Underground Dark Web Warnings: Hackers Construct Counterfeit Identification Database for Fraudulent Purposes

Underground Dark Web Warnings: Hackers Construct Counterfeit Identification Database for Fraudulent Purposes

December 27, 2024 Update: This story, initially published on December 25, now includes a breakdown of the 'know your customer' attack methodology utilized by the recently exposed dark web facial identity resource, as well as strategies for mitigating this threat and an additional example of how banking biometrics can be circumvented by determined attackers.

Dark web operatives have reportedly been gathering facial ID images together with legitimate identity documents for an unknown period. Threat intelligence researchers have uncovered this operation, which appears to be a sophisticated approach to identity theft that likely depends on financial rewards willingly exchanged for information.

The Dark Web Facial ID Farm Threat

The iProov biometric threat intelligence team has discovered what seems to be a stealthy yet complex identity theft bypass mechanism being utilized on the dark web. In describing the operation as “compromising identity verification systems by systematically collecting genuine identity documents and images,” the iProov analysts emphasized the evolution of identity fraud tactics.

In their Q4 threat intelligence report for 2024, iProov revealed that the anonymous dark web entity responsible for the operation has accumulated a considerable collection of identity documents and corresponding facial images, specifically designed to outsmart 'know your customer' verification processes. These systems are crucial for preventing identity theft against banks and other financial institutions, as reported in a previous article discussing the application of AI in bypassing biometric banking security checks.

What sets this particular case apart is that it appears the identities have not been obtained through data scraping from breached databases, but rather through paying users for them.

'Know Your Customer' Attack Process--How the Dark Web Facial ID Resource Bolsters the Threat

The iProov report highlighted the multiple challenges faced by verification systems when confronted with this facial ID stash and provided a breakdown of the attack process to illustrate how organizations need to be able to identify both fake documents and 100% genuine credentials used in fraudulent financial applications. The attack process includes:

Document Verification

Standard document verification techniques can identify both altered and forged identity documents. However, the use of genuine, legitimate documentation provided by the dark web group renders this traditional verification methodology unreliable.

Facial Recognition

Facial recognition algorithms can accurately match submitted photographs to the associated ID documentation. But when genuine facial images are paired with legitimate and corresponding identity documentation, basic verification systems are likely to fail.

Liveness Detection

While there are various levels of sophistication in identity verification attacks, and simple attempts are easier to detect due to mechanisms such as liveness detection, organizations must consider the entire spectrum to effectively combat them. Basic attacks include printed photographs and manipulated ID documents, mid-tier attacks may employ real-time face swapping and deepfakes combined with authentic documents, and advanced attacks may utilize 3D modeling and real-time animation in an attempt to bypass liveness detection checks.

Dark Web Hackers Pay for Facial Images and Companion Identity Documents--Users Voluntarily Participate

The iProov report cautioned that the exposure of this facial ID cache underscored the complex challenges facing verification systems and provided a breakdown of the attack process to demonstrate how organizations must be able to identify both fake documents and 100% genuine credentials used in fraudulent financial applications. The attack process includes:

Andrew Newell, iProov's chief scientific officer, expressed concern over the extent of the scheme, stating, "What's especially concerning about this discovery is not just the sophistication of the operation, but that individuals are willingly compromising their identities for short-term financial gain."

This, in turn, exposes users to increased risks, as "they're providing criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud," Newell warned. "The perfect combination of genuine documents and genuine matching biometric data makes them extremely difficult to detect through traditional verification methods."

Mitigating the Evolving Dark Web Identity Attack Resources

IProov research teams have presented several recommendations for minimizing the risk of identity fraud stemming from the attack resources compiled by these dark web entities. These mitigations largely revolve around employing a multi-layered verification system. However, it is crucial to ensure that such an approach encompasses the following confirmations to be effective:

• Verify that this is the correct individual by comparing the presented identity to the official documents.
• Confirm that this is a real person using embedded imagery and metadata analysis to better detect malicious media.
• Confirm that the identity verification is being presented in real-time using a unique challenge-response.
• Integrate technologies and threat intelligence to detect, respond to, and mitigate threats on your verification systems. This managed detection and response system must include:
  • Continuous monitoring.
  • Incident response.
  • Proactive threat hunting.
  • Utilization of specialized knowledge.
  • The ability to reverse-engineer potential attack scenarios.
  • The capability to actively build defenses to mitigate them.

These comprehensive measures make it significantly harder for attackers to successfully circumvent identity verification systems, even at advanced levels, explained iProov.

Bypassing Facial Biometrics Liveness Detection is Now Easier Than Ever, No Dark Web Necessary

Specialists from threat intelligence and security firm Group-IB have shown that facial biometrics' liveness detection is no longer a reliable form of verification. Specialists from threat intelligence and security firm Group-IB have shown that facial biometrics' liveness detection is no longer a reliable form of verification. Group-IB's research exposed how hackers used deepfake AI-generated pictures to outsmart biometric verification systems, as demonstrated in a real-life scenario involving a significant Indonesian financial institution. According to cyber fraud analyst Yuan Huang from Group-IB, "Advanced AI models allow face-swapping technologies to swap one person's face with another's in real time, using only a single image." This results in the false portrayal of an individual's genuine identity in the video. Huang added that these technologies can easily deceive facial recognition systems due to their life-like, natural-looking swaps and the ability to convincingly replicate real-time expressions and movements. Other factors, such as virtual camera software and manipulating biometric data using pre-recorded videos that replicate real-time facial recognition, also contributed to this issue. Furthermore, the use of app cloning facilitated the fraudsters' ability to simulate multiple devices, highlighting weaknesses in traditional fraud detection systems.

Considerations for Individuals Contemplating Selling Their Face and Documents, Even on the Dark Web - Just Don't

I suppose I should include this bit as well: If you receive an offer, either from the dark web or more likely not, to pay you for your picture and copies of your identity documents, simply decline. The potential short-term reward may seem tempting, but there's also a high chance it will result in significant long-term negative consequences.

1. The iProov biometric threat intelligence team has revealed that the dark web operation involves paying users for their legitimate identity documents and facial images, which are then used to bypass 'know your customer' verification processes.
2. The exposure of the facial ID cache has underscored the complexity of the challenge facing verification systems, as users voluntarily provide criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud.
3. To mitigate the risk of identity fraud, iProov recommends employing a multi-layered verification system that includes verifying the individual, confirming they are a real person, confirming the verification is in real-time, and integrating threat intelligence to detect and respond to threats.
4. Group-IB's research has shown that facial biometrics' liveness detection is no longer a reliable form of verification, as hackers use deepfake AI-generated pictures to outsmart biometric verification systems.
5. If you receive an offer to sell your picture and copies of your identity documents, regardless of the source, it's best to decline, as the potential short-term reward may have significant long-term negative consequences.

Read also: