Skip to main content

Intel: How an Air Force vet’s indictment reveals US vulnerability to Iranian cyber-espionage


The Justice Department handed down a 27-page indictment today charging a former Air Force intelligence officer with passing classified information to the Islamic Revolutionary Guard Corps (IRGC). The indictment also charges four hackers allegedly linked with the Tehran-based military command.

Why it matters: Today’s indictment shows increased Iranian interest in cyberespionage. Drawing upon classified information obtained from Monica Elfriede Witt, IRGC-affiliated hackers attempted to develop malicious software and fake social media profiles to target US-based spy agencies.

The efforts included software to capture keystrokes and break into web cameras, as well as malware-infused attachments passed off as pornographic photos designed to fool US officials into letting Iranian hackers tunnel into their computer networks. They also created fake e-mails and Facebook profiles to befriend unsuspecting US military intelligence officers.

Keep your friends close: Forty years to the week after the US and Iran formally cut off diplomatic relations amid the 1979 Islamic Revolution, today’s indictment helps reveal how deep Tehran’s distrust of Washington really goes. Witt said in communications obtained by investigators that she had difficulty getting over Iranian suspicions, despite embedding herself with members of the IRGC and appearing in anti-US propaganda videos. 

"I just hope I have better luck with Russia at this point,” Witt wrote to an unidentified co-conspirator in 2013, the year she defected. “I am starting to get frustrated at the level of Iranian suspicion.” Days earlier, the Air Force veteran had gone to the Iranian embassy in Kabul and “told all.”

Repeat offender: One of the suspected hackers, Behzad Mesri, was indicted in 2017 by a US district court for attempting to extort $6 million in bitcoin.

What’s next: Just as the Donald Trump administration has called out Iran’s proxy and missile proliferation in the Middle East, expect more naming and shaming of Iranian hackers.

While Witt, far outside the clutches of US law enforcement, is unlikely to get a US court date, the indictment follows a pattern of recent Justice Department targeting of Iranian cybercriminals that dates back to the Barack Obama administration. Last year, a federal grand jury handed down indictments charging two Iranians with launching a 34-month “SamSam” ransomware campaign that locked down computers in hospitals and public agencies and caused $30 million in losses, just months after US officials noticed a string of alleged Iranian cyber thefts in American and foreign universities.

Know more: It’s not just the US that fears digital break-ins from Iran. Read Ben Caspit’s latest on Israeli concerns of Iranian cyber meddling in upcoming elections.

-Jack Detsch