Summary Threat Type Vulnerabilities Surface Matrix Motivations Kill Chain Recommendations Appendix
Print Report

Vladimir Putin Arrest and Court Appearance

Submitted File

On March 16, 2023, Eliot Higgins, founder of Bellingcat, a Netherlands-based investigative journalism collective, used the then updated version of the AI tool, Midjourney, to create images of Putin in court and posted them on Twitter, explicitly tweeting " Here's photos from Vladimir Putin's entirely made up war crimes trial, via #midjourneyv5." Despite the direct reference to using AI to generate the images, the tweet was reposted, shared and went semi-viral, with recipients taking the images in mixed context, ultimately creating a misinformation narrative.

Threat Level

Low

Moderate

Elevated

High


Authenticity Spectrum

Real

Suspicious

Likely Fake

Fake



Deepfake Attack Profile

Credibility

Moderate

The more synthetic media is perceived to be legitimate and authoritative, the content is more likely to be trusted, persuasive, and acted upon.

Interactivity

Moderate

Synthetic media can range from non-interactive, not ongoing, or not consistent (low) to interactive, ongoing, and consistent (high).

Familiarity

High

Synthetic media can range from very recognizable and familiar (high) or hardly (or not) recognizable and familiar (low).

Evocation

Moderate

Synthetic media can range from evoking a significant affective response (high) to barely or not at all eliciting an affective reaction.

Distribution

Mediumcast

Synthetic media can range from broadcast to a wide human audience or technical security measures (high) to a narrow, specific human audience or tailored technical security measure (low).


Deepfake & Synthetic Media Analysis Framework (DSMAF) Assessment™. The media submitted for this Deepfake Threat Intelligence Report (DTIR) was assessed with the Psyber Labs Deepfake & Synthetic Media Analysis Framework (DSMAF)™, a set of psychological, sociological and affective influence factors and sub-facets, that when holistically applied, inform the motivations, intentions, and targeting process in synthetic media and deepfake propagation. The findings of each DSMAF factor is described in respective sections and graphically plotted on the Deepfake Risk Factor Radar. The combined DSMAF findings are given a Synthetic Media Threat Level (Low, Medium, Elevated, or High) for actionable awareness and risk mitigation.

Threat Type

Threat Type is the category of intended purpose and the risk proposed by the synthetic media or deepfake. Often, cyber deception efforts through deepfake content are multi-purpose, and a result, are categorized with multiple threat types.

Social Contagion

The spread of behaviors, attitudes, beliefs and affect through social aggregates from one member to another

Digital Impersonation for Disinformation

Deepfake technology intentionally using the likeness of famous and/or credible authorities in an effort to shape the behaviors, attitudes, beliefs and/or emotions of the target audience

Common Cognitive Vulnerabilities & Exposures™ (CCVE)

Common Cognitive Vulnerabilities & Exploits (CCVEs) are perceptual distortions, cognitive biases, heuristics misapplied, or any mental process that exposes a person to a potential manipulation by an adversary.

Re-posts, re-Tweets, and sharing of this content from others, particularly others that online users like and/or trust can create a contagion effect. Similarly, since Putin is a controversial person whom is widely disliked as a result of Russia's hostile invasion into Ukraine, many who both saw or shared this image may not have fully assessed or ignored evidence of falsehood as a result of confirmation bias or desirability bias (motivated reasoning)

Confirmation Bias

Category: Cognitive Processing

The tendency to seek information that confirms or supports a predetermined position or conclusion.

Social Proof

Category: Social Norm Vulnerabilities

Tendency to take actions consistent with the actions of others, especially those we perceive as similar to ourselves. Can be exploited by either creating a referent group or referencing a referent group.

Suggestibility

Category: Other Psychological Vulnerabilities

Technique that attempts to implant a false memory in the target through suggestion. 


Deepfake Attack Surface & Vectors

As part of the DSMAF criteria, Deepfake Attack Surface & Vectors assesses the intended target; the manner of control, or how the synthetic media is being presented to the target; and medium, or the type of synthetic media being presented to the intended target.


Intended Target

Both humans and automation may be targeted by synthetic media attacks. This criteria references whether the target of the attack was human or automation. The highlighted icon represents the intended target of this submitted media.


