In brief: In yet another story about the dark side of AI, the FBI has warned that criminals are blackmailing people by threatening to send explicit images and videos featuring the victims to their friends and family. The only difference from regular sextortion attacks is that the material is AI-generated deepfakes created from stolen social media images.
The usual sextortion attack involves a malicious actor threatening to leak explicit images/videos of a target, sometimes to friends and family, unless they receive a sum of money. Criminals might have obtained the material by hacking a victim, and there are times when the person making the threat doesn't actually have anything; they're just hoping to scare someone into paying, sometimes by claiming to have taken over a webcam.
The Federal Bureau of Investigation (FBI) has just posted an alert about a different type of sextortion. It involves malicious actors using innocent photos and videos of a target, taken from social media, public forums, or by request, and manipulating them using AI to make the end result sexually explicit. Deepfakes, in other words.
Technological advancements mean that deepfakes can now appear more convincing than ever. In this case, the altered images are circulated on social media, public forums, or pornographic websites. The deepfakes are then sent to the victim for sextortion or harassment.
Many victims, which have included minors, are often unaware that their images are being used this way until someone else brings it to their attention. It's usually impossible to stop the deepfakes from being shared once they're online.
The FBI writes that it has observed an uptick in sextortion victims reporting the use of fake images or videos created from content posted to social media, requested by the malicious actor, or captured during video chats. Criminals typically demand either payment in the form of money or gift cards, or they tell the victim to send real sexually-themed images or videos.
The FBI recommends monitoring children's online activity and discussing the risks associated with sharing personal content. It also suggests making sure social media accounts are set to private, not public, and using a strong password and 2-factor authentication. Moreover, show caution when interacting online with new people or those you know who may be acting out of character – they may have been hacked.
This form of sextortion isn't an entirely new practice. In 2020, a deepfake bot that was made freely available on messaging platform Telegram made over 100,000 faked nude photos of women based on social media images, which were then shared online
Deepfakes are becoming more convincing and easier to create; China's Tencent offers a $145 service that makes them for you.
h/t: BleepingComputer