Beware this dark web face ID farm
Getty ImagesUpdate, Dec. 26, 2024: This story, originally published Dec. 25 now includes a breakdown of the know your customer attack threat methodology that the newly discovered dark web facial identity resource brings to the identity fraud table.
A dark web criminal operation that appears to have been farming facial ID images along with the genuine identity documents that accompany them has been unmasked, if you’ll pardon the pun, by threat intelligence researchers. Here’s everything you need to know about this sophisticated approach to identity theft that, it would seem likely, has been using information willingly exchanged for financial reward to build the ID farming business.
The Dark Web Facial ID Farm Threat
Researchers from iProov’s biometric threat intelligence unit have uncovered what appears to be a simple yet simultaneously sophisticated identity protection bypass operation being implemented on the dark web. Describing the significant operation as “compromising identity verification systems through the systematic collection of genuine identity documents and images,” the iProov analysts said that this demonstrates how the nature of identity fraud is evolving.
As detailed in the iProov Q4 threat intelligence update for 2024, threat-insights the unnamed criminal dark web threat group behind the operation has amassed a “substantial collection of identity documents and corresponding facial images,” which, the report said, was “specifically designed to defeat Know Your Customer verification processes.” Such systems play a key role in preventing identity fraud against banks and other financial institutions, as I reported in a recent article concerning the use of AI to bypass biometric banking security checks.
What is most interesting to me in this particular case, however, is that this doesn’t seem to have been a matter of scraping compromised biometric data from published stolen databases, but rather, it looks like the identities have been obtained by paying users for them.
The Know Your Customer Attack Process—How This Dark Web Facial ID Resource Maximizes The Threat
The iProov report warned that the discovery of this facial ID stash highlighted “the multi-layered challenge facing verification systems” and provided a breakdown of the attack process to show how organizations not only need to be able to detect fake documents but also 100% genuine credentials used in fraudulent financial applications. The attack process breaks down as follows, with details of how the newly uncovered facial ID and documents resource is involved:
Document Verification
Standard document verification processes are able to detect both altered and forged identity documents, however, the use of genuine, 100% legitimate documentation as provided by the dark web group makes this traditional verification methodology unreliable.
Facial Matching
Facial matching algorithms can accurately compare a submitted photo to the associated ID documentation. But when legitimate facial images are paired with legitimate and corresponding identity documentation, a basic verification system is likely going to be in trouble.
Liveness Detection
While there are different levels of sophistication involved in identity verification attacks, and basic attempts are always going to be easier to detect thanks to the likes of liveness detection, for example, organizations need to be aware of the total spectrum to best defend against them all. Basic methods include printed photography and manipulated ID documents, mid-tier attacks may use real-time face swapping and deepfakes paired with genuine documentation, and advanced attacks can use 3D modelling and real-time animation in an attempt to respond to liveness detection checks. Researchers at Group-IB have already demonstrated that liveness detection in facial biometrics is no longer a verification gold standard.
Dark Web Hackers Pay For Facial Images And Supporting Identity Documents—Users Willingly Participate
“What’s particularly alarming about this discovery is not just the sophisticated nature of the operation,” Andrew Newell, chief scientific officer at iProov, said, “but the fact that individuals are willingly compromising their identities for short-term financial gain.” And he’s not wrong, as this isn’t just a matter of selling their identity data but also risking their own security here. “They’re providing criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud.” What makes this process even more dangerous is that what we are talking about here is the perfect storm of the identity matching pair: genuine documents and genuine matching biometric data, “making them extremely difficult to detect through traditional verification methods,” Newell warned. Boom.
Do I really need to say this? If you are approached by anyone, knowingly from the dark web or, more likely not, offering you cold, hard cash in exchange for your image and copies of your identity documents, don’t do it. No matter how much the short-term incentive, it could just as quickly turn into a very costly mistake.
