In the last few years, slowly but steadily, the boundary between reality and fiction in the digital realm has become increasingly blurred thanks to the advent of deepfake technology.
Sophisticated, AI-powered synthetic media has evolved from a novel concept in Hollywood to a practical tool used daily by politically-motivated threat actors and cybercriminals for misinformation and fraud.
Since we last wrote about deepfakes a lot has changed. There are new powerful actors, with both old and new grievances, and of course, an explosion in the availability and capabilities of AI. Our trust in the veracity of what we see online has never been lower, nor more fragile.
In this post, we delve into the world of deepfakes as we see it today, exploring the nature, risks, real-life impacts, and measures needed to counter these advanced threats.
What Are Deepfakes?
Deepfakes are artificially-created media, typically video and audio, that purport to show events or people engaging in behaviors that never in fact occurred. They leverage sophisticated artificial intelligence (AI) and machine learning technologies, in particular generative adversarial networks (GANs).
GANs involve two AI models: one that generates content (the generator) and another that evaluates its authenticity (the discriminator). The generator creates increasingly realistic fake videos or audio, while the discriminator continuously assesses the content’s verisimilitude, leading to a rapid improvement in the quality and believability of the generated fakes.
Originally, deepfakes found their place in entertainment and social media, providing novel ways to create content, like superimposing celebrities’ faces onto different bodies in videos or enabling realistic voice impersonations. However, this technology’s potential for creating highly convincing forgeries soon transitioned from mere novelty to a potent tool for misinformation and manipulation.
AI voice cloning is being used to scam people by impersonating active service members to try and extort money or personal information from their families. This is unacceptable and why Senator Collins and I called on the FCC and FTC to address the rise in AI voice cloning scams.
— Amy Klobuchar (@amyklobuchar) November 8, 2023
The Cybersecurity Risks of Deepfakes | A Broad Spectrum
From political disinformation to financial deception, the ramifications of deepfakes are far-reaching and multifaceted. Let’s explore some key examples to understand the breadth and depth of these risks.
Political Disinformation
Deepfakes pose a significant risk to political stability by spreading false narratives and manipulating public opinion, particularly when they are used to create misleading representations of political figures. The first notable example occurred in 2018, when BuzzFeed released a deepfake of President Obama.
Since then, many others have come to light; a deepfake video of Ukrainian President Volodymyr Zelensky falsely portrayed him as conceding defeat and urging Ukrainians to surrender to Russia. Aimed at misleading and demoralizing the public, the video was identified as fake due to discrepancies such as the mismatched size of Zelensky’s head to his body.
Corporate Espionage
In the corporate world, deepfakes have emerged as tools for fraud and deception with the potential to cause substantial financial losses. Such scams can be particularly effective when impersonating high-level executives. A UK-based energy firm lost €220,000 after AI software was used to imitate the voice of the CEO of the firm’s German parent company and instruct the UK CEO to urgently transfer funds.
Personal Identity Theft and Harassment
Personal rights and privacy are, of course, highly susceptible to harm from fake media when it is used to commit identity theft and harassment. Malicious media creations can be alarmingly realistic. In Germany, the government was so concerned about the threat of deepfakes that it released an ad campaign to highlight the dangers, warning parents about the risks associated with these technologies.
Financial Market Manipulation
Beyond harm to individual persons or organizations, deepfakes can disrupt entire financial markets by swaying investor decisions and market sentiments with false narratives. An illustrative case was the deepfake video depicting a supposed explosion near the Pentagon, which briefly impacted the US stock markets.
Legal and Judicial Misuse
In the legal domain, deepfakes can be used to fabricate evidence, potentially leading to miscarriages of justice and undermining the integrity of judicial processes. Although a specific widespread instance in legal settings is yet to occur, the potential for deepfakes to be used in this manner raises concerns about the reliability of video and audio evidence in courtrooms and the need for enhanced verification measures to ensure judicial integrity.
Detecting and Combating Deepfakes | On the Cybersecurity Frontline
As with any tool, AI can be used for both good and bad, and there are efforts underway to develop AI-driven methods to detect and combat the threat of deepfakes. Many of these efforts focus on analyzing facial expressions and voice biometrics to spot subtle anomalies that are undetectable to the human eye and ear. This involves using machine learning models and training them on extensive datasets containing both genuine and manipulated media in order to effectively distinguish between the two.
Blockchain technology, more typically associated with cryptocurrencies, is also emerging as a useful tool in this fight. Blockchain provides a way to verify the source and authenticity of media files and confirm whether they have been altered. So-called “smart contracts” can be used both to verify the authenticity of digital content and to trace how it is interacted with, including any modifications. Combined with AI that can flag media content as potentially inauthentic, a smart contract can trigger a review process or alert relevant authorities or stakeholders.
Other tools are being developed to ensure that content created by AI platforms can be detected as artificial. For example, Google’s SynthID can embed inaudible “watermarks” in AI-generated audio content. Methods like SynthID are intended to ensure that content generated by AI tools remains reliably detected as artificially generated even after it has been manipulated by humans or other editing software.
