[HN Gopher] How Underground Groups Use Stolen Identities and Dee...
___________________________________________________________________
How Underground Groups Use Stolen Identities and Deepfakes
Author : rntn
Score : 102 points
Date : 2022-09-28 09:35 UTC (13 hours ago)
(HTM) web link (www.trendmicro.com)
(TXT) w3m dump (www.trendmicro.com)
| egberts1 wrote:
| Been using fake photo for some time.
|
| Because I am too ugly.
| imwillofficial wrote:
| You are beautiful and unique. I'll fight anyone who says
| otherwise.
| joshxyz wrote:
| Are you his mom lol
| BrainVirus wrote:
| Mark my words: this narrative will be used to deepen global
| surveillance, further centralize our communication systems and
| greenlight various large-scale manipulations (e.g. censorship).
|
| Kind of like 2FA is currently "solved" by requiring mobile
| numbers instead of something like Ubikey, even though SMS is
| insecure and awful for privacy.
| prottog wrote:
| No doubt that's what will happen, although it's clear to me
| that less centralization, not more, would be better for
| countering this sort of stuff.
| verisimi wrote:
| But you are accepting the narrative. To me, these stories are
| akin to 'parallel construction' - they provide the
| justification for the implementation that our overlords have
| _already determined_ would be expedient for their goals. This
| way of looking at things simplifies understanding of the news
| we are presented with. So: what is required by the
| technocracy?... aaand here 's the news story/stories to
| support that. The presented reality is not unfolding
| naturally (if it even occurred).
| sjsdaiuasgdia wrote:
| I hope you occasionally consider the opposite perspective.
| Starting with a predetermination of conspiracy is just as
| bad (actually worse, IMO) as starting with a
| predetermination of honest behavior.
|
| Alex Jones used the same reasoning to declare the Sandy
| Hook shooting a false flag intended to move the
| conversation about gun control. I encourage you to watch
| the coverage of the ongoing hearing where the very real
| people who lost their very real loved ones are testifying.
| verisimi wrote:
| It's beyond conception I guess that some trials are
| actually made for television events.
| sjsdaiuasgdia wrote:
| Is it also beyond conception that it isn't?
| meghdeepr wrote:
| How is that the case ? How can SMS be exploited?
| lcnPylGDnU4H9OF wrote:
| SMS, as well as app-based TOTP, are commonly phished (even
| with automated processes in some cases). SMS in particular is
| vulnerable to a SIM swap as well.
| the_snooze wrote:
| Crooks can trick cell carriers' under-resourced customer
| support reps into transferring your phone number to a
| different SIM card. https://www.issms2fasecure.com/
| c0mptonFP wrote:
| One minor correction: mobile numbers are used for spam and bot
| prevention.
|
| You can't have a discord or signal account without a valid
| phone number. Think about that for a second.
|
| But yeah, not being able to use proper 2FA devices annoys the
| bejeesus out of me
| rejectfinite wrote:
| No need to phone verify for Discord. SERVERS can turn it on
| as a requirement. to prevent spam probably.
| prox wrote:
| My discord is fine without a phone number.
| WilTimSon wrote:
| The first part certainly raises the question of why ads are so
| poorly monitored. Having deepfaked celebrities promoting any
| product, even a legitimate one, should not be legal. It's
| misleading at the very least.
| Tangurena2 wrote:
| So far, ad networks/platforms don't care as long as the check
| clears.
|
| I think the lack of action with FaceBook & Cambridge Analytica
| shows exactly where this is going in the future.
| btbuildem wrote:
| Most likely because it's the advertising dollars that pay for
| 80% of the internet.
| BeFlatXIII wrote:
| People who buy based on celebrity endorsement earned their
| fate.
| lazide wrote:
| Everyone involved would rather get paid than slow things down
| over minor details like legality or it being misleading, at
| least until it becomes a scandal.
|
| So far it isn't common enough to be a scandal.
