All Bark, No Byte

okay we're gonna stop let's take away all right so apologies to anyone that I just made deaf with that sound test it was not intended there's always problems with sound so you always just got to figure it out um I've kind of moved up a little bit I don't know if I look like being Touched by an Angel with the lighting but just bear with me please at least the screen is not reflecting like mad thank you for having me here besides it's great to be in person again I haven't been at a conference in person since 2019 so it's really cool to have actual real life people to speak to um apologies for the arms now I'm like

super aware of that after Haroon brought it up thanks for that all right so my talk today is called all bark no bites that will make more sense a little bit later in the presentation so are you actually at a information security conference if someone doesn't have a who am I slide coming up on the screen so let me just give you a quick introduction about who I am for my day job I am a vulnerable machine engineer for offsec it means that I get to create really cool vulnerable machines in a lab environment and I love my job because I get to build and solve puzzles simultaneously while making one thing something that I am super proud of that

I sit and do in my free time is an initiative called Pay It Forward um I got a really great opportunity to get into the information security field through an internship and it was as cheesy as it sounds life-changing for me and it became a personal goal to be able to do the same thing for other people and I got the opportunity to do that a lot sooner than I had planned and up to today the paid for initiative has given 19 people a pwk voucher so for anyone who doesn't know that's the course to get your oscp certification and that's 90 days of the lab that's full access to the course the videos and and exam voucher so like

I've met two of my candidates today who are Cape Town based I'm joburg based and that's something that you know I get a lot of satisfaction out of doing uh so you know just to start with a little disclaimer this presentation is going to contain deep fake material no infringement is intended I'm not entirely sure if some of the stuff I've done is totally legal but we'll see um all right cool so what is a deep fake everyone's probably heard of that and there's different kinds of deep pegs and there's different kind of Technology that's used to make these things but essentially what it's doing is it's taking some kind of base media and it's

manipulating it in such a way that it now appears to be something else whether that is done with imagery or videos or audio or a combination of all of them that's essentially a d fake in very very simple terms now what people seem to enjoy doing is putting Steve Buscemi's face on a lot of celebs and they tend to be women so it's this really weird thing where you see like Steve Buscemi's face a lot um and you can literally Google like a deep fake before and after and you'll see a lot of these things and a lot of Steve Buscemi and I have dubbed it the face replace because essentially what they're just doing is they're taking and they're

not changing the majority of the image they're just sticking someone else's face on it and I think that there's a lot of really really poorly done deep folks online then you get some really really good ones and at the moment they're the exception and not the rules so I don't know why this is showing as blank this is and I hope you don't go deaf this is someone called Deep Tom Cruise this guy's name is Miles Fisher and I'm going to tell you a little bit more about him after I show you kind of what he's known for please play comply Paris I don't want to be linked to this Premiere we gotta go we should always run faster

you're some absolutely beautiful in here hello [Music]

anything all right now we're going to start diving this thing you ready I do my own sentence all right so Miles Fisher is not Tom Cruise obviously so the person in that video is not Tom Cruise at all it is the real Paris Hilton and Miles Fisher works with a company called metaphysic and metaphysic specialized in AI technology but essentially they're creating deep fakes and in my opinion they are the people that are creating the most convincing deep fakes so a lot of this introductory stuff does deal with a lot of kind of popular culture but I think that it does just show how impressive some of this stuff can be so metaphysic actually entered America's

