We are hearing the term “disinformation” more often. Is it the same as misinformation? If not, what is the difference?
Misinformation is the unintentional, incorrect presentation of facts. Disinformation is intentional misrepresentation of facts (and mostly a work of fiction). The key differentiating factor is, of course, intention. Why would someone want to spread disinformation? There could be many reasons, ranging from self-gain to damaging the image of another to instigating people and more. Disinformation has been increasing proportionately with the popularity of social media. Social media platforms help to bridge the gap created by distance and lack of physical interaction, thereby becoming powerful channels that can be used for good and nefarious purposes. Miscreants realized the power of social media and started using (or misusing) these platforms to spread disinformation, whereby users can be left not knowing what is truth and what is not.
Deepfakes and fake news are two of the most popular methods used to spread disinformation. “Deepfake” is a term derived from deep learning, and it refers to modifying or creating fake news (text and video) using human image synthesis and artificial intelligence (AI). Although it started as academic research, it has become a powerful tool to create false information and discredit individuals by creating fake pornography. It has also been used to create fake news to discredit individuals such as politicians in the forms of morphed photos and edited videos. With the advent of deep learning by machines, creating deepfakes has become extremely easy. Creation of digital deepfakes can be automated, and the tools are accessible to many more people. The big problem, though, is current forensic tools are not easily able to detect this fakery.1, 2
Fake news, also known as junk news or pseudonews, is a type of yellow journalism or propaganda that consists of deliberate disinformation or hoaxes spread via traditional news media (print and broadcast) or online social media. Many fake news items use deepfake videos and are distributed through social media. Although most social media platforms have policies to ban deepfake pornography, other disinformation videos are not explicitly banned. The main challenge is that applications for generating deepfakes are available on the Internet, and anyone with malicious intent can target a person or organization by creating fake videos and fake news.
As technology continues to evolve, identifying deepfake videos is becoming more difficult. Deepfakes are now used in the world of cybercrime. Fraudsters successfully used deepfake video to cheat the chief executive officer (CEO) of an energy company for US$243,000.3 The victim transferred the funds into the accounts of the fraudsters after believing the impostor who had impersonated the former’s parent company CEO’s voice pattern and accent. The demand was made with the pretext of paying a supplier with the promise that the funds would be reimbursed. After the victim made the payment, the money was transferred from Hungary to Mexico. Suspicion arose when the fraudsters called the victim again to demand another payment.
Deepfakes and other AI-based technologies are being used more frequently in the fields of cyberfraud and fake news. What we see and hear can no longer be viewed with certainty as a true representation of the source of the information.
Users of social media must be careful and should not forget the basic rule: verify before trusting.
Endnotes
1 Mulgund, P.; Lohawala, S.; “Deepfake: The Lay
of the Land,” ISACA® Journal, vol. 1, 2021,
https://www.isaca.org/archives
2 Gomez, D.; “Taking Steps to Win the Battle
Against Misinformation,” ISACA Now,
15 September 2020, https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/taking-steps-to-win-the-battle-against-misinformation
3 O’Donnell, L.; “CEO ‘Deep Fake’ Swindles
Company Out of $243K,” Threatpost, 4 September 2019, https://threatpost.com/deep-fake-of-ceos-voice-swindles-company-out-of-243k/147982/
Sunil Bakshi, CISA, CRISC, CISM, CGEIT, CDPSE, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries. Currently, he is a freelance consultant in India.