This huge breach of security has raised all kinds of red flags in Washington, D.C. An impersonator claimed to have hacked White House Chief of Staff Susie Wiles’ phone. As first reported by the Wall Street Journal, this incident illustrates a gaping hole in communications security at the highest levels of government. Now, federal agencies are made to account for these vulnerabilities.
The breach occurred in April of this year. Just this past May, President Donald Trump verified that someone did indeed successfully impersonate Wiles and was granted access to her phone. Just yesterday we learned of a deeply worrying new trend from the FBI. In February 2018, Russian hackers targeted U.S. senators, governors, and business executives in a sophisticated spear phishing campaign.
Details of the Breach
According to reports, the impersonator used sophisticated methods to breach Wiles’ phone, leading to a widespread campaign targeting various political figures and business leaders. This attack is only the latest in a series of cyberattacks that have targeted public officials.
The FBI announced that an attempted breach in April was tied to a Russia-linked hacker who used identical tactics. This alarming trend raises questions about the adequacy of cybersecurity measures in place to protect the personal information of those in power.
The State Department addressed these concerns in a cable, stating, “There is no direct cyber threat to the department from this campaign, but information shared with a third party could be exposed if targeted individuals are compromised.” This recognition highlights the very real danger of these violations.
Implications for Cybersecurity
Security experts are understandably alarmed by the national security implications of this impersonation incident. A senior State Department official emphasized the department’s commitment to safeguarding its information: “The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cybersecurity posture to prevent future incidents.”
First, the sophistication of the attack is especially chilling. The State Department cable noted that “the actor likely aimed to manipulate targeted individuals using AI-generated text and voice messages, with the goal of gaining access to information or accounts.” This points to an unprecedented degree of planning and execution that has the potential to affect many lives for years to come.
Targeted Individuals and Their Response
Now you’ve got U.S. senators, governors, and Fortune 500 business executives wringing their hands. They’ve gotten text messages and phone calls from someone impersonating Wiles. This person showed really deep knowledge of internal government documentation and naming conventions, which added even more difficulty to the situation.
Given these recent actions, especially in the context of ongoing attacks since the invasion began, targeted persons are advised to take precautions and stay alert to possible phishing attempts. The breach is another reminder of the clear and present danger that cybercriminals represent. The incident is a reminder about the need for martial cybersecurity norms.
