Facebook exposed US counter-intelligence agents to Iranian spies

The US Department of Justice has refused to comment on the revelation that counter-intelligence staff were exposed to Iranian spies by using a Facebook (NasdaqGS: FB - news) group which was infiltrated.

The existence of the Facebook group was revealed in the indictment of Monica Elfriede Witt whose defection to Iran back in 2013 was announced this week.

It marks both an embarrassing slip in the operational security practices of counter-intelligence agents, and reveals the serious consequences of Facebook's impact on its users' privacy.

According to the indictment, the Iranians created a Facebook account under the real name of a counter-intelligence agent, using pictures and details from that agent's real account on Facebook.

Because the imposter account appeared legitimate, the US agent they first befriended vouched for them when they added the fake account to a private Facebook group "composed primarily" of intelligence staff.

"By joining the group, the cyber conspirators obtained greater access to information regarding US government agents," the indictment noted.

They then befriended other intelligence staff on Facebook and attempted to send them files that appeared to be pictures, but were actually malware which would have allowed the spies to access the agents' computers and any networks the computers were connected to.

US government spokespeople directed Sky News to the DoJ for comment, the agency which operates the FBI, although there are at least ten organisations in the country which conduct counter-intelligence work.

Monica Witt herself was a former US Air Force intelligence specialist, and had access to the names of intelligence sources that the US had in Iran before she defected.

The fate of those sources is not described in the indictment.

A DoJ spokesperson declined to comment to Sky News on whether the agents who had been part of the Facebook group were reproached for the security gaffe.

Security and espionage researchers on Twitter (Frankfurt: A1W6XZ - news) have mocked a number of the Iranian attempts to infect the computers of the US government agents' computers with malware, including offering nude photographs out of the blue.

However, the behaviour of the counter-intelligence agents in creating a Facebook group has been criticised for exposing the agents.

"I can see how like, some office might have a Facebook group to organise events outside work," wrote a security researcher who works under the pseudonym The Grugq.

"I am really surprised that the people charged with keeping information secret would have a Facebook group and they don't even vet the accounts that join!"

The use of social media for information-gathering purposes has been an increasing issue for security and intelligence agencies, both in offensive and defensive terms.

It is also an issue because the lack of a social media profile could also indicate something fishy about a suspected spy's identity.

According to Reuters, Russia is set to ban its soldiers from posting anything online that could reveal details about their deployments, after social media posts revealed that official army soldiers were deployed in Crimea during Russia's denied annexation of the peninsula.