Latest news with #SocialProofSecurity
CNN
a day ago
- Politics
- CNN
Why fake AI calls impersonating US officials are ‘the new normal'
Two of the most senior figures in the US government — Secretary of State Marco Rubio and the White House chief of staff — have been impersonated in recent weeks using artificial intelligence — a tactic that harnesses a rapidly developing technology that cybersecurity experts say is becoming the 'new normal' in terms of cheap and easy scams targeting senior US officials. 'It's now easy and quick to clone someone's voice using AI tools, which now require less than 15 seconds of someone's voice to create a believable voice clone,' said Rachel Tobac, chief executive of SocialProof Security, a firm that trains people to defend against such attacks. 'Just six months ago, I needed a clear one-to-two-minute sample of someone's voice without background noise or music to create a believable voice clone — not so anymore.' 'Voice-cloning is the new normal (in terms of) impersonation social-engineering attempts,' she said. Rubio told CNN on Thursday that he expects more AI-based efforts to impersonate him. 'It won't be the last time you see me or others, for that matter. Maybe some of you will be impersonated,' Rubio said on a trip to Malaysia. 'Within days of becoming Secretary of State, I had foreign ministers calling the State Department asking if I had just texted them,' said Rubio, who is also the national security adviser. 'This is just the reality of the 21st Century, AI and fake stuff that's going on.' In Rubio's case, an imposter called at least five people, including three foreign ministers, a governor and a senator. The unknown attacker set up an account on the Signal messaging platform in mid-June using the display name ' according to a State Department cable last week on the incident viewed by CNN. 'The actor left voicemails on Signal for at least two targeted individuals, and in one instance, sent a text message inviting the individual to communicate on Signal,' the cable said. An AI-based robocall last year that mimicked the voice of then-President Joe Biden and tried to dissuade voters from voting in a primary was a wake-up call for senior US officials over the risks that AI could pose to the electoral process. For public figures whose voices are everywhere online, the cloning process is even simpler, said Steve Grobman, chief technology officer at cybersecurity firm McAfee. 'What's most concerning is that with AI-powered clones, seeing – or hearing – is no longer believing, and even trained professionals can be fooled, especially when a familiar voice makes an urgent request,' Grobman told CNN. 'It's also why we need smarter tools to help people tell what's real and what's not. We can't rely on our own instincts anymore.' However, Rubio and others who heard audio of the call imitating him said it didn't quite sound like him, meaning whoever was behind it didn't go to great lengths to match his voice. The audacity of the ruse is what has some US officials alarmed. A month before the fake Rubio calls began, the FBI warned in May that unidentified 'malicious actors' were impersonating senior US officials to target their contacts in government. The aim was to build a rapport with the target to then access their online accounts. The ultimate goal of the scheme — whether to steal information or money — was unclear. White House Chief of Staff Susie Wiles, a trusted confidant of President Donald Trump, was one of the government officials being impersonated, CNN and other news outlets reported. Early into the FBI investigation of the Wiles impersonation, officials suspected the impersonator was a criminal rather than state actor, multiple sources familiar with the matter said. But investigators also examined if there was any connection to Iran — given that Tehran-linked hackers were believed to have previously hacked Wiles' phone. CNN has requested comment from the FBI on the status of the investigation. Rubio said he referred the matter to the FBI and the State Department's diplomatic security when he found out about it last week. Even before news of the Rubio and Wiles imposters broke, employees across the federal bureaucracy were trying to tighten up their phone communications in response to an entirely different and more sophisticated threat. Chinese government-backed hackers broke into America's biggest telecom providers as part of an effort to spy on senior US officials, Washington alleges, in activity that was revealed last year. In the wake of that hack, the FBI and Department of Homeland Security urged government employees to use encrypted messaging platforms so the hackers could not snoop on their texts. There is no way to prevent people from setting up fake accounts and using any of a dozen free pieces of software online to clone someone's voice. So the FBI and the State Department have been publicly and privately warning US officials to take extra care in their communications, and to tell their circle of contacts about the impersonation schemes. Government agencies 'must now focus on defense and catching attackers using deepfakes in action,' Tobac, the cybersecurity executive, told CNN. 'One way to do that is to use another method of communication to verify identity before taking action on a sensitive request.'
