Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Former Energy Worker Admits Trying To Sell Nuclear Secrets

Janitor pleads guilty to offering next-generation nuclear materials to France in exchange for $200,000

A former janitor at a U.S. Department of Energy (DOE) site yesterday pleaded guilty to stealing information and equipment for developing nuclear systems and attempting to sell it to a foreign government.

Just a day before his trial was set to begin, Roy Lynn Oakley, 67, changed his plea and pleaded guilty in a U.S. District Court in Knoxville, Tenn., to unlawful disclosure of restricted data under the Atomic Energy Act. Oakley admitted to offering classified data and equipment for producing highly enriched uranium to an FBI undercover officer who was posing as a French government agent. Oakley was asking $200,000 for the information.

According to the plea agreement, Oakley had been employed as a laborer and escort by Bechtel Jacobs at the East Tennessee Technology Park (ETTP) in Oak Ridge, Tenn. The ETTP, formerly known as Y-25, had previously been operated by the DOE as a facility to produce highly enriched uranium.

While employed at the ETTP in 2006 and 2007, Oakley had a security clearance that gave him access to classified and protected materials, including instruments, appliances, and information relating to the gaseous diffusion process for enriching uranium. Some of the materials and information to which Oakley had access were classified as "Restricted Data" under the Atomic Energy Act -- any disclosure of which was illegal, the plea agreement says. While he worked at the ETTP, Oakley had been instructed and informed that this Restricted Data could not be disclosed.

In January 2007, Oakley contacted the French Embassy and consulates in several U.S. cities to determine the country's interest in purchasing the nuclear data and equipment, according to the plea agreement. The French government contacted the FBI and set up a sting in which an FBI agent posed as a French government agent.

In recorded calls and during a face-to-face meeting with the FBI undercover agent, Oakley stated that he had taken certain parts of uranium enrichment fuel rods or tubes and other associated hardware items from the ETTP work site, and that he wanted to sell these materials for $200,000 to the foreign government. Once Oakley handed over the pieces of tubes and associated items to the undercover FBI agent and received $200,000 in cash, he was confronted by FBI agents and admitted to his efforts to sell the materials.

The materials Oakley had tried to sell to a foreign government were, in fact, pieces of equipment known as "barrier" and associated hardware items that play a crucial role in the production of highly enriched uranium -- a special nuclear material -- through the gaseous diffusion process. In his role as a janitor, Oakley was supposed to have broken up the barrier for disposal. But Oakley says he knew the gaseous diffusion process used in the U.S. is better than the methods currently used in France, and he therefore stole four of the barrier tubes and offered to sell them to French agents.

The maximum penalty for violation of the Atomic Energy Act by disclosing Restricted Data is a maximum of 10 years imprisonment and a criminal fine of $250,000. A sentencing hearing has been set for May 14. If the court accepts the plea agreement, Oakley will serve six years in prison and three years on supervised release.

"Today's guilty plea should serve as a strong warning to anyone who would consider selling restricted U.S. nuclear materials to foreign governments," says Matthew Olsen, Acting Assistant Attorney General for National Security. "The facts of this case demonstrate the importance of safeguarding America's atomic energy data and pursuing aggressive prosecutions against those who attempt to breach those safeguards."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0234
PUBLISHED: 2019-07-15
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of ...
CVE-2018-7838
PUBLISHED: 2019-07-15
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP C...
CVE-2019-6822
PUBLISHED: 2019-07-15
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6823
PUBLISHED: 2019-07-15
A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.
CVE-2019-6824
PUBLISHED: 2019-07-15
A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.