A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

For years, a mysterious figure who goes by the handle Stern led the Trickbot ransomware gang and evaded identification—even as other members of the group were outed in leaks and unmasked. This week German authorities revealed, without much fanfare, who they believe that enigmatic hacker kingpin to be: Vi­ta­ly Ni­ko­lae­vich Kovalev, a 36-year-old Russian man who remains at large in his home country.

Closer to home, WIRED revealed that Customs and Border Protection has mouth-swabbed 133,000 migrant children and teenagers to collect their DNA and uploaded their genetic data into a national criminal database used by local, state, and federal law enforcement. As the Trump administration’s migrant crackdown continues, often justified through invocations of crime and terrorism, WIRED also uncovered evidence that ties a Swedish far-right mixed-martial-arts tournament to an American neo-Nazi “fight club” based in California.

For those seeking to evade the US government surveillance, we offered tips about more private alternatives to US-based web browsing, email, and search tools. And we assembled a more general guide to protecting yourself from surveillance and hacking, based on questions our senior writer Matt Burgess received in a Reddit Ask Me Anything.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

The FBI is investigating who impersonated Susie Wiles, the Trump White House’s chief of staff and one of the president’s closest advisers, in a series of fraudulent messages and calls to high-profile Republican political figures and business executives, The Wall Street Journal reported. Government officials and authorities involved in the probe say the spear-phishing messages and calls appear to have targeted individuals on Wiles’ contact list, and Wiles has reportedly told colleagues that her personal phone was hacked to gain access to those contacts.

Despite Wiles’ reported claim of having her device hacked, it remains unconfirmed whether this was actually how attackers identified Wiles’ associates. It would also be possible to assemble such a target list from a combination of publicly available information and data sold by gray-market brokers.

“It’s an embarrassing level of security awareness. You cannot convince me they actually did their security trainings,” says Jake Williams, a former NSA hacker and vice president of research and development at Hunter Strategy. “This is the type of garden-variety social engineering that everyone can end up dealing with these days, and certainly top government officials should be expecting it.”

In some cases, the targets received not just text messages but phone calls that impersonated Wiles’ voice, and some government officials believe the calls may have used artificial intelligence tools to fake Wiles’ voice. If so, that would make the incident one of the most significant cases yet of so-called deepfake software being used in a phishing attempt.

It’s not yet clear how Wiles’ phone might have been hacked, but the FBI has ruled out involvement by a foreign nation in the impersonation campaign, the bureau reportedly told White House officials. In fact, while some of the impersonation attempts appeared to have political goals—a member of Congress, for instance, was asked to assemble a list of people Trump might pardon—in at least one other case the impersonator tried to trick a target into setting up a cash transfer. That attempt at a money grab suggests that the spoofing campaign may be less of an espionage operation than a run-of-the-mill cybercriminal fraud scheme, albeit one with a very high-level target.