The use of deepfakes, manipulated videos or photos, and social engineering techniques in general is constantly increasing. Between 2021 and 2022, this practice increased by 13%. These low cost but highly profitable attacks are within everyone’s reach, especially thanks to the applications available on the internet. The goal is to compromise an organization or a public figure in order to offend a third party. Thus deepfakes can cause serious harm in both the private and public spheres. Businesses can be compromised, authentication and identity verification procedures can be compromised, and even political decisions can be affected.
More advanced and available attacks
Deepfakes are created using machine learning techniques, including GANs (Generative adversarial networks). The latter consists of two algorithms: one generates a fake photo or video, while the other tries to detect whether the photo is real or fake. The two algorithms train each other through an adversarial process to improve the quality of the deepfake. The algorithms that generate deepfakes are rapidly improving AI algorithms for detecting those deepfakes. These have already evolved a lot, from simple exchanges of faces in real time (Change Faces) to creating artificial voices (Deep Voice), images and even satellite maps. Biometrics are also now being targeted by deepfakes.
The use of deepfakes technology, which is a threat to the private and public spheres
Corporate deepfake attacks are a hacking technique that allows hackers to infiltrate corporate systems using third parties. This can give them access to administrative rights and login rights, putting company security at risk. A real example of such an attack is the attack on the president. As part of a BEC (Business Email Compromise) attack, the hacker can pretend to be the leader or manager, and request a transfer via voice message or FaceSwap in real time. This can lead to significant financial losses for the company.
In addition, social engineering attacks can undermine actions “know your customer” (Know Your Customer), which allows companies to verify the identity of their customers. Hackers can also steal identities and compromise authentication, including banking.
Extortion, intimidation, and corruption are also risks associated with the use of deepfakes. A recent example is the increasing use of edited pornography with fake images of characters called “sextortion”. According to a Dutch study, 96% of the deepfakes circulating on the Internet are porn diversions.
Finally, attacks Social engineering It can also have ramifications in the political field. For example, a fake video of the President of Ukraine, in which he called on his country to “surrender”, was broadcast on social networks.
This is why a recent report by Europol ranked deepfakes as a “priority threat” to countries.
Poorly exploited legal framework
The French law against manipulation of information, adopted in 2018, aims to protect democracy from the deliberate publication of false news. This law is an example of the efforts made by the French state to protect citizens from manipulation of information that could affect elections, for example, or democracy in general. However, since its application is not binding on the respective platforms (Google, Twitter, TikTok, etc.), this did not lead to any significant change, especially since the scope of this law is geographically limited.
The European Commission has also developed a code of good practice to combat false information. However, according to Thierry Breton, European Commissioner for the Internal Market, none of the main signatories has complied with the entire law. It stresses the importance of increasing speed, extending the code, and making it more binding.
This statement highlights the need to strengthen measures against the dissemination of false information, which can have devastating consequences for democracy and societies. Governments and information industry actors, particularly GAFAMs, must work together to put in place effective and binding measures to combat this ever-evolving phenomenon.
But there are solutions
There is an urgent need for companies to take concrete action to combat deepfakes. Despite efforts by some organizations to educate and train their employees in computer security, many companies are not yet aware of the significance of the threat. Training (security awareness) of employees is essential to raise awareness of the risks, particularly that of phishing, which remains one of the most common attacks.
It is also important to carry out risk analyzes, in the initial stages, to assess the potential consequences of these threats for businesses. Anticipation makes it possible to organize a better defense. Also, it is advisable to call on threat intelligence teams that track sites that offer deepfakes and thus make it possible to adapt and improve their protection system.
Despite bug bounty campaigns such as Meta’s “Deepfake Detection Challenge”, these tests are inconclusive as they only manage to detect 2/3 of the deepfakes.
PVID repository, which is related to remote identity verification, is another possible solution. An example of a project is the French Digital Identity application, which allows the electronic chip of an ID card to be read during identification. To effectively combat deepfakes, putting an electronic signature on every photo or video is a solution. However, it is difficult, if not impossible, to force platforms to verify this signature on social networks.
On the other hand, there are effective methods, such as multi-factor authentication (MFA) such as one-time password received by SMS. Although some seek to do away with these methods in favor of facial recognition, they are still very useful for protecting against deepfakes.
To combat deepfakes, several solutions exist. And often the simplest and even the most ancient means are the most effective in combating deepfakes.
This article was written by: Benoit Delpierre, Deputy Technical Director at Eviden
<< لقراءة أيضًا: من الضروري الاهتمام بأمن أجهزة الكمبيوتر والهاتف الذكي أثناء العطلات! >>>