A former Department of Energy (DOE) employee pleaded guilty in the U.S. District Court for the District of Columbia for attempting spearphishing attacks against other DOE workers.
Charles Harvey Eccleston pleaded guilty to one charge of attempted unauthorized access and intentional damage to a protected computer, according to the U.S. Department of Justice. Eccleston faces between 24 to 30 months in prison and can be fined up to $95,000. He is scheduled to be sentenced on April 18.
The case spanned three years and included Eccleston plotting to take down the DOE's computer system through a spearphishing attack.
Eccleston's case began in 2013 when he was a staffer for the DOE's Nuclear Regulatory Commission. At that time he attempted to sell 5,000 email accounts belonging to people working for an undisclosed U.S. government energy agency to a foreign government, the DOJ said. The nation in question asked what he would do if they declined his offer and Eccleston said he would simply try another government.
A Federal Bureau of Investigation undercover agent posing as a foreign agent then met and corresponded with Eccleston to discuss the purchase of various amounts of DOE email addresses. At one time, he offered up a list of 30,000 DOE email accounts, including people he claimed had access to nuclear weapons intelligence. In several of the cases the emails were, in fact, publicly available. He then told the agent he could also design and implement a spearphishing campaign that could be used to attack and damage the DOE computer network.
Eccleston, working with the FBI, came up with a plan to send supposedly infected emails to about 80 DOE workers. After the inert emails were sent and received, Eccleston met with the FBI to obtain his $80,000 fee for pulling off the job, but he was instead arrested.