Saturday, November 01, 2014


Persian Letters

Rights Advocate Recounts How Iranians Tried To Hack Her E-Mail With Help Of 'John Bolton'

On the case? The Iran Cyberpolice booth at an international digital media fair in Tehran in 2012
On the case? The Iran Cyberpolice booth at an international digital media fair in Tehran in 2012
ISight Partners, a Texas-based cyberintelligence firm, reported on May 29 that Iranian hackers have conducted a hacking campaign to spy on political and military figures in the United States using fake social media accounts in the past three years. The firm has not released the names of those targeted.

The methods they use match a hacking attempt made on Kit Bigelow, the former director of the Baha'i National Center in Washington, who first spoke about it to "The Daily Beast." RFE/RL's Golnaz Esfandiari spoke to Bigelow on May 30.

RFE/RL: In the beginning of April, you became the target of a failed hacking attempt on your e-mail that came apparently from Iran. How did it happen? 

Kit Bigelow: In February 2014, I received a LinkedIn request from a profile purporting to be [former U.S. Ambassador to the United Nations] John Bolton. Because I had worked with the ambassador over a number of years on the case of the protection and defense of Baha'is, I was surprised to receive the invitation but it was not completely unexpected of former colleagues to reach out.

Over the period of several weeks, communication began between the individual purporting to be Ambassador Bolton and me through LinkedIn communication function. He asked me if I would be willing to review material he was preparing on human rights in Iran, and particularly to verify aspects [of it that] dealt with the persecution of Baha'is in Iran....

At the beginning of April, he indicated that the material that he had prepared was ready for my review and that his assistant would be sending to me login information to a website that was not yet live online. And I received the login information -- this is all the first week of April -- and I logged in, and I put in -- as requested -- I put in my e-mail address and then put in my password. It did take me to a website and it was a website all about Ambassador Bolton. So even as I entered the website, it was not evident to me that it was not real.

RFE/RL: So there was nothing to alert you? Did it all seem legitimate to you? 

Bigelow: It did. And because it was about him I thought maybe he's intending to run for public office, because it was about his accomplishments and had lots of articles and news stories, and things like that.

RFE/RL: What was the name of the website? 

Bigelow: It had the URL of Johnboltonoffice.com, and I have no idea whether it still exists. I have not gone back to it because it requires a special coding to get in, at least it did at that time, if in fact it still exists.

RFE/RL: When did the hacking attempt take place? After you logged in? 

Bigelow: I had logged in in the evening and I went to sleep that evening, and had not given it another thought. I awoke early the next morning and had received from Google -- because I had done this through my Gmail account -- I received from Google a notification that there had been an attempt to access my account from Tehran, Iran.

At that point, everything fell into place. I knew exactly how that attempt could have taken place -- because of course the evening before I had put in a password. And Google had wonderful analytics and I was able to find that there had been two attempts from the United States during the middle of the night, and they had not alerted Google because the origin of the access had been here in the United States.

But it was the attempt from Tehran, which was still early morning, that had caused Google to raise the alarm and to block whoever was attempting to access my account. Luckily I had awakened to this at 6 a.m., so I was able to jump on this immediately and change my password and minimize any damage.

It was also at that point that the profile and everything that had transpired over the previous two months had been a ruse, had been a scam to draw me in, to [lead me to believe] it was he, Ambassador Bolton, in order to try to capture my Gmail account for whatever purposes the perpetrators of this scam might have wished.

RFE/RL: Were there further attempts to hack into your e-mail? 

Bigelow: There were no further attempts. But what did continue to happen was that I was targeted through Facebook and LinkedIn and continue to this day to be targeted by several clearly fake individuals and profiles.

RFE/RL: You've worked for many years to highlight the plight of Baha'is in Iran who face state persecution. Do you think this is somehow connected to your work? 

Bigelow: I think that it is connected to the work that I did do on behalf of the Baha'is for 25 years here in Washington, D.C. I think only that the desire to appropriate my e-mail address would have been to use my address and to send out some kind of information in my name that could have been harmful, either to the Baha'is or others.

About This Blog

Persian Letters is a blog that offers a window into Iranian politics and society. Written primarily by Golnaz Esfandiari, Persian Letters brings you under-reported stories, insight and analysis, as well as guest Iranian bloggers -- from clerics, anarchists, feminists, Basij members, to bus drivers.

Guerrilla Translators

Seen anything in the Iranian blogosphere that you think Persian Letters should cover? If so, contact Golnaz Esfandiari at esfandiarig@rferl.org