Dubai: Deepfakes, or highly convincing, computer-generated manipulations intended to trick people, are on the rise in the Middle East, according to experts. They also warn that increasingly sophisticated attackers are targeting e-commerce sites with greater frequency.
Described by experts as the next battleground for fake news, deepfakes use artificial intelligence to mimic people’s faces and voices. This allows hackers to make politicians and celebrities appear like they are saying things that they are not, in a manner that is indistinguishable from reality.
There are fears that these sophisticated fakes could be used to incite violent protests if applied to politicians and other leaders.
“It doesn’t even have to be sophisticated,” said Ziad Nasrallah, a principal at consultancy Booz Allen Hamilton, citing a statistic that suggests 63 per cent of young Arabs get their news from Twitter and Facebook.
“Imagine how vulnerable they are to fake news,” he added.
Booz Allen earns billions of dollars by working for global intelligence agencies, including the US-based National Security Agency (NSA).
Nation-states around the region would use that fertile breeding ground to spread misinformation, Nasrallah said, targeting political parties, companies, and other countries.
Simple fake news, such as recycling old videos for new purposes, was “very easy to do,” he said, but deepfakes would require more work.
The executive admitted that he had yet to see any credible uses of deepfakes in the region, but cautioned people to remain vigilante, as “both state-sponsored and cybercriminal entities are refining and deploying tactics, techniques, and procedures to manipulate public opinion, influence decision-making processes, and damage companies.”
Elsewhere, Nasrallah warned that cybercriminal organisations were constantly looking for new ways to monetise the theft of sensitive information belonging to private sector companies and customers, an especially large market since the ascendance of e-commerce.
In April 2018, Careem, a regional ride-hailing service that last month was acquired by rival business Uber for $3.1 billion (Dh11.39 billion), announced that unknown threat actors accessed the data of an estimated 14 million customers.
“The successful attack is just the latest in a growing list of cyber attacks,” Nasrallah said, “that demonstrates not only cybercriminals’ sophistication but also a growing interest in targeting and breaching organisations in the MENA region.”
“It is important to ensure that databases are properly secured and encrypted…to protect payment management systems and data repositories.”
Employee mistakes continue to be the most significant threat to sensitive data in the Middle East at 67 per cent, according to research conducted by nCipher Security, higher than the global average of 54 per cent. The second highest threat came from temporary or contract workers at 33 per cent.
Critical national infrastructure, too, was under threat, according to Nasrallah.
“Anything that will have an adverse effect on the economy or society [is a viable target],” he said. This included electricity grids or the water supply.
“We encourage nations to have the right regulations in place to protect themselves.”
Asked if he thought the region’s legal frameworks for dealing with cyberattacks were lagging behind the rest of the world, Nasrallah said that governments would likely move towards more stringent penalties data breaches.
“Everyone recognises that laws need to be updated much quicker than they have done…What you might see more of is a lot more enforcement,” he said. “A lot more fines.”