Deepfake What you need to know about sexual blackmail

The US Federal Bureau of Investigation (FBI) is warning of an increase in extortion campaigns, with criminals leveraging artificial intelligence (AI) tools to create sexual imitations from innocent photos or videos of people and then harass or blackmail them.

According to recent announcement, the FBI has received a large number of reports from victims "whose photos or videos were altered." The videos, which feature both adults and minors, are circulated on social media or pornographic websites.

"Worryingly, rapidly developing technology allows almost anyone to create falsified sexual content that appears to involve adults without their consent, even children," says Phil Muncaster from the global digital security team. ESET. This then leads to harassment, extortion and sextortion.

Sometimes the victim finds the content themselves, sometimes someone else alerts them, and sometimes the malicious actor contacts them.

Αυτό που συμβαίνει στη συνέχεια είναι ένα από τα εξής two things:

The malicious actor demands that you give him:

• money by threatening to share the content with friends and family.
• and/or original photos or videos of sexual content.

In the latter case we may have sexual blackmail (sextortion), a form of blackmail where the perpetrator tricks or coerces the victim into sharing sexual content and then threatens to make it public unless the victim pays or sends more photos/videos. “This is another fast-growing trend for which the FBI forced to issue warnings over the past year" warns her expert ESET.

Usually in sextortion cases, the victim befriends a person pretending to be someone else online. The scammer tricks the victim, until they manage to get the revealing photos/videos. In the case of deepfake blackmail, fake images are the means by which victims are blackmailed – you don't have to be friends on social media.

On a related note, some criminals commit sextortion scams που include emails in which they claim to have installed malware on the victim's computer, which allegedly allowed them to record the person watching pornographic content. They include personal information such as a old email password they got from an old data breach, προκειμένου να κάνουν την απειλή – που σχεδόν πάντα είναι κενή – να φαίνεται πιο ρεαλιστική. Το φαινόμενο των ηλεκτρονικών messages απάτης σεξουαλικού εκβιασμού προέκυψε από την αυξημένη ευαισθητοποίηση του κοινού για την απάτη sextortion.

The problem with deepfakes

The Deepfakes δημιουργούνται με τη χρήση νευρωνικών δικτύων (neural networks), τα οποία επιτρέπουν στους χρήστες να πλαστογραφούν αποτελεσματικά την εμφάνιση ή τον ήχο ενός ατόμου. Στην περίπτωση του οπτικού περιεχομένου, εκπαιδεύονται να λαμβάνουν εισερχόμενο βίντεο, να το συμπιέζουν μέσω ενός κωδικοποιητή και στη συνέχεια να το αναδομούν με έναν αποκωδικοποιητή. Αυτό θα μπορούσε να χρησιμοποιηθεί για την αποτελεσματική μεταφορά του προσώπου ενός στόχου στο σώμα κάποιου άλλου, και να τον βάλει να μιμηθεί τις ίδιες κινήσεις του προσώπου του τελευταίου.

The technology has been around for a while. An example was a viral video with Tom Cruise playing golf, doing magic and eating lollipops, and garnered millions of views before it was removed. The technology has, of course, also been used to insert the faces of celebrities and other people into lewd videos.

The bad news is that the technology is becoming more readily available to everyone and is maturing to the point where beginners can use it with pretty convincing results. This is why the FBI (and others) are concerned.

How not to fall victim to deepfakes

Once such synthetic content is released, victims may face "significant challenges in preventing the counterfeit content from being reproduced or removed online." This may be more difficult in the US than in the EU, where the GDPR rules on the "right to erasure" require service providers to download certain content at the individual's request. However, even so, it is a painful experience for parents or children.

In the always-on-the-go and need-to-share digital world, many of us hit the publish button and create a mountain of personal videos and photos found all over the internet. These are innocent enough, but unfortunately, many of these images and videos are readily available for anyone to see. Those with malicious intent always seem to find a way to use this data and available technology for evil. This is how a lot of deepfakes are created, as, these days, anyone can create such content.

Better to get ahead of the trend now to minimize the potential damage to you and your family. "Consider the following steps to reduce your risk of falling victim to a deepfake in the first place and minimize the potential impact should the worst-case scenario occur," suggests ESET's Muncaster:

For you:

1. Think carefully before posting photos, videos and other content. The most innocent content could theoretically be used by malicious actors without your consent to turn it into a deepfake.
2. Learn about the privacy settings on your social media accounts. It makes sense to make profiles and friend lists private so that photos and videos are shared only with those you know.
3. Να είστε πάντα προσεκτικοί όταν δέχεστε requests φιλίας από άτομα που δεν γνωρίζετε.
4. Never send content to people you don't know. Be especially wary of people pressuring you to view certain content.
5. Be wary of "friends" who start behaving strangely online. Their account may have been hacked and used to extract content and other information.
6. Always use strong, unique passwords and multi-factor authentication (MFA) to protect your social media accounts.
7. You conduct regular online searches for yourself to locate any publicly available personal information or video/photo content.
8. Consider doing a reverse image search to find any photos or videos that have been posted online without your knowledge.
9. Never send money or photos/videos to unknown people. All you will achieve is that they will ask you for more.
10. Report any extortion activity to the police and the relevant social media platform.
11. Please report deepfake content on the platform(s) it was published on.

For parents:

1. Conduct regular online searches for your children to identify how much personal information and content is publicly available online.
2. Monitor your children's online activity, within reasonable limits, and discuss with them the risks associated with sharing personal content.
3. Think twice about posting content of your children in which their faces are visible.

Cheap deepfake technology will continue to improve by “democratizing” extortion and harassment. Maybe it's the price we pay for an open internet. But, by acting more carefully we can reduce the chances of something bad happening.