A dark web criminal operation that has been farming facial ID images along with genuine identity documents has been unmasked by threat intelligence researchers. This sophisticated approach to identity theft involves information willingly exchanged for financial reward, used to build an ID farming business. Researchers from iProov’s biometric threat intelligence unit have uncovered what appears to be a simple yet sophisticated operation designed to bypass identity protection systems on the dark web.
They describe this operation as compromising identity verification systems through the systematic collection of genuine identity documents and images. The unnamed criminal threat group has amassed a substantial collection of identity documents and corresponding facial images specifically designed to defeat Know Your Customer (KYC) verification processes that play a key role in preventing identity fraud against banks and other financial institutions. Interestingly, this data has not been scraped from stolen databases but rather acquired by paying users for their information.
This insight reveals the ease with which criminals can procure genuine identity data, seriously undermining traditional verification methods. The iProov report outlines the multi-layered challenge facing verification systems and breaks down the attack process to highlight how organizations need to detect both fake and genuine credentials used in fraudulent applications:
1. Traditional methods can detect altered or forged documents, but the use of genuine documentation renders these ineffective.
2. Algorithms can accurately compare submitted photos to associated ID documents. However, pairing legitimate facial images with corresponding identity documents challenges basic verification systems.
3. While different levels of attack sophistication exist, ranging from basic methods to advanced techniques like 3D modeling and real-time animation, organizations must be aware of the full spectrum of threats.
iProov exposes identity verification challenges
Andrew Newell, chief scientific officer at iProov, expressed concern over the willingness of individuals to compromise their identities for short-term financial gain, providing criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud. This confluence of genuine documents and matching biometric data makes detection through traditional methods extremely difficult. iProov researchers recommend a multi-layered approach to mitigate identity fraud effectively:
– Match the presented identity to official documents.
– Use embedded imagery and metadata analysis to detect malicious media. – Utilize a unique challenge-response to ensure the verification is happening live. – Detect, respond to, and mitigate threats through ongoing monitoring, incident response, proactive threat hunting, and leveraging specialized knowledge to reverse engineer attack scenarios.
According to iProov, this multi-layered strategy significantly complicates attackers’ efforts to spoof identity verification systems, even advanced attacks struggle to defeat these combined security measures while maintaining the characteristics of genuine human interaction. Researchers at Group-IB have already demonstrated that liveness detection in facial biometrics is no longer the gold standard for verification. Using AI-generated deepfake images, face-swapping technologies can replace one face with another in real-time using just a single photo.
These technologies convincingly mimic real-time expressions and movements, deceiving facial recognition systems due to their seamless nature. Moreover, the use of virtual camera software and pre-recorded videos that mimic real-time facial recognition, along with app cloning, highlight significant vulnerabilities in traditional fraud detection systems. In summary, the dark web facial ID farm threat is a cautionary tale for anyone considering selling their facial images and identity documents.
The immediate financial gain pales in comparison to the long-term risks and security threats posed by such actions. It’s a stark reminder to protect personal data and avoid participating in activities that could severely compromise one’s security and privacy.
