Anna Skelton: Hi every­one. Thanks for join­ing me. As he said, this is Deepfakes, Deep Trouble: Analyzing the Potential Impact of Deepfakes on Market Manipulation. My name is Anna Skelton and I am hap­py as heck to have y’all here with me today.

So, start with a lit­tle bit about me. I stud­ied glob­al secu­ri­ty and intel­li­gence stud­ies in a lit­tle school in the mid­dle of the desert for nerds. I was picked up by GoDaddy ini­tial­ly. I help decide their trav­el secu­ri­ty pro­gram. And it was there that I was sent to my first DEF CON, which I went to as a com­plete and total infos­ec new­bie. I met my men­tor Mike, who gen­tly guid­ed me towards infos­ec said maybe it was­n’t as scary as I thought it would be. I was picked up by a large finan­cial insti­tu­tion into an infos­ec gen­er­al­ist role, have since tran­si­tioned into strate­gic cyber threat intel­li­gence, which I absolute­ly adore. In my free time, I like hang­ing out in my F‑150 pick­up that I’ve con­vert­ed into a camper named Harvey, or snug­gling up with my Siamese kit­ty cat Eleanor.

So, before we get start­ed, I want­ed to give a lit­tle bit of infor­ma­tion on how I’m going to be deliv­er­ing this talk. so, I believe that the bar­ri­er to entry for new top­ics in infos­ec should be low­er. I know that some of you in this room prob­a­bly def­i­nite­ly know more about this than I do, but some of you may not know any­thing at all. So when I explain things I’m going to do so first in a very tech­ni­cal way, and then I’m gonna go over it again in a lay­man’s way. In my expe­ri­ence, even if you’re real­ly com­fort­able with the mate­r­i­al, hear­ing it explained in a dif­fer­ent way can help shift and mature your per­spec­tive.

So you’ll find that this talk is very lin­ear in the way it’s laid out. We’ll start with deep­fakes, what are they? We’ll move into mar­ket manip­u­la­tion and a lit­tle bit of an expla­na­tion of the mar­kets. We’ll look at past exam­ples of neg­a­tive cyber influ­ence on the stock mar­kets. We’ll talk a lit­tle bit about my own mis­ad­ven­tures and adven­tures in deep­fake cre­ation, then we’ll talk about future pos­si­bil­i­ties and wrap up by explor­ing some solu­tions.

So let’s get start­ed. Deepfakes! It’s quite the buzz­word right now. So the tra­di­tion­al deep­fakes mod­el uses Generative Adversarial Networks to exploit human ten­den­cies. Basically two machine learn­ing mod­els, the gen­er­a­tor and the dis­crim­i­na­tor, will go head to head. The gen­er­a­tor will devel­op the videos, and the dis­crim­i­na­tor will point out and iden­ti­fy the forg­eries. And they’ll just keep going and going and going, until the dis­crim­i­na­tor can no longer detect the forgery. So we’re gonna pop on over to YouTube here for a quick exam­ple of that.

https://​www​.youtube​.com/​w​a​t​c​h​?​v​=​H​G​_​N​Z​p​k​t​tXE

So, I’ve nev­er seen The Shining, and I prob­a­bly will nev­er see The Shining. But if you had told me that Jim Carrey was in The Shining and then showed me that video I would’ve been like yeah, okay. Like I can see it, sure.

So there’s anoth­er mod­el that’s kind of being devel­oped that uses a few-shot capa­bil­i­ty. Essentially it’s com­ing out of a research team that’s a part­ner­ship between Cornell and Russia. It per­forms lengthy meta-learning on a large data set of videos and then is able to frame few- and one-shot learn­ing of talk­ing head mod­els using high-quality gen­er­a­tors and dis­crim­i­na­tors. So in lay per­son­’s terms, it just watch­es a bunch of videos of just peo­ple talk­ing, and then uses a few images of the actu­al tar­get to then cre­ate a liv­ing por­trait.