Got Talent I mean that's quite an unusual contest and to have a tech company into a talent show but you're gonna now I have never seen Simon Cowell get to his feet as fast as he did when he saw this app my new he was the app if whoever that makes any sense it will in a minute here's metaphysics now I

welcome everybody [Music] so I mean Heidi Klum is absolutely losing his [ __ ] Simon Cowell is is shocked and you can see that there's three people that have walked onto the stage and on the big screen behind them is this picture of Elvis seemingly live uh

you are the devils

[Music] so I mean apart from seeing Simon Cowell's wonderful reaction of seeing himself as a performer it's it's really impressive what they're doing so metaphysic is was created one of the Creator's name is Chris um and they specialize in especially these real-time deep fakes of being able to kind of superimpose one likeness on top of another person's face um and coming back to Miles Fisher so that is Miles Fisher he's real likeness on the left and obviously Tom Cruise on the right and the thing is is that these kind of deep fakes or AI technology it has some limitations and I want to take you through them so despite them being really really good and you know

they can do it in real time and it's it's super impressive Miles Fisher is a professional Tom Cruise impersonator this guy has a similar likeness sure he doesn't look exactly the same but there's a likeness there he has learned how to sound like Tom Cruise's voice so there's no editing or anything like that anything they need to change there when it comes to his voice some of the limitations as well is you know these this technology struggles a little bit like is the hairline of miles and Tom exactly the same is their jawline the same their mannerisms how much of them like an emotion and expression do you get when this AI is sticking someone else's face on yours

and that tends to be where it kind of it starts to look fake and these things are going to get so good that you're going to have to trust your instincts and be like hey I don't know that thing just there's just something about it in maybe one frame that just doesn't look right but anyway we're getting a little bit sidetracked here so we are hackers right so we want to think how can we use this kind of stuff in an offensive way right um so if you want to have a deep fake of someone for whatever reason we'll get to motive a little bit later there's going to be some challenges right so you have to have your targets

and you're gonna have to find someone who looks like your Target and then they're also going to have to be on board with whatever illegal activity you're doing so you might not want to do that for various reasons Okay so how do you actually weaponize a deep fake right and that's the question I asked myself and I'm going to take you through how I did it I'm sure that there are a lot of different ways to do it this is just my way and then I also kind of realized that the talk probably should have been called Deep fakes for dummies because that's just essentially what it is and I want to take you to I want to take

you through the two aspects of speech in the visual kind of way so that you're hearing me talk but you're also seeing me talk um and the first thing is how a mouth moves and one of the aspects is called a vizim so this is like visual and what that means is just there are certain mouth movements that accompany the words or the sounds that you're making and you will not really realize that you're doing it because I think everyone here is hearing so we kind of think of this as something that hearing impaired people do but you will do this on a subconscious level and you will know when there is a disjoint between what is

being said visually and what are you hearing from an audio perspective so what I found is a really great way to kind of demonstrate this is there's a YouTube channel and they do what they call bad lip syncing so if there's any stranger stranger things fans here this one is especially for you

foreign like most 12 year olds back then my family life revolved around the dinner table you have to do something wicked in my talent show well you need Impressions actually I thought it would just say simply hey I got a lovely tattoo I'll show you when we're done is it a whale no it's cool but is it super wine glass there must be Genesee in this house what is a boy jealous because I'm sure not let's begin to clean God's back I'm gonna shove you under the couch and leave what'd you just said how'd you shove her I used to have a soup out of me she's not super freak you're legit that I am

what all right so if you've watched stranger things you're going to realize that that was definitely not part of the show and what you're hearing sometimes doesn't make sense it's like a cohesive conversation but it all looked right it all sounded right between what you were hearing and seeing so we come to the second part of this and this is what's actually being said so these are called phonemes and what phonemes mean is it's just we can only make a certain variety of sounds and when we speak we kind of combine these sounds in different ways to make words and then magically other people know what you're saying because they also understand the same kind of sounds

you're making so that is an oversimplification of phonetics but it's good enough for the purposes that we need so how do we use this again and generally when you're speaking about making some kind of vocal clone you need a data set and data sets you can sometimes compensate like do you need quality or do you need quantity but when it comes to cloning people's voices you actually need both and there's no shortcut around that so what a lot of places do like researchers they use celebrities and politicians because their natural data sets these people speak and they speak a lot so you like Joe Rogan for example I did a talk two years ago and I used Joe Rogan because

he literally is just a walking data set with his uh with these podcasts so another great example is as I said politicians so let's hear hello I'm Barack Obama and I have been convinced to say some ridiculous things for besides Cape Town 2022 it's really really easy to do you just kind of punch it into Google once again it will take you to a site cool I want to say something as Obama and it's done so hello um so what kind of tools do you do you use if you want to have a little bit more control over this yourself and Barack Obama is not your your target so this this various tools the first one

