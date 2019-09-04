Fraudsters Deepfake CEO's Voice To Trick Manager Into Transferring $243,000 (thenextweb.com) 38
An anonymous reader quotes a report from The Next Web: In March, criminals sought the help of commercially available voice-generating AI software to impersonate the boss of a German parent company that owns a UK-based energy firm. They then tricked the latter's chief executive into urgently wiring said funds to a Hungarian supplier in an hour, with guarantees that the transfer would be reimbursed immediately. The company CEO, hearing the familiar slight German accent and voice patterns of his boss, is said to have suspected nothing, the report said.
But not only was the money not reimbursed, the fraudsters posed as the German CEO to ask for another urgent money transfer. This time, however, the British CEO refused to make the payment. As it turns out, the funds the CEO transferred to Hungary were eventually moved to Mexico and other locations. Authorities are yet to determine the culprits behind the cybercrime operation. The firm was insured by Euler Hermes Group, which covered the entire cost of the payment. The names of the company and the parties involved were not disclosed. According to The Wall Street Journal, which first reported the news, the voice fraud cost the company $243,000.
Oh no, not Deep Dupes!
If this was ~50 years ago, they could probably make a great Monty Python skit from this. The scam, not the dupe. Just don't mention the war! (yes, I know that's from Faulty Towers)
You'd think they could develop some AI algorithm to spot these dupes ahead of time. But it must be beyond all limits of current technology.
/. has had dupes for 20 years.
The editors, and I use the term loosely, are a fucking joke. That's the running gag.
This is the second time in less than a week! Somebody do something!
Fool me once, shame on you.
Fool me twice, shame on the process manager.
Me? I can't be responsible for anything, I'm the CEO!
Maybe Beto will propose a mandatory AI buy-back program.
They did it every day the last week it seems, must be a new fashion.
DeepFakes is the "atomic bomb" of software. It has the potential to cause major geo-political disruption and unimaginable crime. For example:
DeepFaked "Whitewater" like scandal that never occurred, but where someone was politically ousted nonetheless.
DeepFaked ID theft.
DeepFaked blackmail of sexual content that never occurred, but the shame is enough to get a payout.
"DeepFaked "Whitewater" like scandal that never occurred, but where someone was politically ousted nonetheless."
RussiaGate.
"DeepFaked ID theft."
They used to do that with rubber masks if you can believe old movies and TV shows.
Cue Mission Impossible theme. Even as a kid, I always thought that was over the top unbelievable, but the tech was cool.
Cue Mission Impossible theme. Even as a kid, I always thought that was over the top unbelievable, but the tech was cool.
When I was a kid, I thought it was quite believable. Greg Morris had the coolest job with "The Phone Company" with all kinds of space age stuff. Looking back these days, yes over the top, but Morris played the role of the ultimate techie. Always cool and calm even in dire situations of near death or capture, and always able to make it all work. In many ways the IMF used deepfake tech and disguises to manipulate various governments around the world, topple their leaders. All in manners that they didn't know
Real "Whitewater" like scandal perpetrators claim it was deepfaked and nobody can prove otherwise, they stay in power.
Someone does something bad and claims someone else stole their identity and the cops can't prove to otherwise to a court.
Someone is being blackmailed of sexual content or worse, a sexual crime, claims it's fake, and everyone believes them.
Oh c'mon. In these times of Fake News? Quite the opposite is true! Now you can sleep around as you please and if you get caught on film, claim it's a deep fake and everyone believes you.
Deepfakes... (Score:4, Funny)
There are problems with this (Score:2)
First, the source article is behind a paywall and can't be readily reviewed. The editors never should have accepted this article based on a single pay-walled source.
Second, how do we know that it was a deepfake? Seriously, nothing has been stated about anybody being caught or any software being found. Saying that this was a deepfake is nothing more than speculation. For all we know they simply practiced impersonating his voice until they got it to the point that they could use it to commit the fraud.
Third,
There is too much risk of going to jail, instead it would be far safer and much more profitable to license that software to call centers worldwide.
Sure, if you live in developed countries with operating police departments. In the rest of the world where corruption is rampant, and there's either non-existent police, they're on the take, or they're just overwhelmed? Not really much risk.
This kind of crap happens all the time in most of the world, and people get away with it.
Think about it, if you ge
Third, Occam's razor has this doesn't make sense. Think about it, if you get software that can successfully replace someone's voice with another persons voice and accent why would you bother to use it for crime?
