The FBI is investigating who impersonated Susie Wiles, the Trump White House’s chief of staff and one of the president’s closest advisers, in a series of fraudulent messages and calls to high-profile Republican political figures and business executives, The Wall Street Journal reported. Government officials and authorities involved in the probe say the spear-phishing messages and calls appear to have targeted individuals on Wiles’ contact list, and Wiles has reportedly told colleagues that her personal phone was hacked to gain access to those contacts.
Despite Wiles’ reported claim of having her device hacked, it remains unconfirmed whether this was actually how attackers identified Wiles’ associates. It would also be possible to assemble such a target list from a combination of publicly available information and data sold by gray-market brokers.
“It's an embarrassing level of security awareness. You cannot convince me they actually did their security trainings,” says Jake Williams, a former NSA hacker and vice president of research and development at Hunter Strategy. “This is the type of garden-variety social engineering that everyone can end up dealing with these days, and certainly top government officials should be expecting it.”
In some cases, the targets received not just text messages but phone calls that impersonated Wiles’ voice, and some government officials believe the calls may have used artificial intelligence tools to fake Wiles’ voice. If so, that would make the incident one of the most significant cases yet of so-called deepfake software being used in a phishing attempt.
It’s not yet clear how Wiles’ phone might have been hacked, but the FBI has ruled out involvement by a foreign nation in the impersonation campaign, the bureau reportedly told White House officials. In fact, while some of the impersonation attempts appeared to have political goals—a member of Congress, for instance, was asked to assemble a list of people Trump might pardon—in at least one other case the impersonator tried to trick a target into setting up a cash transfer. That attempt at a money grab suggests that the spoofing campaign may be less of an espionage operation than a run-of-the-mill cybercriminal fraud scheme, albeit one with a very high-level target.
No comments:
Post a Comment