Cybercriminals leverage images posted on school websites and social media to generate sexually explicit AI deepfakes of students. These deepfakes are used to extort schools by threatening online release unless payment is made. A UK school was targeted after images were taken from its online presence, transformed into child sexual abuse material, and sent along with blackmail demands. The Internet Watch Foundation created a digital fingerprint for the material and shared it with technology platforms to prevent uploads. About 150 images from the attempt were categorized as CSAM under UK law. Schools are encouraged to reduce public posting of student photos and, when posting, avoid full-name labels, use privacy settings, audit imagery regularly, and require consistent consent agreement renewals.
"Images on school websites and social media accounts are being leveraged by cybercriminals to create sexually explicit deepfakes of students, which are then used to extort the schools in paying money to prevent the deepfake images from being released."
"With the use of AI deepfake tools, the cybercriminals transformed those photos into child sexual abuse material (CSAM), sent the materials to the school, and threatened to release them online if money was not sent. The IWF deployed a digital tool to turn the blackmail material into a "hash" (digital fingerprint) and distributed it to technology platforms to prevent the materials from being uploaded."
"In all, 150 of the images from this blackmail attempt could be categorized as CSAM under law in the UK. This event, which occurred late last year, is not the only instance of this type of blackmail."
"Schools are encouraged to reconsider the need for posting student photos publicly online in the first place, but if photos are to be posted, schools should: Avoid labelling photos with students' full names; Apply privacy settings to websites and social media; Regularly audit student imagery on websites, social media or other promotional content; Require consistent resigning of image consent agreements."
#ai-deepfakes #cybercrime-and-extortion #child-sexual-abuse-material-csam #school-cybersecurity #online-privacy-and-consent
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]