Forbes article: Hackers target IT companies with deepfakes

While identity theft has been a favorite tool of financial crime fraudsters for many years, the emergence of deepfakes and advanced AI now makes detection increasingly challenging.

However, hackers have discovered something new, targeting IT firms in Central and Eastern Europe, bombarding them with fabricated resumes. Behind the faces of the candidates, however, are fraudsters from the Chinese-North Korean border testing the capabilities of HR departments in verifying the identities and credentials of applicants.

Photos from social media

HR professionals have previously encountered fraud. Usually, it involved the 'ordinary' embellishment of skills in resumes, which an experienced worker would uncover during a single call. But what kind of problems is a group of Chinese-North Korean hackers currently causing them?

Let's say, in response to a software company job offer, a programmer named Denys Emil applies. A man with Asian features, a citizen of Denmark, where he also obtained relevant education at a renowned university. He has a successful career history and possesses the skills required for a senior developer position.

On his professional profile on LinkedIn, he last boasted a photo from a company dinner party. The employer expresses interest, and Denys, as part of the process, uploads his identity documents.

None of this, however, is true. The company dinner party never took place, and the documents are fake. Denys does not have Danish citizenship, nor is his diploma real. In reality, he does not even exist. This is not a scenario from a detective story, but a real case from a recent recruitment in a Czech IT company.

“In this case, there was a red flag when the candidate used two versions of the same identity document, with slight differences on it. Upon closer inspection, we stumbled upon a network of fake accounts on LinkedIn. This led us to the discovery of an organized group of fraudsters, which we localized on the borders of China and North Korea," explains Donal Greene, CEO of Trustmatic, a Slovakia-Irish startup based in Bratislava and an expert in digital identity verification.

The Slovakian-Irish startup based in Bratislava found that in response to job offers, a Slovak ID card with a false identity was also used in a similar manner. As Greene further explains to Forbes, in this case, it involved the creation of a synthetic identity, meaning the face likely belongs to one of the hackers, and the biographical details are fictitious.

On the other hand, there is also a scenario in which the theft of real people's identities can occur. This attempt was discovered in cooperation with the online background screening platform SCAUT. Trustmatic's technologies identified the threat and the case was taken over by analysts from the startup SCAUT, which focuses on applicant screening.

"It is entirely possible and relatively easy to use a photo from someone's social media to create a fake ID. This is one of the common and most frequent vectors of attack," says the CEO.

Unknown motive

The new phenomenon has not yet been sufficiently explored. Therefore, experts, for the most part, can only speculate about the motives of the perpetrators.

"On the one hand, it could be about obtaining remote jobs with European salaries, while the work is actually being carried out in China by low-wage workers. On the other hand, it could be industrial espionage, where these groups steal companies' intellectual property, attempt to replicate it, and sell it," Greene speculates about possible motives.

Carrying out such espionage is not difficult at all. There are freely available tools on the internet that can generate a wide range of documents, including identity cards, for just a few dollars. Along with rapidly developing tools for digitally generating photos, almost nothing stands in the way of creating a fictional identity.

Weak spots

On the other hand, it is not surprising that fraudsters target weak points. According to a report from Eurostat, more than 60 percent of companies in the EU had trouble finding qualified professionals in the field of information and communication technologies last year. As a result, tightening security protocols during recruitment was not a priority, making this area an attractive target for attackers.

"Compared to countries like Mexico or the Philippines, the rate of identity theft or forgery-related crimes is currently minimal in Slovakia.  Our first customers came from Mexico and the United States. Today, we have clients in ten countries, the majority of whom are dealing with protection against financially motivated activities," describes the founder of the startup. He adds that their solution can identify 13,000 different documents from 248 countries and territories.

Investments and a growing market

This growing trend is also reflected in the size of the market for new digital technologies. According to a report by BCC Research, this will be reflected in the development of the global market for identity verification technologies.

Its value is currently rapidly increasing. While it was estimated at 7 billion euros in 2021, it is expected to grow to 16 billion euros by 2026. That is why Trustmatic is so interesting to investors.  Specific steps have already been taken by the Slovak fund Neulogy Ventures and an angel investor from Silicon Valley, who together invested 300,000 euros in the Slovak startup.

Disclaimer: This is an article written by Simona Gulisova for Forbes Slovakia. The text was translated into English. Original interview is available on https://www.forbes.sk/hackeri-utocia-na-it-firmy-pomocou-deepfake-bunku-z-cinskych-hranic-odhalil-startup-z-bratislavy/.

*Listen to our latest podcast by PeakIDV where our CEO Donal Greene shares his journey of building a startup from scratch in the digital identity industry.