Deepfakes: A Double-Edged Sword
Are Deepfakes Overblown?
Deepfakes: A Double-Edged Sword
I’ve worked in and out of security for decades. We did the same kinds of things people do with deepfakes with far older technology when I was working on the switchboard at my friend’s motel when I was a kid. Back then, all we had were hard-wired phones, but we’d often mess with people late at night by pretending to be people we weren’t.
Later, collaborating with headhunters, a common way to find people in companies was to call in and use an executive’s name who was out of town to convince someone illicitly that our external unauthorized request was legitimate. Genuinely good headhunters were extremely good at this. Deepfakes improve the ability to deceive people, but if you are paying attention, there is no reason to be fooled by them.
Let’s talk about deepfakes this week, and we’ll close with a news service social media product called Otherweb that does a better job than most at weeding out the fake news that has been a massive source of mistakes, fraud, and embarrassment.
The $25M Deepfake Fraud
What got me thinking about this was a quarterly briefing from HP Wolf Security on security threat trends from the prior quarter and its answer to my question on creative new threats.
HP shared a successful fraud scheme where an employee received calls from two deepfake executives they knew and were convinced to wire $25 million from a financial institution in Hong Kong to an illicit organization. It took two weeks before the fraud was discovered.
I’m an ex-IBM internal auditor, and all kinds of red flags immediately popped up in my head when I read the story. First, financial institutions typically have massive controls over their monetary systems because no one wants to invest money in a financial institution that isn’t safe.
There are a lot of industry rules and practices that have been developed over centuries to protect these institutions. One is called “separation of duties,” where no one person can authorize a significant payment without a physical executive sign-off. When you’re talking about millions of dollars, the expenditure might require the CFO, the CEO, and an independent board member to sign off on it.
Fraudulent Scheme Details
Right off the bat, you can see that that process wasn’t in place at this company, and the entity committing the fraud not only knew that but also knew who had the ability to authorize an expenditure like that. This situation strongly suggests an inside job requiring intimate knowledge of the targeted employees’ privileges.
There was no room for failure because if the criminals had tried and failed at this, an alert would have typically gone out inside the company, making other employees aware of the fraud and better able to avoid it.
I have little doubt that the employee who was fooled will become a suspect — since that would be the easiest path — and that other employees who informed the attacking entity of the policy shortfall and identified the tricked or compromised target employee are involved.
Separation of Duties and Red Flags
Reinstituting and enforcing the “separation of duties” rule to assure that no single employee can authorize an expense like this would significantly reduce the potential for this kind of fraud to be successful and raise the degree of difficulty to a point where a different approach like simply bribing the employee(s) might be more successful.
Inside Job Suspicion
This situation strongly suggests an inside job requiring intimate knowledge of the targeted employees' privileges. The fact that the fraudsters knew who had the authority to authorize such a large expenditure points to an insider's involvement.
Reinforcing Separation of Duties
To prevent future incidents like this, organizations should rigorously enforce separation of duties. No single person should have the power to authorize large financial transactions without multiple layers of oversight.
Kidnapped Loved One Fraud
One of the anticipated frauds is using deepfakes to convince you that a loved one is in danger and that you need to send money immediately to get them out of danger. This tactic has also been used for years over phones with great success. Video might make it a little more believable if done well, but doing these things well is still an unusual skill set, at least for now.
It works by making you panic so that you don’t think to call your loved one or law enforcement as you rush to a store to buy a gift card to send to the individual defrauding you. Realize that in an actual kidnapping, the perpetrator’s safest move to avoid being caught is to kill the kidnapped victim regardless of whether you paid the ransom because if you don’t get your loved one back, what exactly is your recourse?
Exploiting Panic and Fear
Therefore, you should always call law enforcement first when dealing with a kidnapping. They have people trained to deal with this, and if engaged, it is far more likely that the perps will be identified and incarcerated. Depending on the size of your local police department, you might want to consider calling the FBI since it may have more substantial resources than your local PD to deal with this kind of fraud.
Calling Law Enforcement
When faced with a potential kidnapping situation, the first step should always be to contact law enforcement. Their expertise and resources are crucial in handling such incidents.
Safe Word for Verification
Develop a safe word that you don’t share outside the family that will establish a kidnapped loved one is who they say they are, so you don’t spin up law enforcement needlessly. You can also call their cell phone to see if they answer. If this is a fake, this is one of the quickest ways to break the fraud.
Giving Voices to Victims
One interesting use of deepfake technology is the voice of a dead child who was killed as a result of gun violence. The technology is called Shotline. It uses the voices very powerfully, I might add, to allow those killed by gun violence to speak out against it. Giving voice to the voiceless is a powerful message to politicians and their supporters who haven’t acted aggressively to stop gun violence.
Granted, this would need to be done with the permission of the deceased child’s parents. I expect that hearing the voice of your dead child speak out against the violence that killed them might be somewhat cathartic for the parents. It also sends a strong message to those who put these kids at risk and should increase empathy for the victims and, particularly, the victims’ parents by politicians who also have kids.
It is one of the most powerful and potentially effective ways to drive needed change. Unlike pushing back on those who promote gun reform, pushing back against the voices of dead children is problematic and possibly a career-ender if constituents identify with the kids or their parents.
Shotline Technology and its Purpose
Shotline uses deepfake technology to recreate the voices of children killed by gun violence, allowing them to speak out against the issue and advocate for change.