Now, I bring this up because it shows that deep­fakes, even as a con­cept, con­tin­ue to grow and devel­op, right. So we’re not see­ing that just what we know now as deep­fakes is where it stops. This is going to con­tin­ue to devel­op as time goes by. Now we’ll pop back over to YouTube for anoth­er exam­ple of that.

https://​www​.youtube​.com/​w​a​t​c​h​?​v​=​P​2​u​Z​F​-​5​F​1wI

So that shows you how just one image of a paint­ing done lit­er­al­ly hun­dreds of years ago can be put into this for­mat and then come out with liv­ing por­traits that look like you know, she’s talk­ing.

And Washington’s start­ing to take notice of the deep­fake threat, right. So Marco Rubio recent­ly said that deep­fakes were as dan­ger­ous as the threat of nuclear war, right. So we’re talk­ing about some pret­ty seri­ous stuff here.

As far as the laws go, the legal­i­ty of deep­fakes, it’s kind of across the board. So, in Virginia they recent­ly passed leg­is­la­tion out­law­ing deep­fakes as part of leg­is­la­tion com­bat­ing revenge porn. In Texas there’s a law that goes into place on September 1st that out­laws deep­fakes as used in elec­tions. But, if we just keep approach­ing this threat from a state-by-state leg­isla­tive per­spec­tive, it’s going to be com­plete­ly inad­e­quate to cov­er the aggres­sive deep­fake threat. There are two pieces of leg­is­la­tion about deep­fakes in the House of Representatives right now, but nei­ther of them are gain­ing that much trac­tion. And even if they do, we all know how long and ardu­ous the fed­er­al leg­is­la­tion process can be, espe­cial­ly with a divid­ed Congress.

So let’s take a minute now to intro­duce the mar­ket. So, with­in the mar­ket you have three dif­fer­ent com­po­nents. You have the cur­ren­cy mar­kets, the equi­ty markets—which is like the stock mar­ket, and bond mar­kets, which are backed by the Treasury.

So, it would be hard for deep­fakes to impact cur­ren­cy mar­kets because they so intri­cate­ly deal with the rela­tion­ships between two dif­fer­ent nation*states. So for the pur­pose of the talk, we’re just gonna go ahead and take cur­ren­cy mar­kets out of it.

Within the equi­ty mar­kets you have the Dow Jones, which is very banking-heavy. You have the NASDAQ, which is very tech-heavy. And you have the S&P 500 which is kind of a mix of every­thing. It’s worth not­ing here that there is a trad­ing curb rule, which is basi­cal­ly a fail-safe in place. If enough sus­pi­cious activ­i­ty hap­pens, it will auto­mat­i­cal­ly halt trad­ing. That’s impor­tant; we’ll back to that.

So mar­ket manip­u­la­tion is nar­row­ly defined as arti­fi­cial­ly affect­ing the sup­ply or demand for a secu­ri­ty. So essen­tial­ly this is manip­u­lat­ing for exam­ple a stock price using mis­lead­ing infor­ma­tion about a com­pa­ny, or an indi­vid­ual, or real­ly any­thing at all. We can assume that some lev­el of mar­ket manip­u­la­tion hap­pens every day, but deep­fakes exac­er­bate the scale and risk of dam­age to the mar­ket because the mar­ket is so volatile. Today we’ll be look­ing at this from both a micro and a macro lev­el. So, at a micro lev­el we’ll be look­ing at just impact­ing indi­vid­ual stock prices. And at a macro lev­el we’ll be look­ing at the poten­tial for deep­fakes to cause a seri­ous and sig­nif­i­cant domi­no effect that caus­es sophis­ti­cat­ed dam­age.

Two disembodied white-gloved hands using puppet strings to control the shape of an arrow like those used in financial charts

I’d also like to point out this like vague­ly unset­tling pho­to that comes up when you Google Image mar­ket manip­u­la­tion.” Every time I look at it it just makes me kind of uncom­fort­able.

