Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations
New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) relayed a US Federal Bureau of Investigations (FBI) notice. The FBI Private Industry Notification (PIN) issued warns of the dangers of the use of deepfakes by foreign actors.
Malicious actors are expected to use synthetic content -commonly known as deepfakes – for cyber and foreign influence operations in the next twelve to eighteen months according to the bulletin.
“Foreign actors are currently using synthetic content in their influence campaigns. The FBI anticipates the tactic will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering campaigns in an evolution of cyber operational tradecraft,” says the FBI in the notification.
What is Synthetic Content?
The FBI includes the “broad spectrum of generated or manipulated” digital content – images, videos, audio clips, and text. While well-known apps like Adobe Photoshop can be used to create synthetic content, the report highlights techniques based on artificial intelligence (AI) or machine learning (ML) technologies.
A former cameraman and visual effects editor for Belgian TV company Medialaan made deepfake videos (below) to raise awareness around deepfake technology.
These AI and ML techniques are known as deepfakes or GANs (generative adversarial networks). Generally, synthetic content is considered protected speech under the First Amendment which guarantees freedom of speech. The FBI, however, may investigate malicious synthetic content which is attributed to foreign actors or is otherwise associated with criminal activities.
This FBI PIN contains recent and anticipated uses of synthetic content, how to identify and mitigate synthetic content, and is being provided to assist in guarding against the persistent malicious actions of cyber actors.
The NJCCIC encourages people who receive or find deepfakes to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report or contact the NJCCIC at [email protected] with any questions.