Witt indictment spotlights how basic hacking schemes can dupe savvy targets
WASHINGTON — Even trained intelligence officers can be conned by basic hacking campaigns designed to win their trust.
To some, that’s the lesson from a sweeping indictment unsealed last week against four Iranian hackers — and a former U.S. Air Force intelligence specialist who allegedly defected to Iran for ideological reasons and helped the hackers seek information about a highly classified intelligence program.
The Air Force specialist, Monica Elfriede Witt, told senior Iranian officials about the classified program and described some former colleagues still working on it, according to the indictment.
Once they had that information, what the four hackers did was simple. They created fake online personas — including one that mimicked one of Ms. Witt’s former intelligence community colleagues — to gain other intel officials’ trust.
They sent links that were highly personal and convincing — waiting for a chance to deliver malware that could seize their information, capture their keystrokes and spy from their webcams.
The hackers became “friends” on Facebook with at least four U.S. intelligence agents based in the U.S. and Afghanistan, some of whom were accessing Facebook on Defense Department computers. The hackers also joined a Facebook group heavily populated with agents, though it’s not clear whether they compromised the agents’ computers or mobile devices.
While it may seem simple, the scheme reads like a textbook Iranian hacking operation — and Tehran is quite good at these targeted phishing tactics, said Jeff Bardin, a former Air Force cryptologic linguist who studies Iranian hacking operations.
“Spearphishing and social engineering are their core competencies,” said Mr. Bardin, who’s now chief intelligence officer at the cybersecurity firm Treadstone 71.
“They just continue to improve at it. If people would learn to stop clicking on [suspicious] links, it would make it a lot more difficult for them.”
Ms. Witt and all four of the hackers remain at large and probably are in Iran.