978-9934-564-50-5
THE ROLE OF DEEPFAKES IN MALIGN INFLUENCE CAMPAIGNS Published by the NATO Strategic Communications Centre of Excellence ISBN: 978-9934-564-50-5 Authors: Keir Giles, Kim Hartmann, and Munira Mustaffa1 Contributors to the Project: Berta Jarosova, Nathalie van Raemdonck and Liisa Past Project manager: Sebastian Bay Copy-editing: Anna Reynolds Design: Kārlis Ulmanis
NATO STRATCOM COE 11b Kalciema Iela Riga LV1048, Latvia www.stratcomcoe.org Facebook/stratcomcoe Twitter: @stratcomcoe
This monograph was completed in September 2019, and draws on source material that was available by August 2019.
This publication does not represent the opinions or policies of NATO or NATO StratCom COE. © All rights reserved by the NATO StratCom COE. Reports may not be copied, reproduced, distributed or publicly displayed without reference to the NATO StratCom COE. The views expressed here do not represent the views of NATO.
Introduction
The Ballad of Katie Jones machine learning—commonly referred to as a deepfake. In early 2019 Katie Jones, a young researcher based in Washington DC, set up a It is not known who created Katie Jones, new profile for herself on LinkedIn. She filled or for what purpose; whether that purpose in her biographical details—degrees from the was achieved; and if so, what impact it University of Michigan, a present position had. But the integration of a computer- at the prestigious CSIS think tank—and set generated image sufficiently convincing for about building her network of contacts. a number of highly intelligent individuals to accept Katie Jones’s invitations to connect There was nothing unusual about a new raises a wide range of implications, not profile being set up on LinkedIn; thousands only for deepfakes and other deception are created every day. It was not even technologies, but for malign influence unusual that Katie Jones was entirely campaigns overall. fictitious; with no checks on the identity of individuals creating these profiles, there is This paper describes development paths in nothing to prevent someone from assuming both technology and deception, considers any identity they choose. possible future developments, and discusses policy implications for governments, Instead, what distinguished Katie Jones corporations, and private individuals. from thousands of other false online personae was the image she chose as a Why Was Katie Jones Created? profile picture. Ordinarily, fake social media identities steal a picture from another profile, Katie Jones connected with current and use a stock image, or copy a photograph former think-tankers, academics, military of a public figure from websites. Instead, officers and government officials, but the Katie was a chimera; her profile used a purpose for which she was created is not unique image that was not a photograph immediately apparent from the categories of a human being, but was an entirely of real individuals she sought out. Although computer-generated artefact made using the majority were located in the United machine learning algorithms. Katie’s profile, States and engaged in work on Russia, and the use to which it was put, may be the outliers include specialists on China, energy, first instance documented in open sources and cyber security; a PR specialist in Las of a malign influence campaign making Vegas; and a Moscow-based director of an use of human image synthesis based on American refrigeration company.
4 ����������������������������������������������������������������������������� In total, 52 people accepted Jones’s Gaining online or physical access invitations to connect. Among the most to events by signing up to lists and senior professionals were a former one-star receiving notifications and credentials;4 general and US Defence Attaché to Moscow, a top-ranking US State Department official, Mapping networks: gathering and a potential nominee to the Federal information on who is connected Reserve. Over 40 of these individuals were to whom in specific fields of policy interviewed by Raphael Satter of the AP research; news agency during research for his news story on Katie Jones. None of these people A test run: assessing the plausibility admitted to having received any direct of a profile of this kind, its success at communication from Katie. And Katie Jones penetration and network-building, and did not respond to messages and invitations testing its detectability to inform future sent to her via LinkedIn, or to an AP request targeted deception campaigns; sent to her AoL address ‘asking her to comment on the fact that she did not exist’.2 A joke, perpetrated simply to entertain the creator(s)—in which case they will Becoming active in March 2019, the profile find the rest of this analysis even more was identified as a fake in early April and amusing. publicly exposed in June.3 It is possible that Katie was interrupted before she fulfilled After exhaustive attempts by AP to track the purpose she was designed for; but down and identify all Katie’s contacts, one given that she appeared to cease making objective that can probably be ruled out connection requests before becoming the is building bona fides and influence for object of suspicion, it is equally possible another fake profile within her network. that she accomplished her mission before But the question remains: how was a fake being detected. Katie Jones able to convince a series of intelligent, well-informed individuals to Possible purposes for which Katie was accept her invitations to connect? The created include, but are not limited to, the answers lie in the convergence of the new following: technology used to generate her face, the unchanging principles of deception, and Advanced spearphishing: establishing the very specific nature of the platform on an account as a trusted source for which she appeared. Each of these will be corresponding with high-value target examined in turn in this paper. individuals to deliver malware or spyware to their device(s) by e-mail or some other messaging system;
���������������������������������������������������������������������������� 5 Deepfake Timeline