Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

US Says Ex-intel Official Defected to Iran, Revealed Secrets

A former U.S. Air Force counterintelligence specialist who defected to Iran despite warnings from the FBI has been charged with revealing classified information to the Tehran government, including the code name and secret mission of a Pentagon program, prosecutors said.

A former U.S. Air Force counterintelligence specialist who defected to Iran despite warnings from the FBI has been charged with revealing classified information to the Tehran government, including the code name and secret mission of a Pentagon program, prosecutors said.

The Justice Department also accused Monica Elfriede Witt, 39, of betraying former colleagues in the U.S. intelligence community by feeding details about their personal and professional lives to Iran. Four hackers linked to the Iranian government, charged in the same indictment, used that information to target the intelligence workers online, prosecutors said Wednesday.

Witt had been on the FBI’s radar at least a year before she defected after she attended an Iranian conference and appeared in anti-American videos. She was warned about her activities, but told agents that she would not provide sensitive information about her work if she returned to Iran, prosecutors say. She was not arrested at the time.

“Once a holder of a top secret security clearance, Monica Witt actively sought opportunities to undermine the United States and support the government of Iran — a country which poses a serious threat to our national security,” said FBI executive assistant director Jay Tabb, the bureau’s top national security official.

Tabb said “she provided information that could cause serious damage to national security,” though he did not provide specifics.

Witt remains at large in Iran, as do the four hackers, who prosecutors say were acting on behalf of the country’s powerful, government-linked Revolutionary Guard. That group, a branch of Iran’s armed forces, has previously been designated by the U.S. government as a terrorism supporter.

The indictment was unsealed the same week as Iran celebrates the 40th anniversary of its Islamic Revolution and as the country denounced a Middle East security conference in Warsaw co-hosted by the U.S. and Poland. Officials said the indictment’s timing was unconnected to the meeting.

Witt served in the Air Force between 1997 and 2008, where she was trained in the Farsi language and was deployed overseas on classified counterintelligence missions, including to the Middle East. She later found work as a Defense Department contractor. The Texas native defected to Iran in 2013 after being invited to two all-expense-paid conferences in the country that the Justice Department says promoted anti-Western propaganda and condemned American moral standards.

Advertisement. Scroll to continue reading.

The Treasury Department on Wednesday sanctioned the New Horizon Organization, which organized the conferences Witt attended and hosts events that American officials say promote Holocaust denial, conspiracy theories and also serve as a platform to recruit and collect intelligence from attendees.

Witt first traveled to a “Hollywoodism” conference in 2012, when she appeared in Iranian television videos in which she was identified as a former U.S. service member with critical views of America. She was then warned by FBI agents that she was a potential recruitment target for Iranian intelligence.

“She chose not to heed our warning that travel to Iran could potentially make her susceptible to recruitment,” Tabb said. “She continued to travel.”

Later that year, she was hired by an individual — who is not named in the indictment but who professed to have ties to high-level officials — to help in the filming of an anti-American propaganda commercial.

She returned to another conference in 2013 and remained in Iran. This time, with free housing and computer equipment, she went to work for the Iranians, supplying information about a classified Defense Department program and assembling into “target packages” research she conducted into the lives, locations and missions of former colleagues, the indictment said.

The accused hackers exploited that research, contacting Witt’s former colleagues through impostor Facebook and email accounts. Their goal was to induce the targets to click on links and attachments containing malicious software that, if opened, could compromise their computers and networks.

The case was unsealed soon after the Justice Department freed from custody an American-born Iranian television anchorwoman who’d been detained for days by the FBI as a material witness in an unspecified criminal investigation in Washington, where the Witt indictment was filed. Marzieh Hashemi works for the Press TV network’s English-language service. She has not been charged with any crimes. Justice Department officials wouldn’t say if the investigations were connected.

The indictment includes snippets of dialogue between Witt and the person who hired her, identified only as Individual A.

In 2012, for instance, the person wrote her, “should i thank the sec of defense…u were well trained. Witt replied with a smiley emoticon, “LOL thank the sec of defense? For me? Well, I loved the work, and I am endeavoring to put the training I received to good use instead of evil. Thanks for giving me the opportunity,” the indictment says.

Using a typed smiley-face, Witt wrote in a later message, “If all else fails, I just may go public with a program and do like Snowden” — a reference to Edward Snowden, a former NSA contractor who leaked classified U.S. information.

Officials would not elaborate on why the indictment was brought six years after her detection, except to say they had to move classified intelligence into an unclassified format for use in a criminal case.

“Our intelligence professionals swear an oath to protect our country, and we trust them to uphold their oath. With good reason,” said Assistant Attorney General John Demers, the head of the Justice Department’s national security division. “But every great while, one of these trusted people fails us.”

RelatedFormer U.S. Air Force Officer Indicted for Aiding Iranian Cyber Attacks

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...