Discover more from The Ruck
Deepfakes are Russia’s new 'weapon of war'
Make sure you're well dressed for your Zoom call with Russian spies.
ABOUT A MONTH AGO, Michael McFaul, a former U.S. Ambassador to Russia, issued a strange warning. He claimed someone was impersonating him using a phone number with a Washington, D.C. area code, trying to speak with associates on a video call.
“You will see an AI-generated ‘deep fake’ that looks and talks like me,” he said on Twitter, using a term coined in 2017 to describe imagery that has been deceptively edited to alter a person’s identity. The tech has been used to place Vladimir Putin on SNL for laughs among other amusements. Scammers have pretended to be CEOs and Navy admirals to trick people out of cash. But this seemed different; it was a live video call.
“It is not me,” McFaul said. “This is a new Russian weapon of war. Be careful.”
The Ruck is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
McFaul later said he wasn’t entirely sure who was behind the calls. But given his passionate support of Ukraine in its fight to eject Russia after eight years of war, he believed it was “obviously designed to undermine Ukraine’s diplomatic and war efforts.”
Was it the work of pranksters? Russian spies? One thing was clear: It wasn’t the first time. Since the Feb. 24 invasion, several Kremlin adversaries have been targeted by deepfakes.
As Russia attacked Kyiv and multiple cities on March 2, Ukrainian intelligence warned that a deep fake “provocation” was coming. And sure enough, on March 16 a deceptively-edited video of Ukrainian President Volodymyr Zelenskyy appeared on Ukrainian national news. Lay down your arms and surrender, the fake Zelenskyy ordered in a video that was a big hit on Russian social media. The crude deepfake was quickly debunked, but one researcher suspected it was “the tip of the iceberg.” He was right.
In April, several lawmakers in Europe were duped by “individuals who appear to be using deepfake filters to imitate Russian opposition figures during video calls.” Latvian lawmaker Rihards Kols was one of those fooled, though you can hardly blame him. Even the man he thought he was speaking with, Leonid Volkov, was impressed by his computer-generated doppelgänger.
In June, mayors of Berlin, Madrid, and Vienna all thought they were speaking with their counterpart in Kyiv, Vitali Klitschko. Instead, Berlin Mayor Franziska Giffey’s office learned they were “dealing with a deepfake,” per The Guardian:
It was only after about 15 minutes, when the supposed Kyiv mayor at the other end of the line started to talk about the problem of Ukrainian refugees cheating the German state of benefits, and appeared to call for refugees to be brought back to Ukraine for military service, that Giffey grew suspicious.
This is the part where I would love to put a happy spin on this. To tell you that deepfakes are extremely high-tech and inaccessible to most people. But that’s not the truth. It’s easy to do for novices, and nation-states with heavy computing power and big information warfare budgets are even better at it. So, we should anticipate this getting worse.
The use of deepfakes in war may have begun in Ukraine, but it won’t end there. And I can envision potential scenarios to defend against. Here are two:
Using deepfakes to harass or intimidate military service members and their families. In 2016, ISIS posted kill lists of U.S. military members online. In 2018, Russians duped Ukrainian families into giving away their loved ones’ positions via text message. These are examples of information operations meant to sow chaos and fear. In the future perhaps, a deepfake military officer will inform a family their loved one has been killed. Or maybe a faked video of a military leader issuing false orders will lead to battlefield action. At any rate, deepfakes are likely to be one of many tools in “combined arms” IO campaigns.
Using deepfakes to embarrass or blackmail those with access to classified information. That’s about 4 million Americans under threat. Hostile intelligence services have used deepfake photos to “create fake social media accounts from which they have attempted to recruit sources.” Deepfake video has also been used in sextortion rackets. And as I wrote about last week, Americans are giving away an alarming amount of biometric data—a deepfake building block—each day on popular social media apps.
While most deepfakes are easily detectable today, “the sophistication of the technology is rapidly progressing to a point at which unaided human detection will be very difficult or impossible,” according to CRS.
“It will likely be a never-ending battle,” says Dr. Thomas P. Scanlon, a senior cybersecurity engineer and researcher at Carnegie Mellon University. “Similar to malware and anti-virus software.” Indeed, the FBI warned in June of an “increase in complaints reporting the use of deepfakes…to apply for a variety of remote work and work-at-home positions.”
So, that’s the bad news. The good news is that mad scientists at DARPA are working on this problem. The agency’s Semantic Forensics (SemaFor) program aims to develop algorithms that detect various deep fakes automatically. Indeed, researchers have already made progress, as evidenced by a public showing of their research last month. Yet adversaries will continue to adapt, and the fix can’t come soon enough.
“This video was probably the first use of deepfakes in the context of war,” DARPA program manager Dr. Matt Turek said of the Zelenskyy video posted early in the war. “And if it had been more compelling, it might have changed the trajectory of the Russia-Ukraine conflict.”
🚨 The Rundown
Russia ordered its troops to retreat from Kherson to the other side of the Dnipro River, a major strategic victory for Ukraine. Moscow sent many of its best troops to defend the city, which fell under Russian control less than a week into the invasion. “It’s evidence of the fact that they have some real problems, the Russian military,” says President Biden.
An estimated 458 Russian convicts have died fighting in Ukraine. That number comes from researchers who noticed consecutive numbering on posthumous award letters sent to families of those fighting with the Wagner mercenary group.
