What Are Deepfakes?

Uploaded on 2018-08-31 in NEWS-Cybersecurity News, FREE TO VIEW

Deepfakes are fake videos or audio recordings that look and sound just like the real thing. Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.

So far, Deepfakes have been limited to amateur hobbyists putting celebrities' faces on porn stars' bodies and making politicians say funny things.

However, it would be just as easy to create a deepfake of an emergency alert warning an attack was imminent, or destroy someone's marriage with a fake sex video, or disrupt a close election by dropping a fake video or audio recording of one of the candidates, days before voting starts.

This makes a lot of people nervous, so much so that Marco Rubio, the Republican senator from Florida and 2016 presidential candidate, called them the modern equivalent of nuclear weapons.

"In the old days," he told an audience in Washington a recently, "if you wanted to threaten the United States, you needed 10 aircraft carriers, and nuclear weapons, and long-range missiles.

“Today, you just need access to our Internet system, to our banking system, to our electrical grid and infrastructure, and increasingly, all you need is the ability to produce a very realistic fake video that could undermine our elections, that could throw our country into tremendous crisis internally and weaken us deeply."

Political hyperbole skewed by frustrated ambition, or are Deepfakes really a bigger threat than nuclear weapons? To hear Rubio tell it, we're headed for Armageddon. Not everyone agrees, however.

"As dangerous as nuclear bombs? I don't think so," Tim Hwang, director of the Ethics and Governance of AI Initiative at the Berkman-Klein Center and MIT Media Lab, tells CSO. "I think that certainly the demonstrations that we've seen are disturbing. I think they're concerning and they raise a lot of questions, but I'm skeptical they change the game in a way that a lot of people are suggesting."

How Deepfakes work

Seeing is believing, the old saw has it, but the truth is that believing is seeing: Human beings seek out information that supports what they want to believe and ignore the rest.

Hacking that human tendency gives malicious actors a lot of power. We see this already with disinformation (so-called "fake news") that creates deliberate falsehoods that then spread under the guise of truth. By the time fact checkers start howling in protest, it's too late, and #PizzaGate is a thing.

Deepfakes exploit this human tendency using generative adversarial networks(GANs), in which two machine learning (ML) models duke it out. One ML model trains on a data set and then creates video forgeries, while the other attempts to detect the forgeries.

The forger creates fakes until the other ML model can't detect the forgery. The larger the set of training data, the easier it is for the forger to create a believable deepfake. This is why videos of former presidents and Hollywood celebrities have been frequently used in this early, first generation of Deepfakes, there's a ton of publicly available video footage to train the forger.

GANs, of course, have many other uses than making fake sex videos and putting words in politicians' mouths. GANs are a big leap forward in what's known as "unsupervised learning", when ML models teach themselves.

This holds great promise in improving self-driving vehicles' ability to recognise pedestrians and bicyclists, and to make voice-activated digital assistants like Alexa and Siri more conversational. Some herald GANs as the rise of "AI imagination."

Ordinary users can download FakeApp and get started creating their own Deepfakes right away. Using the app isn't super-easy, but a moderately geeky user should have no trouble, as Kevin Roose demonstrated for the New York Times earlier this year.

That said, there are so many other forms of effective disinformation that focusing on playing "Whack-a-Mole" with Deepfakes is the wrong strategy, Hwang tells CSO. "I think that even in the present it turns out there are lots of cheap ways that don't require deep learning or machine learning to deceive and shape public opinion."

For instance, taking a video of people beating someone up in the street, and then creating a false narrative around that video, perhaps claiming that the attackers are immigrants to the US, for example, doesn't require a fancy ML algorithm, just a believable false narrative and a video that fits.

How to detect Deepfakes

Detecting Deepfakes is a hard problem. Amateurish Deepfakes can, of course, be detected by the naked eye. Other signs that machines can spot include a lack of eye blinking or shadows that look wrong. GANs that generate Deepfakes are getting better all the time, and soon we will have to rely on digital forensics to detect Deepfakes, if we can, in fact, detect them at all.

This is such a hard problem that DARPA is throwing money at researchers to find better ways to authenticate video. However, because GANs can themselves be trained to learn how to evade such forensics, it's not clear that this is a battle we can win.

"Theoretically, if you gave a GAN all the techniques we know to detect it, it could pass all of those techniques," David Gunning, the DARPA program manager in charge of the project, told MIT Technology Review. "We don't know if there's a limit. It's unclear."

If we are unable to detect fake videos, we may soon be forced to distrust everything we see and hear, critics warn. The Internet now mediates every aspect of our lives, and an inability to trust anything we see could lead to an "end of truth."

This threatens not only faith in our political system, but, over the longer term, our faith in what is shared objective reality. If we can't agree on what is real and what is not, how can we possibly debate policy issues? alarmists lament.

Hwang thinks this is exaggeration, however. "This is one of my biggest critiques," he says. "I don't see us crossing some mystical threshold after which we're not going to know what's real and what's not."

At the end of the day, the hype around Deepfakes may be the greatest protection we have. We are on alert that video can be forged in this way, and that takes the sting out of Deepfakes.

CSO Online

You Might Also Read:

On Twitter Fake News Gets More Traction Than Truth:

Fake News Is A Real Cybesecurity Risk:

 

 

 

« Phone Calls, Texts Or Email - How Do Millennials Communicate?
Surveillance Cameras That Spot Your Personality Type »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Cybersecurity & Infrastructure Security Agency (CISA)

Cybersecurity & Infrastructure Security Agency (CISA)

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.