U.S. Navy engineer, wife charged with selling submarine secrets to an unidentified foreign country

A U.S. Navy nuclear engineer and his wife have been charged with selling secret information about nuclear submarines to an undercover FBI agent who posed as an operative for a foreign country, the Justice Department said on Sunday. 

Court records show that Jonathan Toebbe, 42, and his wife, 45, were arrested and charged Saturday after unwittingly communicated with FBI agents, passing along sensitive military secrets, mostly on Virginia-class submarine reactors.

The scheme nearly lasted a year, starting in December 2020, a month after the 2020 US presidential election.  

Toebbe held an active national security clearance through the Department of Defense, giving him access to restricted data. He would send the data to the unidentified country, labelled as ‘COUNTRY1’ in court documents.   

However, in December 2020, an FBI official received a package that had been sent to abroad from someone trying to establish ‘a covert relationship’ with a representative from the foreign country.   

The FBI analyzed the encryption keys that were in the SD card sent in the original package. 

There were three keys located on the SD card: Alice Hill — Public Key, Bob Burns — Private Key, and a ProtonMail Public Key. 

In cryptography, Alice and Bob are commonly used as placeholders in discussions about cryptographic protocols or systems. The FBI noted that the public key Alice Hill had two sub-keys. The first sub-key was used to sign and certify.

The private key Bob Burns had two sub-keys. The first sub-key was used to sign and certify. The second sub-key was used for encryption. The ProtonMail public key had two sub-keys.

ProtonMail is an end-to-end encrypted email service founded in 2013 in Geneva, Switzerland. ProtonMail uses client-side encryption to protect email content and user data before they are sent to the ProtonMail servers. 

Diane Toebbe (left), 45, and Jonathan Toebbe (right), were charged with espionage and violation of the Atomic Energy Act after leaking sensitive classified information to an unknown foreign country in December 2020, a month after the 2020 election

The leaked secrets contained "militarily sensitive design elements, operating parameters and performance characteristics of Virginia-class submarine reactors," according to a federal court affidavit.

The leaked secrets contained ‘militarily sensitive design elements, operating parameters and performance characteristics of Virginia-class submarine reactors,’ according to a federal court affidavit.

‘The package contained U.S. Navy documents, a letter containing instructions, and an SD card containing specific instructions on how COUNTRY1 should respond using an encrypted communication platform, and additional documents,’ investigators said in a court filing.

‘I apologize for this poor translation into your language. Please forward this letter to your military intelligence agency,’ the letter handed over to the FBI stated. ‘I believe this information will be of great value to your nation. This is not a hoax.’

Later, in April 2021, Toebbe sent another package, listing a return address in Pittsburgh, Pennsylvania. That package had a sample of restricted data and instructions for purchasing additional information.  

At one point, Toebbe hid a digital memory card containing documents about submarine nuclear reactors in half a peanut butter sandwich at a ‘dead drop’ location in West Virginia, while his wife acted as lookout, the Justice Department said.

The memory card contained ‘militarily sensitive design elements, operating parameters and performance characteristics of Virginia-class submarine reactors,’ according to a federal court affidavit.

Another memory card was found in a chewing gum package, the Justice Department said. After making a payment to Toebbe of $70,000 in cryptocurrency, the FBI received a decryption key for the card. 

Investigators said it also had restricted data related to submarine nuclear reactors. 

Toebbe received separate cryptocurrency payments totalling $100,000, according to the Justice Department. 

They were charged with conspiracy and ‘communication of restricted data,’ according to a criminal complaint.

No attorney for the Toebbes was listed in either the court documents or the Justice Department statement. 

The couple are scheduled to appear in a West Virginia federal court on Tuesday.

