A former US Air Force intelligence officer allegedly worked with Iranian hackers who used Facebook and e-mail to try to trick her former colleagues into downloading malware that would track their computer activity.
Monica Witt was charged with espionage after she provided national defense information to the Iranian government, the US Department of Justice said Wednesday. Witt, a US citizen, defected to Iran in 2013 and is still at large.
An indictment made public on Wednesday detailed how Witt and Iranian hackers used fake Facebook accounts to target US counterintelligence officials after she re-entered Iran. The world’s largest social network has been under pressure to do more to combat misinformation and continues to pull down fake accounts this year, including, groups and accounts tied to Iran.
Facebook said in a statement that the company didn’t have “anything to share beyond what’s in the Justice Department’s indictment” when asked if the social network found and pulled down the accounts.
Witt used fake Facebook accounts to search for US counterintelligence officials on the social network, according to court documents.
From December 2014 to May 2015, at least four Iranian nationals created fake Facebook accounts to target Witt’s former co-workers, the US alleges. Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar and Mohamad Paryar got ahold of malware that tracks a person’s computer activity, accesses their web camera and captures what they type.
Neither Witt nor the four men, who worked for Iran’s Islamic Revolutionary Guard Corps, could be contacted for comment because their whereabouts are unknown.
The group then created a fake Facebook account with the name Bella Wood and sent a friend request to one of Witt’s former co-workers who was in Afghanistan at the time, the indictment says. A separate email, also sent from a fake account, included links that would have given the men control over the US counterintelligence official’s computer.
The Iranian hackers also used photos and information of another US counterintelligence official to create a fake Facebook account for friending other agents. Some accepted the friend requests and received messages with links to files that included malware.
It’s unclear from the indictment if the agents clicked on the links or what information was obtained from using the fake e-mails and Facebook accounts. The DOJ did not immediately respond to a request for comment.
However, one agent who friended the fake account added the hackers to a Facebook group filled with US government agents, allowing them to gather more information, according to the indictment. At one point, the hackers also created a fake email that asked the recipients to reset the password to their Facebook accounts.
The four men have been charged with conspiracy, attempts to commit computer intrusion and aggravated identity theft.
First published at 4:20 p.m. PT
Update, 4:49 p.m. PT: Includes more background
CES 2019: See all of Techhnews’s coverage of the year’s biggest tech show.
Everything about Fortnite: What you need to know about the hit game.