I'm going to talk about is called descript this used to be called liabird I've spoken a little bit before about live bird it's a really really good technology for creating vocal clones another one is called Murph Ai and then a third one that I came across is called resemble AI and why I was particularly interested in resemble AI is because when you get into their dashboard you see this option and I thought Bingo this is exactly what I need when I've experimented with these tools before I've generally done it with my own voice which is easy because you know in this machine and I can do whatever I want but if I'm trying to clone someone else's voice this just

makes it a whole lot easier but it didn't work so I thought okay well that makes sense they're not going to let you do it for free so I stuck my credit card well not a Creator cards numbers in and bingo I've been upgraded so that's wonderful but it still didn't work what do you do next you email support because well it's not working and then I realized why it's not working because I need 15 000 USD to mess around with this tool and as much as I'm invested in my research that I just don't have that amount of money to to mess around with that so we're not going to do that right we're

just going to be moving along so I took a little bit of a step back and I thought who should I Target like who's going to be someone who's got a good data set that I can work with and that would be relevant because a lot of these things that we see work with you know politicians in America or you know Putin in Russia and let's let's try and make it as local as possible so who else but let's see our presidents and let's see all right so you just do a Google Search and you do for videos and there's over a million so cool data set box checked um and are the actual attack so now I've

got to figure out all our cool how am I actually gonna do this and my kind of outlook on this especially when I do social engineering which essentially this is is that if you strike like you try and stay as close to the truth as possible something's going to be a lot more successful because uh it just kind of minimizes your chances of getting courts out or kind of that's what I thought right so if anyone has tried to mess around with any kind of Sound Engineering or anything like that you might know this logo this is for a tool called audacity it's 100 open source and it allows you to do a whole bunch of

things so I downloaded audacity and I then started trolling through YouTube and you go through a whole bunch of transcripts and you you have an idea of what you want to do and you start downloading these things and listening and taking out what you need so what I created and what I'm calling this is a vocal quilt I am taking things that have really been said but I'm using from different places and I'm rearranging it in a way that is something Cyril never said I don't know how big it is on the screen but if you read the the notes that I've made it says escom will increase load shedding over the next 12 months which

is what we all want to hear right um so cool so we've got the what has been said sorted in a very very simple way like we did not use high tech Solutions here we really kept it very very simple but that sorted but now as you've seen the mouth has got to move the right way otherwise it's just gonna look very very weird and if you edit that in such a way you're gonna have those like those weird breaks and it's not going to flow in the same way as someone who's just speaking like in the moment so how do we do this mouth manipulation and you know the internet is a very very

wonderful place chances are you are not the first person to think of what you're doing so you need to just look around and see if the solution you need already exists and it does in there are various Solutions but this is the one I went with so you literally go on to GitHub it's called wave to live wave tulip and it does exactly what it says on the on the slide that you can lip sync a video and audio that can come from completely different places and make it look right so what we're winning here is that we're doing all of this stuff locally we're not doing this on some kind of web app where we're going to leave some Trace

and we have that kind of sense of control over it so this is what it looks like when you're using it it's a command line based tool I don't think that it's particularly difficult I think anyone who's a little bit Savvy will be able to figure it out just getting it installed is literally the most difficult part we'll check a bunch of areas at you once you get those sorted you're good to go and you're going to see what I was able to create escom will increase load shedding over the next 12 months now everyone's going to have a different opinion whether you think that that's convincing or not so again please remember that this is really really