So, tak­ing a quick look at past exam­ples of cyber threats impact­ing the econ­o­my, you might remem­ber in 2011 when the Associated Press’ Twitter account was hijacked and a tweet was pub­lished say­ing that there had been an explo­sion in the White House and the President was injured. Immediately, the Dow Jones plum­met­ed, and the S&P 500 report­ed­ly lost $136.5 bil­lion in mar­ket cap­i­tal­iza­tion, which is the val­ue cal­cu­lat­ed by the num­ber of shares divid­ed by the price of those shares. As you can see, it quick­ly it bounced right back up. But in this case a lot of the dam­age was caused by com­put­er­ized trad­ing algo­rithms that mon­i­tor social media and news sites and then adjust stock prices based on pre­de­ter­mined rules.

You may remem­ber in April this year when there was a huge run on the Metro Bank in the UK after a WhatsApp rumor said that the Metro Bank was no longer liq­uid, and peo­ple were run­ning into the streets, lit­er­al­ly, stand­ing in line for hours wait­ing to pull out all of their mon­ey from this bank. It was all com­plete­ly a rumor but this one turned phys­i­cal. A lot of peo­ple who were leav­ing the bank were robbed, of lit­er­al­ly every­thing they had.

And even right now there’s deep­faked audio in which attack­ers are using the voic­es of exec­u­tives of large finan­cial insti­tu­tions to basi­cal­ly bul­ly lower-level employ­ees into trans­fer­ring mon­ey around into not-so-savory accounts. Already it’s been report­ed that this has tak­en three mil­lion dol­lars, and that was just at the end of June. And that’s just what has been report­ed, so you have to imag­ine that real­is­ti­cal­ly, that num­ber’s a lot high­er.

So, I’m going to take a sec­ond here to talk can­did­ly with you guys about my own adven­tures and mis­ad­ven­tures in deep­fake cre­ation. So, when I start­ed this project, I assumed the bar­ri­er to entry was like, here? [crouch­ing down and indi­cat­ing near the floor] Like, so low that lit­er­al­ly like any Joe could like walk up to a com­put­er and be like, I made a deep­fake!” right. And I was wrong. Now that I’ve gone through this process, I would say it’s prob­a­bly some­where more around like here, right? [indi­cat­ing near waist lev­el] So, it still is an acces­si­ble tech­nol­o­gy, espe­cial­ly if you have the time, the patience, and even just like an inkling of tech­ni­cal expe­ri­ence. I still think it’s a very viable threat vec­tor.

So with­in my own research I uncov­ered two schools of thought. There’s DeepFaceLab, which is an active Github repos­i­to­ry, and FakeApp, which was tak­en offline in ear­ly 2019 but is still avail­able. Interestingly, both of these have Windows depen­den­cies, and they both rely on Nvidia graph­ics cards. So I learned that if you’re using VMware, the VM can­not access the graph­ics card of the com­put­er you’re using. Which was inter­est­ing. So you need to have a sys­tem that first of all is run­ning Windows OS, and then if you don’t already have an Nvidia graph­ics card, you’d have to use an exter­nal graph­ics card. That was actu­al­ly real­ly sur­pris­ing to me.

I also ran into a cou­ple of fun legal issues when I was cre­at­ing my deep­fakes. Got yelled at by a cor­po­rate lawyer. And he said, You can only make a deep­fake of your­self.”

And I said, Lame.”

Like what, I could like lit­er­al­ly be like, I could make a video say­ing like I real­ly don’t like parme­san cheese. And then I could stand up and be like, I did­n’t say that. I would nev­er say that.” So…kept press­ing, and even­tu­al­ly con­vinced him to let me try to find some­body who works for the same finan­cial insti­tu­tion I do who was will­ing to give like, writ­ten legalese per­mis­sion that I could make a deep­fake out of them. Some of you may rec­og­nize this guy on the screen here. This is David Mortman. He runs the CFP for BSides Las Vegas. He’s been around for­ev­er. Super cool guy. And super will­ing to let me make a deep­fake of him. So that worked out real­ly well.

