A former employee of
the US Nuclear Regulatory Commission (NRC) was sentenced to 18 months
for attempting a spear-phishing attack against Department of Energy
computers that contained information on nuclear weapons, the Department
of Justice announced in statement.
A spear-phishing attack is a method of infecting a target
computer by sending an email purporting to be from a trusted source
that, when opened, infects the recipient's computer with a virus.
"[Charles Harvey] Eccleston’s sentence holds
him accountable for his attempt to compromise, exploit and damage US
government computer systems that contained sensitive nuclear
weapon-related information," Assistant US Attorney General for National
Security John Carlin said on Monday.
Carlin added that Eccleston attempted the breach with the intent of
"allowing foreign nations to gain access to that information or
to damage essential systems."
In 2015, Eccleston was arrested by undercover Federal Bureau
of Investigation (FBI) agents with whom he had been communicating,
believing them to be representatives from a foreign government.
Eccleston had offered to sell the agents information in 2013 that a
foreign government could use to insert a virus into NRC computers,
allowing them to shut down the NRC’s servers or obtain nuclear
information.
A year later, Eccleston also offered to carry out a spear-phishing
attack against some 30,000 computers belonging to Energy Department
employees in exchange for money.
Eccleston pleaded guilty in February to one count of unauthorized access and intentional damage to a protected computer.
US attorneys said Eccleston was acting out of spite in retaliation for being terminated from his job at the NRC in 2010.