A

This BBC podcast is supported by ads outside the UK. The best B2B marketing gets wasted on the wrong people. So when you want to reach the right professionals, use LinkedIn ads. LinkedIn has grown to a network of over 1 billion professionals, including 130 million decision makers. And that's where it stands apart from other ad buyers. You can target your buyers by job title, industry, company role, seniority skills, company revenue. So you can stop wasting budget on the wrong audience. It's why LinkedIn Ads generates the highest B2B return on ad spend of major ad networks. Spend $250 on your first campaign on LinkedIn Ads and get $250 credit for the next one. Just go to LinkedIn.com Broadcast. That's LinkedIn.com Broadcast. Terms and conditions apply. This message comes from Schwab at Schwab. How you invest is your choice, not theirs. That's why when it comes to managing your wealth, Schwab gives you more choices. You can invest and trade on your own. Plus get advice and more comprehensive wealth solutions to help meet your unique needs. With award winning service, low costs and transparent advice, you can manage your wealth your way at Schwab. Visit schwab.com to learn more.

B

Hi there, I'm Ed Butler. Welcome to Business Daily from the BBC World Service. Today we're looking at the scary world of deepfake technology and how CEOs these days are reacting when they find themselves a target.

C

If you are in my position, how would you feel? The same way I feel. Nobody should incur a loss by believing something which is untrue.

B

Some call this a new front line in online scamming. Could deepfake be costing companies billions? And how deep does it go?

D

Deepfakes are becoming very, very easy to do. To actually generate video and audio quality of extremely accurate specifications, it take takes minutes.

B

The deep fake scam business. That's Business Daily from the BBC. It's early 2024 and in Hong Kong, an employee of the British engineering firm Arup. Let's just call her Joanne for the purposes of this program. She gets a message from company headquarters in London regarding what's described as a confidential transaction. Joanne gets onto the video call with Arup's chief financial officer and other staff to find out more. And then, according to the Hong Kong police, she transfers US$25 million of Arup money to five different bank accounts. This was as instructed from her employers. It only later emerged that the people on the call, including the cfo, were all deepfakes Digital creations, not Real people, this actually happened. And it is a sobering reminder of how dangerous and how convincing Deepfake videos can be. With me in the studio is Stephanie Hare. She's a researcher and a presenter of BBC AI Decoded. Stephanie, give us a picture, if you can, of the scale of situations like this. This deep fake problem as it affects the corporate world.

E

This is a new risk and companies are having to take extra steps to secure these types of communications. So you would never want simply to jump on a video call with someone and transfer $25 million. There would have to be a series of steps to unlock, to protect you from this type of fraud. So that's the brave new world that we're in now.

B

Let's look then at one other case. This one comes from India.

D

Stock is going to fly.

C

300% returns guaranteed.

B

Money, money, money. That's part of an ad from the Bombay Stock Exchange warning investors about the dangers of online Deepfake videos. And it's a timely one because in the past few years would be investors in India have been targeted several times. Just last month, a video of Sundar Raman Ramamurti, the the stock exchange's CEO, was circulated showing him giving stock market tips and investment advice. But it wasn't him. It was a digitally faked avatar. The video was taken down and the BSE says it doesn't know if anyone was fooled, but for Mr. Ramamurti, it was disconcerting.

C

My image is used and as if I am giving some advice on some stocks to be bought or something get circulated in the marketplace, we immediately, when we see this, we lodge a complaint. We immediately go to those Instagram and other people in place where it could be put to take it down. And we regularly and periodically write messages to the market not to believe on fake videos and buy or sell anything. We don't want to have any impact.

B

How does it make you feel seeing yourself on a video making recommendations and speaking words that you never spoke?

C

It is not about what I feel, what I do. It is about nobody should incur a loss by believing something which is untrue.

B

Well, Mr. Ramamurti's image was being used to con ordinary people, enticing them to join an investment group on WhatsApp and hand over their money with the promise of handsome profits. But sometimes it's the company itself that's being targeted.

F

Back in April 2024. So almost two years ago, one of our employees in Europe received an audio mess and a text message alleging to be me urgently requesting some help from me.

B

Me in that case was Karim Tuba. He's the CEO of LastPass, a US based password security company. Fortunately for Karim and for LastPass, the employee in question did have reason to doubt the message's authenticity.

F

It was on WhatsApp, which for us is not a sanctioned communication channel. So that was tip number one. Tip number two was that we have corporate sanctioned mobile devices, and this came in vi via his personal phone. So that was kind of tip two that gave the employee an idea that now this was potentially a little bit murky, a little bit fishy.

B

So it was the wrong platform.

F

Yep.

B

It was a voice note, which is atypical, I guess.

F

Correct.

B

Forced urgency. There was something of that in this message as well.

F

There was forced urgency. Right. I mean, it may be a bot or it may be a deep fake, but it's targeted towards a human. So anytime you can create urgency from a human perspective, it increases the probability that the human on the other end will actually respond. We train our employees. Anytime they suspect something that is not right, that is potential security risk, we require them to notify our security team. Then it allows us to very, very quickly open up an incident and respond to the attack, and then tell the user exactly what to do. In this case, disengage.