So, as you can see here these are my… David’s no Kim Kardashian, right. But it was a very easy Google search to go in and find two videos to extract from that fea­ture him from the head and shoul­ders up with noth­ing in front of the face. And actu­al­ly this one down here would be con­sid­ered sub­par because it does have the micro­phone but look, I was just tak­ing what I could get, alright.

So div­ing a lit­tle bit deep­er into the two dif­fer­ent schools of thought. DeepFaceLab, like I men­tioned, active Github repo. It offers three dif­fer­ent pack­ages which are depen­dent on your graph­ic card specs, and they’re avail­able for down­load on Google Drive. It’s active­ly updat­ed; last one was just in July of this year. And it’s a lot less user-friendly, right. So, as you can see from this very blur­ry screen­shot here you’re essen­tial­ly run­ning your own com­mands on the video. So it’s a much more man­u­al process. And that I think rais­es the bar­ri­er of entry con­sid­er­ably. The YouTube guides…subpar, right. Apparently, the guy who runs DeepFaceLab is just one guy in Russia? And his English is like nonex­is­tent. So he epi­cal­ly Google trans­lat­ed his entire readme. Which as you can imag­ine is…exceptional. Probably one of my favorite parts of this process. For instance, you can see down here kind of, DeepFaceLab cre­at­ed on pure enthu­si­asm one per­son. Therefore, if you find any errors, treat with under­stand­ing.” Like…I love this guy already.

But as you can imag­ine, his YouTube video that he made to guide every­body through the process does­n’t have any audio. So you can imag­ine if you’re com­ing into this as some­body who’s not used fol­low­ing along with tech­ni­cal videos that are mov­ing real­ly fast, it would make it dif­fi­cult. There are some of course where some­body has made audio for it but I was over­all not very impressed.

And then, there’s FakeApp. So, FakeApp was tak­en down in February this year. It was orig­i­nal­ly host­ed on fakeapp​.org, which has also since been tak­en down. Last pub­lished ver­sion is ver­sion 2.2. The major­i­ty of the issues I ran into with FakeApp are around this point right here. It has con­sid­er­able depen­den­cies that are very spe­cif­ic. So like I said, last pub­lished ver­sion February of this year. All the depen­den­cies it has require the exact soft­ware that was up to date in February, of this year. So for instance, CUDA. It likes it, it needs it. CUDA’s now on ver­sion like 10.1.3 or some­thing like that, and FakeApp requires CUDA ver­sion 9.7.1, with a spe­cif­ic patch set. It’s real­ly annoy­ing. Also Windows Visual Studio 2015. Exclusively.

So you can see… [laughs] Which is weird, right? Because you have to have a Windows license to get like old­er ver­sions of Visual Studio. So, that’s where I ran into the major­i­ty of my issues. However YouTube videos…impressive. It’s just a guy, slow­ly walk­ing you through every­thing step by step. Very easy to fol­low. And some of his videos rack up like 400- to 500,000 views, and they’re still get­ting views today, which means that I’m not the only one out here try­ing to get into FakeApp.

The appli­ca­tion inter­face is extreme­ly easy to use, espe­cial­ly when com­pared with DeepFaceLab’s, right. So, you can see over here you essen­tial­ly just direct it to where you want it to pull the video from, and then you click…extract.” And then you go over to the video you want it to train from, and then you click…train.” And then you get over to this tab where you cre­ate it, and you click…cre­ate.” So it’s a lot more user-friendly, and even the appli­ca­tion inter­face is so much more friend­ly than man­u­al­ly run­ning the com­mands your­self.

However, there’s anoth­er issue with FakeApp. And that is…the forum. Okay, so appar­ent­ly, I need to…figure out how to low­er my voice to say that like more intim­i­dat­ing­ly, like the forum. Something more like that. So appar­ent­ly when fakeapp​.org was still online, it had a page which was a forum where you could go and ask any and all of the ques­tions that you ran into when you were using this. And I guess it was prob­a­bly super help­ful. So now, any time that you run into an error on FakeApp, it sends you this very polite mes­sage: Check the end of the log file for details and feel free to post it on fakeapp​.org/​f​o​rum for help.” And you’re like no, I can’t.

