Risk
1/27/2009
04:48 PM
50%
50%

Former Energy Worker Admits Trying To Sell Nuclear Secrets

Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000

A former janitor at a U.S. Department of Energy (DOE) site yesterday pleaded guilty to stealing information and equipment for developing nuclear systems and attempting to sell it to a foreign government.

Just a day before his trial was set to begin, Roy Lynn Oakley, 67, changed his plea and pleaded guilty in a U.S. District Court in Knoxville, Tenn., to unlawful disclosure of restricted data under the Atomic Energy Act. Oakley admitted to offering classified data and equipment for producing highly enriched uranium to an FBI undercover officer who was posing as a French government agent. Oakley was asking $200,000 for the information.

According to the plea agreement, Oakley had been employed as a laborer and escort by Bechtel Jacobs at the East Tennessee Technology Park (ETTP) in Oak Ridge, Tenn. The ETTP, formerly known as Y-25, had previously been operated by the DOE as a facility to produce highly enriched uranium.

While employed at the ETTP in 2006 and 2007, Oakley had a security clearance that gave him access to classified and protected materials, including instruments, appliances, and information relating to the gaseous diffusion process for enriching uranium. Some of the materials and information to which Oakley had access were classified as "Restricted Data" under the Atomic Energy Act -- any disclosure of which was illegal, the plea agreement says. While he worked at the ETTP, Oakley had been instructed and informed that this Restricted Data could not be disclosed.

In January 2007, Oakley contacted the French Embassy and consulates in several U.S. cities to determine the country's interest in purchasing the nuclear data and equipment, according to the plea agreement. The French government contacted the FBI and set up a sting in which an FBI agent posed as a French government agent.

In recorded calls and during a face-to-face meeting with the FBI undercover agent, Oakley stated that he had taken certain parts of uranium enrichment fuel rods or tubes and other associated hardware items from the ETTP work site, and that he wanted to sell these materials for $200,000 to the foreign government. Once Oakley handed over the pieces of tubes and associated items to the undercover FBI agent and received $200,000 in cash, he was confronted by FBI agents and admitted to his efforts to sell the materials.

The materials Oakley had tried to sell to a foreign government were, in fact, pieces of equipment known as "barrier" and associated hardware items that play a crucial role in the production of highly enriched uranium -- a special nuclear material -- through the gaseous diffusion process. In his role as a janitor, Oakley was supposed to have broken up the barrier for disposal. But Oakley says he knew the gaseous diffusion process used in the U.S. is better than the methods currently used in France, and he therefore stole four of the barrier tubes and offered to sell them to French agents.

The maximum penalty for violation of the Atomic Energy Act by disclosing Restricted Data is a maximum of 10 years imprisonment and a criminal fine of $250,000. A sentencing hearing has been set for May 14. If the court accepts the plea agreement, Oakley will serve six years in prison and three years on supervised release.

"Today's guilty plea should serve as a strong warning to anyone who would consider selling restricted U.S. nuclear materials to foreign governments," says Matthew Olsen, Acting Assistant Attorney General for National Security. "The facts of this case demonstrate the importance of safeguarding America's atomic energy data and pursuing aggressive prosecutions against those who attempt to breach those safeguards."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-7194
Published: 2014-11-20
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

CVE-2014-7195
Published: 2014-11-20
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via u...

CVE-2014-8000
Published: 2014-11-20
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?