B

Disengage, which is what the employee did, and no harm was done. But this is a growing problem, and the breakneck speed at which artificial intelligence is evolving is only making things wor.

F

The latest data shows that over the last two years, we've seen almost a 3,000% increase in the number of deepfakes that have been utilized. Luckily, there seems to be quite a bit of money flowing into this, which will only accelerate the pace with which organizations are going to develop technologies to detect and ultimately block these things.

B

Detect and block. But at the same time, the technology to hone a convincing deepfake is presumably itself improving all the time.

F

It is absolutely improving all the time. It's a race, right, between who can deploy a technology and who can thwart that technology as quickly as possible.

B

Karim Tooba. Well, Stephanie, I mean, a 3,000% increase in just a couple of years. There has been so much talk, hasn't there, about this problem in relation to celebrities, deep fake pornographic images. But it's a big problem in the corporate world as well, isn't it?

E

It's been a problem affecting mainly women for years, and frankly, no one really cared. And now we see the corporate world finally waking up and going, hmm, maybe we do need to have some sort of legislation about this so that can bring corporate charges because otherwise we're eating the cost of having to fight this. So anytime that you're looking at AI, you have to remember that the people who invented this technology released it into the world knowing that these things would happen. So legislation, legislation, regulation, accountability, you need to be able to press criminal charges so that you are the very minimum issuing fines, but hopefully sending people to jail. This is crime, this is fraud, and it's making people's lives a misery.

B

Stephanie, is there an irony here that the companies targeted by deepfakes seem to be tech savvy? Firms like LastPass, tech business consultancy Accenture was another one. Companies you'd expect would have good safeguards in place. Why are fraudsters targeting them rather than going after what you'd imagine would be easier victims?

E

I think in most cases of fraud, it's a numbers game. So it's very inefficient to go after individuals one by one. It's much more effective to go after something like a cybersecurity company such as LastPass, that is in theory, providing protection for thousands, if not tens of thousands, hundreds of thousands of companies and individuals. So if you can fool them, you can fool their entire customer base. Right. You're constantly fighting against people who are looking for the weakest link in your defense, and all they need to do is break through once.

B

Many companies, of course, are very reluctant to talk about this. Ferrari, for example, its CEO, has been deep faked. Global advertising company wpp, Arup, as mentioned, all of them have been faked and yet they wouldn't talk to us, even though we asked. In several of these cases, they didn't actually fall victim to the deep fakes and they successfully repelled them. It feels like even the simple act of having been targeted somehow implies guilt or failure on their part. I raised this with Karim tuber himself of LastPass. Here's what he had to say to me. You're going public about this?

F

Yeah.

B

Other companies have been rather more secretive. Do you think companies should be more public?

F

I do, because I think there's a lot to learn from what's happening collectively. So I do think it's helpful. And we tend to talk about this quite publicly, not just about this, but other attacks that we see. And we think there's a tremendous amount of value to our customers. But it also helps other companies out to really get into the details of what happened, how we responded and what are the learnings.

B

Karim Tuber, you're listening to Business Daily from the BBC World Service.

F

If you're the purchasing manager at a manufacturing plant.

B

You know having a trusted partner makes all the difference. That's why hands down, you count on Grainger for auto reordering. With on time restocks, your team will have the cut resistant gloves they need

F

at the start of their shift and

B

you can end your day knowing they've got safety well in hand. Call 1-800-GRAINGER click granger.com or just stop by Grainger for the ones who get it done.

E

Planning another business trip soon? When you fly Emirates, you can really make the most of your journey. Emirates offers a luxurious chauffeur driven transfer from your door to and from the airport. You'll have access to the Emirates Lounge where you can enjoy a drink, explore an international menu or even take a shower. And on your flight, you can enjoy all the comforts of Emirates world class service. Get more from your business trips with Emirates. Book now on emirates.com

B

I'm Ed Butler and today we're looking at the rise of Deepfake videos and their impact on businesses. So how easy or how difficult is it to make one of these videos? I visited the offices of cloudguard. It's a cybersecurity company based in Manchester in the north of England. Its co founder and CEO is Matt Lovell.

D

Deepfakes are becoming very, very easy to do with the emerging technologies that are available before. And I'm going back perhaps three or four years that technology wasn't mainstream. Now, in order to deep fake to actually generate video and audio quality of extreme, extremely accurate specifications, it takes minutes.

B

I'm going to now walk around the table because Mina is here and she has in front of her a video I recorded. This was a few days ago, a clip of me explaining what deepfake was. Deepfake technology uses AI and deep learning to create highly realistic but fake videos, images or audio. It manipulates a person's. So what have you been doing, Mina?

G

So I was given the audio and video clip that you did yourself, which is about 30 seconds long and I used that to kind of go a bit wild, make you say things that you probably wouldn't say. Would you like to have a look?

B

Yes, please.

G

So this is the video deepfake.

B

Quick check in on the Deepfake story. It is about to go public and I just want to make sure everything looks okay on your side. So that's me saying something I really never said. Gosh. So how hard was that to do?