Human

Technical

Hybrid

Unknown



Control

A measure of if the attack was constructed by a human or by artificial intelligence. The highlighted icon represents the method of control of this submitted media.


Human

Automation

Hybrid

Unknown



Medium

The medium is the format of the content submitted. Highlighted items represent all of the various formats contained in the submitted content.


Text

Image

Video

Audio

Synthetic Media Exploitation Matrix

The Synthetic Media Exploitation Matrix Is a visual representation of the combined levels of attacker sophistication and maliciousness.

  • Sophistication is a judgment of the level of demonstrated technological prowess and capability involved in the attack.
  • Maliciousness is a conclusion regarding the degree to which the attack was deliberately intended to cause harm.

Sophistication

Moderate

Technical complexity of the atttack.

Sophistication
Maliciousness

Chart Not Available on Printed Version

Maliciousness

Low

How damaging the attack was intended to be.



Motivations

Motivations are the underlying activators, purposes or sustained reasons for why the deepfake threat actor sought to create and take the necessary steps to produce and disseminate synthetic media or deepfake content.

The creator, Eliot Higgins, tweeted this image, overtly referencing that he created it using MidJourney AI. It can be inferred that he knew others may see these images and, in turn, re-post, re-tweet or otherwise share the image

The Deepfake Kill Chain™

The Deepfake Kill Chain™ describes the various, distinct, sequential stages of deepfake media creation and dissemination. Understanding these stages, and the adversary’s efficacy in the respective stages not only reveals the adversary’s modus operandi and decision-making process, but when contrasted with the Deepfake & Synthetic Media Analysis Framework™, identifies and elucidates methods of preventing and defending against the adversary’s deepfake attacks.

The Production phase was relatively simplistic, low quality and overt--the creator openly tweeted on Twitter (now "X") that the image was created with MidJourney AI.

Motivation

Motivation is the underlying activator, purpose or sustained reasons for why the deepfake threat actor wants to create nefarious synthetic media.

No case specific insights generated.

Targeting

Targeting is the threat actor’s intentional selection of a target audience, or the group or individual whom he is interested in impacting with his deepfake campaign.

No case specific insights generated.

Research and Reconnaissance

Research & Reconnaissance occurs when the threat actor is effortfully gathering information about the target audience, the optimal channels to conduct their campaign on, the relevant narratives for the attack, and type of content that will have the desired impact on the target audience.

No case specific insights generated.

Preparation and Planning

Preparation & Planning are the steps and processes that the threat actor takes to acquire the tools and content needed to create the deepfake media for their campaign and their deliberation for the execution of the campaign.

No case specific insights generated.

Production

Production is the threat actor’s use of tools and content for the creation and development of deepfake media for their attack campaign.

No case specific insights generated.

Narrative Testing

Narrative Testing. A narrative is a story, or an account of related events or experiences. A good narrative will have story coherence, such that both the story being told and its relationship to the real world are cohesive and clear. In deepfake campaigns, threat actors consider and evaluate the possible narratives—particularly in relation to events and context—to support the campaign in an effort to maximize the believability and efficacy of the attack.

No case specific insights generated.

Deployment

Deployment is the threat actor’s intentional transmission of deepfake content to the target audience through selected online channels.

No case specific insights generated.

Amplification

Amplification is the threat actor’s intentional efforts to maximize the visibility, virality and target audience exposure to their deepfake content.

No case specific insights generated.

Post-Campaign

Post-Campaign is the period after the target audience has received and been exposed to the deepfake content.

No case specific insights generated.



Cognitive Security Recommendations

This section identifies the steps and measures to prevent and defend against the synthetic media/deepfake content assessed in this DTIR. For a more detailed recommendation, training or consultation, connect with Psyber Labs.


Users receiving this and similar images should carefully and thoughtfully review the context of the image origin. By doing this, heuristic thinking and cognitive biases are mitigated.

Appendix

DTIR™ Version: 1.0

Submission Date (UTC): December 03, 2023 02:09

Assessment Date (UTC): December 10, 2023 01:55

SHA256 Hash: f1ee0c0875f552f3760ca00b6b3df438ad97b934afc8274ddc9f4d99d0bea624