Emails exchanged between U.S. Navy Engineer and representative of unidentified country on Virginia-Class Submarine reactors  

Email 1:

I hope your experts are very happy with the sample provided and I understand the importance of a small exchange to grow our trust. Most of the material Ipossess is similar in format — multz~le pages per sheet. Drafted drawings are split over several regular sheets to preserve good detail. And I used color where it seemed important — like graphs with several lines. I expect your new communication instructions will be just as clear and safe as your drop instructions. However, I suggest you continue to monitor your Proton until I am able to establish contact with your new method. If there is a problem, I will use it to request help. All of my previous emails have been signed: Yours truly, Alice Ifit is ever necessary to Proton you again, I will end the email with Sincerely, Alice instead to assure you the message is from me and that Jam not under duress. For now, I propose we continue with weekend exchanges at suitable parks and trails, similar to this one. Details of my daily routine may narrow an investigator’s search too much of your organization is infiltrated by an adversary one day. Hiking and visiting historical sites is easier to explain than unexpected stops during rush hour if they ever take a special interest in me. we are to continue using this method of exchange long term, it is very important that I have as much flexibility in timing my deliveries as possible. I would like to create a natural legendfor my interest in visiting a particular place in the future — reading articles about ten fun things to do in Baltimore this month and ‘stumbling’ across a beautiful hike close to home, for example. Bad weather on one day might ruin that cover story. I hope you will forgive my excess caution. I want our relationship to be very successful for us both, and that means that I must be very careful at every step. 

Yours truly, 

Alice 

In addition, FBI analysis of the SD card showed that it contained metadata indicating that the card had been connected to a computer with the same version of Macintosh operating system as the SD card contained in the package postmarked April 1, 2020, and described in Paragraph 13 above.

As indicated above, the FBI determined that JONATHAN TOEBBE performed the June 26, 2021 dead drop described above. JONATHAN TOEBBE has worked for the U.S. government since 2012.

From October 2012 to the present, JONATHAN TOEBBE has worked on matters of naval nuclear propulsion. JONATHAN TOEBBE has been assigned to the Reactor Engineering Division of the U.S. Navy, which is responsible for new and operating reactor plant noise and vibration technology and for assisting with reactor plant shock technology and design, manufacturing, and testing. JONATHAN TOEBBE has also been assigned to Bettis Atomic Power Laboratory, a U.S. Government-owned research and development facility in the Pittsburgh suburb of West Mifflin, Pennsylvania that works exclusively on the design and development of nuclear power for the U.S. Navy. During one or both of these assignments, JONATHAN TOEBBE had access to the U.S. Navy information passed in both the physical letter to COUNTRY 1 as well as the electronic U.S. Navy information passed in the dead drops on June 26, 2021, and August 28, 2021, which is described below in paragraphs 52-64.

On September 28, 2017, JONATHAN TOEBBE was released/discharged from Active Duty and maintained a reserve obligation termination date of July 23, 2020. The reason listed for his separation was that JONATHAN TOEBBE completed his required active service. 46. On March 25, 2020, JONATHAN TOEBBE’s TS clearance was renewed. This renewal was just days before the April 1, 2020 postmark date on the package sent to COUNTRY1. 

Concurrent with its investigation into JONATHAN TOEBBE and DIANA TOEBBE, the FBI planned the next dead drop operation for south-central Pennsylvania. 48. On July 31, 2021, the FBI observed JONATHAN TOEBBE and DIANA TOEBBE travel from their Annapolis residence to south-central Pennsylvania, where JONATHAN TOEBBE was observed servicing a dead drop. While JONATHAN TOEBBE serviced the dead drop, DIANA TOEBBE was nearby. When JONATHAN TOEBBE finished servicing the dead drop, he signaled for DIANA TOEBBE to follow him as he departed the location. Within seconds, the FBI observed DIANA TOEBBE following JONATHAN TOEBBE as he departed the location of the dead drop. The FBI observed that JONATHAN TOEBBE and DIANA TOEBBE arrived and departed the area in the same vehicle used to travel to and from the dead drop location on June 26, 2021.

Later on the same date, July 31, 2021, the FBI recovered a 32GB SD card left by JONATHAN TOEBBE at the dead drop location. The SD card was hidden in a sealed Band-Aid wrapper with a Band-Aid inside a clear Zip Lock bag. The FBI had observed JONATHAN TOEBBE remove the Ziploc bag from his left shorts pocket, place the bag in an FBI-designed container, and remove a written message the FBI had placed in the container for him. 

