Four Iranians Also Charged With a Cyber Campaign Targeting U.S. Intel Officials –
By Glynn Wilson –
Russia is not the only country with teams of hackers targeting government computers in the United States in campaigns that threaten out cybersecurity. It just seems the president likes Russia and his Justice Department doesn’t like Iran.
A former counterintelligence specialist with the U.S. Air Force was charged by the FBI and the Justice Department on Wednesday with conspiring with the Iranian government to target American spies and to share classified information, including secret program code names.
Monica Elfriede Witt, 39, a former officer in the Air Force from Texas who also worked in counterintelligence and defected to Iran in 2013, was indicted by a federal grand jury in the District of Columbia with conspiracy to reveal classified information to the Iranian government and with directing hacking operations and committing identity theft against her former intelligence workers.
An arrest warrant was issued for Witt, who remains at large and is believed to still be located in Iran, at the same time the U.S. Treasury Department announced new economic sanctions on Iran and Iranian companies, according to a press release from the FBI.
“It is a sad day for America when one of its citizens betrays our country,” Assistant Attorney General John Demers said at a news briefing announcing the indictments.
The announcement came just as Vice President Mike Pence and Secretary of State Mike Pompeo prepared to meet in Poland with representatives from 60 countries for what is being billed as a conference to put pressure on Iran for its nuclear missile testing program, which it denies, and financial support of terrorism. The event has received a tepid response abroad, according to U. S. media reports, as some invited parties have objected to the blatant anti-Iranian focus of the event.
Four Iranian nationals were also charged on Wednesday with attempting to commit computer intrusion and aggravated identity theft.
Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar and Mohamad Paryar, referred to in the indictment as the “Cyber Conspirators,” were charged for their alleged actions targeting former colleagues of Witt in 2014 and 2015. Using fictional names and imposter social media accounts and working on behalf of the Iranian Revolutionary Guard Corps (IRGC), according to the charges, they sought to deploy malware that would provide them covert access to the computers and networks of agents.
“Monica Witt is charged with revealing to the Iranian regime a highly classified intelligence program and the identity of a U.S. Intelligence Officer, all in violation of the law, her solemn oath to protect and defend our country, and the bounds of human decency,” Demers said. “Four Iranian cyber hackers are also charged with various computer crimes targeting members of the U.S. intelligence community who were Ms. Witt’s former colleagues.
“This case underscores the dangers to our intelligence professionals and the lengths our adversaries will go to identify them, expose them, target them, and, in a few rare cases, ultimately turn them against the nation they swore to protect,” he said.
The announcement highlights a U.S. Department of Justice commitment to “vigorously pursue those who threaten U.S. security through state-sponsored hacking campaigns,” added U.S. Attorney Jessie K. Liu.
“This case reflects our firm resolve to hold accountable any individual who betrays the public trust by compromising our national security,” she said.
The FBI’s Jay Tabb said the charges are the result of years of investigative work by the FBI to uncover Monica Witt’s betrayal of the oath she swore to safeguard America’s intelligence and defense secrets.
“This case also highlights the FBI’s commitment to disrupting those who engage in malicious cyber activity to undermine our country’s national security,” Tabb said.
Although he declined to reveal specific details about the operations, Tabb indicated that Witt’s motive appeared to be “ideological.” Even before she defected, she appeared in videos that she knew would be broadcast by Iranian media outlets and “made statements that were critical of the U.S. government,” he said.
Assistant FBI Director Nancy McNamara said Witt’s betrayal of her country and the actions of the cyber criminals — at the behest of the Iranian Guard — could have brought serious damage to the U.S.
“We will not stand by and allow that to happen,” she said. “The efforts by the Iranian government to target and harm the U.S. will not be taken lightly, and the FBI will continue our work to hold those individuals or groups accountable for their actions.”
Air Force Special Agent Phillips said while violations like this are extremely rare, Witt’s alleged actions “are an affront to all who have served our great nation.”
“The alleged actions of Monica Witt in assisting a hostile nation are a betrayal of our nation’s security, our military and the American people,” he said.
Treasury Secretary Steven Mnuchin said new sanctions against the New Horizon Organization are part of on ongoing effort to counter the Iranian regime’s cyber-attacks against the U.S.
“New Horizon hosts international conferences that have provided Iranian intelligence officers a platform to recruit and collect damaging information from attendees, while propagating anti-Semitism and Holocaust denial,” Mnuchin said. “We are also sanctioning an Iran-based company that has attempted to install malware to compromise the computers of U.S. personnel.”
