WASHINGTON D.C.
A former U.S. Nuclear Regulatory Commission employee who was arrested in the Philippines is facing federal charges of launching cyber attacks to cause damage to the computer network of the Department of Energy through a computer virus.
The indictment charged Charles Harvey Eccleston, a former employee of the Department of Energy and the U.S. Nuclear Regulatory Commission, with an attempted email “spear-phishing” attack in January 2015, targeting dozens of Department of Energy employee e-mail accounts.
Eccleston, 62, a U.S. citizen who had been living in Davos City in the Philippines since 2011, was terminated from his employment at the U.S. Nuclear Regulatory Commission in 2010.
“This former federal employee is charged with trying to launch a cyber-attack to steal sensitive information from the Department of Energy,” said Acting U.S. Attorney Vincent H. Cohen. “Thanks to an innovative operation by the FBI, no malicious code was actually transmitted to government computers. This prosecution demonstrates federal law enforcement’s vigorous efforts to neutralize cyber threats that put consumers, our economy, and our national security at risk.”
The indictment was unsealed, along with an earlier-filed complaint and affidavit, following Eccleston’s first appearance Thursday in federal court. He remains in custody. A hearing is scheduled for May 20, officials said.
The affidavit alleges that Eccleston sent those emails to more than 80 Department of Energy computers in January 2015. The FBI was able to ensure that no computer virus or malicious code was actually transmitted to the government computers, officials said.
The indictment charges Eccleston with a total of four felony offenses. These include three counts of crimes involving unauthorized access of computers.
According to the affidavit, the goal of the attack was to cause damage to the computer network of the Department of Energy through a computer virus that Eccleston believed was being delivered to particular department employees through emails, and to extract sensitive, nuclear weapons-related government information that Eccleston believed would be collected by a foreign country.
The attack targeted computers at the Department of Energy.
An email spear-phishing attack involves crafting a convincing email for selected recipients that appears to be from a trusted source and that, when opened, infects the recipient’s computer with a virus, officials stated.
Attackers may gather personal information about their target.
Eccleston was detained by Philippine authorities in Manila on March 27, 2015, and deported to the United States to face U.S. criminal charges.
According to the affidavit, Eccleston initially came to the attention of the FBI after he entered a foreign embassy and offered to provide classified information, which he claimed had been taken from the U.S. government.
Later, Eccleston met with FBI undercover employees who were posing as representatives of the foreign country. In exchange for payment, he offered to design and send spear-phishing e-mails that could be used to damage the computer systems used by his former employer and to extract sensitive information from them, according to officials.