Saturday, May 30, 2020

Your social graph is dangerous in the age of deepfakes.

Your social graph is dangerous to you in the age of deepfakes. And everybody is creating it, and publishing it, and bragging about it. From linkedin to facebook, to police databases, to the metadata that the nsa collects. EVERYBODY is building your social graph.

The deepfake allows an attacker to weaponize your social graph. If they can deepfake your face onto the body of a pornstar who looks like you, that is when you are done. If you are on facebook, and they are your friend, they can see your friends... and befriend them.

This is a problem, because unless all of your friends are hiding their email addresses and messaging info, they can receive video. And people LOVE gossip. They LOVE juicy bits of info about other people. They LOVE that leverage it gives them. It's the nature of being human, and it requires a great amount of professionalism and morals to deny that juicy gossip.

Now the attacker has your friends list. He has their emails. He has your email. He has a way to anonymously accept your payment (thanks monero, bitcoin and zcash!) -,-

And the attacker can be in any country worldwide so your scammer is safe from retribution. He also might know your physical location, so he can create a list of payday advance loan offices near you. Guess what he does? He gets a list of payday loan offices and guides you through the process of sending him $1,000 in bitcoin. Let's say our attacker has an operation going.

ROLES: A social analyst, a payment specialist, a deepfake creation expert, a spearphisher who goes for the facebook/linkedin friendships, and the hitman who delivers the pay up or else email. Also, a leaker who works with the social analyst and the payment specialist to send the right emails to the right people to generate maximum fear and social pressure for the people to pay up.

This operation could EASILY hit 10-15 people per day, and they could probably get payments out of 30-50% of the targets. They might even be able to hit up to 100 people per day if they have a CRM and automated workflows. Let's say they can convert 50% of targets to sales. That is a profit of 50,000 PER DAY.

1.5 million per month.

18 million per year.

But that is if they have employees hitting their targets. What if its an AI driven campaign? I see thousands of targets exploited by this per day. I see billions in deepfake sextortion.

And I see a very compelling reason to delete facebook, or at the least delete all photos off facebook.

At the very least... delete your photos before some criminal enterprise starts doing this. It is only a matter of time.



No comments:

Post a Comment