According to allegations contained in the indictment and unsealed Wednesday, Witt was a U.S. citizen and an active duty Intelligence Specialist with the U.S. Air Force beginning in 1997 and ending in 2008. After that she did some contracting work with the Department of Defense in 2010. During her tenure, Witt was granted high-level security clearances and was deployed overseas to conduct classified counterintelligence missions.
In Feb. 2012, she traveled to Iran to attend the Iranian New Horizon Organization’s “Hollywoodism” conference, an Iranian Guard-sponsored event aimed at, among other things, condemning American moral standards and promoting anti-U.S. propaganda, according to the FBI.
In May 2012, Witt was warned by the FBI that she could be a targeted for recruitment. She allegedly told the bureau she would refuse to provide information about her military work.
Through text messages with a dual U.S.-Iranian citizen referred to in the indictment as “Individual A” that seemed to foreshadow her defection, the FBI learned that Witt successfully arranged to re-enter Iran in Aug. 2013, when Iranian government officials provided her with housing and computer equipment. She was allegedly paid and went on to disclose classified information to the Iranian government.
“As part of her work on behalf of the Iranian government, she conducted research about USIC personnel that she had known and worked with, and used that information to draft ‘target packages’ against these U.S. agents,” the FBI says.
Beginning in late 2014, the “Cyber Conspirators” began a malicious campaign targeting Witt’s former colleagues for an unnamed Iranian company, which conducted computer intrusions against targets inside and outside the U.S. on behalf of the Iranian Guard.
Using computer and online infrastructure, in some cases procured by Behzad Mesri, the hackers tested malware and gathered information from target computers networks, sending so-called “spearphishing” messages to U.S. agents. Between Jan. and May 2015, using fictitious names and imposter accounts, they attempted to trick their targets into clicking links or opening files that would allow the deployment of malware on the target’s computer.
In one instance, a fake Facebook account was created that purported to belong to a USIC employee and former colleague of Witt, utilizing legitimate information and photos from the employee’s actual Facebook account. This particular fake account caused several of Witt’s former colleagues to accept “friend” requests.
As the indictment was unsealed, the Treasury Department’s Office of Foreign Assets Control sanctioned the company and people involved in the cyber spy program, as well as the group that organizes the conferences.
The FBI also recently took steps to question an Iranian television journalist with dual U.S.-Iranian citizenship who works as a producer and on-air presenter for Iran’s English-language Press TV, according to the Washington Post.
Court documents indicate the woman, Marzieh Hashemi, was a “material witness,” though officials declined to confirm the details of her role in the investigation.
It remains to be seen if and when the Trump Justice Department and the FBI will hold the Russian government to a similar level of accountability as the Iranians. Perhaps after Special Counsel Robert Mueller finishes his work investigating President Donald J. Trump and his campaign officials for their role in undermining American democracy by colluding with Russians in and outside the government to tamper with the presidential election in 2016.
Before you continue, I’d like to ask if you could support our independent journalism as we head into one of the most critical news periods of our time in 2024.
The New American Journal is deeply dedicated to uncovering the escalating threats to our democracy and holding those in power accountable. With a turbulent presidential race and the possibility of an even more extreme Trump presidency on the horizon, the need for independent, credible journalism that emphasizes the importance of the upcoming election for our nation and planet has never been greater.
However, a small group of billionaire owners control a significant portion of the information that reaches the public. We are different. We don’t have a billionaire owner or shareholders. Our journalism is created to serve the public interest, not to generate profit. Unlike much of the U.S. media, which often falls into the trap of false equivalence in the name of neutrality, we strive to highlight the lies of powerful individuals and institutions, showing how misinformation and demagoguery can harm democracy.
Our journalists provide context, investigate, and bring to light the critical stories of our time, from election integrity threats to the worsening climate crisis and complex international conflicts. As a news organization with a strong voice, we offer a unique, outsider perspective that is often missing in American media.
Thanks to our unique reader-supported model, you can access the New American journal without encountering a paywall. This is possible because of readers like you. Your support keeps us independent, free from external influences, and accessible to everyone, regardless of their ability to pay for news.
Please help if you can.
American journalists need your help more than ever as forces amass against the free press and democracy itself. We must not let the crypto-fascists and the AI bots take over.
See the latest GoFundMe campaign here.
Don't forget to listen to the new song and video.
Just because we are not featured on cable TV news talk shows, or TikTok videos, does not mean we are not getting out there in search engines and social media sites. We consistently get over a million hits a month.
Click to Advertise Here