US nuke sub plans leaked on SD card hidden in peanut butter sandwich, claims FBI

Docs were smuggled past security and sold for $110K of Monero after ProtonMail exchanges between 'Alice and 'Bob'


The United States Department of Justice has announced a leak of information pertaining to the design of the nuclear-powered Virginia-class submarine, and the arrest of the alleged leakers.

A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship".

That foreign power shared the communication with an FBI legal attaché, which found itself looking at a letter sent by Toebbe in April 2020. The letter included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.

"Please forward this letter to your military intelligence agency. I believe this information will be of great value to your nation," the letter stated, helpfully adding "This is not a hoax" - because it kind of reads like it would be.

The FBI appears to have decided to string Toebbe along. After some clandestine back and forth, plenty of encrypted email, and a payment of $10,000 in cryptocurrency, Toebbe and his wife Diana loaded the relevant info onto an SD card and left it at a dead drop.

"The SD card was wrapped in plastic and placed between two slices of bread on a half of a peanut butter sandwich," the DoJ's Criminal Complaint states

Another SD card was later delivered, hidden in a packet of chewing gum. After that delivery, Toebbe was sent another $70K in crypto.

After each delivery Toebbe sent a decryption key. The keys worked and the FBI determined that the cards contained "Restricted Data related to submarine nuclear reactors".

The Toebbes were arrested and charged on October 9th.

The accused pair used ProtonMail to communicate with their "buyer" and used the pseudonym "Alice" in mails to their "buyer". The FBI, showing a tiny bit of network and crypto savvy, used the pseudonym "Bob" to reply.

The Toebbes liked the info Bob fed to them, especially when arrangements for dead drops were suggested, praising the care their buyer employed.

The FBI also kept the pair onside by paying them plenty of money — $110,000 worth of Monero made its way from the Bureau to the Toebbes, who advised the cryptocurrency offered "excellent deniability".

During correspondence between Alice and Bob, Jonathan Toebbe is alleged to have explained how he got the Restricted info as follows:

This information was slowly and carefully collected over several years in the normal course of my job to avoid attracting attention and smuggled past security checkpoints a few pages at a time.

Some security personnel probably aren't getting a pay rise this year.

But at least those personnel aren't alone in having failed to protect military secrets escaping: admins in the forums for vehicular combat game "War Thunder" have had to remind posters not to share classified documents after a former member of France's military allegedly shared a manual for the Leclerc battle tank to settle an argument about whether its performance was represented accurately in the game. ®

Narrower topics


Other stories you might like

  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining science, no

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading
  • Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

    Exploit, vulnerability discussion online can offer useful signals

    Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

    Better still is prioritizing the repair of vulnerabilities for which exploit code is available, if that information is known.

    CVSS is a framework for rating the severity of software vulnerabilities (identified using CVE, or Common Vulnerability Enumeration, numbers), on a scale from 1 (least severe) to 10 (most severe). It's overseen by First.org, a US-based, non-profit computer security organization.

    Continue reading

Biting the hand that feeds IT © 1998–2022