Empowering Parents and Victims
By giving a voice to the voiceless, Shotline provides a powerful platform for parents and victims of gun violence to share their stories and demand action.
Potential Impact on Gun Violence Debate
This technology has the potential to influence the gun violence debate by bringing a more personal and emotional element to the conversation. It might lead to increased empathy and a more compelling argument for stricter gun control measures.
This is all to say that deepfakes can also be used to do good.
Summary
- Deepfakes can be used for both malicious and beneficial purposes.
- A $25 million fraud case highlights the risks of deepfakes in financial transactions, emphasizing the need for strong security measures.
- Kidnapping scams using deepfakes can exploit fear and panic, but calling law enforcement immediately is crucial.
- The Shotline technology uses deepfakes to give a voice to victims of gun violence, raising awareness and potentially influencing policy changes.
Review
Kalpesh Shewale
I am grateful to have completed my Full Stack Development with AI course at Apnaguru. The faculty's support and interactive classes helped me discover my potential and shape a positive future. Their guidance led to my successful placement, and I highly recommend this institute.
Kalpesh Shewale
I am grateful to have completed the Full Stack Development with AI course at Apnaguru. The faculty's dedicated support and hands-on approach during the classes enabled me to unlock my potential and shape a promising future. Their guidance helped me secure a placement with a good package. I highly recommend this course, and for those interested, I also suggest doing the offline version at the center for an enhanced learning experience.
Raveesh Rajput
Completing the Full Stack Development with AI course at Apnaguru was a game-changer for me. I secured an internship through this course, which gave me invaluable hands-on experience. I strongly recommend this course to anyone looking to break into the tech industry. For the best experience, I suggest attending the offline sessions at the center, where the interactive learning environment really enhances the overall experience.
swapnil shinde
Apnaguru’s Full Stack Development with AI course provided me with more than just knowledge—it opened doors to an internship that gave me real-world, hands-on experience. If you're serious about a career in tech, this course is a must. I highly recommend attending the offline sessions for the most immersive and interactive learning experience!
Kalpana Waghmare
I recently completed the Full Stack Developer with AI course on ApnaGuru, and I couldn’t be more impressed! The structure of the course, with well-organized topics and self-assessment MCQs after each section, really helped reinforce my learning. The assignments were particularly valuable, allowing me to apply what I learned in a practical way. Overall, it’s an excellent program that effectively combines full-stack development and AI concepts. Highly recommended for anyone looking to enhance their skills!
Completing the Full Stack Development with AI course at Apnaguru was a pivotal moment in my career. It not only deepened my understanding of cutting-edge technologies but also directly led to an internship that provided practical, real-world experience. If you're aiming to enter the tech field, this course is an excellent stepping stone. I especially recommend attending the in-person sessions at the center, where the dynamic, hands-on learning approach truly maximizes the benefits of the program.
Mahesh Bhosle
I completed the Full Stack Development course at Apnaguru, and it was a valuable experience. The focus on live assignments and projects gave me real-world insights, helping me apply my skills in a professional setting. The interactive live sessions, mock interviews, and question banks were excellent for job preparation. Apnaguru’s company-like environment also helped me get accustomed to real work dynamics. Overall, this course equipped me with the skills and confidence needed for a career in full-stack development. I highly recommend it to anyone seeking hands-on learning and industry relevance.
I recently completed the Full Stack course at ApnaGuru, and I’m genuinely impressed! The curriculum is well-structured, covering both front-end and back-end technologies comprehensively. The instructors are knowledgeable and provide hands-on experience through practical projects. The supportive community and resources available made learning enjoyable and engaging. Overall, it’s a great choice for anyone looking to kickstart a career in web development. Highly recommend!
Adarsh Ovhal
I recently participated in the Full Stack Development With AI Course program, and it has been incredibly beneficial. The guidance I received was tailored to my individual needs, thanks to their advanced use of AI tools. The Trainers were knowledgeable and supportive, helping me explore various educational and career paths. The resources and workshops provided were practical and insightful, making my decision-making process much clearer. Overall, I highly recommend this program to any student looking for IT Field and personalized career guidance!
Shirish Panchal
I’m currently pursuing the Full Stack Developer with AI course at ApnaGuru Training Center, and I'm impressed with what I've experienced so far. The curriculum is well-structured, covering key concepts in both front-end and back-end development, along with AI fundamentals. The instructors are knowledgeable and supportive, which makes it easy to engage and ask questions. I particularly appreciate the hands-on projects that help reinforce what I’m learning. While I’m still in the process of completing the course, I feel that I'm building a strong foundation for my future in tech. I would recommend ApnaGuru to anyone looking to explore full stack development with AI!
Apnaguru Training Center stands out as a top-notch institute for IT education. They provide a wide array of courses, including Full Stack Development, Java Full Stack, Python, Automation Testing, DevOps, and MERN/MEAN Stack, all designed to meet the demands of the modern tech industry.
Mahesh Bhosle
Apnaguru Training Center is a fantastic place for IT education! They offer a variety of courses, including Full Stack Development, Java Full Stack, and Python, all taught by knowledgeable instructors who are committed to student success. The curriculum is up-to-date and includes hands-on projects that enhance learning.
dandewar srikanth
I had an excellent experience with the full-stack web development program at APNAGURU. The instructor had in-depth knowledge of both frontend and backend technologies, which made the concepts easy to grasp. From working on HTML, CSS, JavaScript, and React for the frontend to Node.js and MongoDB for the backend, the learning curve was very smooth.