Impostor Using AI-Powered Software to Contact Government Officials, Including Foreign Ministers and a Member of Congress

Strategic Insights -

As the United States faces an increasingly complex and sophisticated threat landscape, a recent incident highlights the vulnerability of government officials to impersonation attempts using artificial intelligence-powered software. A senior U.S. official and a State Department cable obtained by The Washington Post reveal that a person pretending to be Secretary of State Marco Rubio has contacted foreign ministers, a U.S. governor, and a member of Congress using voice and text messages that mimic Rubio's voice and writing style. The impersonation campaign began in mid-June and has likely been successful in gaining access to information or accounts, according to a cable sent by Rubio's office to State Department employees.

Key Takeaways:

  • The impostor used voice and text messages to contact at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress.
  • The impersonation campaign began in mid-June when the impostor created a Signal account using the display name "Marco.Rubio@state.gov" to contact unsuspecting foreign and domestic diplomats and politicians.
  • The State Department is carrying out a thorough investigation and implementing safeguards to prevent this from happening in the future.
  • Hany Farid, a professor at the University of California at Berkeley, stated that operations of this nature do not require sophisticated actors, but are often successful because government officials can be careless about data security.
  • Once malicious actors obtain phone numbers linked to an official's Signal account, the impersonation part is easy, requiring only 15 to 20 seconds of audio of the person.
  • The FBI issued a warning in May that "malicious actors" were impersonating senior U.S. officials in an "ongoing malicious text and voice messaging campaign" intended to target other senior government leaders and their contacts.
  • Impersonating a federal officer or employee is a crime, punishable under U.S. law.
  • Government officials should use secure channels for official business, as operations of this nature are often successful due to carelessness about data security.

Statistics:

  • The impersonation campaign began in mid-June and has continued until the present day.
  • At least five individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress, have been contacted by the impostor.
  • The FBI has issued a warning about the campaign and has urged officials to report any impersonation attempts to the Bureau of Diplomatic Security.
  • The State Department has begun implementing safeguards to prevent impersonation attempts in the future.

Sources:

  • A senior U.S. official and a State Department cable obtained by The Washington Post
  • Rubio's office to State Department employees
  • Hany Farid, a professor at the University of California at Berkeley
  • The FBI's warning issued in May
  • The State Department's response to the impersonation attempt
  • The Canadian Anti-Fraud Center and the Canadian Center for Cyber Security