How real is deepfake threat?

Understanding the mechanics of the darknet deepfake industry.

Understanding the mechanics of the darknet deepfake industry.

Cybercrime quickly adopts new technologies. One of the most concerning trends is the rise of deepfakes — forged images, audio or video created with the aid of artificial intelligence, which makes them appear absolutely real — at least to the naked eye. The issue is all the more disturbing of late as tools for AI-generation become increasingly widespread and accessible to the general public. At the same time, AI technologies are forever increasing in (breathtaking) sophistication with each new version, and now allow the creation of impossibly realistic-looking pictures and extremely convincing audio.

Deepfakes are used for various purposes, including revenge, financial fraud, political manipulation, and harassment. In our hyper-connected world, fraudsters can easily collect pictures and even videos of potential victims — especially when it comes to public figures. However, modern cybercriminals tend to specialize on the chosen areas of expertise. The creation of high-quality deepfakes requires technical expertise and advanced software, so various underground experts and services emerged. Now individuals seeking to create fake videos and pictures turn to specialists — readily available, as you could have guessed, on the darkweb.

We decided to study this underground market using a digital ethnography method; that is, by diving straight into the cybercriminals’ online habitat — darknet forums. The main tool we use in darkweb analysis is our Kaspersky Digital Footprint Intelligence service, which employs OSINT techniques combined with both automated and manual analysis of the surface web, deep web and dark web, plus our experts’ know-how to provide insights about cybercriminal techniques and intentions. We searched underground forums for information related to deepfake creation. To understand the current state of this danger, we focused on deepfake offers that emerged this year, and manually collected some of the shiniest examples of deepfake-creation services.

The Darknet deepfake market: supply and demand

Our research found that there’s a significant demand for deepfakes — which far outweighs the supply  of them. Individuals who’ll agree to create fake videos are being desperately searched for. And this is quite disturbing, since, as we all know, demand creates supply; thus, we predict that in the nearest future we’ll indeed see a significant increase in incidents involving high-quality deepfakes.

And judging by the content of darkweb forum posts, cybercriminals are seeking high-quality results. Despite open availability of deepfake creation tools, crooks are looking only for creators who can produce high-quality videos with perfect sound and no lags between video and audio.

Darkweb posts seeking someone who can create a deepfake.

Darkweb posts seeking someone who can create a deepfake. Source: Digital footprint intelligence

A significant proportion of deepfake search ads is related to this or that cryptoscam. Usually, those are connected with cryptocurrency giveaway scams, but sometimes we’ve seen more peculiar ads. For example, we came across a post that was seeking a professional who could create a high-quality deepfake video that could be used to bypass Binance’s face-recognition verification system. So cybercriminals are trying to use deepfakes to circumvent biometric security systems and access victims’ accounts to steal money directly.

As for supply — the cost of creating or purchasing ready-made deepfakes varies depending on the complexity of a given project and the quality of the final product. The notability of the impersonated object can also influence the price tag (usually celebrities or political figures). Prices-per-minute of deepfake video can range from $300 to $20,000. If the buyer is ready to pay, deepfake creators can offer videos that are incredibly realistic and can convey authentic emotions, making them indistinguishable from genuine footage. Here are those shining examples we promised earlier.

Vitalik Buterin impersonation

We discovered a supplier who offered a premium service for creating a high-quality deepfake of Etherium co-founder Vitaly Buterin, complete with fully synthesized voice and video. It was made clear that production wouldn’t simply involve dubbing existing videos, but rather a full production service, with the supplier claiming that “Vitalik is ready for any of your fantasies”. The estimated video production time at this service was less than two weeks, with the final product being an English-language video that would cost $20,000 per minute.

Darkweb offer: a deepfake of Vitaly Buterin.

Darkweb offer: a deepfake of Vitaly Buterin. Source: Digital footprint intelligence

Cryptofraud broadcasts

Another provider boasts being able to make the highest quality deepfakes for the purpose of cryptocurrency fraud. Their service includes creating “Cryptostreams” or “Fake Crypto Giveaways”, a popular scam where fraudsters collect cryptocurrency by broadcasting cryptocurrency fake giveaway shows, promising to double any cryptocurrency payment sent to them. To create such deepfakes, scammers usually use footage of celebrities to launch fake live streams on social media platforms. The provider even shows a pre-generated page where victims are asked to transfer anywhere from 2500 to a million XRP with the promise of doubling their payment. As a result, a victim can lose from $1000 to $460,000.

