By: Jeremy Bash and Michael Steed
The takeover of several high-profile Twitter accounts last week wasn’t your run-of-the-mill cyberattack designed to steal personal data or penetrate IT networks. It was likely the first “deep fake” on a mass scale — an effort to hijack the online persona of prominent public figures, from Bill Gates and Barack Obama to Jeff Bezos and Joe Biden, and replace those trusted public messengers with the messages of the hacker.
The motive of this particular hack was apparently financial; hackers urged social media followers to send bitcoin to accounts controlled by criminals. (The criminals got more than $100,000, and the FBI is now investigating.) But it could have also been a dry run to see how easy it was to hijack the mechanism most leaders use to communicate with the public.
In a national crisis, social media platforms such as Twitter, Facebook and Instagram are crucial tools for leaders to communicate with the public, particularly if government platforms are themselves attacked.
The national security implications of deep fakes have been identified for years by intelligence agencies and congressional committees. But most of those reviews have centered on doctored videos. One research team at MIT’s Center for Advanced Virtuality created an altered version of President Nixon’s 1969 speech about Apollo 11 in which Nixon is seen to announce the crash of the lunar mission — which of course didn’t happen but illustrates the power of advanced technology to rewrite history.
Imagine if a nation state or terrorist organization were able to hack President Trump’s Twitter feed and send out messages indicating that the U.S. was going to strike China imminently. We’d be off to the races headed for global conflict. As the old adage goes, the lie is half-way around the world before the truth gets its boots on. Undoubtedly, America’s premier national security agencies are wargaming such frightening scenarios.
But this episode also illuminates a harsher reality: That in the age of COVID, cyber is our nation’s Achilles’ heel. Nation states such as Russia and China are reportedly trying to steal our vaccine research via cyberattacks. And as we rely more on Zoom and the internet for work, school and our day-to-day living, a crippling attack on those systems could cause the work of many businesses, schools and government agencies to screech to a halt.
Most concerning are the deep fakes that could occur around the 2020 presidential campaign and election, particularly as voting patterns shift due to COVID restrictions. Messages about polling places, voting methods (mail-in, etc.) and whom to vote for are already ripe for disinformation campaigns from our adversaries looking to sew chaos. But imagine a deep fake campaign in which the voices Americans trust – governors, state officials, prominent community leaders, faith leaders, veteran journalists – are hijacked and swapped out for alternative messages. A campaign to trick voters into casting their ballots incorrectly – or at the wrong place or time – could disenfranchise large numbers of Americans.
Congress and the executive branch must work urgently to prevent deep fake cyberattacks in the run-up to the election. Specifically, Congress should implement the recommendations of the bipartisan National Cyberspace Solarium Commission. Many of its recommendations are before Congress now as it considers the annual defense bills.
One recommendation in particular would be to strengthen the bipartisan, independent Election Assistance Commission (EAC), which is charged with informing the public about how and where to vote.
Congress should enact the Cyberspace Solarium’s recommendation to strengthen the EAC, authorizing the EAC to publish best practices for stopping cyberattacks on voting systems, increasing the commission’s staff expertise on cyber and adding cyber expertise to allow the commission to quickly share information among the private sector and state and local election authorities about efforts to undermine the right to vote.
The Trump administration should also initiate an effort at the federal level to investigate and expose election-related deep fakes. But this obviously cannot be done out of the White House. The right office to take the lead is Department of Homeland Security’s respected Cyberspace and Infrastructure Security Agency (CISA).
The social media companies whose platforms are used for deep fakes are already investing in AI and human reviewers to detect and prevent deep fakes in real time. Those investments should continue.
Deep fakes are going to be part of the information landscape — what we’ve seen is only the beginning. President Trump says he is worried about “fraud” in the 2020 election. Combatting deep fakes would be a good place to start.
Jeremy Bash is managing director at Beacon Global Strategies, a consulting firm, and the former chief of staff at the CIA and the Defense Department under President Obama. Michael Steed is founder and managing partner of Paladin Capital Group, which invests in cybersecurity companies.
About Paladin Capital Group
Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, Silicon Valley, London, and Luxembourg. As a multi-stage investor, Paladin focuses on best-of-breed companies with technologies, products and services that meet the challenging global cybersecurity and digital infrastructure resilience needs for commercial and government customers. Paladin has over $1 billion in committed capital across multiple funds. For updates, follow us on Twitter and LinkedIn.