It looks as if deepfakes will be the hot topic at the big international hacker conference DEF CON in Las Vegas next week, just as they took center stage at InfoSecurity Europe in London in June.
Visitors to DEF CON’s Artificial Intelligence (AI) village will be encouraged to create their own highly professional deepfake videos of fellow conference attendees by cybersecurity company Bishop Fox’s red team. The purpose is to educate conference goers about the growing dangers now posed to all organizations by deepfake calls purporting to come from senior executives or highly-trusted members of staff.
“Rapid technological advancements, including open-source software and consumer-grade GPUs, are lowering the barriers to entry and enabling attackers to develop machine learning models to impersonate your Chief Executive Officer, Chief Financial Officer, Company Directors, and other public figures in your organization. This can lead to network compromises, spread of misinformation, and financial fraud costing tens of millions of dollars,” said Bishop Fox red team operator Brandon Kovacs in a LinkedIn post ahead of next week’s show in Las Vegas.
Together with Bishop Fox colleague and DEF CON Social Engineering Capture the Flag champion Alethe Denis, he claims to have created a “Deepfake Turing Test”. The original Turing test, originally called “The Imitation Game” by English mathematician and computer scientist Alan Turing in 1950, was defined as a test of a machine’s ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human. The 2024 “Turing Test” involved Kovacs posing as his female colleague Denis in a deepfake so convincing that it would fool even her children, using artificial intelligence and public information that already exists on the internet to clone her.
“We took a cinematic approach”
“We took a cinematic approach – including use of a professional DSLR camera, lens, lighting, wig, green screen, three-dimensional props and production software – to infer the video and voice models locally in real-time using consumer grade GPUs. The final result transforms myself into Alethe, making it appear like I am sitting in her home office,” said Kovacs.
Kovacs and Denis then routed the outputs of the deepfake video and voice as the camera and microphone inputs for Microsoft Teams. According to Kovacs, Dennis’s unsuspecting offspring were thoroughly gulled by the deepfake to the extent that they thought they were conferencing with their mother.
The US Defense Advanced Research Agency (DARPA), founded in 1957 after the Soviets stole a technological march on the West with the launch of the Sputnik satellite, is also warning that the sophisticated technology now freely available to threat actors has created a real-time threat for all types of organizations.
“The speed, scale, and breadth at which massive disinformation campaigns can unfold require computational defenses and automated algorithms to help humans discern what content is real and what’s been manipulated or synthesized, why, and how,” says DARPA.
DARPA’s research into detecting, attributing, and characterizing deep fakes has already resulted in hundreds of analytics and methods that can help organizations and individuals protect themselves. But, as Kovacs and Dennis claim to have proven, the rapid pace of AI development means that threat actors are able to stay one step ahead of all but the best-defended organizations.