quite low-tech Solutions it can obviously get much much better but the benefit here is that we're all used to seeing a Cyril with that backdrop we got quite accustomed to it during lockdown so you know that's like second nature seeing him there and it's quite believable from that perspective also what I'm going to show you is the original versus what I did so that you can see that you still have those natural kind of gestations and body movement from him speaking escom will increase load shedding over the next 12 months so all right we've created a deep fake where we can impersonate or have some kind of level of control over our presidents but what is our motive behind

this if you work in the information security industry which I'm sure a lot of people here do you know the power of information and equally if not more powerful is um disinformation so what is this information it's being able to use something in a way to convince someone of something that is just entirely untrue and then to be able to leverage that to some kind of end goal which is you know we're now talking politically here at some kind of destabilization or control or in whatever capacity that that goes to I would explain this but I think that sorry I'm getting to a video so I'm losing my place slightly so I want to introduce you to something called

operation fiction and operation infection was a a team and a task done by the KGB and what they specialized in was disinformation spent 25 percent of their time actively coming up with ideas for disinformation like how can we destabilize [ __ ] using just crazy information right and there's a brilliant by the New York Times which explains it incredibly well

come on

three and all the way over here in Delhi India this is when a remarkable story appears in a newspaper called The Patriot declares the HIV virus was secretly created by U.S government scientists as a weapon to kill African-Americans and gay people the middle names of facility brought Dietrich in Maryland where the virus was supposed to have been concocted it's a crazy allegation proceeds in a small newspaper no big deal right but fast forward just a couple of years and what was happening the story is spreading all over Africa a scientific reports even published by two East German biologists who say they can prove AIDS was made in the USA all these articles are from just a few

months at the end of 1986 and then somehow it ends up a subject military publication claims the virus that causes AIDS late from a U.S army laboratory conducting experiments in biological warfare reading a fake news story to millions of unwitting Americans on national TV so that sums it up uh this operation in particular was really really successful and it had really really long lasting results and there's probably a lot of people who still think that this is the case and I'm sure everyone here knows someone who thinks that covert was released from a facility a government facility so you know these things like they start to kind of like repeat themselves and they're kind of dangerous

ideas because there's a lot that you can do with this and this is just a wonderful little statistic and this speaks about how many people so this was the first time it was published just to remind you of the dates was 1983 that television broadcast was 1987. so you know five years later a lot of people 15 of Americans still think that that the AIDS virus or HIV AIDS was released from a government Laboratory in 2005 50 of African Americans thoughts Aid was man-made and you can read the rest so despite the scientific Community kind of fighting back and being like this is absolute nonsense there is no truth to this it doesn't matter like the damage is

already done so you can try and fight this and and the Americans did they had a task forces of course they will you know the idea is there you've planted the seed you've done the damage and therefore you've actually been quite successful and the difference now obviously between 1983 and today's you know we have the internet so it's pretty obvious so if the KGB were able to pull off something like that when you were relying on like you know hard printed newspapers and stuff like that we can do a lot of damage um in whatever kind of vehicle we choose but using the internet is particularly useful for this kind of thing and it's kind of broken down into seven

steps so it's about finding the cracks in whatever Society you're trying to attack you then create the lie and it's a big bold lie but you have to find that that elements of truth to it the fourth part is making sure that you conceal your hand and people don't know that you were responsible for doing that thing and then find someone who's an idiot and who can back you up right because that's useful especially if it's got dots here in front because people are like hey he must know who he's like what he's talking about the sixth step is to just deny everything because you know what are people going to do if you say you didn't

do it and then it's about just playing the long game and just waiting and seeing if what you did actually worked and sometimes it's not going to and sometimes it's going to work really really well uh and then if we think of like okay is there a kind of practical example of that in real time and one of the things that I thought about was hey what about Cambridge analytica I mean there was a huge scandal with them they had access to a huge amount of data you're able to Target people with like immense accuracy when you're on a platform like Facebook and if you have people who are not capable of critical thoughts or checking

information fact checking uh you definitely are able to manipulate how people how people think how people feel and how they're going to vote and how they're going to conduct themselves and I mean Cambridge analytica was a self-described global election management agency like it's even in like their description um so I'm not the only person thinking about this there is a organization called represent us it's probably like represent us as well and this is one of the most high quality convincing political deep fakes I have seen um with quite a like a powerful message then we're gonna see it rather the more imagining to believe in computer games occasional democracy [Music] people are divided reporting decent weeks either