| samename wrote:
| This made me think of one of the top posts yesterday:
|
| > Someone is pretending to be me
| https://news.ycombinator.com/item?id=32996953
|
| It would be trivial to create a deepfake model to represent the
| author in interviews and meetings. If your picture is available
| online, anyone could pretend to be you. Pretty scary.
| laserbeam wrote:
| I always wondered. Does anyone actually know of legitimate useful
| applications of deepfakes (and related AI tech that manipulates
| videos)? All I can think of is lipsyncing translations of
| shows/movies (and to be honest, that's at best a gimmick).
|
| I see dozens of problematic uses of the tech everywhere in the
| news. But, other than "it's cool that we can do this" demos, I
| have not yet seen 1 application of this that I'd actually want.
| SapporoChris wrote:
| With mature deep fakes you could theoretically select your
| favorite actors for whatever you want to watch. This could be
| done at the studio level, hiring cheap actors for the manual
| work and then using deepfakes to replace with big name actors.
| It could be done after production by the consumer. Both methods
| could possibly be done legitimately although proper payment and
| credit for acting would be a nightmare.
|
| I don't endorse the idea, but it with the correct
| implementation it could be a legitimate use.
| laserbeam wrote:
| Probably right. Can definitely save some production costs at
| times, even though you'd prefer the actor to be there. And I
| believe deep faking actor faces over stunt crew faces is a
| thing sometimes.
|
| You could still get a movie shipped without using the tech
| tho. Feels slightly gimmicky, but legitimate indeed. Cheers!
| PoignardAzur wrote:
| There was recently a case of this in a recent video of Joueur
| du Grenier (a French video game Youtuber).
|
| They couldn't quite him on set on time for a particular
| scene, so at some point some guy on set said "Hey, this guy
| is roughly the same build as the JdG, why not have him put
| the costume for this scene and stand here, and deepfake the
| JdG's face later?". It's still a bit visible in the video
| though.
| langitbiru wrote:
| Deleting f-words from a movie (post-production editing):
|
| https://www.breitbart.com/entertainment/2022/08/12/lionsgate...
| laserbeam wrote:
| Alright I agree. Sounds like a realistic use.
|
| Still feels like a gimmick. Particularly because most of the
| value you get out of processing the audio, not the video. And
| video is the part of deepfakes that I feel never should have
| been developed (but was inevitable, someone was eventually
| going to make it happen).
| autoexec wrote:
| I'm not sure censorship is a better use of the tech. In terms
| of hollywood films I imagine it might be used to help make
| stunt/body doubles less obvious though
| nyokodo wrote:
| > legitimate useful applications of deepfakes
|
| De-aging actors such as Luke Skywalker in the Book of Boba
| Fett.
| laserbeam wrote:
| Dang! I missed that. On point. I never thought of that as
| "deepfake" but the tech is definitely related and I think you
| are right.
| btbuildem wrote:
| Making fake FB accounts -- they have an identity verification
| stage IIRC, not sure if it's a static photo or a short video
| clip these days.
|
| If you need to access the walled garden but would prefer to
| keep your identity from them, thispersondoesntexist + deepfakes
| could be one way to do it.
| djohnston wrote:
| Does anyone have pointers to the forums where these services are
| discussed?
|
| Blackhatworld is the only one I know of, any others?
| from wrote:
| xss.is exploit.in if you don't speak Russian you will probably
| have a hard time.
| prox wrote:
| Why is it so Russia dominated? This was also visible in the
| article. Any particular reason or just coincidence?
| from wrote:
| I'm not Russian but it's probably a combination of being a
| high IQ technically savvy country, having law enforcement
| that doesn't care as long as the victims are foreign, and
| an opportunistic mindset many people got in the 90s.
| GameOfFrowns wrote:
| Always thought that Blackhatworld was just a forum about
| unethical SEO.
|
| There used to be raidforums as a big one before being seized by
| LE but it's not hard to imagine that another forum sprung up to
| fill the void that RF left behind.
|
| Krebsonsecurity blogs about transactions on some of these
| (often in Russian language) forums although I don't know if he
| mentions them by name.
| shiftpgdn wrote:
| Breached.to is the replacement domain, FYI.
