Risk
1/27/2009
04:48 PM
Connect Directly
RSS
E-Mail
50%
50%

Former Energy Worker Admits Trying To Sell Nuclear Secrets

Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000

A former janitor at a U.S. Department of Energy (DOE) site yesterday pleaded guilty to stealing information and equipment for developing nuclear systems and attempting to sell it to a foreign government.

Just a day before his trial was set to begin, Roy Lynn Oakley, 67, changed his plea and pleaded guilty in a U.S. District Court in Knoxville, Tenn., to unlawful disclosure of restricted data under the Atomic Energy Act. Oakley admitted to offering classified data and equipment for producing highly enriched uranium to an FBI undercover officer who was posing as a French government agent. Oakley was asking $200,000 for the information.

According to the plea agreement, Oakley had been employed as a laborer and escort by Bechtel Jacobs at the East Tennessee Technology Park (ETTP) in Oak Ridge, Tenn. The ETTP, formerly known as Y-25, had previously been operated by the DOE as a facility to produce highly enriched uranium.

While employed at the ETTP in 2006 and 2007, Oakley had a security clearance that gave him access to classified and protected materials, including instruments, appliances, and information relating to the gaseous diffusion process for enriching uranium. Some of the materials and information to which Oakley had access were classified as "Restricted Data" under the Atomic Energy Act -- any disclosure of which was illegal, the plea agreement says. While he worked at the ETTP, Oakley had been instructed and informed that this Restricted Data could not be disclosed.

In January 2007, Oakley contacted the French Embassy and consulates in several U.S. cities to determine the country's interest in purchasing the nuclear data and equipment, according to the plea agreement. The French government contacted the FBI and set up a sting in which an FBI agent posed as a French government agent.

In recorded calls and during a face-to-face meeting with the FBI undercover agent, Oakley stated that he had taken certain parts of uranium enrichment fuel rods or tubes and other associated hardware items from the ETTP work site, and that he wanted to sell these materials for $200,000 to the foreign government. Once Oakley handed over the pieces of tubes and associated items to the undercover FBI agent and received $200,000 in cash, he was confronted by FBI agents and admitted to his efforts to sell the materials.

The materials Oakley had tried to sell to a foreign government were, in fact, pieces of equipment known as "barrier" and associated hardware items that play a crucial role in the production of highly enriched uranium -- a special nuclear material -- through the gaseous diffusion process. In his role as a janitor, Oakley was supposed to have broken up the barrier for disposal. But Oakley says he knew the gaseous diffusion process used in the U.S. is better than the methods currently used in France, and he therefore stole four of the barrier tubes and offered to sell them to French agents.

The maximum penalty for violation of the Atomic Energy Act by disclosing Restricted Data is a maximum of 10 years imprisonment and a criminal fine of $250,000. A sentencing hearing has been set for May 14. If the court accepts the plea agreement, Oakley will serve six years in prison and three years on supervised release.

"Today's guilty plea should serve as a strong warning to anyone who would consider selling restricted U.S. nuclear materials to foreign governments," says Matthew Olsen, Acting Assistant Attorney General for National Security. "The facts of this case demonstrate the importance of safeguarding America's atomic energy data and pursuing aggressive prosecutions against those who attempt to breach those safeguards."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-4514
Published: 2014-10-21
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.