DOD does not want to provide operational details in hopes of keeping the element of surprise. Dunford did say that, conceptually, DOD is trying to isolate ISIS in the same way it is trying to so in the physical space.

Both Dunford and Carter said that the capabilities being used against ISIS, and others globally, are exactly why the U.S. Cyber Command was established in the first place. Dunford said the command is building an inventory of tools to be used in cyberspace going forward.

Carter has said previously that the Defense Department will look to take the fight to ISIS in the cyber domain, even resorting to targeting members of ISIS’s hacking cadre with bombs. However, it is still believed that ISIS’ cyber capabilities remain low, limited to merely website defacements and denial-of-service attacks.

One concern, whether from nation-states or groups such as ISIS should they gain cyber acumen, is the targeting of U.S. critical infrastructure. “Although it’s not a popular target for people trying to make a profit – that’s good and bad, because the flip side is that the adversaries who are interested in potentially targeting critical infrastructure could potentially be more sophisticated adversaries,” Isaac Porche, associate director of the Forces and Logistics Program at RAND, told a panel of lawmakers last week. “So critical infrastructure today might have to deal with a more sophisticated threat than, let’s say, a hardware store might have to.”

Military and U.S. intelligence officials in the past have been careful about what, in their minds, the term “attack” connotes in cyberspace, potentially allowing conclusions to be drawn regarding current U.S. activity against ISIS. “Terminology and lexicon is very important in this space,” Adm. Michael Rogers, the head of the National Security Agency and Cyber Command, told the House Intelligence Committee last year.“And many times I’ll hear people throw out ‘attack’ and ‘act of war’ and I go, ‘That’s not necessarily in every case how I would characterize the activity that I see’.”

Director of National Intelligence James Clapper has said previously that the hack and theft of millions of records from the Office of Personnel Management did not constitute an attack, because it did not result in the destruction of systems, infrastructure or data.

“We generally look at all cyber events and we define it as an attack. In many cases you can do reconnaissance, you can do espionage, you can do theft in this domain we call cyberspace,” Director of the Defense Intelligence Agency Lt. Gen. Vincent Stewart told lawmakers recently. “But the reaction always is, whether it’s an adversary doing reconnaissance, an adversary trying to conduct a [human intelligence] operations in this domain, we define it as an attack and I don’t think that’s terribly helpful.”

Dept of Energy Computers, ah Really Nuclear Management

Posted on by

We often wonder just what kind of work the Department of Justice is doing if so many of the cases and crimes in the news never seem to have real consequences for the criminal…ahem Holder and Hillary.

Anyway, we will never know the scope of crimes that really do occur across the country and for sure those against the homeland from a foreign power or rogue actors.

There was the recent posting on this site about the industrial espionage or rather agricultural espionage by China against our farmers. Then there is the matter of drug cartels and money laundering.  For sure you can think of other cases and your comments are welcome.

Rarely do we understand the matter of cyber intrusions or attacks. The case noted below is but one such case.

Justice News

Department of Justice
U.S. Attorney’s Office
District of Columbia
FOR IMMEDIATE RELEASE
Monday, April 11, 2016

Former U.S. Nuclear Regulatory Commission Employee Sentenced To Prison for Attempted Spear-Phishing Cyber-Attack On Department of Energy Computers

            WASHINGTON – Charles Harvey Eccleston, 62, a former employee of the U.S. Department of Energy (DOE) and the U.S. Nuclear Regulatory Commission (NRC), was sentenced today to 18 months in prison on a federal charge stemming from an attempted e-mail “spear-phishing” attack in January 2015 that targeted dozens of DOE employee e-mail accounts.

The sentencing was announced by Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Channing D. Phillips of the District of Columbia, and Assistant Director in Charge Paul M. Abbate of the FBI’s Washington Field Office.

Eccleston pleaded guilty on Feb. 2, 2016, in the U.S. District Court for the District of Columbia, to one count of attempted unauthorized access and intentional damage to a protected computer.  In his guilty plea, Eccleston admitted scheming to cause damage to the computer network of the DOE through e-mails that he believed would deliver a computer virus to particular employees.  An e-mail spear-phishing attack involves crafting a convincing e-mail for selected recipients that appears to be from a trusted source and that, when opened, infects the recipient’s computer with a virus.

In addition to the prison time, U.S. District Judge Randolph D. Moss ordered Eccleston to forfeit $9,000, an amount equal to the sum the FBI provided to Eccleston during the course of the undercover investigation. Following his prison term, Eccleston will be placed on three years of supervised release.

