Deepfakes: Hackers Newest Trick

Deepfake of Alec Baldwin and Donald Trump
So similar to the real deal as to be disconcerting…

Technology is always improving and hackers are always finding novel ways to exploit those advances. Cyber security analysts believe new attacks are on the way next year with some powerful new AI technology. Tech firm, Forrester, suggests that “deepfakescould potentially cost businesses as much as $250 million in 2020.

What are Deepfakes?

Deepfakes uses AI-based technology to impersonate the faces of celebrities using regular people to do the acting. For example, when Alec Baldwin impersonates Donald Trump on Saturday Night Live, we can tell. However, with Deepfake technology, the level of believability skyrockets tricking us into believing that Alec Baldwin is actually Donald Trump. Image a world where Deepfakes become ever more believable. What could possibly go wrong?

Why Deepfake Tech Matters

We all regularly get phishing emails from our company president. Sometimes we’re asked to buy gift cards, other times, we’re asked to do wire transfers to an emergency account. We know they are bogus because they are not believable. But what if one of the following happened:

  1. Hacker shorts a stock – say Acme Corp.
  2. A deepfake is released to the media of Acme Corp. CEO suddenly resigning under allegations of fraud or money laundering.
  3. Stock tanks and everyday investors are fleeced out of millions of dollars through short sales.

A Deepfake actor could in theory drive share prices of a company down through reputation damage. Even short-lived mistruths could cost millions of dollars. Are we prepared for this level of malfeasance?

There’s also the risk of Deepfakes being used to aid in phishing attacks. (If you are unfamiliar with phishing, see Avoiding Phishing Attacks.)  There have been cases where hackers fake the voice of a CEOs through voicemail to fool workers into wiring money to hacker’s accounts. Employees of companies across the country are regularly fooled into giving out personal information or sending money to hacker through Business Email Compromise, imagine how much easier it would be with a deepfake video of a CEO telling an employee to transfer funds into the hacker’s account?

How can we avoid being duped?

Education is the answer. The public needs to know that this AI technology exists and is always improving and learn what may ultimately be the evolution of a Phishing attack – a video Deepfake.

Technical solutions may be on the way. There are new startups seeking ways to identify deepfakes using the very AI technology that created them – a sort of anti-deepfake tech. The Defense Advanced Research Projects Agency, or DARPA, is running a program called “Media Forensics”, which has recently turned its attention to identifying AI powered manipulations such as deepfakes. Common sense must prevail. Knowing the capability exists and having a healthy dose of skepticism may turn out to be the best recipe for protection. This is the mission of Cyberhoot. To educate people on how to protect themselves with knowledge.

Sign up for CyberHoot training or our CyberHoot Newsletter today for you or your employees and begin to learn all about the dangers of phishing, BEC, and Deepfakes to protect yourself and your business.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.