So these are the two errors that I ran into approx­i­mate­ly fifty times each, just try­ing to get through the extrac­tion por­tion. Interestingly there are Reddit posts on both of these errors, but it’s lit­er­al­ly like one guy being like, Hey. I have this error.” And then anoth­er guy comes in and is like, Dude! Me too.” And you’re just like come on guys, like where’d you fig­ure it out? And then you remem­ber that they prob­a­bly used the forum.

So over­all, FakeApp wor­ries me way more than DeepFaceLab. So, it’s way more acces­si­ble, and what I’m con­cerned about is anoth­er FakeApp essen­tial­ly com­ing out that makes it acces­si­ble again, right. So it’s not online any­more, you have to go look for it. But what­ev­er comes out next is prob­a­bly going to be even more acces­si­ble and more easy to use.

So let’s take a sec­ond to talk about if you were able to cre­ate a real­ly high-quality, sophis­ti­cat­ed deep­fake video. What could you do? So, ear­li­er I men­tioned the trad­ing curb rule. It’s not enact­ed often, but it is enact­ed. So the last time it went into place was in China in 2016, when Chinese stocks fell 7% with­in twenty-seven min­utes of open­ing.

So, in order to get around the trad­ing curb rule, you’d either need to be sneaky enough to just slide right in under it, or you would need to cre­ate enough impact and enough dam­age that it just did­n’t mat­ter at all—even if it was trig­gered, it would­n’t mat­ter any­more.

So, to slide under the fail­safe, you could per­haps make a deep­fake video with a super neg­a­tive sen­ti­ment about a finan­cial insti­tu­tion and then pass it around even just on Twitter, even just among Twitter bots. When the trad­ing algo­rithms con­nect­ed to the Twitter API to pull the data to adjust prices based on pre­de­ter­mined rules, it would seem that neg­a­tive deep­fake sen­ti­ment and poten­tial­ly impact the price of that stock. So that’s a way that you could do it where you’re slidin’ in right under that bench­mark rule, hope­ful­ly not rais­ing too many red flags right off the bat.

If you want­ed to cause a lot more dam­age, though, you could take a slight­ly dif­fer­ent route. So, let’s start with the Dow Jones since it’s very banking-heavy. So, say you release a deep­fake video of a CEO of a large cor­po­ra­tion. It’s high-quality, and he says, Yo. My firm is no longer liq­uid.” We saw in the case of—probably not like that, though. We saw in the case of Metro Bank that this imme­di­ate­ly takes effect and even just liq­uid­i­ty issues on their own are enough to cause peo­ple run­ning into the street, pulling out their assets, and caus­ing last­ing enter­prise impact to that finan­cial insti­tu­tion.

That’s just if it does­n’t take hold in the stock mar­ket. But let’s say it does. So, next you could— So you’ve already affect­ed the Dow Jones. The next thing you could do would be to release anoth­er video, maybe even using the same CEO blam­ing a spe­cif­ic tech com­pa­ny for the dam­age caused by the first video. Now you’re affect­ing not only the Dow Jones but also the NASDAQ and the stocks that reside there. As you can see, it would not be hard for this to quick­ly spi­ral out of con­trol and the trad­ing fail­safe rule would­n’t even be able to stop it.

So, let’s talk about if you want­ed to affect the bonds mar­ket. So this would be a longer shot sit­u­a­tion because the bonds mar­ket is backed by the Treasury. You’d need to call into ques­tion the abil­i­ty of the United States to pay off its debts, right. So this would be per­haps a deep­fake video of the Chairman of the Fed, or of a high-ranking mem­ber of Congress. And what you’re look­ing to do here is essen­tial­ly pull down the the belief of oth­er nations—and even our own nation—that we can pay off our debts. And this might not sound too out of place, espe­cial­ly when you con­sid­er that the 2019 bud­get rene­go­ti­a­tions for 2020 are com­ing up this fall and they’re already rais­ing a sig­nif­i­cant num­ber of red flags. Especially with the extend­ed gov­ern­ment shut­down that hap­pened last time we did bud­get rene­go­ti­a­tions? it does­n’t seem out of place to think that some dam­age could seri­ous­ly be caused with a high-quality, sophis­ti­cat­ed deep­fake video.

