Deepfakes: AI Brings On A New Wave of Social Engineering
One of AI's most controversial creations is the phenomenon of deepfakes. These AI-crafted digital doppelgängers, capable of mimicking real-life personas with accuracy, are redefining the boundaries of what's real and what's fake.
One of AI's most controversial creations is the phenomenon of deepfakes. These AI-crafted digital doppelgängers, capable of mimicking real-life personas with accuracy, are redefining the boundaries of what's real and what's fake.
As we move into a new wave of cyber security threats and social engineering attacks, it's important to understand the impact of deepfakes can have.
Cybercriminals have long impersonated people and companies through phishing attacks, now they can add realistic voice and video.
In the constant game of cat and mouse between cyber criminals and unsuspecting victims this opens the floodgates of use cases.
What are Deepfakes?
A "deepfake" sometimes spelled "deep fake" is a false media created using artificial intelligence to convincingly alter or change a video or audio file.
The idea of deepfakes is not necessarily new, but it is now cheaper and easier to use than it was before. At first, fake videos were easy to detect because of pixel collapse. This would lead to unnatural visual artifacts in the skin tone or face contour of images or frequent visual artifacts (think uncanny valley). However, with AI advancement, fake videos are becoming indistinguishable from real ones.
The capacity to generate deepfakes is proceeding much faster than the ability to detect them. William A. Galston
Originating from the realms of AI and machine learning, deepfakes leverage sophisticated algorithms to produce or alter video and audio content, making it appear genuine.
The foundation of this technology is built upon neural networks that are trained to replicate and modify human features, expressions, and voices with astonishing accuracy. As the technology has evolved, so has its ability to create content that is increasingly difficult to distinguish from reality, marking a significant milestone in the capabilities of machine learning.
Deepfakes Examples:
In some instances the usecase for deepfakes is for entertainment purposes, such as this ai generated clip of Joe Rogan interviewing Sam Altman:
Another darker example is when fake profiles of Chief Information Security Officers (CISOs) were on LinkedIn targeting Fortune 500 companies. The profile pictures were most likely using a website like thispersondoesnotexist.com or something similar to generate images of normal looking people to pose as executives.
Interestingly enough when googling the CISOs to many of these organizations the fake profiles would come up first in google search. 👀 🔍
There is also this story Forbes ran about a bank manager in the Hong Kong who fell for a deep fake social engineering attack. The brief synopsis is the manager received a call from a man whose voice he recognized—a director at a company with whom he’d spoken before. The director told him the company was about to make an acquisition and needed to make a transfer of $35 million.
Combining this with emails and correspondence from a "lawyer". The bank manager, believing everything appeared legitimate, began making the transfers. Except it wasn't actually a voice from someone he recognized. By utilizing a "deep voice" technology the fraudsters were able to mimic the director's voice. They made a convincing call, and the bank manager transferred the money.
How Deepfakes Work
Deepfakes, are a product of advanced artificial intelligence. At the heart of this technology lies the Generative Adversarial Networks (GANs).
GANs consist of two parts: a generator, which creates images, and a discriminator, which evaluates them. The generator produces a new image or video by making random changes to an existing one, and the discriminator assesses the authenticity of that generated content against the original. Through countless iterations, the generator gets better at creating realistic content, aiming to eventually fool the discriminator.
This tug-of-war continues until the generated content is indistinguishable from the real one.
The result? Hyper-realistic deepfake content that can be almost impossible for the human eye to detect as fabricated.
The Impact of Deepfakes:
As the world is increasingly dominated by digital interactions, the authenticity of the content we consume and we people we interact with has never been more crucial.
These AI-driven creations, while awe-inspiring, have the power to manipulate public perception, impersonate individuals for fraudulent purposes, and even bypass advanced security measures.
As we dive into the implications of deepfakes, from the political arenas to personal interactions, it becomes evident that we are on the cusp of a new era of deception.
