Technology @lemmy.world Squire1039 @lemm.ee 5 mo. ago

Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs

www.404media.co Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs

The site, called OnlyFake, threatens to streamline everything from bank fraud to money laundering, and has implications for cybersecurity writ large.

Summary

OnlyFake, an underground website, employs neural networks to swiftly produce convincing fake IDs for just $15, potentially facilitating bank fraud and money laundering. Verified by 404 Media, the service allows users to input desired information and a passport photo, generating realistic IDs, even mimicking signatures. With its purported use of neural networks and generators, OnlyFake claims to churn out up to 20,000 documents daily, mainly for US identities. The IDs, backed by real-looking backgrounds, can pass online verification, posing challenges to platforms like OKX cryptocurrency exchange. While some companies, such as Jumio and Coinbase, aim to counter such fraud, OnlyFake's AI-powered IDs present a formidable challenge. Wick, the service's owner, aims to expand its capabilities, potentially including face and selfie generation. Discussions within OnlyFake's community suggest a pursuit of solutions for video verification challenges. Senator Ron Wyden warns of the growing threat posed by AI-based tools, urging the adoption of secure authentication methods. This revelation comes amidst a broader trend of AI-driven fraud, exemplified by AI-generated voices and images, highlighting the need for robust cybersecurity measures.

Hacker News @lemmy.smeargle.fans bot @lemmy.smeargle.fans

BOT

5 mo. ago

OnlyFake: A site where ‘neural networks’ churn out fake IDs

www.404media.co /inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/

35 comments

Good. This just shows how pointless identity cards are.
- ID cards without chip are pointless. I’d like to see them try to fake a chipped document.
  
  Chip cards wouldn't work online unless we had some sort of reader in electronics to insert the chip into like the credit card terminals. But yes, that would help a lot.
- This shows that anything is pointless if the other side believes in kinds of verification which can be manufactured the way you can't distinguish it from the real thing.
  
  Frankly I'm feeling a bit of love now to banks which don't allow you to do anything scary without visiting their office in person.
  
  And I'm on the completely opposite end where the person I trust to have my best interest at heart is me. So I have crypto and manage it myself.
- Mhm. We need everyone to submit to DNA sampling and iris scans, so our overlords can keep more reliable records of our doings. /s
  
  Or maybe we need to overthrow the overlords and do what we want LOL.
I like to thread the needle between "useful verification of identity" and "not a horrifying invasion of privacy that puts everyone in our society at risk"

Reading these kinds of things will just result in is creating horrible identification laws like having to scan your face each time you want to watch porn.
- Yeah, I hate how the institutions now ask for endless information and IDs to identify you. It does look like asking for a copy of an ID is about to get worse.
The military already has a solution to this. Smart card ID cards. So it acts like a hardware security key that you plug into your computer to verify it's you. Or at least the person possessing it. And it relies on the central authority to invalidate and verify the authenticity of that signature. Just like a yubikey

Combine the ID card with a fingerprint scanner built into the ID card. You get the best of the security enclave. And public key verification.
- In Spain you just go to an office, show your ID and they give you a personal certificate you import into your browser. You can use the same cert on multiple computers and have multiple certs in the same browser. When you visit government pages it asks you which cert you want to use and voilà, you're authenticated. You can also use the same cert to sign files and it's a legally valid signature. It uses common standards and works on Linux.
  
  Or if you buy a card reader you can use your ID (DNI) as your certificate because it has one saved inside
- Not disagreeing, but for the US:
  
  Yubikey 5c NFC costs ~30-55 USD. Not cheap.
  
  Yibikey BIO, with the scanner built in, will be even more expensive.
  
  Need a central registration authority or federated authorities to verify electronic ID. If the feds don't press the issue, this probably won't happen.
  
  CA will get hacked and root certificate dropped because they paid morbillions to some credit card company to setup the system on windows server 2003 with password123
  
  And how much would a solution cost in bulk for millions/billions of people? Also you can always tack on $10-$20 as a fee and you're done.

You've viewed 35 comments.