Per our role as cybersecurity professionals, part of our responsibility is to put the developing threats out there in the world into perspective for the clientele that we serve. After all, with so many modern threats seeming to border on science fiction, it is only natural for smaller organizations to assume that their size will protect them from such attacks through simple lack of interest—or even that such threats will never be used practically at any significant scale. Unfortunately, these assumptions are too often mistaken.
For your business to survive, let alone thrive, you need to have prepared for every eventuality. To put the importance into context, let’s examine a threat that many may have shrugged off—deepfake images—and the potential they show in terms of future cyberattacks and misinformation campaigns.
Deepfakes are images or video clips that have been manipulated by artificial intelligence to show something other than the truth. You may have seen a few lighthearted examples online, where a comedian’s face is replaced by the celebrity they are impersonating, or different actors are inserted into movie scenes. There are even mobile applications now available where you can create simple (albeit glitchy) lip synch videos based on a headshot.
Not all applications of this kind of AI-based image generation are so obvious, however. Just look at the This Person Does Not Exist website, where you can see the results of a generative adversarial network’s work in creating very convincing, imagined faces. Every time you click on that link, the website will display a completely unique and imagined photograph that looks like a real person, but isn’t.
While entertaining, such applications do little to highlight the actual risks presented by deepfakes when put to more extreme uses. Adult-themed deepfakes are already being used to generate pornographic materials of people without their consent, and deepfake technology has also been used to doctor up footage to manipulate political interests. However, another use for deepfakes has risen that has many concerned—geographic deepfakes.
Rather than manipulating a person’s face or words, geographic deepfakes are used to manipulate satellite imagery to hide or distort the appearance of the landscape. As this technology grows in popularity and accessibility, it could potentially be used to seriously impact businesses and governments around the globe.
Let’s put it into context for a moment by going over how a geographic deepfake could be (and increasingly are being) used.
Let’s say for a moment that you were a military commander, and you were leading your troops through the field. Your objective isn’t far, all you need to do is cross a bridge that spans over a ravine that you’ll see once you crest the next hillside. Except, once you reach the top of the hill, you don’t see the bridge that your satellite imaging assured you would be there. You see the ravine, sure, but there’s no bridge to cross it.
There goes your plan, and such a failure is bound to have wide-reaching ramifications.
This exact scenario was brought up in 2019 by an analyst at the National Geospatial-Intelligence Agency named Todd Myers—and is in no way a new tactic.
Throughout history, maps have been weaponized as a part of disinformation campaigns and propaganda and have even been manipulated to protect intellectual property. Cartographers would insert fabricated locales and details into their maps to try and catch any copycats out there—after all, if you had invented “Not-Realburg, Michigan,” seeing it on another map is a blatant clue that your work had been copied.
A recent study, compiled and published by the geography department at the University of Washington, explored the topic of deepfake-generated geography in more depth.
In their study, the researchers review the long, long history of embellishing maps—reaching back to the Babylonian era in the 5th century B.C.—before focusing on the modern, technology-based contexts of location spoofing and how it can be weaponized, sharing examples produced by the researchers specifically for the study as a proof of concept.
In short, the study does what the research team intended it to do: it highlights the very real capabilities of such technologies, and how easily they could potentially be abused with no single means of identifying when an image has been manipulated.
What’s worse, the inherent trust the public has for such images makes them particularly effective, according to the researchers. While the team was able to engineer a tool to help identify their own fake geographies, these kinds of tools will need constant maintenance to keep up with the improvements that deepfakes will inherently see as time marches on.
While these kinds of threats will hopefully have minimal impacts on most businesses for some time yet, it is still valuable to consider how such a technology could be used against a company’s operations. Returning to the example of the missing bridge above, it isn’t hard to imagine how such an event could create serious interruptions and delays to the supply chain. Taking it a step further, someone trying to interfere with your success directly could use such an attack to hide your business from view on a map.
We also can’t neglect the idea that cyberattacks tend to inspire other cyberattacks, so there’s no telling what an imaginative cybercriminal might think to do with such capabilities someday.
For now, the best thing that your business can do is to reinforce your business using the technologies available today. While it would be foolish to completely ignore the development of cyberthreats like deepfakes, there are other attack methods that need to be protected against in the present. i-medIT can help you in that aspect. Give us a call at 630-549-6199 to discuss what your business needs to make its technology more secure and more productive.