[Music] applications [Music] is it not hard for democracy to collect Ed [Music]

thank you all right so I don't spend a lot of time looking at defense because like I enjoy the offensive side of things but I thought I would just touch on it of course you know there's going to be two sides to every coin so as much as there are people creating deep fakes and seeing how much better can they get and how convincing can it be there's equally going to be people who's saying well this is clearly a problem we're going to need mechanisms to be able to at least detect and maybe tell people that what they're watching is not real one of the ways that I came across during the research for this is that

combination and comparison of the vazims and the phonemes so is there something in a deep fake video where the mouth is moving in a way that doesn't match the sound to me I don't feel like that's gonna age very well because I think that the better these things get the harder it's going to be to detect those kind of inconsistencies and like anything in this industry it's a cat and mouse game whatever the defense come up with you know the offensive guys are going to be like cool story we're now going to find something to you know bypass that and so the cycle starts again and um I'm now happy to answer any questions that you

may have

now there's a question here

thanks very much for the talk uh it's completely out of my domain so it's been very interesting to listen to thank you um the bit that you skipped over the most because it's clearly not your theory of any particular one of the tickled me so perhaps it's a nice little dialectical play um for me I can't look myself into the motion of wanting to build of things that deep house of defects so I'll be really impressed to hear from you like what is it about it that side makes you want to build them but what are you getting out of it um I think it's just out of curiosity like you know as I said I used very like

simple mechanisms to build this and if I can do it we'll really so can anyone else um and one of the things I thought about is I mean I'm sure everyone here has or uses WhatsApp and you've seen that thing forwarded many times right if someone can create something that's convincing enough and they can then disseminate it and enough people believe it it's that's really because you're now you're now not just hacking some kind of software or some operating system you're not hacking people and to me that's quite that's got a powerful impact

exactly exactly so you know with that forwarding you lose the quality you know those things are forgivable you'll kind of write them off subconsciously of like oh you know it's just some kind of glitch or something like that you're not necessarily going to think immediately maybe this maybe this is a deep folk a lot of people won't even think they'll just blindly believe well you know Cyril's saying it has to be true I mean we know better but

it was really cool um the political aspect of this which is very interesting and scary in two ways um I would be more just uh you know motion security system so um you know we were relying increasingly on uh like barometric authentication so example of trying to make things more secure so there's moves towards things like these days are um they're using my Biometrics and videos to authenticate people and for things like public back on screen and keep them and all that stuff um and while that is a step in the right direction it was seems like it has a deep back technology is catching up even faster than so we're at a point where like anyone

could just deep fake to you know or think of themselves as someone else and do identity that or again it's just Google bank accounts or um you know where you're increasingly doing things over Delhi conferencing we could uh you know have online meetings and just impersonate someone um the audio with your thoughts definitely so two two ways I'm going to answer a question the first is I was lucky enough to be part of a 10 a pen test where we tested that authentication where I'm sure you've anyone's seen it you trying to set something up in your Banking and it comes up with the screen it's like put your face in the oval and then it goes a bunch of colors so that's

doing a liveness test exactly what's happening on the back end I would be lying if I told you I knew but there is something there that would prevent it from just you know facing their camera to screen and being able to fool it I think that it's a bit more sophisticated than that for now at least so from that perspective I think for now like we're okay like I don't know if it's going to stay that way the talk that I did two years ago actually focused I won't say exclusively but it definitely focused on exactly the second part of your question like impersonating someone in a meeting this is the thing is that there's and as

