While technically curious, from legal/societal point of view to me there doesn't seem to be huge difference between having a deepfake or a lookalike actor on the other end. And with old-fashioned telephone presumably has had this impostor problem since forever.
It's always hard to know if tech based phenomenon is actually new or just a migration of something to digital form. There are two ways to be wrong, broadly.
One way is the "technically true" error. There are plenty of predecessors to twitter, spam, podcasting, etc. Legally, philosophically and such... it's usually easy to underestimate impact because it really is "nothing new." But... in different medium, at a different scale or higher velocity things change. Junk mail is like spam, but the junk mail problem rarely got beyond manual handling scale.
The other way to be wrong is the opposite. Assuming that digitization will create change, but all we get is a digital version of the previous.
It's hard to know the future. I agree that Deepfake is likely not going to change the world of imposter/fraud too much, though it may get a lot of attention.
OTOH, I do think it has the potential to weird up the entertainment world. I also think it could be high impact in media. If nothing else, it'll strengthen the "skeptical of everything" segment's skepticism. That said, guessing these things is a losing game.
Now they don't need to hire a lookalike actor or impersonator, so that both greatly reduces the chance of the getting caught because you can use someone already on your team (instead of an actor), and increases your capabilities because you can call more targets, more often.
At last a genuine case of computers improving productivity ...
I don't know too much about deepfakes, but I'd imagine that you still need some actor, and having them at least remotely resemble the target character is probably helpful. You still need the source actor to act the mannerisms, way of speaking, physical posture etc of the target character
> [XYZ] ... has had this imposter problem since forever
seems to be a prevailing argument against deepfakes being anything to worry about.
What will happen when there is a realtime crisis where quick decisions are required and suddenly, amongst the other noise, there is believable CCTV footage of X or an inflammatory statement by Y or any of a hundred bad actor insertions into the fog of war that disrupts a nation state OODA loop output in the real world where bombs are dropped and people are killed in response to what, too late and only after the fact, is determined to be a deepfake. Assuming that any effort at look back retrospection is made - which is by no means at all certain.
The ability to stage things with a Hollywood studio and VFX team was with us before now, yes, but the ability to have any joker with a GPU on the fly invent footage to meet the realtime and flammable story of the moment is new.
Oh, there is an Indonesian submarine that went missing in Bali yesterday? Well here is footage from an Indian trawler showing a Russian boat acting suspiciously in the area.
Good luck unpeeling that onion while you are in a hurry.
The problem is one of ease and feasibility. As deep fakes become easier and cheaper it makes them more easily done by anyone. Thus from say a US perspective someone could make a fake Trump video and rally together a violent mob to attempt a second takeover of the capitol or similar to another building/group of people but this time call for AR15s rather than flags poles and even random office items to beat the police. Imagine that sent to an underground group of qanon people who believe that Hillary is an illuminati pedophile who eats children under pizza shops and it's a secret message to them to commit some act of terrorism. Anyone with that little of a grip on reality could be tricked into just about anything with a deep fake.
The story misses the actually interesting part: how did they establish contact and initiate the call in the first place? It’s not like you or I can simply call up <country>’s parliament on Zoom. There’s gotta be some channel of authentication other than “dude in video call looks like some politician” (or some politician’s staff of whom they can find some photos on Google Images), too.
Getting into contact with the Dutch parliament is actually quite easy, if you have a story interesting enough, you can probably get them to read your email and forward the Zoom link.
A simple phishing attack should be more than enough to confuse these people. They're almost all exclusively schooled in social sciences, business, history, that kind of thing. Incredibly few of them have any sort of technical background. There are plenty of agencies working their hardest to keep the political leaders safe, but they can't fix the people themselves.
A Dutch journalist managed to get into a "secret" Zoom call with the European ministers of defence after a Dutch politician posted a picture of her screen... with the invite link and most of the password visible. I'm sure they're intelligent people, but when it comes to computers, their young children/grandchildren are probably more capable of securing themselves online than they can.
Also keep in mind that there's an aura of secrecy surrounding Navalny's chief of staff even before the Russian government tried to kill Navalny. Things like routing traffic through TOR and the use of privacy-enhancing technologies like Fastmail can be well explained in an environment where the government actively wants to kill any competition to the current leadership.
In truth, I think these people have fallen for a well-put-together spear phishing attack that worked well because of their lack of digital skills. I strongly doubt that the leaders of other countries will do much better; politicians and tech rarely mix well.
I find it much more troubling that the Dutch government is using Zoom, a product with a terrible history in security problems from a company based in the country that notoriously spied on politicians of even just allied countries. Using American software for government videoconferencing (especially about Russian politics) is a terrible risk.
