Deepfake What you need to know about sexual blackmail

The US Federal Bureau of Investigation (FBI) is warning of an increase in extortion campaigns, with criminals leveraging artificial intelligence (AI) tools to create sexual imitations from innocent photos or videos of people and then harass or blackmail them.

According to recent announcement, the FBI has received a large number of reports from victims "whose photos or videos were altered." The videos, which feature both adults and minors, are circulated on social media or pornographic websites.

"Worryingly, rapidly developing technology allows almost anyone to create falsified sexual content that appears to involve adults without their consent, even children," says Phil Muncaster from the global digital security team. ESET. This then leads to harassment, extortion and sexual blackmail (sextortion).

Sometimes the victim finds the content themselves, sometimes someone else alerts them, and sometimes the malicious actor contacts them.

What happens next is one of two things:

The malicious actor demands that you give him:

• money by threatening to share the content with friends and family.
• and/or original photos or videos of sexual content.

In the latter case we may have sexual blackmail (sextortion), a form of blackmail where the perpetrator tricks or coerces the victim into sharing sexual content and then threatens to make it public unless the victim pays or sends more photos/videos. “This is another fast-growing trend for which the FBI forced to issue warnings over the past year" warns her expert ESET.

Usually in sextortion cases, the victim befriends a person pretending to be someone else online. The scammer tricks the victim, until they manage to get the revealing photos/videos. In the case of extortion with the help deepfake, fake images are the means by which victims are blackmailed – you don't have to be friends on social media.

On a related note, some criminals commit sextortion scams που include emails in which they claim to have installed malware on the victim's computer, which allegedly allowed them to record the person watching pornographic content. They include personal information such as a old email password they got from an old data breach, in order to make the threat – which is almost always empty – seem more realistic. The phenomenon of sexual extortion email scams arose out of increased public awareness of the scam sextortion.

The problem with deepfakes

The Deepfakes are created using neural networks, which allow users to effectively spoof a person's appearance or sound. In the case of visual content, they are trained to take incoming video, compress it through an encoder, and then reconstruct it with a decoder. This could be used to effectively transfer a target's face to someone else's body, and have them mimic the same facial movements as the latter.

The technology has been around for a while. An example was a viral video with Tom Cruise playing golf, doing magic and eating lollipops, and garnered millions of views before it was removed. The technology has, of course, also been used to insert the faces of celebrities and other people into lewd videos.

The bad news is that the technology is becoming more readily available to everyone and is maturing to the point where beginners can use it with pretty convincing results. This is why the FBI (and others) are concerned.

How not to fall victim to deepfakes

Once such synthetic content is released, victims may face "significant challenges in preventing the counterfeit content from being reproduced or removed online." This may be more difficult in the US than in the EU, where the GDPR rules on the "right to erasure" require service providers to download certain content at the individual's request. However, even so, it is a painful experience for parents or children.

In the always-on-the-go, need-to-share digital world, many of us tap it button of publishing and we create a mountain of personal videos and photos found all over the internet. These are innocent enough, but unfortunately, many of these images and videos are readily available for anyone to see. Those with malicious intent always seem to find a way to use this data and available technology for evil. This is how a lot of deepfakes are created, as, these days, anyone can create such content.

Better to get ahead of the trend now to minimize the potential damage to you and your family. "Consider the following steps to reduce your risk of falling victim to a deepfake in the first place and minimize the potential impact should the worst-case scenario occur," suggests ESET's Muncaster:

For you:

1. Think carefully before posting photos, videos and other content. The most innocent content could theoretically be used by malicious actors without your consent to turn it into a deepfake.
2. Learn about the privacy settings on your social media accounts. It makes sense to make profiles and friend lists private so that photos and videos are shared only with those you know.
3. Always be careful when accepting requests friendship from people you don't know.
4. Never send content to people you don't know. Be especially wary of people pressuring you to view certain content.
5. Be wary of "friends" who start behaving strangely online. Their account may have been hacked and used to extract content and other information.
6. Always use strong, unique passwords and multi-factor authentication (MFA) to protect your social media accounts.
7. You conduct regular online searches for yourself to locate any publicly available personal information or video/photo content.
8. Consider doing a reverse image search to find any photos or videos that have been posted online without your knowledge.
9. Never send money or photos/videos to unknown people. All you will achieve is that they will ask you for more.
10. Report any extortion activity to the police and the appropriate platform of social network.
11. Please report deepfake content on the platform(s) it was published on.

For parents:

1. Conduct regular online searches for your children to identify how much personal information and content is publicly available online.
2. Monitor your children's online activity, within reasonable limits, and discuss with them the risks associated with sharing personal content.
3. Think twice about posting content of your children in which their faces are visible.

Cheap deepfake technology will continue to improve by “democratizing” extortion and harassment. Maybe it's the price we pay for an open internet. But, by acting more carefully we can reduce the chances of something bad happening.