A former U.S. Air Force intelligence agent has been charged with espionage, with the Department of Justice alleging the officer defected to Iran in order to help recruit assets from the U.S. intelligence community.
In an indictment unsealed Wednesday, the DOJ says Monica Witt was recruited by Iran as part of a program that targets former U.S. intelligence officers and others who have held security clearances. She was first contacted during her participation in conferences held by a group known as “New Horizon,” which promoted anti-U.S. propaganda, the indictment says.
After defecting in 2013, she is alleged to have told the Iranian government about what the DOJ called a “highly classified intelligence collection program.” Witt is also alleged to have revealed the identity of a U.S. intelligence officer.
Additionally, four members of Iran’s Islamic Revolutionary Guard Corps (IRGC) have been charged with “computer intrusions and aggravated identity theft” aimed at members of the U.S. intel community. Witt is alleged to have assisted the IRGC in efforts to identify, track, and neutralize U.S. counterintelligence agents.
According to the indictment, Witt and four Iranian citizens — Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar and Mohamad Paryar — targeted U.S. government employees on the internet via malicious campaigns. The five defendants worked together to send spearphishing messages to a variety of targets, with the hopes the recipients would download malware that would give the attackers access to their devices.
One January 2015 incident uncovered in the U.S. government’s investigation shows how unsophisticated these attempts turned out to be:
On or about January 9, 2015, the Cyber Conspirators, using the account, sent an email to USG Agent 2 that stated: “Hello my dear . . . invitation card sent to you by email I got this pretty card accept me as a kind friend.” This email contained a spoofed link that, on its face, purported to take a recipient to a “pretty card”. Had USG Agent 2 clicked the “pretty card” link, USG Agent 2’s computer would have been directed not to a greeting card, but to a server controlled by the Cyber Conspirators. The Cyber Conspirators sent the “pretty card” email to USG Agent 2 utilizing covert tracking software, so that when USG Agent 2 opened the email, the tracking software allowed the Cyber Conspirators to confirm that USG Agent 2 had opened the email via a US Department of Defense computer network located in Kabul.
Witt has been charged with three counts of delivering national defense information to representatives of a foreign government. The four co-conspirators have been charged with computer intrusion, conspiracy to commit computer intrusion, aggravated identity theft, and aiding and abetting.
All five defendants are currently believed to be in Iran. One of the co-conspirators, Behzad Mesri, was charged in November 2017 with stealing unreleased television scripts and episodes from HBO, as well as personal financial information and passwords belonging to company employees.
According to a resume still posted online, Witt managed, directed, and conducted investigations for criminal, fraud, and counterintelligence cases for the Air Force’s Office of Special Investigations from November 2003 to March 2008. She then spent time as a contractor for Booz Allen Hamilton and Lorton, Virginia-based Chenega Federal Systems.
At one point, Witt was a highly coveted missing person on the FBI’s “missing persons” list. She has seen been moved to the bureau’s Most Wanted List.
In a separate announcement, the U.S. Treasury sanctioned New Horizon and Net Peygard Samavat Company, an Iranian-based IT company that provided support for the computer-led missions.
You can read the full indictment below.