Undercover FBI agent exposes nuclear engineer's espionage plans

A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent.

However, Jonathan and Diana Toebbe (the two defendants) sold the confidential information (including printouts, digital media files containing technical details, operations manuals, and performance reports) to an undercover FBI agent.

Jonathan Toebbe served as a nuclear engineer assigned to the Naval Nuclear Propulsion Program, also known as Naval Reactors, of the Department of the Navy. He also had access to restricted data since he held an active national security clearance through the U.S. Department of Defense.

While working as a Navy nuclear engineer, Toebbe had access to naval nuclear propulsion information, including military sensitive design elements, operating parameters, and performance characteristics for nuclear-powered warships' reactors.

Encrypted emails and undercover agents

The exchange started with a package sent to a foreign government on April 1, 2020, containing "U.S. Navy documents, a letter containing instructions, and an S.D. card containing specific instructions on how COUNTRY 1 should respond using an encrypted communication platform, and additional documents."

According to court documents, the FBI's attaché in the unspecified country informed the FBI, which, in December 2020, initiated contact with Jonathan Toebbe via encrypted ProtonMail email through an undercover agent posing as a representative of COUNTRY 1.

In the following email exchanges (between April and June 2021), the FBI asked the defendant to deliver additional confidential U.S. Navy information to a dead drop location.

Toebbe eventually agreed after asking to be paid in Monero cryptocurrency and deliver it to a "dead drop" location in Jefferson County, West Virginia.

"The samples will be encrypted using GnuPG symmetric encryption with a randomly generated passphrase," Toebbe told the undercover agent via encrypted email. "I will tell you the location and how to find the card. I will also give you a Monero address. I am very aware of the risks of blockchain analysis of BitCoin and other cryptocurrencies, and believe Monero gives both us excellent deniability."

Before agreeing to deliver the encrypted documents at a dead drop location, the defendant also expressed concern that he might be communicating with someone different from the foreign power agent he believed he was sending the confidential data to.

"I am sorry to be so stubborn and untrusting, but I can not agree to go to a location of your choosing," he said. "I must consider the possibility that I am communicating with an adversary who has intercepted my first message and is attempting to expose me."

"Would not such an adversary wish me to go to a place of his choosing, knowing that an amateur will be unlikely to detect his surveillance? If you insist on my physically delivering the package, then it must be a place of my choosing."

The dead drops

On June 26, with his spouse acting as a lookout, Jonathan Toebbe placed an S.D. card concealed in half a peanut butter sandwich at the pre-arranged dead drop location.

"On Aug. 28, Jonathan Toebbe made another "dead drop" of an S.D. card in eastern Virginia, this time concealing the card in a chewing gum package. After making a payment to Toebbe of $70,000 in cryptocurrency, the FBI received a decryption key for the card," a Department of Justice press release says.

Jonathan and Diana Toebbe, of Annapolis, Maryland, were arrested by the FBI and the Naval Criminal Investigative Service (NCIS) on Saturday, October 9, after he delivered yet another S.D. card at a pre-arranged "dead drop" at a second location in West Virginia.

"The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation," Attorney General Merrick B. Garland said.

"The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice."

Related Articles:

Russian hackers target German political parties with WineLoader malware

North Korea hacks two South Korean chip firms to steal engineering data

North Korean hackers linked to defense sector supply-chain attack

Stealthy KV-botnet hijacks SOHO routers and VPN devices