As in other areas of cybersecurity, education and awareness campaigns have an important part to play in combating the threat of deepfakes. Educating individuals and organizations about deepfakes, how to spot them, and their potential impact will be essential. Collaborations between technology companies, cybersecurity experts, government agencies, and educational institutions will prove to be vital over the next few years as we strive to develop more comprehensive strategies to combat artificially-generated content used for ill ends.
Best Practices for Organizations and Individuals in the Era of Deepfakes
As the threat landscape shaped by deepfakes continues to evolve, it is increasingly important to adopt strategies to mitigate risks associated with the misuse of AI technology. Here is our guide to current best practices and measures to enhance resilience against deepfake-related security threats.
Raising Awareness and Training
Education is the cornerstone of defense against deepfakes. Conducting regular training sessions for employees to recognize deepfakes can significantly lower the risk of deception. This training should focus on the subtleties of synthetic media and keep abreast of the latest developments in deepfake technology.
Cultivating a verification culture within organizations, where any unusual or suspicious communication, particularly involving sensitive information, is cross-verified through multiple channels, is also crucial.
Implementing Robust Verification Processes
For critical communications, especially in financial and legal contexts, implementing multi-factor authentication and rigorous verification processes is indispensable. For instance, voice and video call confirmations for high-stake transactions or sensitive information sharing can be effective. Such practices can prevent incidents similar to the aforementioned case in which a CEO’s voice was faked for fraudulent activities.
Utilizing Advanced Cybersecurity Solutions
We can leverage AI to defeat AI by incorporating advanced cybersecurity solutions with deepfake detection capabilities. Tools employing AI and machine learning to analyze and flag potential deepfakes add an important layer of security.
Regular Software and Security Updates
Maintaining up-to-date software, including security solutions, is vital for cybersecurity. Updates often contain patches for newly identified vulnerabilities that could be exploited by deepfakes and other cyber threats. A proactive stance on software updates can significantly reduce the likelihood of security breaches.
Collaborating with External Experts
For organizations, particularly those with limited in-house cybersecurity capabilities, partnering with external security experts can offer enhanced protection. These professionals can provide insights into the latest threats and assist in crafting strategies specifically designed to counter deepfakes and other emerging cyber risks.
Personal Vigilance
As individuals, it is important for all of us to maintain vigilance when engaging with media. This includes maintaining a healthy skepticism towards sensational or controversial content and verifying sources before sharing or acting on such information.
Utilizing tools and browser extensions that assist in detecting deepfakes can also contribute to stronger personal cybersecurity practices.
It’s also worth remembering that, like any other creation, deepfakes come with varying degrees of quality and attention to detail from the creator. That means in some cases it is still possible to spot less-advanced or sophisticated deepfakes. Some things to watch out for include:
- Unnatural Eye Movements: AI-generated images or videos can fail to accurately replicate intricate and natural eye movements. This discrepancy can manifest as unusual blinking patterns or a lack of natural eye movement.
- Audio-Video Sync Issues: Some deepfakes can fail to sync spoken words and lip movements, leading to noticeable discrepancies.
- Color and Shadow Inconsistencies: AI often struggles with consistently rendering colors and shadows, especially in varying lighting conditions. Look out for inconsistencies in skin tones or background colors. Shadows might appear misplaced or of the wrong intensity.
- Unusual Body Movements: AI might also struggle to maintain the consistency of body shapes, leading to noticeable distortions or irregularities. This might include jerky, unnatural movements or expressions that don’t align with how a person typically moves or reacts.
In short, combating deepfakes requires a multi-faceted approach, combining education, robust verification processes, advanced technology, software maintenance, expert collaboration, and personal vigilance. These practices form an integral part of a comprehensive strategy to counter the growing sophistication of deepfakes in the cybersecurity landscape. As a bonus, they will also help protect against other kinds of cybersecurity threats and serve to encourage the security mindset individuals and organizations need in today’s digital-centric world.
The Future of Deepfakes and Cybersecurity
The deepfake genie is out of the bottle and we cannot wish it away. Rather, as deepfakes become increasingly prevalent and ever-more subtle, we will need to evolve effective responses. This will entail development in certain key areas.
Aside from continued development of advanced authentication tools, industry leaders, including AI developers like OpenAI and cybersecurity firms, will need to steer the development and application of AI technologies to both establish ethical guidelines and ensure robust defense mechanisms against deepfake threats.
New legislation and regulations will also be required to prohibit and penalize the creation and dissemination of deepfakes for harmful purposes. Due to the transnational nature of digital media, international collaboration in legal frameworks will also be needed to effectively combat deepfakes.
As we’ve noted above, educating the public about deepfakes and enhancing media literacy are an integral part of countering the threat of manipulated media. Technology and regulation alone cannot win the fight across the broad spectrum of online surfaces in which misinformation can be disseminated.
The inevitable proliferation of deepfakes demands a multi-dimensional approach, combining technological innovations, ethical industry practices, informed legislative measures, and public education. We are only at the mercy of technology when we fail to take the time to understand its implications or develop the appropriate controls. When it comes to AI and deepfakes, we still have meaningful opportunities to do both.