by Reese Kimmons, MS ISA
What are deepfakes and how to detect them
There have been a number of reports regarding the global implications of cyberattacks and cyberwarfare and the ongoing conflict in Ukraine. Increasingly, part of the battle is being fought online.
Disinformation has always been used as a weapon in time of war, but now it is being delivered via deepfake video technology. Recently, a convincing fake video was posted to a hacked Ukrainian news site. The video appeared to show Ukrainian President Volodymyr Zelenskyy telling his troops to surrender to the Russians.
Deepfake technology has evolved to the point where it is now being used not just in cyber warfare but also as a social engineering tool. Scammers are using deepfakes in some of the same ways that they use phishing emails.
Experts are predicting that usage of deepfakes by cybercriminals will continue to increase at least in the near future, targeting organizations and individuals in both the public and private sectors.
What, exactly, is a deepfake?
Take a look at the deepfake video of President Zelenskyy. It looks convincing, right? Basically, deepfake technology can be used to create videos that make it appear as if anyone is saying anything.
There is even a free app available that you can install on your phone to instantly create fake videos of someone singing a song you select from a list. All you need is a picture of the person’s face.
Visit the WomboAI website and take a look at some of these music videos. This app is just for fun and the results can be a bit crude, but it gives you an idea of what even basic deepfake technology can do in a matter of seconds.
What IT security pros are saying
In the wake of the Zelenskyy deepfake, security professionals are expressing concern that there will be a dramatic increase in the general usage of these fake videos in social engineering campaigns. In fact, deepfakes or links thereto have previously been seen in phishing emails and other messages including texts and social media posts.
One example of an attack incorporating a deepfake might be a phishing email with a link to a video featuring a C-suite official. The official could be directing employees to visit a malicious website, possibly for the purpose of delivering malware or stealing login credentials.
A bit of history about deepfake usage in cyber attacks
Information security provider Norton published an article in August of 2020 stating that deepfake technology was already being utilized in blackmail attacks, disinformation campaigns, reputation smearing, and celebrity porn scams.
Later, in January of 2021, an article on the EC Council’s CISOMag site stated that cybercriminals were, “using AI-based deepfake audio and video impersonations to launch sophisticated malicious operations.”
These included identity theft attacks. The article predicted that deepfakes, “could become a major security threat to businesses globally within the next two years.”
You can be sure that, as the technology becomes more sophisticated and easier to use, criminals will incorporate it into more of their attacks.
Deepfake attacks could target critical infrastructure
World events have prompted government agencies to warn of what they predict will be a dramatic increase in cyber attacks. Government cybersecurity officials are primarily concerned about nation state threat actors targeting the critical infrastructure of countries supportive of Ukraine.
In fact, the U.S. federal government recently issued a statement recommending that both governmental and private sector entities harden their cyber defenses in response to the growing threat.
If Russian operatives created the Zelenskyy video as a component of their cyber warfare strategy targeting Ukraine, they, or other bad actors, could certainly use deepfake technology to attack governmental or private sector entities including those providing or supporting critical infrastructure.
How to recognize a deepfake video
Your best defense against any social engineering attack is knowing how to recognize it before it’s too late. Although deepfake technology and the quality of the videos continue to improve, there are some telltale signs that indicate that a video may be fake.
Look for movements of the eyes that appear unnatural or strange. Other facial features can also be revealing. If, for example, the person appears to be facing in one direction but the nose is pointing slightly in another, that’s a good indicator.
Unnatural expressions or a lack of emotions are warning signs. In some instances, the movement of the lips and mouth may be slightly out of sync with the audio.
Hair, skin tone, and teeth can be indicative of a faked video. Skin may appear to be discolored. You could see a shadow on the skin that doesn’t fit the rest of the image.
Perhaps the subject appears to be in a breezy environment, yet the hair stays in place? Teeth may appear to be a single white line with no definition of each individual tooth.
Unnatural or awkward body movements may indicate the video is fake. The subject’s posture might appear to be awkward. In some deepfake videos, the head and body just don’t seem to fit together correctly.
There can be other, more technical clues as well. Edges of images can appear blurred or out of alignment.
This is especially true if the subject is moving and the background includes stationary visual details. There can be strange noises, audio dropouts, mispronunciation of words, and voices that sound strangely robotic.
If you have the capability to zoom in on the images, you may detect various video inconsistencies including synchronization issues between the video and audio. If you can slow down the video, you could find even more inconsistencies indicating that it’s a fake.
What is being done about deepfakes
Twitter and Facebook say they have banned the posting of malicious deepfakes, although at last check the Zelensky video was still available on Twitter.
Google says it is developing a tool to verify that the words apparently coming from the speakers in these videos are, in fact, theirs.
Deeptrace, a new company based in Amsterdam, is working on a new tool to detect deepfakes using technology similar to that which is used by antivirus applications.
The University of Southern California and U.C. Berkley are conducting research to come up with new deepfake identification technologies. The Deepfake Detection Challenge is an organization offering incentives to those who would develop deepfake detection solutions.
In the U.S., the Defense Advanced Research Projects Agency (DARPA) is funding research intended to come up with automated solutions for screening out deepfakes. The program is known as MediFor, which is short for Media Forensics.
Although there are a number of agencies and entities working to find ways to detect and deal with deepfake videos, your ability to recognize them remains your best defense, at least for now.
Examine suspected fakes, carefully looking for any of the inconsistencies listed herein or anything else that appears strange. Perhaps you know the person portrayed in the video? Are the behaviors exhibited in the video something you would expect from that person?
Treat a potential deepfake the same way you would a phishing email. If there are inconsistencies or if the behavior is unusual and if the person portrayed in the video is requesting that you call a number, click on a link, or download some attachment, verify the information before you act.
Contact the individual directly or by using a number or email address you know to be correct, not one provided in the video or any message that accompanies it.
Be especially wary of videos that promise you something of value or threaten you with consequences if you fail to act immediately. Criminals often create a sense of urgency to convince their targets to act in haste without verifying the information being provided.
About the Author:
Reese Kimmons is an experienced IT executive with an AAS in Applications Programming, a BS in IT Management and an MS in Information Security and Assurance. During his time in the IT industry, Reese has earned certifications in ethical hacking, forensics investigations, ISO/GIAC, and Cisco networking.