| jason-phillips wrote:
| Telegram, discord.
|
| Don't expect HN-level discourse though, it's a mess.
| djohnston wrote:
| What's the discovery process for these channels? The only way
| I've found useful discords/telegram channels is word of mouth
| from people I know IRL.
| zoover2020 wrote:
| That is exactly how it goes. More often, it is also hidden
| on deep web forums.
|
| Typically, there are different tiers and the higher your
| reputation, the more content and channels you have access
| to.
| Tangurena2 wrote:
| This is one of the "new" ways that stolen identities are used.
|
| About a decade ago, there were a number of raids by Immigration
| on meat packing plants across the Midwestern US. What kicked the
| raids off was when one Hispanic woman who worked at Immigration
| was being dinged by the IRS for not paying some $160k in
| delinquent taxes. Upon investigation, it turned out that her name
| & SSN were being used simultaneously by more than 50 different
| workers in the meatpacking industry.
|
| Several newspapers in the Denver metro area reported on the
| raids. Some of the raids happened in Greeley [0]. I remember one
| of the papers reporting that the only signs in English in the
| entire plant were the emergency Exit signs over doors. Also
| mentioned in the papers were that a valid name & SSN combination
| was worth about $50 if the name was Hispanic, and about $5
| otherwise. Some of the name & SSN combinations were used
| simultaneously more than 100 times, with some repeats being at
| the same employer simultaneously. Several of the companies raided
| by Immigration knew that the workers were in the country
| illegally but didn't care as long as the name & SSN combo made it
| through some verification process [1].
|
| Notes: 0 - Greeley is about 60 miles north of Denver. When the
| wind is "right", one can smell the feedlots. Normally, when you
| drive out of the mountains, you can see a huge brown cloud
| floating over the Denver metro area. When the wind is "right",
| you can see a sharp termination of that cloud. The chemicals in
| the cloud (mostly nitrates and nitrites from exhaust) react with
| the chemicals from the feedlots (mostly ammonia from cow urine &
| feces) to form ammonium nitrate (frequently used in fertilizer &
| explosives) to precipitate out of the air (leaving clear sky).
|
| 1 - This clip from _Hogan 's Heroes_ displays the willful
| ignorance. https://www.youtube.com/watch?v=HblPucwN-m0
| KirillPanov wrote:
| > Upon investigation, it turned out that her name & SSN were
| being used simultaneously by more than 50 different workers in
| the meatpacking industry.
|
| How the fark does the IRS not notice when a single SSN gets
| W-2s from 50 different employers, each with a different payee
| name?
|
| All this stuff is completely computerized. Unlike tax returns,
| it is no longer possible to file W-2s on paper. You must file
| them electronically.
| toast0 wrote:
| >> her name & SSN were being used
|
| > each with a different payee name?
|
| Everyone was using the same name. There's no rule that says
| you can't be on 50 different payrolls.
| Unselect6889 wrote:
| Interesting! That reminds me of a similar arrangement I dealt
| with in Fast Food.
|
| Back in 2008 I was working at a Wendy's where the majority of
| the staff would routinely "resubmit" their applications. I
| don't know the intricacies of the process, but the way it was
| explained to me was roughly something like this:
|
| 1) Illegal fills out application using a fake SSN
|
| 2) (Physical) Paperwork gets reviewed by manager, to make sure
| everything is filled out. Wait on sending it until they are
| bugged by corporate to submit the "new" employee applications
|
| 3) Send it to corporate
|
| 4) Corporate goes through a stack of however many "new"
| employee applications they have received across the region.
| Let's assume it's 10,000+
|
| 5) After corporate reviews the "new" employee applications,
| they gather up the names and SSNs, which are sent off to some
| sort of verification system
|
| 6) An error is thrown out and sent back to corporate saying
| that the name and address doesn't match the SSN provided.
