Update: Today, February 14, Jonathan Toebbe entered a plea of guilty to a single count of conspiracy to communicate restricted data. The maximum penalty to which he will be exposed is imprisonment for a term of not more than life, though the agreed sentencing range between the DOJ and his attorneys is 151-210 months and a fine of not more than $100,000. His spouse, Diana Toebbe, has not, as yet, entered an updated plea.

The DOJ announced on October 10 that Jonathan and Diana Toebbe were arrested for attempting to sell nuclear submarine technologies to “a person they believed was a representative of a foreign power” in violation of the Atomic Energy Act.  DOJ advises that the person the Toebbes engaged with for almost a year was in actuality an undercover FBI agent.

Highlighting the importance of this specific case, the U.S. Attorney General Merrick B. Garland commented, “The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation. The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service, and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice.”

What did the Toebbes attempt to pedal?

The Toebbes attempted to sell “Restricted Data” concerning the design of nuclear powered warships. DoJ described Toebbe as a nuclear engineer assigned to the “Naval Nuclear Propulsion Program”, who holds an active Top Secret security clearance through the DoD and has an active Q clearance from the Department of Energy,  which provided to him access to Restricted Data described as, “naval nuclear propulsion including information related to military sensitive design elements, operating parameters, and performance characteristics of the reactors for nuclear powered warships.”  The criminal complaint notes that from October 2012 through October 2021, Toebbe worked on matters dealing with nuclear propulsion.

How was Toebbe discovered?

A friendly foreign government is responsible for the discovery of this insider within the U.S. Navy’s nuclear power program. On December 20, 2020, the FBI legal attaché (the FBI’s representative, assigned to the U.S. Embassy in a given country) in an unidentified country,  was provided a package by the host country’s representatives which they had received from Toebbe and in which Toebbe had requested the package to be forwarded to the country’s military intelligence agency. The package, mailed on April 1, 2020 contained:

  • U.S. Navy documents
  • An SD Card containing instructions on Toebbe wished the country’s representatives to communicate using an encrypted communications platform
  • Letter – which described how Toebbe wished to sell CONFIDENTIAL information to include “printouts, digital media files containing technical details, operations manuals and performance reports.”

According to the criminal complaint, Toebbe wrote: “I apologize for this poor translation into your language. Please forward this letter to your military intelligence agency. I believe this information will be of great value to your nation. This is not a hoax.

On December 23, 2020, the FBI found “three keys located on the SD card: Alice Hill — Public Key, Bob Burns — Private Key, and a ProtonMail Public Key.” The Bob Burns – Private Key contained two sub-keys, one for certification and the other for encryption. The Proton Mail Public Key also had two sub-keys.

The FBI set the hook with their December 26, 2020 encrypted email to Toebbe, signed Bob: “We received your letter. We want to work with you. It has been many months, so we need to know if you are still out there. Please respond to this message, then we will provide instruction how to proceed.”  Many weeks passed, and then Alice (Toebbe) responded on February 10, 2021, “Thank you for contacting me. I am still here. The covid disease has made it more difficult to find chances to check this email. Let us discuss how to proceed.”

The FBI then asked for specific sample of information from the U.S. Navy and suggested a “trusted friend” would pick up and provide a “gift to compensate” Toebbe. He responded a week later, and declined the communications plan, saying he did not want face-to-face meetings, as they were too dangerous and suggested “exchanging gifts electronically, for mutual safety.” He then suggested he upload documents to a secure cloud server and provide the encryption key. Toebbe requested that $100,000 be deposited in a Monero cryptocurrency account. Interestingly, Toebbe chose the dollar amount as he believed the amount would prove to him that he was dealing with his desired contact and not an “unwelcomed third party.” Furthermore he characterized his engagement as “risking my life for your benefit.”

What followed, as detailed in the criminal complaint, is text-book impersonal communications between a hyper-vigilante volunteer and the FBI who was focused on ensuring Toebbe engaged in actions which allowed for positive identification. The back and forth from early-April through early-June 2020 were focused on getting Toebbe to service a dead drop under the FBI’s control. The key to the FBI convincing Toebbe that they were who they said they were (the foreign government) was the offer to set a “signal” which would confirm to him he was dealing with the “target country.” This was agreed to and Toebbe traveled to Washington D.C. and read a signal placed by the FBI at an establishment controlled by the cooperative country in Washington D.C. This, coupled with a good faith deposit of $10,000 into his Monero account (June 10) and then the promise of another $20,000 once he delivered the requested information, satisfied Toebbe’s needs, and he agreed to accept a dead drop location. He also told the FBI he was close to Baltimore and not Pittsburgh (from where his package had been mailed).

The 2021 Toebbe dead drops LEading to Arrest

  • On June 26, Toebbe “physically serviced a dead drop location in Jefferson Country, WV. Accompanying Toebbe was his wife, Diana Toebbe who served as a lookout while he completed the drop. The FBI observed the Toebbes in the vicinity of the dead drop from 9:44 through 11:22, arriving in a vehicle registered to Jonathan Toebbe. The drop contained a “16GB SanDisk SD” which was concealed in half of a peanut butter sandwich within a plastic bag. On June 28, the FBI paid Toebbe the $20,000, and Toebbe provided the crypto key to read the data on the SD card, which contained classified information, some of which was specific to the Virginia-class submarine reactors.
  • On July 31, Toebbe serviced a second dead drop and again provided classified information via SD card (32GB) in south-Central Pennsylvania. The Toebbes again worked as a team, with Jonathan loading the drop in the “FBI designed container” while his spouse kept watch. Within the SD card was a long letter where he expressed his continued mistrust, yet looked forward to a long-term relationship which he expected would put as much as $5 million into his hands.
  • On August 28, Jonathan Toebbe, alone, serviced a dead drop where he placed an SD card into an FBI prepared container. On the August 29, the FBI received the password after having deposited $70,000 into Toebbe’s Monero account, bringing the total received to date to $100,000. Again, the information surrounded the schematics of the Virginia-class submarines. Toebbe wrote another long letter, in which he detailed how his family had cash and passports available for a sudden departure, should such be necessary, and that he wished, should it become necessary, “for your help extracting me and my family.”
  • “FBI arrested Jonathan and Diana Toebbe on October 9, after he placed yet another SD card at a pre-arranged “dead drop” at a second location in West Virginia.”

Insider Threat Program Failure

Of note for FSOs was how Toebbe detailed how he took steps to avoid the communications networks which could be associated with him, and only used public WiFi and TOR connections along with Proton mail. He also outlined the thousands of pages of documents he had in his possession, all of which would have required him to download in some manner from the classified networks to which he had in his possession.

The insider threat program within the offices to which Toebbe was assigned did not detect his actions. The criminal complaint details Toebbe’s explanation on his acquisition of the information:

I was extremely careful to gather the files I possess slowly and naturally in the routine of my job, so nobody would suspect my plan. We received training on warning signs to spot insider threats. We made very sure not to display even a single one. I do not believe any of my former colleagues would suspect me, if there is a future investigation.

Perhaps had Toebbe chosen a different foreign country, we’d never have learned of his breach of trust, and U.S. secrets would be flowing abroad.  At this juncture, the neutralization of a very real insider threat was neutralized due to the decision by a foreign government to reveal that Toebbe had volunteered his services.


Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com