The SD card contained the following typed message from ‘ALICE.’ The word [REDACTED] appears where the original message contained classified information or Restricted Data

You can not imaging [sic] my relief at finding your letter just where you told me to look! Indeed~ this has been a long journey and Jam very happy to have a reliable professional partner in you. Jam sure my unconventional approach was worrying your superiors. Thank you for taking the risks you have to build the mutual trust we need to move forward. I appreciate your compliment of my efforts to secure our communication. It was very challengingfor an amateur to quietly gather information on how to reach you. Now that we have established a more secure method to write, please tell me if I make a mistake or if you have advice on how to accomplish a task so that I can improve my skills and reduce our shared risk. For example, thank you for the reminder to use cash only. I have been doing so at every step, and do not feel insulted at all. Since my seif education is sure to have gaps, it is likely I will not know all things that are simple and obvious to you. You have anticipated my need for flexibility in timing deliveries perfectly. Use of the new Proton with the code method in your letter is a good solution. My new Proton is actually an old one I established quietly with a cash only burner phone while on vacation several years ago. My original contact plan was to give the login details to you, but I abandoned it as needlessly complicated. So it has been unused ever since for any purpose except to sign up for a few innocent~, randomly chosen mailing lists to generate regular uninteresting traffic. I will continue to use public WiFi and the TOR .onion connection to Proton to prevent an adversary from watching TOR entrance/exit nodes. In your letter you requested I send two Protons: one with the Monero address and one with the decryption key. On the last SD card, I included the Monero address in the unencrypted file 1.txt. My idea was: your payment for the right amount to the right address tells me you successfully retrieved the card, and my sending the key tells you I have received your letter and payment and am ready to take the next step. The only small advantage to my plan is you do not need to wait for my Proton with address. Is there a reason it is safer to send address separate from encrypted data? I will follow the plan in your letter unless you think it is better to change.

As I said in my last letter I hope your experts are very happy with the sample provided. In total, Ipossess the following documents: 1. [REDACTED] 374 pages (4 pages per shee4 as with sample). Note the table of contents indicates there are additional sections [REDACTED]. They were not included in files I had normal access to since they relate mostly to the reactor heavy equipment and there was no plausible reason for me to request them in my job. As this document is only a high level summary of the [REDACTED] design, the missing sections are of little importance. 2. [REDACTED] 1032 sheets. Every page of every drawing listed in section [REDA CTED] is there. To preserve good detail~ I scaled the drawings to fit one large drawing page over several normal sheets. All [REDACTED] are present. 3. [REDA CTED] 7919 pages (4 pages per sheet). The [REDA CTED] reports the detailed results of all [REDACTED] done to predict the behavior of the [REDACTED] during normal [REDACTED]. The [REDACTED] also documents the design basis assumptions used to carry out these analyses. Your technical experts should be able to use this information and the [REDACTED] to ver~5~’ the results using their own [REDACTED] codes. 4. [REDACTED] 1940 sheets — a mix of schematics and drawings (spread over multiple sheets for legibility,), operating procedure (2 pages per sheet), and descriptive chapters (4 pages per sheet). The [REDACTED] is the [REDACTED] provided to US. Navy crews. How to operate [REDACTED]. How to [REDACTED]. Troubleshooting problems. Routine Maintenance. Your naval experts will be able to adapt these procedures to fit your own operations. Operating a [REDACTED] has many unique aspects, and the [REDACTED] reflects decades of US. Navy ‘lessons learned’ that will help keep your sailors safe. 5. [REDACTED]. Similar informat and scope to the [REDACTED] they are high level summaries. I did not have access to more detailed files for these projects. But I think you are most interested in the [REDACTED] data anyway.

