It was just a simple friend request. However, nothing is ever simple when the U.S. intelligence community is involved.
A press release released Wednesday by the Department of Justice details an alleged effort by Iranian government agents to use Facebook to hack members of the American intelligence community. And they had unexpected help. Specifically, a former Department of Defense contractor turned Iranian agent.
The details of this case are pretty wild, and focus on 39-year-old Monica Elfriede Witt. Witt, the press release notes, is both a former Air Force intelligence specialist and a special agent of the Air Force Office of Special Investigations. She also worked as a Department of Defense contractor, and was granted a “high-level” security clearance. That was all before 2012, when things allegedly took a turn for the treasonous.
Witt is accused of working with a team of Iranian government-affiliated hackers aiming to install malware on her former colleagues’ computers. And like so many things these days, Facebook played a key role in their plan.
“Specifically, between Jan. and May 2015, the Cyber Conspirators, using fictitious and imposter accounts, attempted to trick their targets into clicking links or opening files that would allow the conspirators to deploy malware on the target’s computer,” reads the press release. “In one such instance, the Cyber Conspirators created a Facebook account that purported to belong to a [U.S. intelligence community] employee and former colleague of Witt, and which utilized legitimate information and photos from the USIC employee’s actual Facebook account.”
Several of Witt’s former colleagues accepted these fake friend requests. According to the unsealed indictment, the malware in question was “designed to capture a target’s keystrokes, access a computer’s web camera, and monitor other computer activity.”
In one such case in 2015, an attachment that looked like a jpg file but was actually a malware-laden zip file was sent via Facebook after a U.S. agent accepted a spoofed friend request.
They also sent at least one fake Facebook password reset email in an attempt to gain U.S. government target passwords.
This effort by Witt and her co-conspirators, which was not limited to Facebook, included sending emails that were suspicious on their face. One such email, sent in 2015 to a U.S. government agent, reads almost like a parody of a hacking attempt.
“I’ll send you a file including my photos but u should deactivate your anti virus to open it because i designed my photos with a photo album software, I hope you enjoy the photos i designed for the new year, they should be opened in your computer honey.”
We reached out to Facebook in an effort to determine what it does to prevent these types of targeted attacks, and what the company thought about Iranian agents using its platform to go after members of the U.S. intelligence community, but have yet to receive a response.
Witt is still at large.