So let’s talk about solu­tions. So by nature, right, deep­fakes tech­nol­o­gy exists to nev­er be detect­ed, right. You want it to be… It exists to make itself good enough—as does many oth­er AI concepts—that it can’t stand apart from real­i­ty. So in that way, you real­ly need a short-latency solu­tion. But let’s start by dis­cussing the longer-latency solu­tions just because those are actu­al­ly a lit­tle bit more built out.

So the University of Rochester has recent­ly released a study say­ing that they can use integri­ty scores to essen­tial­ly grade the videos that you see. So it would be a brows­er attach­ment and it would col­or code the video based on how much of real­i­ty it real­ly reflect­ed. There’s a start up called Amber Authentication which is using cryp­to­graph­ic hash­es to dis­cern deep­fake videos. There’s a very vague start­up called New Knowledge that for the low low price of $500,000 dol­lars says that it will pro­tect your com­pa­ny from the spread of mis­in­for­ma­tion. But that’s as spe­cif­ic as it goes and I’m con­vinced they’re not real­ly sure how they’re going to do it, either. And of course we could not get through a talk about deep­fakes with­out talk­ing about blockchain. There are sev­er­al dif­fer­ent com­pa­nies. Fatcom is one of them which is using blockchain to dis­cern between deep­faked and real videos, with var­ied lev­els of suc­cess.

But like I said, these all need videos to be online for a longer peri­od of time in order to actu­al­ly be effec­tive. And the mar­ket’s so volatile that we need some­thing that is a short-term solu­tion that can imme­di­ate­ly come into place to stop that dam­age before it hap­pens. So, as far as I’ve found the best option we have right now is just to mon­i­tor for the devel­op­ment and release of acces­si­ble deep­fake soft­ware, on both above- and below-ground mar­kets. Looking for the next FakeApp. Looking for the next thing that’s going to allow any­body with the time and the patience to just sit down at their com­put­er and cre­ate a dam­ag­ing video.

Ultimately, in order to reach these solu­tions, it’s gonna need a lot of dif­fer­ent aspects. Human review, col­lab­o­ra­tive research, col­lab­o­ra­tive shar­ing plat­forms, a whole slew of things just to be able to start approach­ing the threat. But, I think we can do it, and hon­est­ly we real­ly don’t have a choice.

So, through­out this project I was def­i­nite­ly too blessed to be stressed. And I was stressed any­way. John Seymour, who intro­duced me, was my BSides LV Proving Ground men­tor. He’s awe­some. David Mortman of course let me use his face, which I appre­ci­ate. And all of these oth­er folks were just super super help­ful as well. At the bot­tom here is my Twitter han­dle. It’s the best way to reach me for ques­tions, com­ments, qualms, or gen­er­al exis­ten­tial tid­bits, any all these things. And that’s my talk for today, so thank you all for join­ing me. Questions?


Audience 1: [inaudi­ble]

Anna Skelton: No, I haven’t. So, one of the big issues with that type of solu­tion is vol­ume issues. So if you can imag­ine you know, try­ing to apply that to every video that exists or get the right meta­da­ta to actu­al­ly reflect that and apply it to all the dif­fer­ent videos that exist, that’s where I see that poten­tial­ly run­ning into com­pli­ca­tions. I haven’t done any research on that but that’s def­i­nite­ly some­thing to look into for the future.

Anybody else?

Audience 2: [inaudi­ble]

Skelton: So, that’s a real­ly good ques­tion. On that top­ic, I am a glass half emp­ty per­son. I gen­uine­ly believe that deep­fakes will con­tin­ue to evolve faster than our detec­tion mech­a­nisms can evolve to keep up with them. Yeah.

