At a glance.
- Human ability to detect deepfaked voices.
- Data breach at UK's Electoral Commission may represent a Russian attempt to disrupt British elections.
- Meduza was removed from, then restored to, the Apple Podcasts platform.
- Moscow's campaign against VPNs.
- More challenges to narrative control: airborne casualties.
Human ability to detect deepfaked voices.
Can humans distinguish deepfaked from authentic voices? Sometimes, about 73% of the time, but the remaining 27% is large enough to make researchers uneasy. "We presented genuine and deepfake audio to n = 529 individuals and asked them to identify the deepfakes," investigators Kimberly T. Mai, Sergi Bray, Toby Davies, and Lewis D. Griffin wrote in the abstract of their report. They used two unrelated languages in their study. "We ran our experiments in English and Mandarin to understand if language affects detection performance and decision-making rationale. We found that detection capability is unreliable. Listeners only correctly spotted the deepfakes 73% of the time, and there was no difference in detectability between the two languages. Increasing listener awareness by providing examples of speech deepfakes only improves results slightly. As speech synthesis algorithms improve and become more realistic, we can expect the detection task to become harder. The difficulty of detecting speech deepfakes confirms their potential for misuse and signals that defenses against this threat are needed."
Eduardo Azanza, CEO of Veridas, offered some perspective on how voice deepfakes might augment fraud. “Voice deep fakes pose a danger to digital transactions as hackers leverage this technology to increasingly breach systems with the goal often being monetary gain," Azanza wrote in an email. He does see a role for technical tools in recognizing such deepfakes. "However, as we learn to use tools such as AI to combat these threats, we can begin to implement safeguards to ensure ethical use in most cases.
"Current toolsets such as modern AI can use sophisticated algorithms to evaluate the authenticity and 'liveness' of a voice or face presented for access or authentication. These algorithms aim to catch inauthentic biometrics, including deepfakes, and ensure that the biometric data comes from a living and present individual. While the effectiveness of those algorithms varies, they can provide a means to crosscheck samples that would be challenging for humans to disprove.
"For buyers of security solutions, the experienced already rely on the National Institute of Standards and Technology (NIST) to ensure the biometric components of their security solutions are accurate and reliable. These NIST evaluations reveal major performance disparities between the best-in-class algorithms and the rest of the pack. Banks and fintechs should be leveraging NIST results when building a tech stack. But as biometric fraud techniques advance, NIST should not be the only third-party certification used to validate an algorithm. IBeta Laboratories serve as a complementary third-party evaluator, testing against deepfakes to ensure the liveness detection capabilities of biometric solutions. While certifications and evaluators are not required, we advise businesses to utilize these practices as it will establish a routine of cross-checking all information on the internet.”
These tools, of course remain a work in progress.
Report: Data breach at UK's Electoral Commission may represent a Russian attempt to disrupt British elections.
The Telegraph reports that the ransomware attack and attendant data breach at the UK's Electoral Commission may have been directed by Russian intelligence services and intended to disrupt British elections. While the incident was detected in October of 2022, the Electoral Commission only yesterday issued a public notification of the attack. Considerable personally identifying information was exposed, and, as is often the case with Russian operations, it will be difficult to distinguish conventional cybercrime from cyberespionage and state-directed influence operations. But since the incident's disclosure earlier this week, there's been informed speculation (reported by the Guardian) that the personal data exposed could be used to develop highly targeted disinformation campaigns.
Meduza was removed from, then restored to, the Apple Podcasts platform.
Meduza, an independent Russian-language news service operating from Riga, Latvia, said Friday that Apple removed Meduza's flagship podcast "What Happened" from the Apple Podcasts streaming platform. What Happened focuses on news affecting Russia, and Meduza isn't particularly sympathetic with the Russian regime. Apple's suspension notice read, "We found an issue with your show, [What Happened], which must be resolved before it’s available on Apple Podcasts. Your show has been removed from Apple Podcasts." Meduza says that no further explanation was offered, but the outlet says that it was effectively outlawed by Russia this past January, when it was designated an "undesirable organization."
According to Meduza, Roskomnadzor, Russia's Internet governance authority, complained to Apple about Meduza earlier this summer, and Meduza believes that Roskomnadzor's complaint may have prompted the suspension. Whatever the cause, the ban was short-lived. Meduza wrote in a Sunday update, "Two days after it was removed, 'What Happened' is again available on the Apple Podcasts streaming platform. Apple did not provide a reason for suddenly removing and restoring the podcast."
Moscow's campaign against VPNs.
The UK's Ministry of Defence described the Russian government's renewed campaign against virtual private networks. "Over the last week, the Russian authorities have likely increased their ongoing efforts to disrupt Russian citizens’ access to Virtual Private Networks (VPNs). Reports suggest many of the most popular VPNs have become unusable in some regions of Russia. VPNs allow users to obfuscate their access to the internet, to maintain privacy, and to bypass state-imposed censorship."
The point of the renewed campaign against the already outlawed VPNs is tighter control of domestic information. "VPNs are hugely popular in Russia, despite being illegal since 2017. They allow users to access objective international news sources, including about the war in Ukraine. VPNs likely represent the greatest single vulnerability within the Russian state’s attempts at pervasive domestic information control. As well as increased technical disruption, the Russian state has also launched a public information campaign, attempting to scare citizens into avoiding VPNs by claiming they put their personal data at risk." That technical action against VPNs is accompanied by a public affairs effort suggests that Moscow recognizes that the technical measures are unlikely to be fully effective.
More challenges to narrative control: airborne casualties.
Sunday morning the British MoD reviewed last week's apparent misstep by a senior Russian army officer. "The annual celebrations of Russia's Airborne Forces (VVD) Day on 2 August 2023 have been overshadowed by an apparently unsanctioned disclosure of the scope of the casualties the elite force has suffered in Ukraine. In a recorded address for VVD Day, the VVD's Commander-in-Chief General Colonel Mikhail Teplinsky said that 8500 paratroopers had been wounded and later returned to duty or had refused to leave the front lines at all.
"The video was quickly deleted from the Russian MoD’s official channels. He did not comment on how many troops had been killed or were too seriously wounded to return to duty. The video was quickly deleted from the However, extrapolating Teplinksy’s figures endorses the assessment that at least 50 percent of the 30,000 paratroopers who deployed to Ukraine in 2022 have been killed or wounded."