Summary:
Security Researchers at IProov, a biometric threat intelligence service, have urged customer-facing businesses to improve their verification checks after they uncovered a large-scale identity data farming operation conducted by an unnamed underground group on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks. However, iProov states that some of these images and identity documents may have been willingly provided by the data subjects in exchange for some sort of financial incentive.

Security Officer Comments:
Underground cybercriminal services like this present a difficult challenge to organizations and defenders that use visual confirmation to verify customers’ identities. Detecting these fake documents can be challenging, but another layer of difficulty is added when individuals willingly compromise their identities for short-term financial gain, adding misused genuine documents into the mix. By selling their identity documents and biometric data, people risk their own financial security as well as provide cybercriminals with effective ammunition to perpetrate sophisticated impersonation fraud. Pair this illicit activity with the increasing use of AI-powered deepfakes and it will be difficult for organizations to avoid letting some of these fake or misused identities through the cracks of their security posture. With the DPRK’s increasing use of fake IT worker identities to compromise systems and commit financial theft, it would be unsurprised to learn many of these nation-state APT groups utilize these services offered within the cybercriminal ecosystem.

Suggested Corrections:

• Mastering Skepticism:
  • Question Everything: Always ask who created content, what their agenda is, and if it seems too good/bad to be true.
  • Fact-Check: Verify information from multiple sources including reputable news outlets and experts.
  • Spot Inconsistencies: Look for unnatural movements, lip-syncing mismatches, or strange lighting in media.
  • Use Reverse Image Search: Upload suspicious images to tools like TinEye or Google Image Search.
• Deep Dive into Digital Deception:
  • Utilize Forensic Tools: Access specialized software to analyze pixels, audio frequencies, and technical aspects.
  • Consult Experts: Seek assistance from fact-checking organizations or cybersecurity professionals for harmful deepfakes.
  • Join Online Detective Communities: Participate in forums dedicated to debunking deepfakes and share findings.
• Build Defenses:
  • Be Mindful of Sharing: Avoid spreading misinformation by verifying content before sharing, especially on social media.
  • Strengthen Online Presence: Use strong passwords, enable multi-factor authentication, and limit personal information online.
  • Support Ethical AI Development: Advocate for ethical guidelines and regulations to prevent misuse of deepfake technology.

Link(s):
https://www.infosecurity-magazine.com/news/major-biometric-data-farming/

https://www.businesswire.com/news/home/20241223578781/en/iProov-Discovers-Major-Dark-Web-Identity-Farming-Operation