A deepfake social engineering hoax reportedly targeted Sen. Ben Cardin, D-Md.
He's currently the Democratic chair of the U.S. Senate Foreign Relations Committee.
According to reports, a notice from Senate Security to Senate offices stated that the attempt made in September of 2024 "stands out due to its technical sophistication and believability."
Cardin's office reportedly received an email from an impersonator believed to be Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs whom Cardin purportedly knew from previous meetings.
It also reported that the senator’s security confirmed that the meeting of Kuleba and Cardin was held via Zoom through what appeared to be a live audio-video connection and was "consistent in appearance and sound to past encounters."
A senate alert reportedly noted that threat actors posing as representatives of a foreign dignitary were requesting official video calls to gain additional information or discredit victims --- all classic social engineering tactics.
The technology that enables fraudsters to create a dupe like this is free, open source, widely available, discoverable with a Google search, and requires very little technological savvy to execute.
Tutorials on its use, including how to stream face-swapped videos like the operation that targeted Sen. Cardin, have recently made rounds on the internet.
To create such a deception, malicious actors only need a photo and a three-second voice sample to create real-time deepfakes.
Once the software is downloaded and the subject video or image is uploaded, a few clicks of a button create hyper-realistic, real-time face swaps without glitches or watermarks.
Tutorials on this technology are easily searchable and show real-time face-swaps using photos of Elon Musk, Joe Biden, Vladimir Putin, Kim Jung Un, actor Jackie Chan, and a "cute girl."
Using diffusion transformer architecture, facial movements are mapped in real time and are nearly undetectable as AI (artificial intelligence) generated.
One demonstration shows a user pulling at his cheeks as generative AI maps the exact action instantaneously in digitally manipulated live video feed.
Other methods include training deepfake models by providing AI with various images of a subject from multiple angles and different expressions to create a realistic image for face swapping.
Preprocessing nodes are built-in and are adjustable for tweaking images prior to live generation, thereby creating more consistent and realistic results.
Open-source, real-time voice changers are also accessible online and provide options to create audio in record mode or live mode.
Additionally, they can create deepfake voices trained on any model including live voices or recordings of voices that users can upload.
Streaming deceptive face and voice clones, like those used to mislead Sen. Cardin, is as simple as downloading a third-party application, adding the source, selecting the window capture, and designating the output to stream. Digitally altered video and audio feeds can then be streamed in "live mode" on popular meeting platforms such as Zoom, Skype, Meets, WhatsApp, TeamSpeak, Discord, and gaming platforms Fortnite, Minecraft, PUBg, and more.
Malicious actors can also sync AI-generated video and audio using third-party applications for use in streaming.
Although not used in the deceptive tactics in Sen. Cardin’s ordeal, full-body swapping is now available with free open-source AI tools.
Body swapping technology can replace anyone in a video with a single photo reference. Prior to present technological advances, executing a full-body swap deepfake required multiple cameras, multi-view motion capture technology, and numerous training days to create a 3D model of a person. AI now does the work of what was once considered advanced technology in mere milliseconds.
One AI-generated full-body swap video showcased a complex, high-action scene featuring a multi-person basketball game clip with a great deal of activity that one would expect of a basketball game. AI produced the full-body swapped clip seamlessly with only minor flaws in the final video rendering.
Any video can serve as a body swap sample allowing motion extraction of characters within the video to be used in other scenes. This means that fraudsters can put a person in a scenario that they were never actually in and deceptively pass it off as authentic.
I warned that nonconsensual deepfakes were no longer solely a threat to politicians and celebrities, but also a threat to the wider public. Shortly thereafter we saw young female students victimized by classmates who used the technology against them. The nefarious use of real-time deepfake technology will also extend beyond targeting politicians and be used to defraud members of the public.
For the safety of the nation and our citizens, platforms such as Zoom, Skype, Google Meet, WhatsApp, and others must integrate deepfake detection technology into their platforms and require user disclosure when using AI-generated images, video, and voice to aid in mitigating this peril.
Prompt action is needed on the part of tech platforms to alleviate this continued threat. This is urgent, important, and critical to the safety of Americans.
(A related article may be found here.)
V. Venesulia Carr is a former United States Marine, CEO of Vicar Group, LLC and host of "Down to Business with V.," a television show focused on cyberawareness and cybersafety. She is a speaker, consultant and news commentator providing insight on technology, cybersecurity, fraud mitigation, national security and military affairs. Read more of her reports — Here.
© 2024 Newsmax. All rights reserved.