- Manipulating Public Perception
Manipulating public perception in the era of "fake news", where discerning truth from fiction is already challenging. Deepfakes amplify this challenge, providing a platform for false narratives to be presented as authentic footage or recordings. Real-world examples abound, from fabricated political speeches designed to sway voter opinions to doctored videos intended to discredit public figures. Such instances highlight the profound impact deepfakes can have on shaping public opinion and the potential dangers they pose to democratic processes.
This can become an even bigger problem in countries where democracy is not as prominent and information is harder to attain.
2. Impersonation and Fraud
You may be thinking "I'm not a politician or celebrity so this doesn't apply to me", but think about how this can easily be used to trick unsuspecting victims like someone at work dealing with sensitive information or someone who has access to large amounts on money.
What happens when deepfakes goes from partners being catfished to full blown corporate espionage.
Beyond influencing the masses, deepfakes also present a personal threat through impersonation. With the ability to mimic voices and appearances, deepfakes can be used to impersonate individuals, leading to breaches of privacy, character defamation, and even blackmail.
This technology opens doors to new avenues of fraud. Even tech savvy individuals fall victim to social engineering.
According to a study by the FTC, Millennials Are The Biggest Victims Of Social Engineering.
Imagine a scenario where a deepfake audio portrays a family member instructing another to transfer funds or disclose sensitive information. Such tactics could lead to significant financial ruin. As deepfakes become more sophisticated, the threat to personal security and the potential for financial fraud escalates, underscoring the need for awareness and robust countermeasures.
3. Bypassing Security with Deepfakes
These AI-generated forgeries, with their ability to replicate human voices, faces, and mannerisms with uncanny precision, can be weaponized to bypass biometric security measures. For instance, facial recognition systems, once deemed infallible, can now be fooled by a deepfake video of an authorized individual. Similarly, voice authentication protocols can be compromised using deepfake audio clips that mimic the voice patterns of a legitimate user. Beyond direct system breaches, deepfakes can also be employed in social engineering attacks, where a fabricated video or audio message might deceive employees into revealing confidential credentials or performing actions that compromise security.
In essence, deepfakes have added a new dimension to cyber threats, highlighting the potential vulnerabilities in systems that rely heavily on biometric and behavioral authentication.
Congress has been concerned with deepfakes since 20018 and even passed the Malicious Deep Fake Prohibition Act of 2018 as well as the DEEP FAKES Accountability Act. The Malicious Deep Fake Prohibition Act states:
Deepfakes Companies:
AI companies that are spearheading deepfake technology:
Detecting and Preventing Deepfakes in Social Engineering Attacks
As the menace of deepfakes grows, so does the urgency to develop robust countermeasures. One of the most promising avenues in this fight is the use of AI-driven solutions designed specifically to detect deepfake content. By analyzing subtle inconsistencies in audio, visual artifacts, or even the blinking patterns of digital personas, these AI models can discern genuine content from manipulated ones. Advanced algorithms are also being trained on vast datasets of deepfakes to recognize the unique signatures and patterns that deepfake generation tools leave behind.
However, it's crucial to understand that this is an ongoing battle. As detection tools evolve and become more adept at identifying forgeries, deepfake creators respond in kind, refining their techniques to produce even more convincing fakes. This dynamic creates a perpetual game of cat and mouse, with both sides leveraging the latest advancements in AI and machine learning. The challenge lies not just in detecting deepfakes but in staying one step ahead of those who create them, ensuring that our defenses adapt as quickly as the threats evolve.
Deepfake Detection Tools
Every challenge brings on new opportunities. The rise of deepfakes has given way to deepfake detection companies that have begun popping up. These companies are meant to help verify if a video something is real or a deepfake.
1. Deepware
2. Sensity
Sensity Team
Conclusion
Deepfakes, once a mere concept of technological possibilities, have now materialized as one of the most pressing challenges for both corporations and individuals.
Their ability to blur the lines between reality and fiction, especially in the context of social engineering, underscores a new era of cyber threats. As these AI-generated forgeries become increasingly sophisticated, they not only challenge our trust in digital content but also pose significant risks to personal, corporate, and national security.
Stay safe out there in the wild...
