On February 2, 2016, the U.S. Justice Department announced that Charles Harvey Eccleston, a former employee of the the U.S. Nuclear Regulatory Commission (NRC), pleaded guilty to an attempted e-mail “spearphishing” attack that targeted dozens of Department of Energy (DOE) employee e-mail accounts.
“Eccleston admitted that he attempted to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” said Assistant Attorney General Carlin.
What technology was Eccleston using? Spearphishing.
Thinking he was dealing with foreign agents, Eccleston assembled lists of targeted email address and crafted highly targeted emails for sale to undercover FBI agents. According to the Justice Department,
On Jan. 15, 2015, Eccleston sent the e-mails he drafted to the targets he had identified. The e-mail contained the link supplied by the FBI undercover employee which Eccleston believed contained a computer virus, but was, in fact, inert. Altogether, the defendant sent the e-mail he believed to be infected to approximately 80 DOE employees located at various facilities throughout the country, including laboratories associated with nuclear materials.
Eccleston was detained after a meeting with the FBI undercover employee, during which Eccleston believed he would be paid approximately $80,000 for sending the e-mails.
What would have happened if Eccleston’s customers were not undercover FBI Agents?