An espionage indictment, with notes on social engineering.
The US Department of Justice on Wednesday unsealed an indictment against Monica Elfriede Witt, a former US Air Force technical sergeant who served as a counterintelligence specialist and Farsi linguist between 1997 and 2008, alleging that she gave highly classified information to Iran's government. She served four years in the Middle East collecting signals intelligence (NPR), then left the Air Force in 2008 and spent the next two years working for Federal contractors. Ms Witt held a top-secret security clearance while on active duty and during her subsequent two years as a contractor.
Ms Witt's turn in sympathies became publicly apparent around February 2012, when she traveled to Iran to attend a New Horizons Organization Conference on the depravity of American popular culture. ("Hollywoodism," as New Horizons called it.) Around the same time she appeared in videos "making statements that were critical of the US government, knowing these videos would be broadcast by Iranian media outlets" (BBC).
In May 2012 the FBI warned Ms Witt that Iranian intelligence services were targeting her for recruitment. She assured the FBI that she wouldn't share classified information with the Iranians. In February 2013, Witt returned to Iran to attend another conference, and again appeared in videos identifying herself as a US veteran and criticizing the US government.
In early 2013 Ms Witt exchanged messages with an Iranian individual, expressing her willingness to provide information. She was frustrated that the Iranians were suspicious of her sincerity, and said she was considering taking the information to Russia or Wikileaks instead, "do[ing] like Snowden" and making the information public (Washington Post). She defected to Iran in August 2013, and there compiled dossiers on her former colleagues in counterintelligence. Those "target packages" were used by the Iranians to conduct spearphishing and other social engineering attacks against US government agents. Some attacks enjoyed at least partial success, including attempts to connect people who should have known better with a catphish. Target packages are a serious business, used as they are to locate, track, compromise, and even capture or kill specific individuals.
The indictment also charges four Iranian men with actually conducting the attacks. When the indictment was unsealed, the US Treasury Department announced sanctions against New Horizon Organization and its organizers, as well as an Iranian IT company that supported the hacking operations (CyberScoop).
Ms Witt was awarded an Air Medal during her time on active duty. What did she do to earn it? Worked aboard an RC-135 Rivet Joint surveillance aircraft during the 2003 Gulf War (Air Force Times). Not everyone gets to serve as Rivet Joint aircrew.