Deepfakes, the inconspicous threat to Cybersecurity
May 2022 marked the return of the most anticipated hip-hop albums of the year, Kendrick Lamar’s “Mr. Morale & The Big Steppers”. Ahead of the album’s release, Lamar dropped “The Heart Part 5”, the fifth installment in his long-running series. The song, accompanied by a music video created by Deep Voodoo, showcases the creative use of Deepfake technology to transform K Dot’s face into the form of an array of famous and infamous faces – among whom were Kanye West, Kobe Bryant, Will Smith, OJ Simpson, and the late Nipsey Hussle.
So, what is a “Deepfake”?
In simple terms, a deepfake (the product) is a form of synthetic media in which existing media, for example, a video clip and a series of photographs, are combined together using a sophisticated type of artificial intelligence (AI) to create a realistic, but fake video. Although the technology seems relatively new, the groundwork for the application is much older. The technology has essentially piggy-backed off-off many other inventions, such as computer software, algorithms and Artificial Technology (AI). Although the technology has been around for quite some time now, many are still are still asking ‘What are Deepfakes?’
Well… the term ‘Deepfake’ is a portmanteau of ‘deep Learning’ and ‘Fake’.
In 2017, a software developer nicknamed “deepfakes” posted his creations in which he swapped Hollywood celebrities’ faces onto the faces of porn artists the online news and aggregation platform – Reddit. After the creations rapidly spread, deepfake became a new trend. Although the technology has since been used for positive purposes, including – the creation of engaging educational lessons by bringing historical figures to life in the classroom, thus making lessons more interactive and engaging to speeding up game development in the gaming industry. The threat of misuse of the technology has almost lingered in the background unabated.
Veiled threat
Recent use of the technology has seen it being used as a source of fun and controversy in equal measure, deepfakes have increasingly gathered public attention from viral videos on TikTok and YouTube with some famous examples of deepfakes which included fake videos of Barrack Obama, Donald Trump, Vladimir Putin and Mark Zuckerberg. One deepfake footage of Tom Cruise posted to an unverified TikTok account racked up 11 million views on the app and millions more on other platforms. Whilst these deepfake videos have, in the past, appeared harmless, the dark-side of their application has steadily reared its head. the technology does have some drawbacks such as – post truth politics, harassment of women in the form of revenge porn, manipulation of the public, intervention to the elections, violations of personal data protection rights and intellectual property rights and most alarmingly, the threat to the financial services industry (cyber-crime).
In a positive step to combatting the early signs of the abuse of the technology, Reddit banned its nearly 100,000 strong “Deepfake” community, and in an official statement, the company said:
“Reddit strive to be a welcoming, open platform for all by trusting our users to maintain an environment that cultivates genuine conversation. As of February 7, 2018, we have made two updates to our site-wide policy regarding involuntary pornography and sexual or suggestive content involving minors. These policies were previously combined in a single rule; they will now be broken out into two distinct ones. Communities focused on this content and users who post such content will be banned from the site”
In another incident in October 2021, MIT Prof. Sinan Aral warned his Twitter followers that he had discovered a video of himself that he hadn’t recorded, endorsing an investment fund’s stock-trading algorithm. In reality, it wasn’t Prof. Aral in the video, but an artificial-intelligence creation in his likeness.
From Corporate Level Fraud, Extortion of Money from Businesses or Individuals, False Information/ Fake News, Fake Videos and more alarmingly, Banking Fraud, the use of the open-source technology has made it increasingly possible for anyone with images of a victim to create a convincing deepfakes.
The peril to Cellphone – Banking: Biometric Security
A recent study suggested that deepfake-generating techniques had reached the point where they could reliably fool commercial facial recognition services. As banking and financial services have increasingly become digitalised over the years, fraudsters and criminal enterprises have identified this as an area of opportunity and have made use of AI-technology to aid them in their criminal activities. Sensity, a security firm focused on deepfake detection, published its 2022 Report titled: “Deepfakes vs Biometric KYC Verification” in which its researchers demonstrated how they were able to bypass automated biometric KYC checks / “liveness test” by using AI-generated faces.
In a paper published on the preprint server Arxiv.org, researchers at Subkyunkwan University in Suwon, South Korea demonstrated that APIs from Microsoft and Amazon could be fooled with commonly used deepfake-generating methods. In one case, one of the APIS – Microsoft’s Azure Cognitive Services – was fooled by up to 78% of the deepfakes the coauthors fed it.
“From experiments, we find that some deepfake generation methods are of greater threat to recognition systems than others and that each system reacts to deepfake impersonation attacks differently” the researchers wrote.
Thee researches further warned that – “Assuming the underlying face recognition API cannot distinguish the deepfake impersonator from the genuine user, it can cause many privacy, security, and repudiation risks, as well as numerous fraud cases”. With the positive use cases of the technology likely to be overshadowed in coming years by financial fraud, identity theft and worse—from the savaging of reputations to the stoking of civil and political unrest. There is a growing public concern over the security of their personal information and coffers. With the methods of generating synthetic media expected to continue growing with sophistication and with most AI detection methods having rates of failure, users of web-based data collecting platforms to internet and or cellphone banking application users such as the – FNB @FNBSA, Capitec @CapitecBankSA, Nedbank @Nedbank, African Bank @AfricanBank and ABSA @AbsaSouthAfrica Cellphone Banking App have started questioning the competency of the biometric security protocols of these financial institutions to deal with these sophisticated cyber-attacks.
Could criminal organisations – having stolen users’ laptop computers and /or mobile devices (and now armed with the victim’s images *selfies) – create deepfakes of the victims to gain illegal access to their cellphone/ internet banking applications or laptop computers to steal funds from their bank accounts, proprietary information, manipulate and defraud the victims using fake pornographic material of the victims or publish fake videos of the victims to defame the victims? Are local facial recognition software regularly updated and are they secure enough to protect unassuming users against data breaches and loss of assets? These are the questioned posed by the 21st Century technology. Whilst the future of this technology remains largely unclear, what is evident is that legislatures, financial institutions, social media platforms and the likes… – all need to heed to the warning signs and rally around the regulation of the use of Deepfake technology sooner rather than later. Unchecked – the widespread use of the technology will undoubtedly lead to more and more incidents of public manipulation, attacks on personal rights, violations of rights of intellectual property and personal data protection.
Image Source: https://www.today.com/news/man-tom-cruise-deepfakes-tiktok-speaks-ethics-technology-rcna10163
https://www.msnbc.com/opinion/msnbc-opinion/kendrick-lamar-s-new-album-heart-challenges-how-we-see-n1295357