Darkweb offer: deepfake videos for cryptostreams.

Darkweb offer: deepfake videos for cryptostreams. Source: Digital footprint intelligence

Fake porn videos

Another branch of the deepfake production industry is fake-porn creation. Usually the fake porn is just regular porn videos with swapped faces, made for various reasons: sometimes just for entertainment, but they also can be used for much more sinister purposes like online harassment, cyberbullying or blackmail.

Also some deepfake creators are making tutorials on how to make these fake porn videos, with advice on how to select source material and how to swap faces to create a convincing fake.

Darkweb post with a tutorial on deepfake porn creation.

Darkweb post with a tutorial on deepfake porn creation. Source: Digital footprint intelligence

Possible consequences

Use of deepfakes for criminal purposes can impact our lives in so many ways. It poses a serious threat for individuals, organizations, and society as a whole. Furthermore, the fact that any internet story or news article can be a deepfake sows mistrust for any publicly available information — inducing paranoia and insecurity. Some of the potential consequences of deepfake use include:


Deepfakes can be used for the mass spreading of false information and manipulation of public opinion. They can be used to create fake news stories, political propaganda, or misleading advertising. This can have serious consequences for public trust.

Examples: One of the most harmless instances of deepfake usage was the story of super-realistic photo-evidence reportage of the Great Cascadia earthquake circulating the web, an event that never even took place. But there was a far more dangerous instance curiously, not of deepfake usage itself, but the mere suspicion that a deepfake had been used, in Gabon in 2018. Back then there was a rumor that Gabonese President Ali Bongo had fallen seriously ill. In response, the Gabonese government released a video that was suspected to be a deepfake causing further tension and fueling suspicions that the government was hiding something. This belief was cited as one of the reasons for a coup attempt a week later.

Cyber fraud

Deepfakes are used for all kinds of cyberfraud — from above-mentioned giveaway cryptoscams, to those ending with targeted attacks on businesses.

Examples: An artificially created video of Elon Musk promising high returns from a dubious cryptocurrency investment scheme went viral last year, leading users to lose all their money. In 2019, fraudsters created a convincing audio deepfake of a major UK energy firm’s CEO’s voice. They tricked a senior executive at the company into transferring €220,000 ($243,000) to a Hungarian supplier. The executive believed that he was following the CEO’s instructions, but in fact the recording was fake.

Reputation damage and privacy violations

Deepfakes can be used to damage the reputation of individuals or organizations. For example, a deepfake video can be created to depict someone engaging in illegal or immoral activities. This can lead to reputational damage and or personal harm.

Example: Deepfake videos of actress Scarlett Johansson surfaced online, showing her face superimposed onto the bodies of pornographic actresses in explicit scenes. In fact, this was a deepfake video created with private photos leaked earlier in 2011. Her representative called it a “gross violation” of her rights and said she was exploring legal options to have them removed. The above-mentioned incident with the energy firm CEO also led to significant reputation loss due to the fact that the employee was tricked into transferring those funds. As news of the scam spread, the company’s customers expressed concerns about the companies’ ability to provide security of their data and financial information.

Identity theft

We’ve already mentioned a darkweb ad searching for means to circumvent biometric authentication. Not every service has face a recognition verification system, but deepfake can help even with regular customer support services. Here’s how this could work: first, the cybercriminal would obtain personal information of the target account owner: their name, address, phone number, etc. They’d then contact the payment service provider and claim to be the account owner who’s lost access to their account or is experiencing technical difficulties. To verify identity, the payment service provider may request a video or audio recording of the account owner performing a specific action. Using collected data, crooks may create a deepfake video or audio impersonating the real account owner performing the requested action. As a result, the payment service provider could be tricked into granting them access to the account and its associated funds.

How to stay safe

The most obvious but depressing advice is simply “never trust your eyes or ears ever again”. However, there is hope. The same artificial intelligence technologies that are helping create deepfakes, can be used to distinguish genuine videos, pictures and audio from the fakes. And such tools are slowly emerging on the market. Let’s hope that in the nearest future media outlets, messengers and maybe even browsers will be equipped with such technologies.

For businesses, we have some more practical advice: you can predict, to a some extent, certain deepfake attacks on your staff and/or customers by knowing about how cybercriminal activities on the darkweb may affect you with the help of our Kaspersky Digital Footprint Intelligence. Among many other things, it can provide near real-time information on global security events that are threatening specifically your assets, as well as track exposed sensitive data on restricted underground communities and forums. You can learn more about this service here.