Penetration TestJan Kahmen9 min read

What are Deepfakes?

Deepfakes have become one of the biggest threats on the Internet. But what is a deepfake? This buzzword describes a deceptively real-looking audio or video manipulation.

Table of content

Deepfakes have become one of the biggest threats on the Internet. But what is a deepfake? This buzzword describes a deceptively real-looking audio or video manipulation. Such sophisticated manipulations can only be produced with AI. Moreover, it is problematic that deepfake software is freely available on the Internet. Such applications can mimic faces and voices in an automated manner. This enormously increases the demands on internal security management for companies.

These Risks Bring Deepfakes

Deepfakes are an immense problem for enterprises online. After all, it is not easy to detect a deepfake. Therefore, increased security awareness is critical when it comes to protecting the company. The most significant risks include:
If sufficient audio and video is available, cybercriminals can fake voices or videos. In this way, they manage to sign contracts using video identity process or make wire transfers.
A deepfake video could persuade employees to take actions that harm the company. This is possible, for example, if an audio manipulation of a supervisor gives damaging instructions.
In the public domain, the image of public interest individuals or companies can also be damaged. If a deepfake generator creates videos or audio recordings with false content, precarious situations can result.
By definition, a deepfake is not limited exclusively to companies and persons of public interest. Therefore, there is also a legitimate risk for private individuals who are regularly active online. After all, such manipulations can be used to stir up trouble. This can lead to relationships breaking down or one's own reputation being jeopardized.
By the way, the more audio and video material the Deepfake software has, the better the Deep Fakes are. That is why groups of people who are regularly active online are particularly susceptible to this form of manipulation.

Deepfakes: Cconcrete Threat Scenarios

Whereas in the past it was only possible for professionals to create deep fakes, today even amateurs succeed in this endeavor. All that is needed to manipulate media identities is the right deepfake software and sufficient audio or video material. This results in numerous threat scenarios:
Bypass biometrics: The Deepfake generator now creates manipulations in real time. Therefore, they pose a high risk to biometric systems. Remote identification methods are also susceptible to deepfakes, allowing contracts to be concluded or bank transfers to be made.
Disinformation: Information campaigns are usually carried out by key people in the company. But what is a deepfake focused on disinformation? In such cases, false information is manipulated so that the target group finds it credible.
Social engineering: If cyber criminals want to obtain data, they can use deepfake videos to carry out targeted phishing. For example, a supervisor's voice can be used to give false work instructions and harm companies.
Defamation: A Deepfake app can be used to manipulate or generate targeted media content. This makes it possible to portray people in any situation and undermine their reputation.

Fake Faces

For several years, there have been different AI-based processes that allow faces in videos to be manipulated. These processes basically follow three approaches:
Face Reenactment: through reenactment, it is possible to control the facial expressions and head movement of the target person. Therefore, this approach is suitable for creating deceptively real videos. In this way, it is possible to generate highly manipulative content with the Deepfake app. After all, the impression is created that a person has made statements, which, however, originate from another person.
Face Swapping: Here, faces can be exchanged in an existing video. The goal of this approach is to make the new person have the same facial expressions, gaze direction, and facial lighting. This makes the deep fakes look even more realistic than previous approaches. In addition, this method works in near real-time with a minimal time offset.
Identity: The goal of this approach is to synthesize pseudo-identities. If someone posts such a deepfake online, he or she aims to create a new person. This person exists exclusively on the Internet, but not in the real world. So far, this process has made it possible to create high-resolution close-ups that achieve an excellent level of detail.

Faking Voices

Even with fake voices, it is not easy to detect a deepfake. This is a manipulated voice. This poses a high risk in voice conversion or text-to-speech. This does not produce a deepfake video, but a pure audio recording.
With text-to-speech, a text is given and then converted into an audio signal. In this process, the semantic content corresponds to the given text.
Voice conversion, on the other hand, focuses on converting an audio signal into a target voice.
Since both methods ideally take into account the specific characteristics of the target person, the voices appear deceptively real. This ultimately leads to the fact that they can deceive both humans and automated systems.

Forging Texts

AI models have long been capable of taking on complex tasks. For example, they can be used to generate large and coherent text databases. Because these texts are based on deep neural networks, they are rich in content and also appear deceptively real. Whether a machine or a human wrote them cannot be determined at first glance. At the same time, a deepfake app can generate continuations to texts, generate chat replies, or compose longer messages.
Deepfakes and successful countermeasures
Once a deepfake is online, it is almost impossible to distinguish it from the real thing. This makes deepfakes a potential risk in many cases. Nevertheless, it is possible to counteract these dangers. The basis for this is also AI.
Successful countermeasures are best implemented with the same technology that deepfakes use. The reason for this is: humans can never evaluate the immense amount of data within a realistic period of time. For this, it is necessary to first train the AI with the fake material. The combination of real content and deepfakes helps the artificial intelligence to detect possible discrepancies.
What are the benefits of automated countermeasures?
Since it is usually impossible for humans to detect a deepfake, a different approach is necessary. Automated countermeasures are based on the same AI that cyber criminals use for their deepfakes. The advantage of automated solutions is that the algorithms respond autonomously when they detect a fake file. Thus, these mechanisms promote AI in Cybersecurity. Thus, they help companies protect themselves from the risks.

Here's How to Train Awareness and Detection of Deepfakes

To detect deepfakes in the future, skills and automated measures are inevitable. The use of AI, regular assessments and rotational training help to recognize manipulations as such in time.
In this context, AI training is fundamentally easier than interpersonal knowledge transfer. This is not least due to the fact that deepfakes are getting better and better. While only comparative material is required for artificial intelligence, employees need divergent information. It is important, for example, to question instructions or statements more closely. At the same time, raising awareness of security aspects helps to identify discrepancies more quickly and take action.

Conclusion: Detecting Deepfakes is Increasingly Difficult - Countermeasures must Evolve Along with Them!

By definition, a deepfake refers to manipulated video and audio material. While such recordings were easy to detect in the past, this is no longer possible today. Instead, AI and security experts focused on digital forensics are necessary. These attempt to detect the counterfeits as such.
Nevertheless, deepfakes are constantly evolving, and it is foreseeable that they will become better and better. It is therefore necessary to scrutinize media material and information alike. At the same time, constant development of countermeasures is inevitable. Because even if employees become more sensitive to the dangers in cyberspace: Cybercriminals are constantly developing their techniques.


Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: