How to Guard against Deepfake Cyberattacks
The risk and severity of cyberattacks have grown over the last few years. Since 2018, there has been an increase in cybercrimes related to data breaches, ransomware attacks, and cryptojacking. Now in 2020, cybersecurity experts are warning about artificial intelligence (AI) enhanced cyberthreats. Although AI and machine learning have proven to be very instrumental in fighting cyberattacks, these technologies can also be used by hackers. One example of an AI-generated cyberattack is a deepfake.
What is Deepfake?
The word “deepfake” comes from “deep learning” and “fake.” Created using machine learning software, deepfakes are videos and images that seem real even though they are computer-generated. Technology pioneer Hao Li said in 2019 that hackers will be able to create deepfake videos that look “perfectly real”, eventually becoming indistinguishable from real videos.
The most popular example of a deepfake is this video of Barrack Obama speaking about artificial intelligence. Creating amusing videos and photos for entertainment purposes isn’t the only use of deepfakes. What started as hobbyist experimentation is now a potentially dangerous technology. In the business world, cybercriminals can use deepfakes to impersonate executives, interrupt business operations, spread negative information about a company, and steal money.
Therefore it is imperative that businesses begin to implement countermeasures to guard against AI-enabled cyber threats such as deepfakes. In this article Outsource IT presents five tactics businesses can utilize to avoid falling prey to deepfake attacks.
1. Learn how to spot them
Although deepfake technology is getting better and better everyday, it’s still important to get familiarized with the signs of manipulated photos and videos. Most deepfakes are made by running an algorithm on hundreds of photos of a person. The algorithm will then use the information to generate a new video or photo.
However, when the video synthesis algorithm produces new facial expressions, the deepfake will not be 100 percent accurate. Sometimes, the face has to be geometrically altered – resized, rotated, or distorted – to make it blend well with the background. The resulting image may have some noticeable transformations and glitchy movements which can be used to identify them. Here are some signs to look for:
- Jerky facial movements and musculature (e.g., robotic head movements, twitchy mouths when speaking)
- Shifts in skin tone and lighting (e.g., the skin color of the face doesn’t match the neck, the video pixelates with rapid movements)
- Strange blinking and other micro-movements that aren’t as fine or smooth as they should be
- An odd combination of two faces as the result of superimposing one person on top of the original video; this can be evident during complex or fast movements because more footage from different angles are needed to create a convincing deepfake.
Beyond these visual tells, AI-based deepfake detection technology is also being developed. These deepfake detectors can spot subtle evidence in more well-doctored videos and images that the human eye cannot see. One deepfake detection algorithm boasting a 97 percent accuracy rate was unveiled in 2019. However, any deepfake detector will work only for a short period because facial detection and extraction algorithms are getting smarter every day. Soon it might be impossible to recognize deepfakes.
2. Use a digital signature
Another strategy to guard against deepfakes is to sign original content with a special kind of digital signature to prove its authenticity. A digital signature is a cryptographic mechanism generated through hashing, which is used to verify the integrity of digital data. When publishers run their documents through a cryptographic algorithm like Blowfish, SHA256, or MD5, it produces a hash that acts as a unique digital fingerprint. Any change in the document will result in a completely different hash or fingerprint, allowing the publisher to determine if the data was manipulated.
Digital signatures don’t work as well in videos, because of the different formats in which they can be stored. To combat this problem, researchers from the University of Surrey created a technology called Archangel. Archangel uses blockchain and neural networks (i.e., a series of algorithms) to create a smart archive of original videos, serving as the single source of true content. When a video is run through Archangel, the program will analyze the content to determine if it matches the original. Archangel will reject a video if it’s confirmed to be edited or tampered with.
3. Keep a copy of all recorded appearances
For company executives and high ranking officials who are prime targets of impersonation, keeping a copy of all their recorded appearances, whether online or on television, is a good strategy for fighting deepfakes. This ensures that there is raw footage available which can be used to expose any manipulated videos.
It is also good practice to monitor social media and Google search for mentions of the organization’s brand name, executives, and employees. This will ensure that someone is alerted when news that can negatively impact the company’s reputation breaks out, including deepfakes.
4. Train employees to practice vigilance
One of the most important ways to protect an organization from deepfakes is through employee training. A standard operating procedure (SOP) for verifying if content is real or fake needs to be established. The SOP should outline how to spot suspicious content, what steps to take when something is spotted, and who to go to if they are unsure.
It is also important to double verify requests to release funds, create new vendor contracts, access confidential documents, or authorize password resets for prime targets. This extra step, while time consuming, could make the difference.
5. Consult an IT specialist
When it comes to cybersecurity it is always a good idea to consult an IT specialist. Especially with emerging threats like deepfakes, an IT expert will be most aware of the measures that can be taken to prevent them.
Outsource IT is here to help in this regard. We have decades of experience providing complete IT solutions and support to our clients throughout Ontario and across Canada. We offer business IT security solutions to help keep your network infrastructure safe, identifying and blocking threats before they can cause harm. Contact an Outsource IT account manager to learn more.