Posted on February 14, 2019 at 3:47 PM
US Air Force Defector Helps Iranian Hackers Against the US
The US DoJ (Department of Justice) has unsealed espionage-related charges against a former member of the US Air Force who defected to Iran. The defector is known as Monica Elfriede Witt (39), who helped Iran’s hackers against her former colleagues at the US Air Force.
The DoJ also issued an arrest warrant on Witt, but it also indicted four hackers who are believed to be working with Witt on conducting cyber attacks. The most notorious of the four are believed to be Behzad Mesri, previously charged with the hacking of HBO in November 2017. The hacker is believed to be the individual who stole scripts for several unaired Game of Thrones episodes. He also attempted to blackmail HBO, threatening to release the scripts unless they pay $6 million.
However, this is far from Mesri’s only crime, as the authorities believe that he is also a member of an Iranian cyber-espionage unit called Charming Kitten, as well as a collaborator of the IRGC (Iranian Revolutionary Guard Corps).
Switching the side
As for Witt, she is a former Air Force counterintelligence officer, which allowed her access to some of the highly classified information which is now believed to be accessible to the Iranian government. Some of the crimes that Witt is charged with include exposing the identity of an active US agent, their codename, and some highly classified details regarding the secret US counterintelligence information.
As a former US military officer and contractor, it is also believed that Witt slowly succumbed to Iran’s influence over the course of multiple years. She was supposedly recruited in 2012 during an Iran-based conference, Hollywoodism, which was organized by a company called New Horizon. However, she became an active participant in Iranian espionage operations in 2014/2015. Apart from Mesri, other hackers who worked against the US Air Force members include Mahamad Paryar, Mojtaba Masoumpour, and Hossein Parvar.
After switching sides, Witt has been helping with organizing and fine-tuning several cyber-operations against the US Air Force members, which mostly included spear-phishing, social media-based operations, and malware attacks. She also helped by pointing out which targets were worth hacking, and she created fake profiles of her colleagues in order to befriend and trick others on social media.
At the moment, all suspects, including Witt and the four hackers, are believed to be at large in Iran. The DoJ also pointed out that Witt often uses aliases such as Narges Witt and Fatemah Zahra.
According to some of her contacts, Witt has been planning to defect after attending the Hollywoodism conference for the second time, although she views it as becoming a WikiLeaks-type whistleblower. In one of her messages, she stated that “If all else fails, I may just go public with a program and do like Snowden :).”