| Corporate waits to send this information for a few days/weeks,
| depending on how many they are processing at a given time
|
| 7) The store receives a rejection notification sometime later
|
| 8) Wait about 1 week or so until corporate starts complaining,
| return to step 1
|
| Some of the guys I was working with had gone through this
| process for - no joke - at least 2 to 3 _years_. Since they
| were continually seen as "new" employees, there was no sort of
| issue with firing previous employees or anything like that. It
| also didn't hurt that different information was being provided
| each time. After all, corporate had no way of claiming that
| Jose Guzman at 123 fake street, with SSN 123-45-6789 was the
| same Jose Guzman at 123 fake street, with SSN 987-65-4321,
| since they didn't want to be accused of racism.
|
| It wasn't so much a problem to be resolved, as it is a
| "discrepancy" to be "corrected". The only _correction_ needed
| was to have the "new" employee resubmit their application.
|
| On a side-note, I'm not exactly sure how any of this worked,
| but it also led to the "new" employees making about $3 per
| hour. I accidentally left a paycheck out at one point, and one
| of the Spanish guys saw it and flipped out, yelled to the other
| guys, and they all started flipping out too. I guess they were
| under the impression that minimum wage was whatever the
| managers told them it was? I felt bad for them, in a way, since
| they were working extremely long days, but they were also not
| paying any taxes, sleeping on the job, and would flee the
| country once their home was built back in their home country.
| Basically, they were treated poorly, but they were also
| standing to save up about a full decades worth of money by
| stealing from the country they broke into illegally. I don't
| really hold any hostility over them doing that, I just don't
| hold much sympathy either.
| excitom wrote:
| You lost me at "stealing from the country they broke into
| illegally." I see people working hard to try to improve their
| and their families' lives.
|
| Surely the employer is deducting for income tax, SS tax, and
| medicare tax from their paychecks, and they will not see an
| income tax "refund" next April nor will they ever collect SS
| nor Medicare benefits.
|
| And if the employer is _not_ making these deductions then who
| is doing the "stealing" exactly?
| imwillofficial wrote:
| The people not paying the taxes after committing tax fraud?
| Also all the corp employees who facilities this fraud.
| lazide wrote:
| Wage workers generally have taxes withheld involuntarily,
| at least unless someone makes them manually override it.
|
| Interestingly, that seems to trigger the taxman to start
| looking, which is when folks get busted. It's in some
| mentioned anecdotes and articles here.
|
| Even more interesting? If they instead just abandon the
| withheld taxes, no one seems interested in actually
| fixing the problem.
|
| It would be trivial to mandate employers do _realtime_
| submissions of the employment eligibility paperwork for
| instance, but it's actually illegal to send it to anyone,
| or attempt to do anything more with that information
| (like have a service somewhere that tracks these things
| and notifies employers of obviously invalid cases like a
| SSN being used across 5 states for 50 different job
| applications at different employers at once).
|
| A cynical person would say it's because as long as the
| people who need to be paid are getting paid, unskilled
| labor is cheap and easy to scare/boss around, illegal
| immigration is not actually a _problem_ , but an
| _opportunity_ for them.
| 1659447091 wrote:
| Wouldn't it put them in tax exempt bracket if they are
| making $3/hr? Not an accountant so really not sure about
| these things, but thought under a certain amount, you
| don't pay taxes.
| throwie_wayward wrote:
| that's a fine example of capitalism driving costs down and
| making things cheaper.
| pwillia7 wrote:
| I don't think it's the employer's legal duty to verify the
| validity of the SSN, just that it is provided. That kind of
| makes sense but it's a shame we have no system to actually
| validate that. It's probably on purpose so we can have
| immigration and workers for the jobs American's don't want to
| do but not seem like we're pro immigration on the political
| front
| autoexec wrote:
| I don't think it's unreasonable to expect employers to not
| hire tens or hundreds of people using identical names and
| social security numbers. If it can be shown that an employer
| knew, or reasonably should have known, that they were
| employing illegal immigrants we should be throwing the book
| at them with full force.
|
| There are no jobs that Americans don't want to do. There are
| only jobs that Americans don't want to do at exploitative
| wages.
___________________________________________________________________
(page generated 2022-09-28 23:01 UTC)