CNN
a day ago
- Politics
- CNN
Why fake AI calls impersonating US officials are ‘the new normal'
Two of the most senior figures in the US government — Secretary of State Marco Rubio and the White House chief of staff — have been impersonated in recent weeks using artificial intelligence — a tactic that harnesses a rapidly developing technology that cybersecurity experts say is becoming the 'new normal' in terms of cheap and easy scams targeting senior US officials. 'It's now easy and quick to clone someone's voice using AI tools, which now require less than 15 seconds of someone's voice to create a believable voice clone,' said Rachel Tobac, chief executive of SocialProof Security, a firm that trains people to defend against such attacks. 'Just six months ago, I needed a clear one-to-two-minute sample of someone's voice without background noise or music to create a believable voice clone — not so anymore.' 'Voice-cloning is the new normal (in terms of) impersonation social-engineering attempts,' she said. Rubio told CNN on Thursday that he expects more AI-based efforts to impersonate him. 'It won't be the last time you see me or others, for that matter. Maybe some of you will be impersonated,' Rubio said on a trip to Malaysia. 'Within days of becoming Secretary of State, I had foreign ministers calling the State Department asking if I had just texted them,' said Rubio, who is also the national security adviser. 'This is just the reality of the 21st Century, AI and fake stuff that's going on.' In Rubio's case, an imposter called at least five people, including three foreign ministers, a governor and a senator. The unknown attacker set up an account on the Signal messaging platform in mid-June using the display name ' according to a State Department cable last week on the incident viewed by CNN. 'The actor left voicemails on Signal for at least two targeted individuals, and in one instance, sent a text message inviting the individual to communicate on Signal,' the cable said. An AI-based robocall last year that mimicked the voice of then-President Joe Biden and tried to dissuade voters from voting in a primary was a wake-up call for senior US officials over the risks that AI could pose to the electoral process. For public figures whose voices are everywhere online, the cloning process is even simpler, said Steve Grobman, chief technology officer at cybersecurity firm McAfee. 'What's most concerning is that with AI-powered clones, seeing – or hearing – is no longer believing, and even trained professionals can be fooled, especially when a familiar voice makes an urgent request,' Grobman told CNN. 'It's also why we need smarter tools to help people tell what's real and what's not. We can't rely on our own instincts anymore.' However, Rubio and others who heard audio of the call imitating him said it didn't quite sound like him, meaning whoever was behind it didn't go to great lengths to match his voice. The audacity of the ruse is what has some US officials alarmed. A month before the fake Rubio calls began, the FBI warned in May that unidentified 'malicious actors' were impersonating senior US officials to target their contacts in government. The aim was to build a rapport with the target to then access their online accounts. The ultimate goal of the scheme — whether to steal information or money — was unclear. White House Chief of Staff Susie Wiles, a trusted confidant of President Donald Trump, was one of the government officials being impersonated, CNN and other news outlets reported. Early into the FBI investigation of the Wiles impersonation, officials suspected the impersonator was a criminal rather than state actor, multiple sources familiar with the matter said. But investigators also examined if there was any connection to Iran — given that Tehran-linked hackers were believed to have previously hacked Wiles' phone. CNN has requested comment from the FBI on the status of the investigation. Rubio said he referred the matter to the FBI and the State Department's diplomatic security when he found out about it last week. Even before news of the Rubio and Wiles imposters broke, employees across the federal bureaucracy were trying to tighten up their phone communications in response to an entirely different and more sophisticated threat. Chinese government-backed hackers broke into America's biggest telecom providers as part of an effort to spy on senior US officials, Washington alleges, in activity that was revealed last year. In the wake of that hack, the FBI and Department of Homeland Security urged government employees to use encrypted messaging platforms so the hackers could not snoop on their texts. There is no way to prevent people from setting up fake accounts and using any of a dozen free pieces of software online to clone someone's voice. So the FBI and the State Department have been publicly and privately warning US officials to take extra care in their communications, and to tell their circle of contacts about the impersonation schemes. Government agencies 'must now focus on defense and catching attackers using deepfakes in action,' Tobac, the cybersecurity executive, told CNN. 'One way to do that is to use another method of communication to verify identity before taking action on a sensitive request.'
Yahoo
12-02-2025
- Business
- Yahoo
Scammers using AI to dupe the lonely looking for love
Meta on Wednesday warned internet users to be wary of online acquaintances promising romance but seeking cash as scammers use deep fakes to prey on those looking for love. "This is a new tool in the toolkit of scammers," Meta global threat disruption policy director David Agranovich told journalists during a briefing. "These scammers evolve consistently; we have to evolve to keep things right." Detection systems in Meta's family of apps including Instagram and WhatsApp rely heavily on behavior patterns and technical signals rather than on imagery, meaning it spies scammer activity despite the AI trickery, according to Agranovich. "It makes our detection and enforcement somewhat more resilient to generative AI," Agranovich said. He gave the example of a recently disrupted scheme that apparently originated in Cambodia and targeted people in Chinese and Japanese languages. Researchers at OpenAI determined that the "scam compound" seemed to be using the San Francisco artificial intelligence company's tools to generate and translate content, according to Meta. Generative AI technology has been around for more than a year, but in recent months its use by scammers has grown strong, "ethical hacker" and SocialProof Security chief executive Rachel Tobac said during the briefing. GenAI tools available for free from major companies allow scammers to change their faces and voices on video calls as they pretend to be someone they are not. "They can also use these deep fake bots that allow you to build a persona or place phone calls using a voice clone and a human actually doesn't even need to be involved," Tobac said. "They call them agents, but they're not being used for customer support work. They're being used for scams in an automated fashion." Tobac urged people to be "politely paranoid" when an online acquaintance encourages a romantic connection, particularly when it leads to a request for money to deal with a supposed emergency or business opportunity. - Winter blues - The isolation and glum spirits that can come with winter weather along with the Valentine's Day holiday is seen as a time of opportunity for scammers. "We definitely see an influx of scammers preying on that loneliness in the heart of winter," Tobac said. The scammer's main goal is money, with the tactic of building trust quickly and then contriving a reason for needing cash or personal data that could be used to access financial accounts, according to Tobac. "Being politely paranoid goes a long way, and verifying people are who they say they are," Tobac said. Scammers operate across the gamut of social apps, with Meta seeing only a portion of the activity, according to Agranovich. Last year, Meta took down more than 408,000 accounts from West African countries being used by scammers to pose as military personnel or businessmen to romance people in Australia, Britain, Europe, the United States and elsewhere, according to the tech titan. Along with taking down nefarious networks, Meta is testing facial recognition technology to check potential online imposters detected by its systems or reported by users. gc/arp/dw