This information was slowly and carefully collected over several years in the normal course of my job to avoid attracting attention and smuggled past security checkpoints a few pages at a time. I no longer have access to classifIed data so unfortunately cannot help you obtain other files. But I can answer your experts questions using my own knowledge, if we can establish a secure and confidential means of communication. I have divided the [REDACTED] into fifty one packages, all but the last have 100 sheets each. The first contains the [REDACTED] and the first of the drawings. If l understand your letter correctly, you offer an additional 70~000 USD Monero for the [REDACTED]. I propose the same payment schedule for the remaining files: JOQ,000 USD Monero each for the 49 packages, not additional for 51. In total~ 5,000,000 USD Monero. The amount per transaction is, in part a security measure. As you noted in your letter, US. security forces are lazy. They also have limited budgets. Bait of] 0,000 or 20,000 USD to catch an agent are within their normal activities. 100,000 USD and more? They may offer it, but they will not deliver such a large amount. New reports confirm this is a common tactic used by US. security forces to expose agents. Please do not be offended by this, but your generosity so far also matches exactly an adversaries [sic] likely play to entrap me. We can exchange multiple packages at a time, if your superiors are comfortable with this arrangement. For security, I would strongly prefer not to make 50 separate drops to complete our business. But I understand you will want experts to evaluate the delivery. Maybe best to start with 1 package and increase as our trust grows? I suggest a simple code sent through Proton: email me the number of packages you want at the next drop. ‘1 ‘for just the [REDACTED], ‘2 ‘for the [REDACTED] and another package, and so forth. Myfriend, we have both taken considerable risks to reach this point and with good luck will soon have much to celebrate! 

Yours truly, 

Alice 

As referenced above, the Tor network is an open-source software that enables anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than six thousand relays to conceal the user’s location and usage from anyone conducting network surveillance of traffic analysis. The Tor network allows users to operate websites, called ‘hidden services,’ in a manner that conceals the true IP address of the computer hosting the website. Although law enforcement agents may be able to view and access hidden services that are facilitating illegal activity, the IP address of a Tor hidden service cannot be determined via public lookups. Neither law enforcement nor hidden service users can determine the true IP address — and therefore the location — of the computer server that hosts a hidden service through public lookups or ordinary investigative means.

On August 13, 2021, the (JC posing as a representative of COUNTRY 1 sent an email to the previously provided Proton email address, stating ‘1’ as a signal for a request for one package at the next drop on August 27, 2021. 

On August 27, 2021, at approximately 11:12 p.m., the FBI observed JONATHAN TOEBBE depart his Annapolis residence as the sole occupant of a vehicle. JONATHAN TOEBBE was carrying a backpack.

On August 27, 2021, at approximately 11:35 p.m., ‘ALICE’ sent a ProtonMail message confirming the dead drop date of August 28.

On August 27, 2021, at approximately 11:36 a.m., ‘ALICE’ provided a Monero address to the FBI in a ProtonMail message.

On August 27, 2021, at approximately 11:52 p.m., the FBI observed JONATHAN TOEBBE return to his Annapolis residence as the sole occupant of the same vehicle. JONATHAN TOEBBE was carrying a backpack. Between approximately 11:12 p.m. and 11:52 p.m., JONATHAN TOEBBE’s cell phone remained on and at the residence, according to GPS location information.

On August 28, 2021, the FBI observed JONATHAN TOEBBE service a dead drop in eastern Virginia. The FBI observed JONATHAN TOEBBE place an item in the container and remove a written message placed in the container by the FBI. The FBI did not observe anyone assisting in the service of the dead drop. JONATHAN TOEBBE had arrived at the dead location operating a vehicle in which he was the sole occupant.

Later on August 28, 2021, the FBI retrieved the contents of the dead drop, which consisted of an SD card concealed in a chewing gum package. 

On the evening of August 28, 2021, the FBI electronically paid ‘ALICE’ approximately $70,000 USD in Monero, bringing the total amount paid to date to $100,000 USD.

On August 29, 2021, at approximately 8:56 a.m., the FBI observed JONATHAN TOEBBE depart his Annapolis residence as the operator of a vehicle also occupied by one of his minor children. JONATHAN TOEBBE was carrying a backpack.

