Monica Elfriede Witt, 39, was a former U.S. Air Force Intelligence Specialist and Special Agent of the Air Force Office of Special Investigations, who served the Air Force between 1997 and 2008 and Department of Defense (DOD) as a contractor until 2010.
The indictment states that Witt once held the highest level of Top Secret security clearance and had access to details of highly classified counterintelligence operations, real names of sources, and the identities of U.S. intelligence officers.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
In February 2012, Witt allegedly traveled to Iran to attend an all-expenses-paid "Hollywoodism" conference held by the Iranian New Horizon Organization, which DoJ describes as focused on promoting anti-U.S. propaganda, and then in 2013, she finally defected to Iran.
She Leaked Classified Information to Iran
Once settled in Iran, Witt worked actively for the Iranian government, who provided her with a housing and computer equipment, and disclosed the code name and classified mission of a U.S. "Special Access Program" and its specific target.
As part of her work, Witt conducted research about the U.S. Intelligence Community (USIC) agents she had known and previously worked with and drafted "target packages" that provided agents profiles for four Iranian hackers, who were also charged by the DoJ.
Witt even shared the name of her former fellow U.S. agent, who is still one active, endangering the agent's life.
The Iranian hackers then allegedly used that profile information to send phishing emails and social media messages to Witt's former colleagues with malicious links in an attempt to trick US agents into installing malware, which allowed the hackers to spy on their computer activities, webcam, and keystrokes.
"In one such instance, the Cyber Conspirators created a Facebook account that purported to belong to a USIC employee and former colleague of Witt, and which utilized legitimate information and photos from the USIC employee's actual Facebook account," the indictment states. "This particular fake account caused several of Witt's former colleagues to accept 'friend' requests."
Witt faces one count of conspiracy and two counts of delivering national defense information to a foreign government. The FBI has issued an arrest warrant for Witt, who is still believed to be in Iran.
She Teamed Up With "Game of Thrones" Iranian Hackers
Besides her, the DOJ also charged four Iranian nationals—Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar, and Mohamad Paryar—with conspiracy, attempts to commit computer intrusion and aggravated identity theft for their role in assisting Witt in targeting her former colleagues.
Mesri is the same Iranian hacker who was charged by the DoJ last year in connection with cyber attacks against HBO and with leaking "Game of Thrones" episodes in 2017.
The authorities said Mesri compromised multiple user accounts belonging to HBO to "repeatedly gain unauthorized access to the company's computer servers and steal valuable stolen data including confidential and proprietary information, financial documents, and employee contact information."
Mesri then even attempted to extort HBO for $6 million to delete the stolen data.
Mesri, Masampour, and Parvar are also facing sanctions for their involvement with Net Peygard, according to the U.S. Treasury Department.
"This case underscores the dangers to our intelligence professionals and the lengths our adversaries will go to identify them, expose them, target them, and, in a few rare cases, ultimately turn them against the nation they swore to protect," Assistant Attorney General John Demers said in a statement.
"When our intelligence professionals are targeted or betrayed, the National Security Division will relentlessly pursue justice against the wrong-doers."