you saw with that Simon Cowell Elvis video is that there's been significant improvements with being able to superimpose superimpose a face in real time people are battling to do that with voice that seems to be lagging behind but I think once people get it right reliably and you can do it in real time it's it's going to be a [ __ ] show to be honest and I think that it's definitely a vulnerability and if you are interested I did speak about this quite a bit in in my talk you can find it on my website and yes so South African Banks use voice authentication as a means of authenticating yourself when you call through to the call center

so it's in my opinion it's definitely a problem and sometimes that happens like without you granting like what is the word consent for them to use your voice as a authentication means

two questions the best point is that we've seen the the series to capture sorry the BD series The capture no children watching videos

I Have Nots but I mean this is such a huge topic when I started looking into this a couple years ago I kind of thought it was going to be a I mean insulting to say easy but I didn't think it was small I just didn't realize um how big this is and how many aspects there are to it so I appreciate people in Q A's telling me about things that I hadn't seen or wasn't aware of and there was a question in the front chair as well

I think so I was just thinking that we were talking a lot about politics

and it seems to me that we need some sort of Auditors of the truth um Facebook now the companies are trying to do something like that to type it in it's being failure and it's also resulted in classifying things for this information upon interestingly the code of lab being hypothesis was then but for a while then it was determined at the highest official level of the US government that might be true and then you were allowed to discuss it on please so I don't think this kind of thing inspires confidence tightening

problems and sometimes also politics reality Australian depiction we had very strange buildings like Boris Johnson you really commenting figures who would say really absurd things right obviously the nearest forest Johnson I very much um I just need to go deep to the philosophical problems that we've solve it is going to come back to us we don't need to be the ones to sound like a criticism a new place like people you know that this information is likely false exactly yeah exactly I mean and like how do you do that so I'm potentially asking the question that I don't even have an answer to like so a lot of these developments are taking place they're getting quite sophisticated they're

improving all the time who's policing that who's saying all right well this is it's okay to do this and it's not okay to do that and how do we tell people like there's no template there's no format like how do we tell people what they're seeing isn't real

releases if you ask the text generating AI for code if you actually cause a cross-site scripting we'll tell you it's doing that so the bigger question there is could it be classified things and we get to the side then so I think we're going to start seeing that especially is a thing called Avatar dot AI where you can just upload a couple of photos to you and make these beautiful photos not even you technically so if anything interesting but totally followed this great coming up you can ask a quick one but then I've got it so on that note just while you're walking there there's a website called this person does not exist.com and it's exactly what it says in the URL

so every time you refresh the page it generates a fake person so if you want to set up some kind of you know ocean profiles whatever you want to do a good place to start thank you honestly just with your own eyes there will be giveaways like in that initial Tom Cruise video that I showed you there's one frame where his face kind of like looks too big I don't know if anyone picked up on that there'll be like weird glitches like with the way his face kind of moves and you know the first time you watch it you're like huh you know Tom Cruise and Paris Hilton what is going on here and you watch it

again and you're like something just something just doesn't feel right like whenever I've given a talk or whenever I've spoken to people about security awareness it's just trust you'll get that literally don't like there will be tools and they will improve and they'll hopefully be able to tell us that these things aren't real but your gut instincts is generally the best thing to rely on thank you so this all bullets all that being sent from track two and being also legal teams house and workshop will also starting with boss 11 and then launch your 12th edition and that's on the first floor where the coffee and stuff was that's just the general announcements and being a strong seats

the organizer uh passed away a while back so we've got a kind of Memorial book at the registration area if you want to write something about it we also have the asex demo if you want to take a photo because you might see it to his family it feels quite involved in this helpful we lost them so we can sort of leave a lost in memory because it's all just solid tier time so yeah we'll see you back at broadcast later