On August 29, 2021, at approximately 9:35 a.m., ‘ALICE’ provided the password to the FBI in an encrypted ProtonMail message. The FBI subsequently opened the SD card and provided the contents to the U.S. Navy subject matter expert. The U.S. Navy subject matter expert determined that multiple documents on the SD card contained Restricted Data. Specifically, the U.S. Navy subject matter expert determined that the document contained schematic designs for the Virginia-class submarine. Virginia-class submarines are nuclear-powered cruise missile fast attack submarines, which incorporate the latest in stealth, intelligence gathering, and weapons systems technology. Virginia-class submarines, with a per unit cost of approximately $3 billion, are currently in service with the United States Navy and are expected to remain in service until at least 2060.

In addition, FBI analysis of the SD card showed that it contained metadata indicating that the card had been connected to a computer with the same version of Macintosh operating system as the SD card contained in the package postmarked April 1, 2020, and described in Paragraph 13 above. 

The SD card contained the following typed message from ‘ALICE’: First: lam very sorry for the confusion about this drop! When I first read your.. letter, I didn’t check what day of the week your proposed date was and assumed it was a Saturday. I was horrified to notice this detail while rereading your letter to walk through the exchange location one last time before sleeping. I

 hope my amateurish mistake caused you no serious trouble. When I looked at your proposed drop site on a map, I was at first very alarmed. Considering the rules you explained for selecting a location, it does not seem to be in a very good neighborhood. 

However, Iplace my faith in your experience and hope for a happy outcome. I have considered the possible need to leave on short notice. Should that ever become necessary, I will be forever grateful for your help extracting me and my family. I surmise the first step would be unannounced travel to a safe third country with plans to meet your colleagues. We have passports and cash set aside for this purpose. Ipray such a drastic plan will never be needed, but you are right: it is a comfort to know you are ready and willing to aid us. 

Please let me know what I should do to prepare for this last resort. You asked ifI am working alone. There is only one other person I know is aware of our special relationship, and I trust that person absolutely. I was extremely careful to gather the files Ipossess slowly and naturally in the routine of my job, so nobody would suspect my plan. 

We received training on warning signs to spot insider threats. We made very sure not to display even a single one. Ido not believe any of my former colleagues would suspect me, if there is a future investigation The previous two exchanges were easy to find thanks to your excellent guidance. Based on the photos of this one, I am sure I had no trouble finding it to put this letter in your hands. I am nervous that this one is further and more obviously off the typical path. 

If I am observed~ an explanation will be more difficult. Jam sure it is a balance, to ensure the container is not found accidentally. But too far from the trail exposes you and me to another risk of not appearing as natural tourists or joggers. For similar reasons, [the south-central Pennsylvania location] made me uncomfortable with only one logical parking area for a motorist and a literal observation tower overlooking the path start. I would prefer future drops to have multz~le natural entrances and exits so that I can plan my own approach and retreat more easily. I hope this does not sound to you as overly critical. 

I am sure a professional would have no trouble, but Jam painfully aware that I lack training in observation and blending in. Staying outside cities is very wise — let us continue with locations with [sic] an hour of Baltimore. I understand your instructions on the use of overlapping Protons and the short signals we can use. Thanks to my mistake on the date, we have both made use of it. I also emailed the payment address to limit the number of times I go out to connect to public WiFi. Rest assured, I always use a TO]? onion connection to Proton, and never use a coffee shop or store close to home. 

Although I am not positioned to acquire more documents than those listed in my last letter I was serious in my offer to help address questions from your technical experts. I hope your letter, or your next will suggest how to open a secure channel for that aid. 

Thankyou for your partnership as well, my friend. One day, when it is safe, perhaps two old friends will have a chance to stumble into each other at a cafe, share a bottle of wine and laugh over stories of their shared exploits. A fine thought, but I agree that our mutual need for security may make that impossible. 

Whether we meet or no [sic], I will always remember your bravery in serving your country and your commitment to helping me. 

Yours truly, 

Alice

Based on my training and experience, when JONATHAN TOEBBE says ‘only one other person I know is aware of our special relationship, and I trust that person absolutely,’ I believe he is referring to his wife, DIANA TOEBBE.

On August 29, 2021, at approximately 10:12 a.m., the FBI observed JONATHAN TOEBBE return to his Annapolis residence as the sole occupant of the same vehicle. JONATHAN TOEBBE was carrying a backpack 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Be the first to comment

Leave a Reply

Your email address will not be published.


*