You're assuming that the creator is the person or organization committing the theft. It's very possible, likely even, that someone else built the system and now makes money by renting it out. Very low risk in taking a cut of the proceeds, if the deal is transacted in a low-law-enforcement location.
AI deepfake or not (Score:5, Insightful)
If the only proof the UK CEO needed to authorize a 243K payment was to recognize the voice of is boss, he deserves his pink slip. Falling for such an old social engineering trick is just pathetic when you're in charge.
and the German Boss (Score:2)
The big problem here is that this indicates a lax attitude to compliance by both companies. If this sort of thing was completely out of the ordinary the CEO could be expected to be suspicious from the get go. The fact that he was not so, indicates that both companies had poor procedures and policies and this sort of nod and wink behaviour was the norm.
You obviously have never worked for a "do it or be fired" kind of boss that considers it a challenge of his authority if you as much as answer with a "but...".
No, but all my bosses have been working with a very explicit "fire me unjustly and get sued" employee (me). Here in Europe, unlike the US, employers take this seriously.
Interesting impact on large organizations (Score:2)
I think going forward what's going to happen is that one of two things will happen:
* An easy to use cryptographic verification system will be built.
* Businesses will have to get more in person to enable the existing tech to be used.
Because what will not happen is insurance companies will continue to do pay outs like this for companies that want nothing more than a firm hand-shake then phone calls with zero tech-driven authn and authz happening between the parties before 6+ figures move around.
Or simply made sure certain executives cannot bypass proper controls around the management of money just because they have a fancy title.
I think that's highly optimistic. Executives (including the ones at insurance companies who ultimately foot the bill for this fraud) are never going to sign off on a system where some black box of IT nerdery can overrule a phone call from the CEO to the head of accounting.
Higher insurance premiums will be "just a cost of doing business".
This impersonation has been happening in corporations for some time but the method is new. At a former company, someone posing as the CEO emailed the head of HR wanting a copy of every single employee’s W-2 in one large PDF in a few hours for “data purposes.” At first glance the email looked legitimate, however this would have extremely impractical to create a PDF with tens of thousands of pages given the short amount of time. Another aspect that caused suspicion was that CEO was technical
but if HR hadn’t been more alert, they would have sent the PDF.
All it takes is just one victim not being alert out of several attacks and the thief can get $243K.
No bullshit statistics right there (Score:2)
Last year, Pindrop - a cybersecurity firm that designs anti-fraud voice software - reported a 350 percent jump in voice fraud from 2013 through 2017, with 1 in 638 calls reported to be synthetically created.
Well, coincidentally, I sell condoms and I can report a 1,400 percent jump STDs from 2013 through 2017, with 1 in 638 unprotected sexual acts resulting in an embarrasing visit to the family doctor.
(Hint: you should wear condoms.)
As you can see, just because you profit from it doesn't mean that using protection is a bad thing.
Faster!!! Faster!!! (Score:2)
more more more!!!!!
The keys to a quick change con (and most others) are "urgency" and distraction.
https://en.wikipedia.org/wiki/... [wikipedia.org]
MAYBE, just MAYBE. it's time to slowdown just a little bit?
"But OMG, my job!!!!!"
I dunno... How much did this cost? I'd think it would be his/her job in any case, but what do I know?
Creating fake videos should be illegal (Score:2)
A person's likeness should be automatically trademarked and wholely owned by the person. Using a person's likeness in anyway without their explicit permission should be illegal.
Yeah. That's what's going to solve this. I mean, I was about to steal a quarter million but by making the way I planned to steal illegal means I won't do it anymore. That might break the law!
There's so much wrong with this, but picking a few:
- Would twins co-own their likeness?
- If I happened to look like someone else, could they sue me for infringement? (Doubly important if that other person was someone rich or famous.)
- A person's likeness changes over time. I definitely don't look like College Me. Do I continue to own all versions of me or just the current one?
- Would public figures be able to sue comedians who impersonate them? For example, Alec Baldwin portrays Trump on SNL. Would Donald T
reverse action, same problem (Score:2)
"At Vanguard, my voice is my password."
Then Vanguard's software verifies that I am me. I guess I better hope that neither true voice synthesizers nor mimicry actors can fool Vanguard. I'm reasonably certain that voiceprint matching in software can be much more discerning than the human ear; whether a given algo meets that bar remains to be seen.