Iran Intelligence Expert Discusses Iran's Efforts To Spy On The U.S.
MARY LOUISE KELLY, HOST:
We're going to spend the next few minutes considering the strange tale of Monica Witt. She is the former U.S. Air Force intelligence officer who, as of this week, faces charges of espionage against the U.S. Witt defected to Iran back in 2013. She's believed to be there now, which raises questions about Iran's efforts to spy on the U.S. and vice versa. Our next guest is an expert on those efforts.
Heather Williams was National Intelligence officer for Iran under the Director of National Intelligence. Heather Williams, welcome to ALL THINGS CONSIDERED.
HEATHER WILLIAMS: Thank you.
KELLY: So how does this story fit into - how do these charges fit into what we know about Iran's efforts to target Americans and try to flip them?
WILLIAMS: Yeah. So we know that Iran is actively working to try to recruit individuals within the United States, particularly from the U.S. intelligence community but also from the military or other places where they might have access that could be valuable to Iran. And sometimes they're successful, and Monica Witt is a good example of that.
KELLY: And how big a catch would she be for Iranian intelligence?
WILLIAMS: I think that's difficult to ascertain from the information that has been made public about her. There is certainly some privileged information that she had that could put individuals in harm's way, given her capacity as a counterintelligence officer, that she would have known the specific identities of individuals involved in collecting intelligence both for the United States and from Iran. But how broad her knowledge might have been, how much lasting impact it would have on U.S. collection efforts, that's not clear.
KELLY: The indictment alleges that she assembled dossiers on U.S. military intelligence officers that she'd worked with, that she gave those dossiers to Iranian hackers who then created what the Justice Department calls target packages. I mean, just explain what's going on here, how that would work.
WILLIAMS: So what it seems like happened is she gave information to Iranian cyber actors about specific individuals who she worked with in the past - whether or not this person was married, whether they had children, interests they might have, things that might allow you to impersonate an individual or present themselves as someone like these individuals so that they would be able to build a friendship with them and try to ultimately recruit them or get them to give up some sort of sensitive information.
KELLY: And the indictment goes on to say that the Iranian hackers with whom she was allegedly working used the information she gave them - helped them break into Witt's former co-workers' computers and networks. This was like using Facebook as a platform, for example, the indictment says.
WILLIAMS: Yeah. So what's not clear from the indictment is how successful those Iranian spearphishing attempts were. The operations that were described in Witt's indictments, they at least did not start out as highly sophisticated. They're not emails signed by a Nigerian Prince, but if somebody you don't know sends you an email attachment and tells you to deactivate your antivirus software before opening it, you should not do that.
KELLY: Maybe think twice, yeah.
WILLIAMS: Now, that spearphishing operation did get better as it went along. They started to learn more about this group of individuals and started to impersonate individuals already within the group. And so that's an important lesson too that if an adversary is able to get enough information about a network, then those operations start to become pretty sophisticated. And it can be difficult for anybody to tell whether this is somebody you really know or someone impersonating that person.
KELLY: So what might this case tell us about Iran's ambitions in the cyber world? I mean, we've heard so much in these last couple of years about Russia's use of social media to try to influence public opinion and politics in the U.S. This was something a little bit different, trying to get access to classified information. But does this use of Facebook suggest Iran is also playing in that arena?
WILLIAMS: Iran has definitely been in that arena, both in using it to try to collect information, but they've also used cyber in an adversarial role. So, you know there, have been cyberattack against the United States, against the Sands Casino. They're not nearly as sophisticated as an actor like China or Russia, but that doesn't mean that they can't still be very successful.
KELLY: Heather Williams. She was acting National Intelligence officer for Iran on the National Intelligence Council. She's now at the RAND Corporation. Thanks very much.
WILLIAMS: Thank you. Transcript provided by NPR, Copyright NPR.