Former US Counterintelligence Agent Charged With Espionage

February 13, 2019 Updated: February 13, 2019

A former U.S. counterintelligence agent has been indicted by a federal grand jury for conspiracy to deliver and delivering national defense information to representatives of the Iranian government, prosecutors said.

Monica Elfriede Witt, 39, who defected to Iran in 2013, allegedly assisted Iranian intelligence services to target her former agent colleagues inside the U.S. Intelligence Community (USIC). She is also believed to have disclosed the code name and classified mission of a U.S. Department of Defense Special Access Program.

Witt remains at large, and a warrant for her arrest has been issued. She is a former active-duty U.S. Air Force intelligence specialist and special agent of the Air Force Office of Special Investigations. She first entered duty around August 1997 and had served continuously until around March 2008. After her separation from the Air Force, Witt was employed by the Department of Defense as a contractor in 2010, where she was issued high-level security clearances and was deployed overseas to conduct classified counterintelligence missions, according to a Department of Justice indictment unsealed on Feb. 13.

The same indictment also charges four Iranian nationals—Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar, and Mohamad Paryar (the “Cyber Conspirators”)—with conspiracy, attempts to commit computer intrusion, and aggravated identity theft. The four Iranians had targeted former coworkers and colleagues of Witt in the U.S. Intelligence Community in 2014 and 2015. They also remain at large.

The United States has designated the government of Iran as a state sponsor of terrorism each year since 1984, due to the country’s repeated and direct support for acts of international terrorism, including those that have targeted America and its allies.

A staff member removes the Iranian flag from the stage during the Iran nuclear talks at the Vienna International Center in Vienna, Austria July 14, 2015. (Carlos Barria/Reuters)

With the use of fake social-media accounts, the Iranians deployed malware that would give them access to their target’s computers and networks. They worked on behalf of the Iranian Revolutionary Guard Corps (IRGC).

“Monica Witt is charged with revealing to the Iranian regime a highly classified intelligence program and the identity of a U.S. intelligence officer, all in violation of the law, her solemn oath to protect and defend our country, and the bounds of human decency,” said Assistant Attorney General for National Security John Demers.

Iranian revolutionary guard corps chant slogans in support of Iran's nuclear programme during Friday prayers in Tehran
Iranian revolutionary guards chant slogans during Friday prayers in Tehran May 26, 2006. (REUTERS/Raheb Homavandi)

‘Target Packages’

Witt traveled to Iran in Feb 2012 to attend the Iranian New Horizon Organization’s “Hollywoodism” conference, an event sponsored by the IRGC, which aimed to condemn American moral standards and promote anti-U.S. propaganda, among other things.

She managed to re-enter Iran in August 2013 after communicating with an individual who had dual U.S.–Iranian citizenship, referred to as Individual A in the indictment.

After her re-entry, Iranian government officials gave Witt housing and computer equipment, where she disclosed classified U.S. information to an Iranian government official. Witt also conducted research about USIC personnel whom she had worked with previously, creating draft “target packages” against her former colleagues.

Cyber Conspirators

The four Iranian nationals began a campaign targeting Witt’s former colleagues in late 2014.

As part of the campaign, Mesri registered and helped manage an Iranian company that conducted computer intrusions against targets inside and outside the United States. The identity of the company was known to the United States.

Between January and May 2015, the cyber conspirators used fake accounts and attempted to trick their targets into clicking links or opening files that would enable them to deploy malware on the target’s computer. The group tested their malware, in some cases procured by Mesri, to gather information from target computers or networks.

In one instance, the conspirators created a fake Facebook account using information from the employee’s real Facebook account. Through this fake account, they managed to successfully add several of Witt’s former colleagues.

Follow Bowen on Twitter: @BowenXiao3