Wagner’s leader was filmed recruiting Russian convicts in September, telling them their sentences would be reduced in exchange for six months of combat. “If you arrive in Ukraine and decide it's not for you, we will execute you,” he said.
On June 26, 2021, “Jonathan Toebbe serviced a dead drop by placing an SD card, which was concealed within half a peanut butter sandwich and contained military-sensitive design elements relating to submarine nuclear reactors…” Fortunately, the ‘foreign government’ operatives were FBI agents.
Three U.S. citizens were arrested for allegedly sending DoD technical data drawings on aviation, submarine, radar, tank, missiles, infrared, thermal imaging, and fire control systems to China. The Pentagon now must assume Beijing is developing ways to counter such tech. Not great!
The former Marine pilot arrested in Australia “listed the same Beijing address as a Chinese businessman jailed in the United States for conspiring to hack U.S. defense contractors' computers, documents show.”
Daniel Duggan, 54, was arrested on Washington’s behalf and faces extradition to the United States. His lawyer says he is a “proud” Australian citizen and will “vigorously” defend against extradition and the still-unknown charges. Duggan’s arrest comes amid fears of Western pilots being poached to train China’s military.
North Korea fired a short-range ballistic missile roughly 155 miles into the Sea of Japan, its most recent send in 32 days of ballistic and cruise missile launches this year. Last week, Pyongyang fired nearly two dozen missiles in one day amid ongoing tensions on the Korean peninsula.
On Nov. 3, Defense Secretary Lloyd Austin stated: “any nuclear attack against the United States or its Allies and partners, including the use of non-strategic nuclear weapons, is unacceptable and will result in the end of the Kim regime.”
“Well done, SecDef,” says Kori Schake. “Exactly the right reaction to a nuclear threat: don't make it about the weapon, make it about the attack, draw no distinction between U.S. and allies, and hold the regime not the population at risk in retaliation.”
China has an estimated 200 stealth J-20 fighters and 240+ J-16 multirole strike aircraft in its inventory. The “conservative” estimate from a Chinese military aviation watcher is based on aircraft markings, with “CB00” indicating the first production batch and “CB01” indicating the next.
The J-20, the world’s first non-US stealth fighter, has similarities to Russian and US jets, including the F-22 Raptor. A Chinese businessman admitted to stealing technical data on the Raptor, F-35, and C-17 Globemaster in 2016.
Beijing showed off plenty of military hardware this week at the Zhuhai Airshow, with state-run media touting a four-jet formation of J-20s performing “a series of stunts, including quick turns, low-altitude hovering, and vertical climbs to display its outstanding combat capability.”
Also on display: an apparent mockup of the hypersonic MD-22 drone, with an advertised speed up to Mach 7.
“I can only say, if [American pilots] are not scared, let us meet in the sky,” Wang Wei, PLA Deputy Air Force commander, said in Sept. 2021.
“The issue of whether the PLA can ‘fight and win’ is a major concern for China’s leaders, especially since most members of the PLA have never engaged in combat…” the report says. “Xi has in recent years stressed the importance of improving combat capabilities and readiness, as well as making training less formulaic and more like real combat.” [PDF]
Items on Chinese leader Xi's mind: U.S. strengthening of trade ties with Taiwan, the potential sale of Tomahawk cruise missiles to regional rival Japan, and new US export controls to China on advanced logic and memory chips, integrated circuits, and other dual-use technology that provides a technological edge.
Xi is convinced that the US and China are heading toward war, an American who knows the Chinese leadership tells David Ignatius, who writes: “The United States should convey that, while competition is inevitable, conflict isn’t.”
If that’s the case, someone may want to tell the commander of U.S. Strategic Command, who oversees the nuclear arsenal:
"This Ukraine crisis that we're in right now, this is just the warmup," says Navy Adm. Charles A. Richard. "The big one is coming. And it isn't going to be very long before we're going to get tested in ways that we haven't been tested a long time."
"As I assess our level of deterrence against China, the ship is slowly sinking," he said on Nov. 3. "It is sinking slowly, but it is sinking, as fundamentally they are putting capability in the field faster than we are. As those curves keep going, it isn't going to matter how good our [operating plan] is or how good our commanders are, or how good our forces are — we're not going to have enough of them. And that is a very near-term problem."
The Indian Army is buying 2,200 drones, including unmanned aircraft to carry out high-altitude and medium-altitude logistics and surveillance.
And finally, here are some interesting recent finds:
Ukrainian Military Performance and Outlook (CRS, Nov. 3)
Armed Conflict in Syria: Overview and U.S. Response (CRS, Nov. 8)
Online Foreign Influence Snapshot (DHS, August 2022)
Expeditionary Advanced Base Operations Wargame After-Action Review (Marine Corps Intelligence Schools, Sept. 2022)
You’re caught up. Considerable time and effort go into these dispatches each week, so I greatly appreciate your reading and sharing my work with others. Thanks to you, I’m thrilled to report The Ruck now has 2,500+ subscribers!
🙏 I have a small favor to ask: Please take this brief reader survey. It will only take about two minutes. See you next week—or in the comments below.
Word-of-mouth is the best way you can help me reach new readers. Please use THIS LINK to send an easy pre-written email to a friend.
🔥 Tell me what I missed at email@example.com (anonymity guaranteed and encrypted when using ProtonMail). I’m also on Twitter at @PaulSzoldra keeping a close eye on Elon’s verified hellscape. I’m not paying for it.