A former U.S. Air Force intelligence operative was indicted and charged with betraying her oath to protect and defend the United States by her secret operation as an Iranian spy. She is accused of delivering sensitive national defense information to an Iranian government intelligence agency , according to an indictment unsealed on Feb. 15 by prosecutors with Department of Justice.
Monica Elfriede Witt, a 39-year-old American citizen, served in the Air Force from 1997 through 2008 as a non-commissioned officer and then she worked for a cleared defense contractor until 2010. She is charged with a cell of four Iranian agents who allegedly utilized classified information provided by Witt in a cyber campaign to target and compromise other U.S. security personnel.
“Once a holder of a top secret security clearance, Monica Witt actively sought opportunities to undermine the United States and support the government of Iran—a country which poses a serious threat to our national security,” said Executive Assistant Director Jay Tabb of the FBI’s National Security Branch during a press briefing in Washington, D.C.
The charges came as a result of years of investigative work by the FBI’s Washington Field Office with assistance from the Air Force Office of Special Investigations.
“This investigation exemplifies the tireless work the agents and analysts of the FBI do each and every day to bring a complex case like this to fruition,” said Nancy McNamara, assistant director in charge of the FBI’s Washington, D.C. Field Office.
“[Witt] is alleged to have revealed to the Iranian government the existence of a highly classified intelligence collection program and the true identify of a U.S. intelligence officer, thereby putting the life of that individual at risk,” said Assistant Attorney General John Demers of the Department of Justice’s National Security Division.
Ms. Witt, who was born and raised in Texas, had been recruited by Iran during conferences sponsored by the Iranian Revolutionary Guard Corps (IRGC) and defected in 2013, according to U.S. officials. Although she was no longer in active government service, Witt used the contacts and knowledge gained in her positions of trust to share sensitive information with Iran and provide personal and professional details that allowed Iranian hackers to target other U.S. intelligence professionals through spear-phishing and malware attacks.
The indictment also charges Mojtaba Mosoumpour, Behzad Mesri, Hossein Parvar, and Mohamad Paryar with conspiracy to perpetrate computer intrusions targeting current and former U.S. government agents. The four IRGC-affiliated actors allegedly used information provided by Witt to send messages through email and social media accounts that contained links and attachments that would deploy malware and establish covert access to the targeted individuals’ computers and networks.
Witt and the four cyber conspirators are believed to still be in Iran, but arrest warrants have been issued should they travel out of that country. The U.S. Department of Treasury’s Office of Foreign Assets Control also announced sanctions today against several Iranian entities that played a role in the alleged espionage.
“Today should serve as a warning to those who seek out our country’s current and former national security personnel for the sensitive information they have—and to those individuals themselves,” stressed Jay Tabb. “The FBI takes the oath we swear seriously and will pursue those who do not.”
“Treasury is taking action against malicious Iranian cyber actors and covert operations that have targeted Americans at home and overseas as part of our ongoing efforts to counter the Iranian regime’s cyber attacks,” said Treasury Secretary Steven Mnuchin. “Treasury is sanctioning New Horizon Organization for its support to the IRGC-QF. New Horizon hosts international conferences that have provided Iranian intelligence officers a platform to recruit and collect intelligence information from attendees, while propagating anti-Semitism and Holocaust denial. We are also sanctioning an Iran-based company that has attempted to install malware to compromise the computers of U.S. personnel.”