4 years ago
Deepfakes Security Risks

Originally published in KDNuggets, January, 2020.

Deepfakes have instilled panic in experts since they first emerged in 2017. Microsoft and Facebook have recently announced a contest to identify deepfakes more efficiently.

Deepfakes, videos where a person’s face is replaced with a nearly identical copy through the use of artificial neural networks, have instilled panic in experts since they first emerged in 2017. For instance, one of the major fears boiled down to the escalating risk of “porn vengeance” one’s ex-boyfriend can wreak. All it takes is some skills plus a computer powerful enough to frame up a naughty video featuring the guys’ ex-sweetheart. Natalie Portman and Scarlett Johansson, who has been “deepfaked” in quite a few adult videos, have even condemned the Internet altogether.

In order to combat the threat, Microsoft and Facebook have recently announced a contest to identify deepfakes more efficiently. The tech giants offer a prize pool of $10 million to researchers who can come up with the best deepfake detection algorithms. Not to mention the initiatives of DARPA (the U.S. Defense Advanced Research Projects Agency), which spent nearly $70 million on similar efforts over the past two years.

But here’s the thing: these projects aren’t really preventive anymore, because the first deepfake crime has already been perpetrated. According to the Wall Street Journal, the chief executive officer of a UK energy company was defrauded of €220,000 last March. He gave the green light to transfer the funds to a Hungary-based supplier because his boss, the head of a German parent firm, had repeatedly instructed him to do so. The truth is, a crafty scammer simply leveraged AI (artificial intelligence) technology to mimic the senior executive’s face and voice and demand that the payment be made within an hour.

The con artist used software that fully imitated a specific person’s voice, including the intonation and even German accent. The message appeared to come from the correct German address of the boss, and the CEO of the UK branch additionally received a valid-looking confirmation email with the contacts and credentials required for the money transfer. Perhaps the only giveaway was that the boss kept emphasizing how urgent the matter was, but that’s actually a typical thing in a business environment.

At the end of the day, the whole amount was gone. First, it was transferred from the Hungarian account over to Mexico, and then it was dispersed all around the world in multiple small portions. The crooks didn’t stop at that point, though. They used the same trick to request another urgent transfer so that the supply process could “get a boost.” That’s when the UK company CEO felt something wasn’t right and gave his real director a phone call.

What was happening next was a mess. The British manager started receiving calls from the impostor, then from his actual boss, and so on and so forth. Their voices sounded exactly the same. The names of the target company and its employees haven’t been disclosed due to an ongoing investigation. The thieves are still on the loose.

As a matter of fact, this story wasn’t necessarily the first instance of theft relying on deepfake AI technology. Symantec researchers claim to have spotted at least three cases where mimicking someone’s voice allowed impostors to dupe companies into wiring money to the wrong bank accounts. One of these victims lost millions of dollars this way. Moreover, based on the collected evidence, the scammers, in this case, and the ones who hoodwinked the CEO in the UK were different people. In other words, deepfake frauds are gradually becoming mainstream, and they aren’t a prerogative of some solo hacking genius.

To continue reading this article, click here.