G

Not very hard. A lot of the tools that we used are freely available, I'd say from receiving the audio clip and video clip of yourself to producing this would probably have taken about 30 to 40 minutes to make it a little bit more realistic. It takes a bit longer just to clip the videos together. But other than that, no. It's very, very easy, very fast. Yeah. Very scary as well.

F

Yeah.

B

And it's fun.

G

It is. I mean, I remember when I was doing math, hearing him say things that you probably wouldn't hear him say. It is quite fun. Definitely.

B

I'm going to come back to you, Matt. So imagine then that I'm a bad guy and I really want to organize a very kind of sophisticated attack. What am I spending and what's the kind of level of technology that I'm buying into?

D

So at the most basic level, for a simple single individual led attack, you're looking at 500 to $1,000. The use of largely free tools. For a more sophisticated attack, you're looking between 5,000 to $10,000.

B

Right. So no pixelation, no little tiny jump cuts of movements, which is what you do sometimes see, don't you?

D

Absolutely. Head movements, your body language movements, stuff that may get called out or become more obvious and tested to.

B

Blood flow, you were saying blood flow.

D

So we're looking at pixelation. So a lot of the verification tools that we have available to us right now are looking at head turning, head angles, inflections on facial expressions, and particularly around pixelation of blood flow.

B

So the camera will pick up a tiny bit of blood flow in your face, maybe when you strain your neck one way. And the AI can now impersonate those changes that the body naturally makes in

D

those situations in six months. We've seen rapid changes within the tooling and particularly in the paid for tooling. If you're going to pay for a much more professional output, the accuracy and the intonation of people's voices and the ability to choose from that, to understand from different video clips and to harmonize all of those intonations is now so much more advanced and accelerating faster than our detection capabilities.

B

Have you found businesses who've fallen foul of this? I mean, you've literally lost a lot of money through deepfakes.

D

There are numerous examples of businesses on a routine basis now, and also not in corporate environments. This is WhatsApp. This is videos in social channels or posting to elements that aren't protected by corporate security. That is where it's increasing. And now the most prevalent automation bots

B

and other things are becoming standard in the generation of malware or deep fakes that are being fired at companies. Is There equivalent AI generated tools to spot it.

D

Simple answer, no. Attack vectors are accelerating faster than we can expect. Accelerate defence, automation and protection against bots.

B

I mean, you've met Quite a few CEOs, CFOs who've found themselves deep faked. How do they feel about that? I mean, typically, what kind of emotional response do you encounter in those situations?

D

People are surprised. Are people moving fast enough to respond to the speed the threat is developing? Absolutely not surprised.

B

I guess they feel vulnerable. It's kind of very personal thing, isn't it?

D

It's a very personal thing. It's now a very real thing.

B

The view there of Matt Lovell at cloudguard. So Stephanie, it feels, I have to say, hard to be optimistic about this, isn't it? I mean, how do you see it? Are the bad guys winning?

E

Well, it just depends on how you view the problem. One of the areas that we hear about with AI is that it's going to take everybody's jobs. And one thing I'm absolutely confident saying on the air is it is not going to take your job if you are working in cybersecurity. Right. We have a shortage of cybersecurity professionals. We need more people to get into this. And this story illustrates exactly why we constantly have technology firms releasing tools that wreak havoc on the population and then there's a group of people who have to come along and clean up the mess. So if you are looking to write your own check and your own ticket in your career, go into cybersecurity because AI is going to make this a minefield. Another point I would say is that back when I was doing research on cybersecurity in 2018 for about two years, we learned that chief information security officers in most companies were only getting about 5, 5 minutes every quarter with the C suite of companies. It was not considered a priority to secure your operations back then in the same way that I think it is now because the threat landscape has expanded now that we have these types of risks, like leaders at companies, CEOs being deep faked. I think they will be spending a lot more time with their chief information security officers and teams. That is a good thing. So we need to get to that. We also have to put more pressure on AI companies though. Why are they releasing tools when they need know they create these harms? Right? They're fixing it in beta, they're fixing it after the release, but the public is being experimented on. That's not okay.

B

The world is going to look very different though, very soon, isn't it when all discourse, political discourse, any discourse is going to be have to be measured by we can't believe anything we see. It has to be double checked, triple checked and then we have to believe the checkers are themselves in good faith.

E

Exactly. It almost makes me wonder if we will go back to a different type of verification. So for a long time we've had it where all of us feel that we can use our own eyes and ears to decide if we believe something or not. But when that becomes not viable because you can't trust what you're seeing and hearing because it can be so easily faked, you will need trusted authorities who are able to be there on the ground and see it and who agree with one another. This becomes a philosophical issue as well as a business one.

B

Researcher and presenter Stephanie Hare. Thank you very much indeed. And that's it for this edition of Business Daily with me, Ed Butler. Thanks for listening.

E

If you're an H Vac technician and a call comes in, Grainger knows that you need a partner that helps you find the right product fast and hassle free. And you know that when the first problem of the day is a clanking blower motor, there's no need to break a sweat. With Grainger's easy to use website and product details, you're confident you'll soon have everything humming right along. Call 1-800-GRAINGER clickgrainger.com or just stop by Grainger for the ones who get it done.