Age of deepfakes means internet users must be more alert than ever, experts urge
Technology
Age of deepfakes means internet users must be more alert than ever, experts urge
(AFP) - Breakneck evolution of artificial intelligence (AI) tools able to generate convincing text, images and even live video is enabling ever smarter and more targeted scams, cybersecurity experts told AFP, urging internet users to raise their guard.
In recent weeks a high-profile “romance scam” in France, in which a woman forked over €830,000, or fake donation drives for Los Angeles fire victims show “absolutely everyone, private individuals or businesses, is a target for cyberattacks”, said Arnaud Lemaire of cybersecurity firm F5.
One of the best-known forms of cyberattack is phishing, the sending of emails, texts or other messages under false pretences. Most try to get users to take an action like clicking a link, installing a harmful programme or divulging sensitive information.
Phishing and its social-engineering cousin “pretexting” together accounted for more than 20 per cent of almost 10,000 data breaches worldwide last year, reported to US telecoms operator Verizon for the 2024 edition of its industry-staple Data Breach Investigations Report.
AI chatbots powered by large language models (LLMs) save attackers time and allow for more elaborate fake messages, Lemaire said. They also mean that “if someone is writing a phishing email … he can make the clues completely vanish” which might give away a non-native speaker of the target language.
But the text generators are just the tip of the AI iceberg.
For instance, AI can “take advantage of all the data that has been breached over the last few years to automate the creation of highly personalised scams”, Steve Grobman, Chief Technical Officer at security software maker McAfee, told reporters last Thursday.
This is “something that just a few years ago would not be possible without an army of humans”.
‘Safe word’
Rather than going for a quick score, attackers often aim to gain the trust of select individuals at target firms over months or years.
If an employee is successfully tricked, attackers “might wait until this person becomes very influential or there’s a good chance for them to extort money” before exploiting the connection, said Martin Kraemer of cybersecurity training firm KnowBe4.
The stakes were on display in February 2024, when scammers swindled $26 million out of a multinational firm in Hong Kong. Police said a finance worker believed he was videoconferencing with the company’s CEO and other staff — all in fact AI-generated deepfakes.
“The latest generation of deepfake video has got to a point where almost no consumers are able to tell the difference between an AI-generated image and a real image,” Grobman said.
Internet users need to start applying the same scepticism to video as many now do to still images — where “photoshop” has become a verb — he added.
Faced with a purported news video online, that could be as simple as checking against a trusted source.
In personal communications, “I almost want to say it’s like BDSM, bondage, where you have a safe word,” F5’s Lemaire joked. “You say to yourself, here’s the CEO asking me to make a $25m bank transfer, I’ll bring something personal in to make sure it’s him.”
Lemaire added that other tricks include asking a video caller to pan their camera around — something AI for now has difficulty recreating.
Horses to automobiles
The online scam industry is so lucrative that “just like other businesses … there’s supply chains and an ecosystem of tools to support it”, Grobman said.
Malicious programmes for hire include ransomware such as LockBit, which can encrypt data on targets’ computers and threaten to release or delete it unless payment is made. One of its suspected developers was arrested in Israel in December pending extradition to America.
AI tools include one that allowed a McAfee researcher to replace his own face with Hollywood star Tom Cruise in a video for as little as $5, Grobman said.
Even with all the new tools, “I’m not too worried at the defence side that we will be overwhelmed by AI,” KnowBe4’s Kraemer said. It’s “a tool that we can use for attack as well as for defence”, he added.
Nevertheless, the final line of defence remains human for now.
“When we moved from walking and riding horses to driving automobiles, we needed to change the way we thought about transportation safety … that’s what consumers are going to need today, the same sort of pivot,” Grobman said.
