Associated Incidents
An impostor pretending to be Secretary of State Marco Rubio contacted foreign ministers, a U.S. governor and a member of Congress by sending them voice and text messages that mimic Rubio's voice and writing style using artificial intelligence-powered software, according to a senior U.S. official and a State Department cable obtained by The Washington Post.
U.S. authorities do not know who is behind the string of impersonation attempts but they believe the culprit was probably attempting to manipulate powerful government officials "with the goal of gaining access to information or accounts," according to a cable sent by Rubio's office to State Department employees.
Using both text messaging and the encrypted messaging app Signal, which the Trump administration uses extensively, the impostor "contacted at least five non-Department individuals, including three foreign ministers, a U.S. governor, and a U.S. member of Congress," said the cable, dated July 3.
The impersonation campaign began in mid-June when the impostor created a Signal account using the display name "Marco.Rubio@state.gov" to contact unsuspecting foreign and domestic diplomats and politicians, said the cable. The display name is not his real email address.
"The actor left voicemails on Signal for at least two targeted individuals and in one instance, sent a text message inviting the individual to communicate on Signal," said the cable. It also noted that other State Department personnel were impersonated using email.
When asked about the cable, the State Department responded that it would "carry out a thorough investigation and continue to implement safeguards to prevent this from happening in the future." Officials declined to discuss the contents of the messages or the names of the diplomats and officials who were targeted.
In addition to the effort to impersonate Rubio, several recent impersonation attempts have targeted high-profile U.S. officials. In May, someone breached the phone of White House Chief of Staff Susie Wiles and began placing calls and messages to senators, governors and business executives while pretending to be Wiles, the Wall Street Journal reported. The episode spurred a White House and FBI investigation, although President Donald Trump dismissed its significance, saying Wiles is "an amazing woman" who "can handle it."
The FBI declined to comment about the Rubio impostor. Impersonating a federal officer or employee to deceive or obtain something is a crime.
Hany Farid, a professor at the University of California at Berkeley who specializes in digital forensics, said operations of this nature do not require sophisticated actors, but they are often successful because government officials can be careless about data security.
"This is precisely why you shouldn't use Signal or other insecure channels for official government business," he said.
In March, then-White House national security adviser Michael Waltz inadvertently added a journalist to a Signal group chat discussing highly sensitive U.S. attack plans in Yemen, an incident that contributed to Waltz's ouster and curtailed the widespread use of the app for national security group meetings. Rubio has since been appointed as Trump's national security adviser. But on an individual level, government officials in the United States and elsewhere continue to use the app for personal and professional communications, given its reliable end-to-end encryption.
Once malicious actors obtain phone numbers linked to an official's Signal account, the impersonation part is easy, said Farid.
"You just need 15 to 20 seconds of audio of the person, which is easy in Marco Rubio's case. You upload it to any number of services, click a button that says 'I have permission to use this person's voice,' and then you type what you want him to say," said Farid. "Leaving voicemails is particularly effective because it's not interactive."
It is unclear if any of the officials responded to the impersonator.
The State Department cable urged U.S. diplomats to report "any impersonation attempts" to the Bureau of Diplomatic Security, which is investigating the matter, and for non-State Department officials to alert the FBI's Internet Crime Complaint Center.
In May, the FBI issued a warning that "malicious actors" were impersonating senior U.S. officials in an "ongoing malicious text and voice messaging campaign" intended to target other senior government leaders and their contacts. The campaign relied on AI-generated voice messages, according to the FBI, and was likely meant to "elicit information or funds."
"If you receive a message claiming to be from a senior U.S. official," the FBI warned at the time, "do not assume it is authentic."
Other forms of impersonation have spread across the globe. In June, Ukraine's Security Service announced that Russian intelligence agents were impersonating the agency in an effort to recruit Ukrainian civilians for sabotage missions. The same month, the Canadian Anti-Fraud Center and the Canadian Center for Cyber Security said scammers were utilizing artificial intelligence to impersonate senior government officials in a call- and text-driven campaign to steal sensitive information or money, or to insert malware into computer networks.