Facial recognition systems are widely deployed in China, so whatever one needs to do in the country, they have to show their face to the authorities. From entering a place to registering a new company, the Chinese have to pass through a mandatory biometric check which validates their identity.
In a weird case reported by Xinhua Daily Telegraph, a couple in China has taken the abuse of this system to a whole new level, taking still images of other people to create deepfake videos and then use these to register a company on a government platform.
The couple bought other people’s high-definition avatars as well as their ID information on a dark web platform for as little as $4.5 each. They then used applications like “Live Photos” that introduce a realistic movement in still images, such as nodding, head shaking, eye blinking, mouth opening, etc.
Even though this isn’t a very sophisticated process, it was enough to pass the government platform’s certification process, identifying the crooks as the victims they impersonated. Or maybe we should instead comment that to create convincing results, one doesn’t need sophisticated and/or expensive tools anymore.
The same reports claim that many actors are casually cracking platforms or accounts of other people on government agencies, finance firms, payment portals, media consumption sites, and more. The price they ask for this is between 25 and 300 Yuan, depending on the complexity and risk. That is approximately $3.8 and $46, so it’s pretty inexpensive for anyone to buy these services and try their luck.
The pair that tricked the Chinese tax administrator was discovered because they attempted to issue multiple fake invoices on behalf of the fraudulent company, but those raised alarms in the system checks. In numerous other cases of face-hacks, the actors pass undetected, so nobody is being prosecuted.
What is clear today is that security standards and anti-deep-fake tech need to catch up, get implemented in crucial ID verification systems, and protect regulatory authorities and core functions of a state from abuse. As it appears to be the case now, China has rolled out this tech very aggressively but with little consideration to security standards, and they are now having a pretty monadical problem.