Risk
1/27/2009
04:48 PM
Connect Directly
RSS
E-Mail
50%
50%

Former Energy Worker Admits Trying To Sell Nuclear Secrets

Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000

A former janitor at a U.S. Department of Energy (DOE) site yesterday pleaded guilty to stealing information and equipment for developing nuclear systems and attempting to sell it to a foreign government.

Just a day before his trial was set to begin, Roy Lynn Oakley, 67, changed his plea and pleaded guilty in a U.S. District Court in Knoxville, Tenn., to unlawful disclosure of restricted data under the Atomic Energy Act. Oakley admitted to offering classified data and equipment for producing highly enriched uranium to an FBI undercover officer who was posing as a French government agent. Oakley was asking $200,000 for the information.

According to the plea agreement, Oakley had been employed as a laborer and escort by Bechtel Jacobs at the East Tennessee Technology Park (ETTP) in Oak Ridge, Tenn. The ETTP, formerly known as Y-25, had previously been operated by the DOE as a facility to produce highly enriched uranium.

While employed at the ETTP in 2006 and 2007, Oakley had a security clearance that gave him access to classified and protected materials, including instruments, appliances, and information relating to the gaseous diffusion process for enriching uranium. Some of the materials and information to which Oakley had access were classified as "Restricted Data" under the Atomic Energy Act -- any disclosure of which was illegal, the plea agreement says. While he worked at the ETTP, Oakley had been instructed and informed that this Restricted Data could not be disclosed.

In January 2007, Oakley contacted the French Embassy and consulates in several U.S. cities to determine the country's interest in purchasing the nuclear data and equipment, according to the plea agreement. The French government contacted the FBI and set up a sting in which an FBI agent posed as a French government agent.

In recorded calls and during a face-to-face meeting with the FBI undercover agent, Oakley stated that he had taken certain parts of uranium enrichment fuel rods or tubes and other associated hardware items from the ETTP work site, and that he wanted to sell these materials for $200,000 to the foreign government. Once Oakley handed over the pieces of tubes and associated items to the undercover FBI agent and received $200,000 in cash, he was confronted by FBI agents and admitted to his efforts to sell the materials.

The materials Oakley had tried to sell to a foreign government were, in fact, pieces of equipment known as "barrier" and associated hardware items that play a crucial role in the production of highly enriched uranium -- a special nuclear material -- through the gaseous diffusion process. In his role as a janitor, Oakley was supposed to have broken up the barrier for disposal. But Oakley says he knew the gaseous diffusion process used in the U.S. is better than the methods currently used in France, and he therefore stole four of the barrier tubes and offered to sell them to French agents.

The maximum penalty for violation of the Atomic Energy Act by disclosing Restricted Data is a maximum of 10 years imprisonment and a criminal fine of $250,000. A sentencing hearing has been set for May 14. If the court accepts the plea agreement, Oakley will serve six years in prison and three years on supervised release.

"Today's guilty plea should serve as a strong warning to anyone who would consider selling restricted U.S. nuclear materials to foreign governments," says Matthew Olsen, Acting Assistant Attorney General for National Security. "The facts of this case demonstrate the importance of safeguarding America's atomic energy data and pursuing aggressive prosecutions against those who attempt to breach those safeguards."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio
Listen Now A Grown-Up Conversation About Passwords
A Grown-Up Conversation About Passwords