Deep fakes are a relatively new form of AI that has been utilised to curate hoax images, sounds and even videos by using a person's likeness on an existing form of media.
Recently, there have been multiple stories about deep fakes in the news. These deep fakes are being used in blockbuster Hollywood movies such as Star Wars to make ageing actors look younger, and people create internet videos in which they will swap celebrities' faces onto TikTok videos and even make music from artists who have passed away. However, in the past year, people have manipulated this new use of AI for extremely dark use cases. This includes scams and hoaxes, election manipulation, social engineering, identity theft/Fraud, and the most talked about pornography. Cybercriminals have used these deep fakes to promote scams on social media.
In recent memory, one of the most notable hoaxes caused by deep fakes was the Twitter scam that circulated about billionaire CEO Elon Musk. A scam deep fake video of the Tesla CEO went viral of him appearing to promote a crypto-currency scam, in which the scammer boasted returns of 30%. The footage was altered from a TedTalk that featured Elon from April 2022. The video caught the attention of Elon Musk, who promptly shut it down, replying to a tweet saying it was not him. Elon Musks' status as a tech pioneer made him the choice of target for scammers to take advantage of Twitter users and potential investors. Malicious hackers have also utilised the potential of deep fakes, specifically voice cloning, which has been used in vishing engagements. In 2019 fraudsters cloned the voice of a chief executive and managed to successfully trick a CEO into transferring him a large sum of money, roughly around 250,00 US dollars. The criminal called the victim three times, first to initiate the transfer, a second to falsely claim the payment had been reimbursed, and a third time to seek a follow-up payment. It is reported that by the third call, the victim became sceptical of the caller, and then he noticed that the phone number used was an Austrian phone number. Whilst the victim did not send the second payment, the first one had already been transferred, which was moved from the Hungarian bank account to one in Mexico and then disbursed to other locations.
Additionally, it is pertinent to recognise the use case of Deep fakes within the political sector. This is a major point of concern, due to this type of software being extremely cheap, especially with companies offering free trials of the service. A lot of citizens are utilising this to make convincing deep fakes of politicians they dislike saying things that did not happen and creating fake news. This recently occurred with Former President Trump, In which an unknown social media user created multiple images of Trump being arrested. At first glance, these images look extremely convincing. However, the more you analyse the photos, the more flaws appear. For example, people's facial features and hands look extremely smooth and unrealistic. Although, this did not stop people from sharing these images all over social media with the assumption that Trump had been arrested. In a similar situation, a deep fake video on Twitter appeared to show Russian President Vladimir Putin declaring peace against Ukraine. These videos were quickly removed from the social media platforms for violating its policy against misleading and manipulated media and spreading fake news. This demonstrates that these platforms are trying their best to police this type of content.
Beyond the realm of politics, deep fake technology has permeated other areas, with one particularly controversial application being porn deep fakes. It is estimated that 96% of internet deep fakes are pornographic, with the majority of these being non-consensual, of a celebrity or both. However, the UK government has recently unveiled a new law in the past year that is designed to reduce the amount of nonconsensual adult deep fake videos surfacing on the internet. The police will have new laws that state anyone who makes this genre of videos will be criminalised and potentially will have to go to prison. This law will also bring forward a package of additional laws to tackle a range of abusive behaviour, including installing equipment, such as hidden cameras.
To protect ourselves from being deceived by the influence of deep fakes, it is important to develop the skills to detect and spot a deep fake. One of the most common giveaways the video you are watching appears to be a deep fake is if there is a lack of natural eye movement. Replicating human eye movement is almost impossible, and with current technology, it is nearly impossible. This is due to how random eye movement can be in its natural state. Due to the fact that people's eyes usually follow and react to the person they are speaking to, which currently software can't decipher. Therefore, current deep fake videos also utilise a lack of blinking, as it is almost impossible to replace the human action of regular blinking. You can also look at the facial expressions of these deep fakes. This technology tends to specialise in faces rather than the body's, which leads deep fakes to resemble unnatural body shapes. There are plenty more examples like the ones I have listed. However, when spotting deep fakes, it is a general rule of thumb that if there is a pattern of it looking unnatural or unsettling, it is most likely a deep fake.
To conclude this week's blog, it is clear to see that deep fakes have emerged as an extremely powerful tool but have the very serious potential to be abused by cybercriminals or disgruntled acquaintances. While at first, this tool was recognised for people's creativity and use in entertainment, such as in movies or comedy videos on platforms including TikTok or youtube. People have abused this software and condemned it for horrible use cases such as the activities I have mentioned in this blog post. Therefore, it is key that the law creates new rulings to protect people against these types of threats and that those who have been creating them with malicious intent receive the appropriate punishment. Here at DarkInvader, we are actively scanning the public and private web for mentions of your companies domain to protect it from any potential cyber attacks.
Have a listen to our consultants discuss their views on Deep Fakes below.
Unlock continuous, real-time security monitoring with DarkInsight. Sign up for your free account today and start protecting your external attack surface from potential threats.
Create My Free Account