In the back.

Audience 3: [inaudi­ble]

Skelton: I have not looked into that. I don’t know what goes into mak­ing any sort of chat­bot. That’s def­i­nite­ly food for thought.

Audience 3: [inaudi­ble]

Skelton: So, I was not suc­cess­ful in mak­ing my deep­fake. I did run out of time. I def­i­nite­ly should’ve start­ed ear­li­er. And I def­i­nite­ly did not have the right tech­nol­o­gy going into it. Like I said the Windows depen­den­cies and the Nvidia graph­ics card depen­den­cies are weird­ly like, big road­blocks. But I spent prob­a­bly six­ty to eighty hours work­ing on it. A large part of that was just weird trou­bleshoot­ing and mak­ing sure I had the right tech­nol­o­gy. If you walked in with a Windows com­put­er with an Nvidia graph­ics card you could cut off six­ty of those hours.

In the red shirt.

Audience 4: [inaudi­ble]

Skelton: That’s a good ques­tion. I would assume to some extent yes. But like I said with that guy’s ques­tion, at that point it’s a vol­ume issue as well. And anoth­er point to bring up here’s even if you can detect that a video is fake, if it’s already been seen, does it even mat­ter?

Yes, you in the glass­es.

Audience 5: [inaudi­ble]

Skelton: Well, I think we know with FaceApp being sent direct­ly to Russia, and this one guy out of Russia mak­ing DeepFaceLab, that they prob­a­bly have their own deep­fake soft­ware… That’s actu­al­ly a real­ly good ques­tion. So, when I orig­i­nal­ly start­ed this project I had to decide if I want­ed to look at it from the per­spec­tive of the nation-state, or from the per­spec­tive of per­haps a low­er tech­ni­cal capa­bil­i­ty hack­tivist group. And I ulti­mate­ly decid­ed to go at it from the low­er capa­bil­i­ty hack­tivist group. I deal with nation-states in my line of work now and I have learned that you real­ly can nev­er exact­ly guess how capa­ble they are and they’re prob­a­bly way more capa­ble than you think they are. So yeah, that’s how I chose the scope to do a hack­tivist but yeah I’m sure they have their own tech­nol­o­gy.

You and then you. In order of seat row.

Audience 6: [inaudi­ble]

So, they’re using… The tra­di­tion­al mod­el like I said is using the gen­er­a­tor and the discriminator—the tra­di­tion­al adver­sar­i­al mod­el. I don’t know a lot about mod­ule encoders so I could­n’t—

Audience 6: [inaudi­ble]

Skelton: What?

Audience 6: [inaudi­ble]

Skelton: Oh, auto encoder. I thought you were say­ing mod­ule encoders and I was like what is that?

Audience 6: [inaudi­ble]

Skelton: Right. Yeah. Yeah I think to some extent the tech­nol­o­gy is sim­i­lar. But I mean, I lit­er­al­ly came into this know­ing zero things about deep­fakes, and all I know is what I learned. So yeah, still learn­ing. Always.

Audience 7: [inaudi­ble]

Skelton: Yeah, absolute­ly. I mean, I think you know, that’s just is that the next step? You know, do they com­mer­cial­ly release that to the pub­lic or is it like…you know, when they recent­ly released the BlueKeep POC and every­one’s like Don’t do that,” and they’re like, Oh it’s only for peo­ple that sub­scribe.” But yeah. I mean, I think it’s just wait­ing to see if they’re going to release that soft­ware. I absolute­ly believe it. I think we know that they have the capa­bil­i­ty to devel­op it. But yeah, if they’ll make it com­mer­cial­ly avail­able is the ques­tion. Hopefully not.

Okay. I don’t see any more hands, so I’m gonna go ahead and say thank you all for join­ing me today, and I hope you enjoyed it.

Further Reference

DEF CON 27 event page

AI Village at DEF CON 27 event page


Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Cash App, or even just sharing the link. Thanks.