It just baffles me how late governments seem to be at establishing secure videoconf applications for their middle-management (which is effectively what MPs are). I would assume most of NATO has better tools for military applications- what is stopping them from repurposing some of these tools for more “everyday” situations?
It’s not like you or I can simply call up <country>’s parliament on Zoom.
Actually yes, mostly. You just need to contact one of the sympathetic MPs, on social networks for example, and he will set it up for you. They're not more security conscious than the general population.
One of the benefits of a fairly small country is that politicians are quite approachable.
Amateur YouTube channels frequently walk up to Dutch politicians to ask them a few quæstions without men in black denying them access.
It benefits journalism, of course, as the politicians feel compelled to provide some answer as a refusal to answer a tough quæstion will be construed against them.
In larger countries, security has given politicians the perfect excuse to control who can, and cannot ask them quæstions, by only inviting the journalists favorable to them on their press conferences, and decide who can ask.
Journalists being able to approach politicians directly is quite beneficial to democracy.
For some context, the ‘Anti-Corruption Foundation’ of Navalny and Volkov was giving talks for European and US state/human-rights organizations for years. It's actually a bit weird if MPs didn't get Volkov's phone number and other contact info from colleages of other countries.
But then, phone numbers can be spoofed, and if these incidents are done by the state—the FSS follows ACF for a long time now, they probably know quite well who Volkov speaks to.
It's likely to be a kind of privilege escalation and trust transfer. They first fool a chain of trusted outside sources and lower-level staff to raise their trust level to be accepted by the target.
> It’s not like you or I can simply call up <country>’s parliament on Zoom.
If the target is the UK, you can wait until BJ posts the meeting ID and MP usernames on Twitter. Somewhat surprisingly, there was a meeting password in that incident.
It‘s not like any one of those politicians knew his Chief of staff. Additionally, he was probably being translated from his native Russian, or speaking mediocre English. It would not have been difficult for any random person to „imitate“ him. The main Qualification would seem to be the ability to not burst out laughing. A deep fake of an actual public figure would be a different matter entirely.
That doesn't make it any less intimidating. This meeting (if undetected) could've easily been used to pour gasoline on the fire of that situation. Not everyone who's opinion matters greatly and will have serious impact on decision makers is well-known enough to be "safe" from this.
Indeed, it's probably very hard to find out what he looks like, despite his and Navalny's Anti-Corruption Foundation giving talks to European state and human-rights organizations for years now. And indubitably he speaks like a bear, he's a Russian after all: https://www.youtube.com/watch?v=bw84XVPlaCk
Excellent use of sarcasm, I have to say, but it isn’t an unfair generalisation that Russians don’t speak English very well.
English isn’t and hasn’t been commonly taught in Russian schools like in Europe
Not every random person. The success in a social engineering attack is to know the jargon and framework of thought of your victim. Training a good deepfake is also expensive. Finally, if the campaign is running from march and is run against multiple countries, it requires knowledge and persistance to cover all of these different people and preparedness for the conversations.
IIRC, in a previous installment of this drama, Navalny himself somehow phoned the people who poisoned him and got them to admit doing so, how it was done (underpants) , and their reasons for failure (it was a murder plot).
It's the first time they actually did it and got caught. The article specifically mentioned the same actor has been in contact with politicians from Estonia, Lithuania, and the United Kingdom.
Deep fakes seem destined to be the next source of political disinformation. The trouble is that by the time the 'deep fake' has been debunked, it has already made it's impact by spreading at rocket speed across social media. It's quite chilling what the consequences could be for political campaigns and debate.
This is an example of 'deep fakes' of two British politicians. If you look closely you can spot something amiss in the way they speak. Lots of people won't be look closely though. And this is from 2019 - the technology can only have improved since then.
The fake video where Boris Johnson and Jeremy Corbyn endorse each other (2019)
Good point on the cryptography. My passport already contains such a key, so it is probably feasible to use something like this for trusted communications.
Russian prangsters have contacted western politicians and tried to record them saying something compromising or at least stupid in order to air them on the TV. It might be something like that or trying to probe those parliaments to get an idea of their positions and likely future steps plus their red lines of support. So, it might've been an intelligence gathering operation.
Readit News
Nalvany himself impersonated a Russian official via telephone to uncover details of his own assassination attempt: https://www.bbc.com/news/world-europe-55395683
And here’s the call itself: https://youtu.be/ibqiet6Bg38
It’s an incredible story and yes it does still happen.
One way is the "technically true" error. There are plenty of predecessors to twitter, spam, podcasting, etc. Legally, philosophically and such... it's usually easy to underestimate impact because it really is "nothing new." But... in different medium, at a different scale or higher velocity things change. Junk mail is like spam, but the junk mail problem rarely got beyond manual handling scale.