“Eccleston’s sentence holds him accountable for his attempt to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” said Assistant Attorney General Carlin.  “One of our highest priorities in the National Security Division remains protecting our national assets from cyber intrusions.  We must continue to evolve and remain vigilant in our efforts and capabilities to confront cyber-enabled threats and aggressively detect, disrupt and deter them.”

“Charles Harvey Eccleston is a scientist and former government employee who was willing to betray his country and his former employer out of spite,” said U.S. Attorney Phillips.  “His attempts to sell access to sensitive computer networks demonstrate why the government must be so vigilant to prevent cyber-attacks. Thanks to the FBI, this defendant was apprehended before he could do any damage. Together with our law enforcement partners, we will continue to make the detection and prevention of cyber-crimes a top priority.”

“Today’s sentencing sends a powerful message that no one will be allowed to sabotage the U.S. Government’s cyber infrastructure or threaten our national security through the illicit sale of information to a foreign intelligence service,” said Assistant Director in Charge Abbate.  “The FBI will continue to investigate and pursue those who attempt to disclose sensitive knowledge about our nation’s information systems and bring them to justice.”

Eccleston, a U.S. citizen who had been living in Davao City in the Philippines since 2011, was terminated from his employment at the NRC in 2010.  He was detained by Philippine authorities in Manila, Philippines, on March 27, 2015, and deported to the United States to face U.S. criminal charges.  He has been in custody ever since.

According to court documents, Eccleston initially came to the attention of the FBI in 2013 after he entered a foreign embassy in Manila and offered to sell a list of over 5,000 e-mail accounts of all officials, engineers and employees of a U.S. government energy agency.  He said that he was able to retrieve this information because he was an employee of a U.S. government agency, held a top secret security clearance and had access to the agency’s network.  He asked for $18,800 for the accounts, stating they were “top secret.”  When asked what he would do if that foreign country was not interested in obtaining the U.S. government information the defendant was offering, the defendant stated he would offer the information to China, Iran or Venezuela, as he believed these countries would be interested in the information.

Thereafter, Eccleston met and corresponded with FBI undercover employees who were posing as representatives of the foreign country.  During a meeting on Nov. 7, 2013, he showed one of the undercover employees a list of approximately 5,000 e-mail addresses that he said belonged to NRC employees.  He offered to sell the information for $23,000 and said it could be used to insert a virus onto NRC computers, which could allow the foreign country access to agency information or could be used to otherwise shut down the NRC’s servers.  The undercover employee agreed to purchase a thumb drive containing approximately 1,200 e-mail addresses of NRC employees; an analysis later determined that these e-mail addresses were publicly available.  The undercover employee provided Eccleston with $5,000 in exchange for the e-mail addresses and an additional $2,000 for travel expenses.

Over the next several months, Eccleston corresponded regularly by e-mail with the undercover employees.  A follow-up meeting with a second undercover employee took place on June 24, 2014, in which Eccleston was paid $2,000 to cover travel-related expenses.  During this meeting, Eccleston discussed having a list of 30,000 e-mail accounts of DOE employees.  He offered to design and send spear-phishing e-mails that could be used in a cyber-attack to damage the computer systems used by his former employer.

Over the next several months, the defendant identified specific conferences related to nuclear energy to use as a lure for the cyber-attack, then drafted emails advertising the conference.  The emails were designed to induce the recipients to click on a link which the defendant believed contained a computer virus that would allow the foreign government to infiltrate or damage the computers of the recipients.  The defendant identified several dozen DOE employees whom he claimed had access to information related to nuclear weapons or nuclear materials as targets for the attack.

On Jan. 15, 2015, Eccleston sent the e-mails he drafted to the targets he had identified.  The e-mail contained the link supplied by the FBI undercover employee which Eccleston believed contained a computer virus, but was, in fact, inert.  Altogether, the defendant sent the e-mail he believed to be infected to approximately 80 DOE employees located at various facilities throughout the country, including laboratories associated with nuclear materials.

Eccleston was detained after a meeting with the FBI undercover employee, during which Eccleston believed he would be paid approximately $80,000 for sending the e-mails.

The investigation was conducted by the FBI’s Washington Field Office with assistance from the NRC and DOE.  The case is being prosecuted by Assistant U.S. Attorney Thomas A. Gillice of the District of Columbia and Trial Attorney Julie A. Edelstein of the National Security Division’s Counterintelligence and Export Control Section.  Trial Attorney Scott Ferber of the National Security Division’s Counterintelligence and Export Control Section assisted in the investigation of this matter.  The Department of Justice’s Office of International Affairs and the government of the Philippines also provided significant assistance.