The other way to be wrong is the opposite. Assuming that digitization will create change, but all we get is a digital version of the previous.
It's hard to know the future. I agree that Deepfake is likely not going to change the world of imposter/fraud too much, though it may get a lot of attention.
OTOH, I do think it has the potential to weird up the entertainment world. I also think it could be high impact in media. If nothing else, it'll strengthen the "skeptical of everything" segment's skepticism. That said, guessing these things is a losing game.
At last a genuine case of computers improving productivity ...
seems to be a prevailing argument against deepfakes being anything to worry about.
What will happen when there is a realtime crisis where quick decisions are required and suddenly, amongst the other noise, there is believable CCTV footage of X or an inflammatory statement by Y or any of a hundred bad actor insertions into the fog of war that disrupts a nation state OODA loop output in the real world where bombs are dropped and people are killed in response to what, too late and only after the fact, is determined to be a deepfake. Assuming that any effort at look back retrospection is made - which is by no means at all certain.
The ability to stage things with a Hollywood studio and VFX team was with us before now, yes, but the ability to have any joker with a GPU on the fly invent footage to meet the realtime and flammable story of the moment is new.
Oh, there is an Indonesian submarine that went missing in Bali yesterday? Well here is footage from an Indian trawler showing a Russian boat acting suspiciously in the area.
Good luck unpeeling that onion while you are in a hurry.
I guess this is getting more attention because it’s not just a prank.
Makes you wonder though, if pranksters could do it, how often spies have just used fake phone calls before now!
That’s mostly the problem here.
A simple phishing attack should be more than enough to confuse these people. They're almost all exclusively schooled in social sciences, business, history, that kind of thing. Incredibly few of them have any sort of technical background. There are plenty of agencies working their hardest to keep the political leaders safe, but they can't fix the people themselves.
A Dutch journalist managed to get into a "secret" Zoom call with the European ministers of defence after a Dutch politician posted a picture of her screen... with the invite link and most of the password visible. I'm sure they're intelligent people, but when it comes to computers, their young children/grandchildren are probably more capable of securing themselves online than they can.
Also keep in mind that there's an aura of secrecy surrounding Navalny's chief of staff even before the Russian government tried to kill Navalny. Things like routing traffic through TOR and the use of privacy-enhancing technologies like Fastmail can be well explained in an environment where the government actively wants to kill any competition to the current leadership.
In truth, I think these people have fallen for a well-put-together spear phishing attack that worked well because of their lack of digital skills. I strongly doubt that the leaders of other countries will do much better; politicians and tech rarely mix well.
I find it much more troubling that the Dutch government is using Zoom, a product with a terrible history in security problems from a company based in the country that notoriously spied on politicians of even just allied countries. Using American software for government videoconferencing (especially about Russian politics) is a terrible risk.
Fastmail is a privacy enhancing technology now? I thought it was just an email provider?
Amateur YouTube channels frequently walk up to Dutch politicians to ask them a few quæstions without men in black denying them access.
It benefits journalism, of course, as the politicians feel compelled to provide some answer as a refusal to answer a tough quæstion will be construed against them.
In larger countries, security has given politicians the perfect excuse to control who can, and cannot ask them quæstions, by only inviting the journalists favorable to them on their press conferences, and decide who can ask.
Journalists being able to approach politicians directly is quite beneficial to democracy.
But then, phone numbers can be spoofed, and if these incidents are done by the state—the FSS follows ACF for a long time now, they probably know quite well who Volkov speaks to.
If the target is the UK, you can wait until BJ posts the meeting ID and MP usernames on Twitter. Somewhat surprisingly, there was a meeting password in that incident.
https://www.bbc.com/news/technology-52126534
Someone has gotta do a movie of this.
Starring Navalny himself... Or something that looks like him.
Might be unnecessary if deepfake technology is used.
I wonder if the actual video conferences have been recorded. I'm very curious to see them.
Deleted Comment
This is an example of 'deep fakes' of two British politicians. If you look closely you can spot something amiss in the way they speak. Lots of people won't be look closely though. And this is from 2019 - the technology can only have improved since then.
The fake video where Boris Johnson and Jeremy Corbyn endorse each other (2019)
https://www.bbc.co.uk/news/av/technology-50381728
I really wonder how big the impact of this technology is going to be, especially since corona has made online meetings even more prevalent.
I predict that in 2030, we'll all be using digital signatures as part of our identity, whether directly or indirectly.
Zooko's triangle says no. https://en.wikipedia.org/wiki/Zooko%27s_triangle
I assume if you employ a deepfake, you also have a 'fake' message to put across.